This class would belong more appropriately within the 'user' API
(core_user) instead of within the 'core' API, since it is
directly related to user data.
Since the class has only just been added to Moodle, now is a good
time to move it.
In all cases changes have been kept to a minimum while not making
the code completely horrible. For example, there are many instances
where it would probably be better to rewrite a query entirely, but
I have not done that (in order to reduce the risk of changes).
With the Guest registration calling policyactions.js the [data-action="view"]
was having two click handlers set on the inital policy modal trgger.
With this commit we state what we want the click event to be set on.
When accepting the policies via the sitepolicy handler, only compulsory
policies are to be marked as accepted. Optional policies will be left as
pending. Users must express their consent explicitly for them.
As a side product of the change, unit tests are added for the whole
handler class.
This adds support for optional policies to the user acceptance reports.
Distinguished are "Pending" acceptances (we did not hear yet) from
"Declined" (user did not agree). The status workflow updated to support
new transitions: pending -> declined and declined -> accepted.
For optional policies, we provide a radio selector to let the user
choose the acceptance status on the consent page. For policies displayed
on their own page, we display a link to decline the policy.
The way how we pass the list of policy version ids to index.php has
changed so that we can now not only pass the list of ids, but also the
actual acceptance status (accepted / declined).
This method allows to quickly check if the given policy version is
marked as optional or compulsory. This will be needed in other places
such as permissions check.
The method now returns three-state logic. A bool value true/false is
returned if the user has accepted/rejected the policy, respectively. A
null value is returned if the user did not express their agreement in
either way yet.
This allows to distinguish between "rejected the policy" and "did not
say anything about it yet" cases.
The patch adds a new column to the database table to hold the
information if giving agreement to the policy is compulsory or optional.
The flag can be defined via the policy editing form and is displayed at
the policies management screen.
The last modified time merged with the version column at the policies
management screen to save a bit of horizontal space - needed as we
display more information now at the first column.
The idea of the patch is to check the list of policies that are shown
before and on the consent page. If that list contains a policy that is
supposed to be accepted on its own page, the existing flow is
interrupted and the user is redirected to a view.php to display that
particular policy.
The view template for such a policy contains a button for getting the
user agreement. When pressed, the policy is marked as accepted and we
can go to start again.
To make this working during the signup, we need to extend the existing
logic and start tracking which particular policies the visitor accepted
prior reaching the signup form. Similarly, we need to start track which
particular policies were displayed and use that list when evaluating
which policies were unchecked on the consent page.
The patch introduces a new property of a policy document called
"Agreement style". It allows the admin to define if the policy should be
accepted together with all others on the consent page (legacy and
default behaviour) or on its page before the consent page is reached
(the new optional behaviour).
The viewall.php page is called from the mobile app to display the policies
to the users before agree them. That's why it must display all the active
policies (even for guests), to guarantee the users agree all current
policies from the app.
The policies can be revoked by clicking the "Agreed [on behalf]" ticks.
A message has been added also to explain users they must contact to
the DPO if they want to withdraw their consent to policies.
Show cancel button during signup only and do not show when user is logged
in and has to accept changed policies
When cancel button is clicked redirect to the site homepage
Avoid redirection for accepting new policies during the manager user session
when $user->policyagreed=0 and he/she activates the first policy for logged in users.
Part of MDL-61864