MDL-56595 tool_usertours: set page params when configuring tours/steps.
[moodle.git] / admin / tool / dataprivacy / createdatarequest.php
CommitLineData
5efc1f9e
DM
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Prints the contact form to the site's Data Protection Officer
19 *
20 * @copyright 2018 onwards Jun Pataleta
21 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
22 * @package tool_dataprivacy
23 */
24
25require_once('../../../config.php');
26require_once('lib.php');
5efc1f9e
DM
27require_once('createdatarequest_form.php');
28
29$manage = optional_param('manage', 0, PARAM_INT);
500dc0b1 30$requesttype = optional_param('type', \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT, PARAM_INT);
5efc1f9e 31
500dc0b1 32$url = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', ['manage' => $manage, 'type' => $requesttype]);
5efc1f9e
DM
33
34$PAGE->set_url($url);
35
36require_login();
37if (isguestuser()) {
38 print_error('noguest');
39}
40
41// Return URL and context.
42if ($manage) {
43 // For the case where DPO creates data requests on behalf of another user.
44 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/datarequests.php');
45 $context = context_system::instance();
46 // Make sure the user has the proper capability.
47 require_capability('tool/dataprivacy:managedatarequests', $context);
bff97f15 48 navigation_node::override_active_url($returnurl);
5efc1f9e
DM
49} else {
50 // For the case where a user makes request for themselves (or for their children if they are the parent).
51 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/mydatarequests.php');
52 $context = context_user::instance($USER->id);
53}
bff97f15 54
5efc1f9e
DM
55$PAGE->set_context($context);
56
bff97f15
PH
57if (!$manage && $profilenode = $PAGE->settingsnav->find('myprofile', null)) {
58 $profilenode->make_active();
59}
60
61$title = get_string('createnewdatarequest', 'tool_dataprivacy');
62$PAGE->navbar->add($title);
63
5efc1f9e 64// If contactdataprotectionofficer is disabled, send the user back to the profile page, or the privacy policy page.
97009b73
JD
65// That is, unless you have sufficient capabilities to perform this on behalf of a user.
66if (!$manage && !\tool_dataprivacy\api::can_contact_dpo()) {
df751f00 67 redirect($returnurl, get_string('contactdpoviaprivacypolicy', 'tool_dataprivacy'), 0, \core\output\notification::NOTIFY_ERROR);
5efc1f9e
DM
68}
69
d6884838
PH
70$mform = new tool_dataprivacy_data_request_form($url->out(false), ['manage' => !empty($manage),
71 'persistent' => new \tool_dataprivacy\data_request(0, (object) ['type' => $requesttype])]);
5efc1f9e
DM
72
73// Data request cancelled.
74if ($mform->is_cancelled()) {
75 redirect($returnurl);
76}
77
78// Data request submitted.
79if ($data = $mform->get_data()) {
cbae8dcd
AN
80 if ($data->userid != $USER->id) {
81 if (!\tool_dataprivacy\api::can_manage_data_requests($USER->id)) {
82 // If not a DPO, only users with the capability to make data requests for the user should be allowed.
83 // (e.g. users with the Parent role, etc).
84 \tool_dataprivacy\api::require_can_create_data_request_for_user($data->userid);
85 }
86 }
87
84bcd658
KC
88 if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_DELETE) {
89 if ($data->userid == $USER->id) {
90 if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_self()) {
91 throw new moodle_exception('nopermissions', 'error', '',
92 get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy'));
93 }
94 } else if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_other()
95 && !\tool_dataprivacy\api::can_create_data_deletion_request_for_children($data->userid)) {
96 throw new moodle_exception('nopermissions', 'error', '',
97 get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy'));
98 }
99 }
100
5efc1f9e
DM
101 \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments);
102
f946d875
JP
103 if ($manage) {
104 $foruser = core_user::get_user($data->userid);
105 $redirectmessage = get_string('datarequestcreatedforuser', 'tool_dataprivacy', fullname($foruser));
12c1e8b2
JP
106 } else if (\tool_dataprivacy\api::is_automatic_request_approval_on($data->type)) {
107 // Let the user know that the request has been submitted and will be processed soon.
108 $redirectmessage = get_string('approvedrequestsubmitted', 'tool_dataprivacy');
f946d875 109 } else {
12c1e8b2 110 // Let the user know that the request has been submitted to the privacy officer.
f946d875
JP
111 $redirectmessage = get_string('requestsubmitted', 'tool_dataprivacy');
112 }
113 redirect($returnurl, $redirectmessage);
5efc1f9e
DM
114}
115
457047de 116$PAGE->set_heading($SITE->fullname);
5efc1f9e
DM
117$PAGE->set_title($title);
118echo $OUTPUT->header();
119echo $OUTPUT->heading($title);
120
84bcd658 121echo $OUTPUT->box_start('createrequestform');
5efc1f9e
DM
122$mform->display();
123echo $OUTPUT->box_end();
124
125echo $OUTPUT->footer();