MDL-61899 tool_dataprivacy: Subject access requests tool
[moodle.git] / admin / tool / dataprivacy / createdatarequest.php
CommitLineData
5efc1f9e
DM
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Prints the contact form to the site's Data Protection Officer
19 *
20 * @copyright 2018 onwards Jun Pataleta
21 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
22 * @package tool_dataprivacy
23 */
24
25require_once('../../../config.php');
26require_once('lib.php');
27require_once('classes/api.php');
28require_once('createdatarequest_form.php');
29
30$manage = optional_param('manage', 0, PARAM_INT);
31
32$url = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', ['manage' => $manage]);
33
34$PAGE->set_url($url);
35
36require_login();
37if (isguestuser()) {
38 print_error('noguest');
39}
40
41// Return URL and context.
42if ($manage) {
43 // For the case where DPO creates data requests on behalf of another user.
44 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/datarequests.php');
45 $context = context_system::instance();
46 // Make sure the user has the proper capability.
47 require_capability('tool/dataprivacy:managedatarequests', $context);
48} else {
49 // For the case where a user makes request for themselves (or for their children if they are the parent).
50 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/mydatarequests.php');
51 $context = context_user::instance($USER->id);
52}
53$PAGE->set_context($context);
54
55// If contactdataprotectionofficer is disabled, send the user back to the profile page, or the privacy policy page.
56if (!\tool_dataprivacy\api::can_contact_dpo()) {
57 redirect($returnurl, get_string('contactdpoviaprivacypolicy', 'tool_dataprivacy'), \core\output\notification::NOTIFY_ERROR);
58}
59
60$mform = new tool_dataprivacy_data_request_form($url->out(false));
61
62// Data request cancelled.
63if ($mform->is_cancelled()) {
64 redirect($returnurl);
65}
66
67// Data request submitted.
68if ($data = $mform->get_data()) {
69 \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments);
70
71 redirect($returnurl, get_string('requestsubmitted', 'tool_dataprivacy'));
72}
73
74$title = get_string('contactdataprotectionofficer', 'tool_dataprivacy');
75$PAGE->set_heading($title);
76$PAGE->set_title($title);
77echo $OUTPUT->header();
78echo $OUTPUT->heading($title);
79
80echo $OUTPUT->box_start();
81$mform->display();
82echo $OUTPUT->box_end();
83
84echo $OUTPUT->footer();