on-demand release 3.6dev+
[moodle.git] / admin / tool / dataprivacy / createdatarequest.php
CommitLineData
5efc1f9e
DM
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Prints the contact form to the site's Data Protection Officer
19 *
20 * @copyright 2018 onwards Jun Pataleta
21 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
22 * @package tool_dataprivacy
23 */
24
25require_once('../../../config.php');
26require_once('lib.php');
5efc1f9e
DM
27require_once('createdatarequest_form.php');
28
29$manage = optional_param('manage', 0, PARAM_INT);
30
31$url = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', ['manage' => $manage]);
32
33$PAGE->set_url($url);
34
35require_login();
36if (isguestuser()) {
37 print_error('noguest');
38}
39
40// Return URL and context.
41if ($manage) {
42 // For the case where DPO creates data requests on behalf of another user.
43 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/datarequests.php');
44 $context = context_system::instance();
45 // Make sure the user has the proper capability.
46 require_capability('tool/dataprivacy:managedatarequests', $context);
47} else {
48 // For the case where a user makes request for themselves (or for their children if they are the parent).
49 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/mydatarequests.php');
50 $context = context_user::instance($USER->id);
51}
52$PAGE->set_context($context);
53
54// If contactdataprotectionofficer is disabled, send the user back to the profile page, or the privacy policy page.
97009b73
JD
55// That is, unless you have sufficient capabilities to perform this on behalf of a user.
56if (!$manage && !\tool_dataprivacy\api::can_contact_dpo()) {
df751f00 57 redirect($returnurl, get_string('contactdpoviaprivacypolicy', 'tool_dataprivacy'), 0, \core\output\notification::NOTIFY_ERROR);
5efc1f9e
DM
58}
59
f946d875 60$mform = new tool_dataprivacy_data_request_form($url->out(false), ['manage' => !empty($manage)]);
5efc1f9e
DM
61
62// Data request cancelled.
63if ($mform->is_cancelled()) {
64 redirect($returnurl);
65}
66
67// Data request submitted.
68if ($data = $mform->get_data()) {
cbae8dcd
AN
69 if ($data->userid != $USER->id) {
70 if (!\tool_dataprivacy\api::can_manage_data_requests($USER->id)) {
71 // If not a DPO, only users with the capability to make data requests for the user should be allowed.
72 // (e.g. users with the Parent role, etc).
73 \tool_dataprivacy\api::require_can_create_data_request_for_user($data->userid);
74 }
75 }
76
5efc1f9e
DM
77 \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments);
78
f946d875
JP
79 if ($manage) {
80 $foruser = core_user::get_user($data->userid);
81 $redirectmessage = get_string('datarequestcreatedforuser', 'tool_dataprivacy', fullname($foruser));
82 } else {
83 $redirectmessage = get_string('requestsubmitted', 'tool_dataprivacy');
84 }
85 redirect($returnurl, $redirectmessage);
5efc1f9e
DM
86}
87
457047de
MG
88$title = get_string('createnewdatarequest', 'tool_dataprivacy');
89$PAGE->set_heading($SITE->fullname);
5efc1f9e
DM
90$PAGE->set_title($title);
91echo $OUTPUT->header();
92echo $OUTPUT->heading($title);
93
94echo $OUTPUT->box_start();
95$mform->display();
96echo $OUTPUT->box_end();
97
98echo $OUTPUT->footer();