Merge branch 'MDL-64322' of https://github.com/KietChan/moodle
[moodle.git] / admin / tool / dataprivacy / createdatarequest_form.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * The contact form to the site's Data Protection Officer
19  *
20  * @copyright 2018 onwards Jun Pataleta
21  * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
22  * @package tool_dataprivacy
23  */
25 use tool_dataprivacy\api;
26 use tool_dataprivacy\local\helper;
28 defined('MOODLE_INTERNAL') || die();
30 require_once($CFG->libdir.'/formslib.php');
32 /**
33  * The contact form to the site's Data Protection Officer
34  *
35  * @copyright 2018 onwards Jun Pataleta
36  * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
37  * @package tool_dataprivacy
38  */
39 class tool_dataprivacy_data_request_form extends moodleform {
41     /** @var bool Flag to indicate whether this form is being rendered for managing data requests or for regular requests. */
42     protected $manage = false;
44     /**
45      * Form definition.
46      *
47      * @throws coding_exception
48      * @throws dml_exception
49      */
50     public function definition() {
51         global $USER;
52         $mform =& $this->_form;
54         $this->manage = $this->_customdata['manage'];
55         if ($this->manage) {
56             $options = [
57                 'ajax' => 'tool_dataprivacy/form-user-selector',
58                 'valuehtmlcallback' => function($value) {
59                     global $OUTPUT;
61                     $allusernames = get_all_user_name_fields(true);
62                     $fields = 'id, email, ' . $allusernames;
63                     $user = \core_user::get_user($value, $fields);
64                     $useroptiondata = [
65                         'fullname' => fullname($user),
66                         'email' => $user->email
67                     ];
68                     return $OUTPUT->render_from_template('tool_dataprivacy/form-user-selector-suggestion', $useroptiondata);
69                 }
70             ];
71             $mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), [], $options);
72             $mform->addRule('userid', null, 'required', null, 'client');
74         } else {
75             // Get users whom you are being a guardian to if your role has the capability to make data requests for children.
76             if ($children = helper::get_children_of_user($USER->id)) {
77                 $useroptions = [
78                     $USER->id => fullname($USER)
79                 ];
80                 foreach ($children as $key => $child) {
81                     $useroptions[$key] = fullname($child);
82                 }
83                 $mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), $useroptions);
84                 $mform->addRule('userid', null, 'required', null, 'client');
86             } else {
87                 // Requesting for self.
88                 $mform->addElement('hidden', 'userid', $USER->id);
89             }
90         }
92         $mform->setType('userid', PARAM_INT);
94         // Subject access request type.
95         $options = [
96             api::DATAREQUEST_TYPE_EXPORT => get_string('requesttypeexport', 'tool_dataprivacy'),
97             api::DATAREQUEST_TYPE_DELETE => get_string('requesttypedelete', 'tool_dataprivacy')
98         ];
99         $mform->addElement('select', 'type', get_string('requesttype', 'tool_dataprivacy'), $options);
100         $mform->setType('type', PARAM_INT);
101         $mform->addHelpButton('type', 'requesttype', 'tool_dataprivacy');
103         // Request comments text area.
104         $textareaoptions = ['cols' => 60, 'rows' => 10];
105         $mform->addElement('textarea', 'comments', get_string('requestcomments', 'tool_dataprivacy'), $textareaoptions);
106         $mform->setType('type', PARAM_ALPHANUM);
107         $mform->addHelpButton('comments', 'requestcomments', 'tool_dataprivacy');
109         // Action buttons.
110         $this->add_action_buttons();
112         $shouldfreeze = false;
113         if ($this->manage) {
114             $shouldfreeze = !api::can_create_data_deletion_request_for_other();
115         } else {
116             $shouldfreeze = !api::can_create_data_deletion_request_for_self();
117             if ($shouldfreeze && !empty($useroptions)) {
118                 foreach ($useroptions as $userid => $useroption) {
119                     if (api::can_create_data_deletion_request_for_children($userid)) {
120                         $shouldfreeze = false;
121                         break;
122                     }
123                 }
124             }
125         }
127         if ($shouldfreeze) {
128             $mform->freeze('type');
129         }
130     }
132     /**
133      * Form validation.
134      *
135      * @param array $data
136      * @param array $files
137      * @return array
138      * @throws coding_exception
139      * @throws dml_exception
140      */
141     public function validation($data, $files) {
142         global $USER;
143         $errors = [];
145         $validrequesttypes = [
146             api::DATAREQUEST_TYPE_EXPORT,
147             api::DATAREQUEST_TYPE_DELETE
148         ];
149         if (!in_array($data['type'], $validrequesttypes)) {
150             $errors['type'] = get_string('errorinvalidrequesttype', 'tool_dataprivacy');
151         }
153         if (api::has_ongoing_request($data['userid'], $data['type'])) {
154             $errors['type'] = get_string('errorrequestalreadyexists', 'tool_dataprivacy');
155         }
157         // Check if current user can create data deletion request.
158         $userid = $data['userid'];
159         if ($data['type'] == api::DATAREQUEST_TYPE_DELETE) {
160             if ($userid == $USER->id) {
161                 if (!api::can_create_data_deletion_request_for_self()) {
162                     $errors['type'] = get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy');
163                 }
164             } else if (!api::can_create_data_deletion_request_for_other()
165                 && !api::can_create_data_deletion_request_for_children($userid)) {
166                 $errors['type'] = get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy');
167             }
168         }
170         return $errors;
171     }