MDL-67788 mod_h5pactivity: update activity attempt privacy
authorFerran Recio <ferran@moodle.com>
Fri, 27 Mar 2020 09:44:30 +0000 (10:44 +0100)
committerFerran Recio <ferran@moodle.com>
Tue, 14 Apr 2020 14:58:10 +0000 (16:58 +0200)
mod/h5pactivity/classes/privacy/provider.php
mod/h5pactivity/lang/en/h5pactivity.php
mod/h5pactivity/tests/privacy_test.php [new file with mode: 0644]

index afb38de..702ba9b 100644 (file)
 
 namespace mod_h5pactivity\privacy;
 
+use core_privacy\local\metadata\collection;
+use core_privacy\local\request\approved_contextlist;
+use core_privacy\local\request\approved_userlist;
+use core_privacy\local\request\contextlist;
+use core_privacy\local\request\helper;
+use core_privacy\local\request\transform;
+use core_privacy\local\request\userlist;
+use core_privacy\local\request\writer;
+use stdClass;
+
 defined('MOODLE_INTERNAL') || die();
 
 /**
@@ -33,7 +43,11 @@ defined('MOODLE_INTERNAL') || die();
  * @copyright  2020 Ferran Recio <ferran@moodle.com>
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-class provider implements \core_privacy\local\metadata\null_provider {
+class provider implements
+        \core_privacy\local\metadata\provider,
+        \core_privacy\local\request\core_userlist_provider,
+        \core_privacy\local\request\plugin\provider {
+
     /**
      * Get the language string identifier with the component's language
      * file to explain why this plugin stores no data.
@@ -43,4 +57,263 @@ class provider implements \core_privacy\local\metadata\null_provider {
     public static function get_reason() : string {
         return 'privacy:metadata';
     }
+
+    /**
+     * Return the fields which contain personal data.
+     *
+     * @param   collection $collection The initialised collection to add items to.
+     * @return  collection A listing of user data stored through this system.
+     */
+    public static function get_metadata(collection $collection) : collection {
+        $collection->add_database_table('h5pactivity_attempts', [
+                'userid' => 'privacy:metadata:userid',
+                'attempt' => 'privacy:metadata:attempt',
+                'timecreated' => 'privacy:metadata:timecreated',
+                'timemodified' => 'privacy:metadata:timemodified',
+                'rawscore' => 'privacy:metadata:rawscore',
+            ], 'privacy:metadata:xapi_track');
+
+        $collection->add_database_table('h5pactivity_attempts_results', [
+                'attempt' => 'privacy:metadata:attempt',
+                'timecreated' => 'privacy:metadata:timecreated',
+                'rawscore' => 'privacy:metadata:rawscore',
+            ], 'privacy:metadata:xapi_track_results');
+
+        return $collection;
+    }
+
+    /**
+     * Get the list of contexts that contain user information for the specified user.
+     *
+     * @param int $userid The user to search.
+     * @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
+     */
+    public static function get_contexts_for_userid(int $userid) : contextlist {
+        $sql = "SELECT ctx.id
+                  FROM {h5pactivity_attempts} ss
+                  JOIN {modules} m
+                    ON m.name = :activityname
+                  JOIN {course_modules} cm
+                    ON cm.instance = ss.h5pactivityid
+                   AND cm.module = m.id
+                  JOIN {context} ctx
+                    ON ctx.instanceid = cm.id
+                   AND ctx.contextlevel = :modlevel
+                 WHERE ss.userid = :userid";
+
+        $params = ['activityname' => 'h5pactivity', 'modlevel' => CONTEXT_MODULE, 'userid' => $userid];
+        $contextlist = new contextlist();
+        $contextlist->add_from_sql($sql, $params);
+
+        return $contextlist;
+    }
+
+    /**
+     * Get the list of users who have data within a context.
+     *
+     * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
+     */
+    public static function get_users_in_context(userlist $userlist) {
+        $context = $userlist->get_context();
+
+        if (!is_a($context, \context_module::class)) {
+            return;
+        }
+
+        $sql = "SELECT ss.userid
+                  FROM {h5pactivity_attempts} ss
+                  JOIN {modules} m
+                    ON m.name = 'h5pactivity'
+                  JOIN {course_modules} cm
+                    ON cm.instance = ss.h5pactivityid
+                   AND cm.module = m.id
+                  JOIN {context} ctx
+                    ON ctx.instanceid = cm.id
+                   AND ctx.contextlevel = :modlevel
+                 WHERE ctx.id = :contextid";
+
+        $params = ['modlevel' => CONTEXT_MODULE, 'contextid' => $context->id];
+
+        $userlist->add_from_sql('userid', $sql, $params);
+    }
+
+    /**
+     * Export all user data for the specified user, in the specified contexts.
+     *
+     * @param approved_contextlist $contextlist The approved contexts to export information for.
+     */
+    public static function export_user_data(approved_contextlist $contextlist) {
+        global $DB;
+
+        // Remove contexts different from CONTEXT_MODULE.
+        $contexts = array_reduce($contextlist->get_contexts(), function($carry, $context) {
+            if ($context->contextlevel == CONTEXT_MODULE) {
+                $carry[] = $context->id;
+            }
+            return $carry;
+        }, []);
+
+        if (empty($contexts)) {
+            return;
+        }
+
+        $user = $contextlist->get_user();
+        $userid = $user->id;
+        // Get H5P attempts data.
+        foreach ($contexts as $contextid) {
+            $context = \context::instance_by_id($contextid);
+            $data = helper::get_context_data($context, $user);
+            writer::with_context($context)->export_data([], $data);
+            helper::export_context_files($context, $user);
+        }
+
+        // Get attempts track data.
+        list($insql, $inparams) = $DB->get_in_or_equal($contexts, SQL_PARAMS_NAMED);
+        $sql = "SELECT har.id,
+                       ha.attempt,
+                       har.description,
+                       har.interactiontype,
+                       har.response,
+                       har.additionals,
+                       har.rawscore,
+                       har.maxscore,
+                       har.timecreated,
+                       ctx.id as contextid
+                  FROM {h5pactivity_attempts_results} har
+                  JOIN {h5pactivity_attempts} ha
+                    ON har.attemptid = ha.id
+                  JOIN {course_modules} cm
+                    ON cm.instance = ha.h5pactivityid
+                  JOIN {context} ctx
+                    ON ctx.instanceid = cm.id
+                 WHERE ctx.id $insql
+                   AND ha.userid = :userid";
+        $params = array_merge($inparams, ['userid' => $userid]);
+
+        $alldata = [];
+        $attemptsdata = $DB->get_recordset_sql($sql, $params);
+        foreach ($attemptsdata as $track) {
+            $alldata[$track->contextid][$track->attempt][] = (object)[
+                    'description' => $track->description,
+                    'response' => $track->response,
+                    'interactiontype' => $track->interactiontype,
+                    'additionals' => $track->additionals,
+                    'rawscore' => $track->rawscore,
+                    'maxscore' => $track->maxscore,
+                    'timecreated' => transform::datetime($track->timecreated),
+                ];
+        }
+        $attemptsdata->close();
+
+        // The result data is organised in:
+        // {Course name}/{H5P activity name}/{My attempts}/{Attempt X}/data.json
+        // where X is the attempt number.
+        array_walk($alldata, function($attemptsdata, $contextid) {
+            $context = \context::instance_by_id($contextid);
+            array_walk($attemptsdata, function($data, $attempt) use ($context) {
+                $subcontext = [
+                    get_string('myattempts', 'mod_h5pactivity'),
+                    get_string('attempt', 'mod_h5pactivity'). " $attempt"
+                ];
+                writer::with_context($context)->export_data(
+                    $subcontext,
+                    (object)['results' => $data]
+                );
+            });
+        });
+    }
+
+    /**
+     * Delete all user data which matches the specified context.
+     *
+     * @param context $context A user context.
+     */
+    public static function delete_data_for_all_users_in_context(\context $context) {
+        // This should not happen, but just in case.
+        if ($context->contextlevel != CONTEXT_MODULE) {
+            return;
+        }
+
+        $cm = get_coursemodule_from_id('h5pactivity', $context->instanceid);
+        if (!$cm) {
+            // Only h5pactivity module will be handled.
+            return;
+        }
+
+        self::delete_all_attempts($cm);
+    }
+
+    /**
+     * Delete all user data for the specified user, in the specified contexts.
+     *
+     * @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
+     */
+    public static function delete_data_for_user(approved_contextlist $contextlist) {
+
+        foreach ($contextlist as $context) {
+            if ($context->contextlevel != CONTEXT_MODULE) {
+                continue;
+            }
+
+            $cm = get_coursemodule_from_id('h5pactivity', $context->instanceid);
+            if (!$cm) {
+                // Only h5pactivity module will be handled.
+                continue;
+            }
+
+            $user = $contextlist->get_user();
+
+            self::delete_all_attempts($cm, $user);
+        }
+    }
+
+    /**
+     * Delete multiple users within a single context.
+     *
+     * @param   approved_userlist       $userlist The approved context and user information to delete information for.
+     */
+    public static function delete_data_for_users(approved_userlist $userlist) {
+
+        $context = $userlist->get_context();
+
+        if (!is_a($context, \context_module::class)) {
+            return;
+        }
+
+        $cm = get_coursemodule_from_id('h5pactivity', $context->instanceid);
+        if (!$cm) {
+            // Only h5pactivity module will be handled.
+            return;
+        }
+
+        $userids = $userlist->get_userids();
+
+        foreach ($userids as $userid) {
+            self::delete_all_attempts ($cm, (object)['id' => $userid]);
+        }
+    }
+
+    /**
+     * Wipe all attempt data for specific course_module and an optional user.
+     *
+     * @param stdClass $cm a course_module record
+     * @param stdClass $user a user record
+     */
+    private static function delete_all_attempts(stdClass $cm, stdClass $user = null): void {
+        global $DB;
+
+        $where = 'a.h5pactivityid = :h5pactivityid';
+        $conditions = ['h5pactivityid' => $cm->instance];
+        if (!empty($user)) {
+            $where .= ' AND a.userid = :userid';
+            $conditions['userid'] = $user->id;
+        }
+
+        $DB->delete_records_select('h5pactivity_attempts_results', "attemptid IN (
+                SELECT a.id
+                FROM {h5pactivity_attempts} a
+                WHERE $where)", $conditions);
+
+        $DB->delete_records('h5pactivity_attempts', $conditions);
+    }
 }
index 6c72080..a20f998 100644 (file)
@@ -49,6 +49,12 @@ $string['page-mod-h5pactivity-x'] = 'Any H5P module page';
 $string['pluginadministration'] = 'H5P administration';
 $string['pluginname'] = 'H5P activity';
 $string['previewmode'] = 'This content is displayed in preview mode. No attempt tracking will be stored.';
-$string['privacy:metadata'] = 'The H5P activity plugin does not store any personal data.';
+$string['privacy:metadata:attempt'] = 'The attempt number';
+$string['privacy:metadata:rawscore'] = 'The score obtained';
+$string['privacy:metadata:timecreated'] = 'The time when the tracked element was created';
+$string['privacy:metadata:timemodified'] = 'The last time element was tracked';
+$string['privacy:metadata:userid'] = 'The ID of the user who accessed the H5P activity';
+$string['privacy:metadata:xapi_track'] = 'Attempt tracking information';
+$string['privacy:metadata:xapi_track_results'] = 'Attempt results tracking information';
 $string['statement_received'] = 'xAPI statement received';
 $string['view'] = 'View';
diff --git a/mod/h5pactivity/tests/privacy_test.php b/mod/h5pactivity/tests/privacy_test.php
new file mode 100644 (file)
index 0000000..3359618
--- /dev/null
@@ -0,0 +1,333 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * mod_h5pactivity privacy tests
+ *
+ * @package    mod_h5pactivity
+ * @category   test
+ * @copyright  2020 Ferran Recio <ferran@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace mod_h5pactivity\privacy;
+
+defined('MOODLE_INTERNAL') || die();
+
+use \core_privacy\local\request\approved_contextlist;
+use \core_privacy\local\request\approved_userlist;
+use \core_privacy\local\request\writer;
+use \core_privacy\tests\provider_testcase;
+
+/**
+ * Privacy tests class for mod_h5pactivity.
+ *
+ * @package    mod_h5pactivity
+ * @category   test
+ * @copyright  2020 Ferran Recio <ferran@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class mod_h5pactivity_privacy_testcase extends provider_testcase {
+
+    /** @var stdClass User without any attempt. */
+    protected $student0;
+
+    /** @var stdClass User with some attempt. */
+    protected $student1;
+
+    /** @var stdClass User with some attempt. */
+    protected $student2;
+
+    /** @var context context_module of the H5P activity. */
+    protected $context;
+
+    /**
+     * Test getting the context for the user ID related to this plugin.
+     */
+    public function test_get_contexts_for_userid() {
+        $this->resetAfterTest(true);
+        $this->setAdminUser();
+        $this->h5pactivity_setup_test_scenario_data();
+
+        // The student0 hasn't any attempt.
+        $contextlist = provider::get_contexts_for_userid($this->student0->id);
+        $this->assertCount(0, (array) $contextlist->get_contextids());
+
+        // The student1 has data in the mod_h5pactivity context.
+        $contextlist = provider::get_contexts_for_userid($this->student1->id);
+        $this->assertCount(1, (array) $contextlist->get_contextids());
+        $this->assertContains($this->context->id, $contextlist->get_contextids());
+    }
+
+    /**
+     * Test getting the user IDs for the context related to this plugin.
+     */
+    public function test_get_users_in_context() {
+        $this->resetAfterTest(true);
+        $this->setAdminUser();
+        $this->h5pactivity_setup_test_scenario_data();
+        $component = 'mod_h5pactivity';
+
+        $userlist = new \core_privacy\local\request\userlist($this->context, $component);
+        provider::get_users_in_context($userlist);
+
+        // Students 1 and 2 have attempts in the H5P context, student 0 does not.
+        $this->assertCount(2, $userlist);
+
+        $expected = [$this->student1->id, $this->student2->id];
+        $actual = $userlist->get_userids();
+        sort($expected);
+        sort($actual);
+        $this->assertEquals($expected, $actual);
+    }
+
+    /**
+     * Test that data is exported correctly for this plugin.
+     */
+    public function test_export_user_data() {
+        $this->resetAfterTest(true);
+        $this->setAdminUser();
+        $this->h5pactivity_setup_test_scenario_data();
+        $component = 'mod_h5pactivity';
+
+        // Validate exported data for student0 (without any attempt).
+        $this->setUser($this->student0);
+        $writer = writer::with_context($this->context);
+
+        $this->export_context_data_for_user($this->student0->id, $this->context, $component);
+        $subcontextattempt1 = [
+            get_string('myattempts', 'mod_h5pactivity'),
+            get_string('attempt', 'mod_h5pactivity'). " 1"
+        ];
+        $data = $writer->get_data($subcontextattempt1);
+        $this->assertEmpty($data);
+
+        // Validate exported data for student1.
+        writer::reset();
+        $this->setUser($this->student1);
+        $writer = writer::with_context($this->context);
+        $this->assertFalse($writer->has_any_data());
+        $this->export_context_data_for_user($this->student1->id, $this->context, $component);
+
+        $data = $writer->get_data([]);
+        $this->assertEquals('H5P activity 1', $data->name);
+
+        $data = $writer->get_data($subcontextattempt1);
+        $this->assertCount(1, (array) $data);
+        $this->assertCount(3, (array) reset($data));
+        $subcontextattempt2 = [
+            get_string('myattempts', 'mod_h5pactivity'),
+            get_string('attempt', 'mod_h5pactivity'). " 2"
+        ];
+        $data = $writer->get_data($subcontextattempt2);
+        $this->assertCount(3, (array) reset($data));
+        // The student1 has only 1 tracked attempts.
+        $subcontextattempt3 = [
+            get_string('myattempts', 'mod_h5pactivity'),
+            get_string('attempt', 'mod_h5pactivity'). " 3"
+        ];
+        $data = $writer->get_data($subcontextattempt3);
+        $this->assertEmpty($data);
+    }
+
+    /**
+     * Test for provider::delete_data_for_all_users_in_context().
+     */
+    public function test_delete_data_for_all_users_in_context() {
+        global $DB;
+
+        $this->resetAfterTest(true);
+        $this->setAdminUser();
+        $this->h5pactivity_setup_test_scenario_data();
+
+        // Before deletion, we should have 4 entries in the attempts table.
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(4, $count);
+        // Before deletion, we should have 12 entries in the results table.
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(12, $count);
+
+        // Delete data based on the context.
+        provider::delete_data_for_all_users_in_context($this->context);
+
+        // After deletion, the attempts entries should have been deleted.
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(0, $count);
+        // After deletion, the results entries should have been deleted.
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(0, $count);
+    }
+
+    /**
+     * Test for provider::delete_data_for_user().
+     */
+    public function test_delete_data_for_user() {
+        global $DB;
+
+        $this->resetAfterTest(true);
+        $this->setAdminUser();
+        $this->h5pactivity_setup_test_scenario_data();
+
+        $params = ['userid' => $this->student1->id];
+
+        // Before deletion, we should have 4 entries in the attempts table.
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(4, $count);
+        // Before deletion, we should have 12 entries in the results table.
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(12, $count);
+
+        // Save student1 attempts ids.
+        $attemptsids = $DB->get_records_menu('h5pactivity_attempts', $params, '', 'attempt, id');
+        list($resultselect, $attemptids) = $DB->get_in_or_equal($attemptsids);
+        $resultselect = 'id ' . $resultselect;
+
+        $approvedcontextlist = new approved_contextlist($this->student1, 'h5pactivity', [$this->context->id]);
+        provider::delete_data_for_user($approvedcontextlist);
+
+        // After deletion, the h5pactivity_attempts entries for the first student should have been deleted.
+        $count = $DB->count_records('h5pactivity_attempts', $params);
+        $this->assertEquals(0, $count);
+
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(2, $count);
+        // After deletion, the results entries for the first student should have been deleted.
+        $count = $DB->count_records_select('h5pactivity_attempts_results', $resultselect, $attemptids);
+        $this->assertEquals(0, $count);
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(6, $count);
+
+        // Confirm that the h5pactivity hasn't been removed.
+        $h5pactivitycount = $DB->get_records('h5pactivity');
+        $this->assertCount(1, (array) $h5pactivitycount);
+
+        // Delete track for student0 (nothing has to be removed).
+        $approvedcontextlist = new approved_contextlist($this->student0, 'h5pactivity', [$this->context->id]);
+        provider::delete_data_for_user($approvedcontextlist);
+
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(2, $count);
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(6, $count);
+    }
+
+    /**
+     * Test for provider::delete_data_for_users().
+     */
+    public function test_delete_data_for_users() {
+        global $DB;
+        $component = 'mod_h5pactivity';
+
+        $this->resetAfterTest(true);
+        $this->setAdminUser();
+        // In this scenario we need a 3rd user to test batch deletion.
+        // Create student2 with 2 attempts.
+        $this->h5pactivity_setup_test_scenario_data(true);
+
+        // Before deletion, we should have 6 entries in the attempts table.
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(6, $count);
+        // Before deletion, we should have 18 entries in the results table.
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(18, $count);
+
+        // Save student1 and student2 attempts ids.
+        $params1 = ['userid' => $this->student1->id];
+        $attempts1ids = $DB->get_records_menu('h5pactivity_attempts', $params1, '', 'attempt, id');
+        $params2 = ['userid' => $this->student2->id];
+        $attempts2ids = $DB->get_records_menu('h5pactivity_attempts', $params2, '', 'attempt, id');
+        list($resultselect, $attemptids) = $DB->get_in_or_equal(array_merge($attempts1ids, $attempts2ids));
+        $resultselect = 'id ' . $resultselect;
+
+        // Delete student 1 ans 2 data, retain student 3 data.
+        $approveduserids = [$this->student1->id, $this->student2->id];
+        $approvedlist = new approved_userlist($this->context, $component, $approveduserids);
+        provider::delete_data_for_users($approvedlist);
+
+        // After deletion, the h5pactivity_attempts entries for student1 and student2 should have been deleted.
+        $count = $DB->count_records('h5pactivity_attempts', $params1);
+        $this->assertEquals(0, $count);
+        $count = $DB->count_records('h5pactivity_attempts', $params2);
+        $this->assertEquals(0, $count);
+
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(2, $count);
+        // After deletion, the results entries for the first and second student should have been deleted.
+        $count = $DB->count_records_select('h5pactivity_attempts_results', $resultselect, $attemptids);
+        $this->assertEquals(0, $count);
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(6, $count);
+
+        // Confirm that the h5pactivity hasn't been removed.
+        $h5pactivitycount = $DB->get_records('h5pactivity');
+        $this->assertCount(1, (array) $h5pactivitycount);
+
+        // Delete results track for student0 (nothing has to be removed).
+        $approveduserids = [$this->student0->id];
+        $approvedlist = new approved_userlist($this->context, $component, $approveduserids);
+        provider::delete_data_for_users($approvedlist);
+
+        $count = $DB->count_records('h5pactivity_attempts');
+        $this->assertEquals(2, $count);
+        $count = $DB->count_records('h5pactivity_attempts_results');
+        $this->assertEquals(6, $count);
+    }
+
+    /**
+     * Helper function to setup 3 users and 2 H5P attempts for student1 and student2.
+     * $this->student0 is always created without any attempt.
+     *
+     * @param bool $extrauser generate a 3rd user (default false).
+     */
+    protected function h5pactivity_setup_test_scenario_data(bool $extrauser = false): void {
+        global $DB;
+
+        $generator = $this->getDataGenerator();
+
+        $course = $this->getDataGenerator()->create_course();
+        $params = ['course' => $course];
+        $activity = $this->getDataGenerator()->create_module('h5pactivity', $params);
+        $cm = get_coursemodule_from_id('h5pactivity', $activity->cmid, 0, false, MUST_EXIST);
+        $this->context = \context_module::instance($activity->cmid);
+
+        // Users enrolments.
+        $studentrole = $DB->get_record('role', ['shortname' => 'student']);
+
+        $generator = $this->getDataGenerator()->get_plugin_generator('mod_h5pactivity');
+
+        // Create student0 withot any attempt.
+        $this->student0 = $this->getDataGenerator()->create_and_enrol($course, 'student');
+
+        // Create student1 with 2 attempts.
+        $this->student1 = $this->getDataGenerator()->create_and_enrol($course, 'student');
+        $params = ['cmid' => $cm->id, 'userid' => $this->student1->id];
+        $generator->create_content($activity, $params);
+        $generator->create_content($activity, $params);
+
+        // Create student2 with 2 attempts.
+        $this->student2 = $this->getDataGenerator()->create_and_enrol($course, 'student');
+        $params = ['cmid' => $cm->id, 'userid' => $this->student2->id];
+        $generator->create_content($activity, $params);
+        $generator->create_content($activity, $params);
+
+        if ($extrauser) {
+            $this->student3 = $this->getDataGenerator()->create_and_enrol($course, 'student');
+            $params = ['cmid' => $cm->id, 'userid' => $this->student3->id];
+            $generator->create_content($activity, $params);
+            $generator->create_content($activity, $params);
+        }
+    }
+}