MDL-61814 core_user: Implement privacy system for user.
authorAdrian Greeve <adrian@moodle.com>
Sun, 1 Apr 2018 04:06:27 +0000 (12:06 +0800)
committerAdrian Greeve <adrian@moodle.com>
Tue, 8 May 2018 03:44:37 +0000 (11:44 +0800)
lang/en/user.php [new file with mode: 0644]
user/classes/privacy/provider.php [new file with mode: 0644]
user/tests/privacy_test.php [new file with mode: 0644]

diff --git a/lang/en/user.php b/lang/en/user.php
new file mode 100644 (file)
index 0000000..8a4d933
--- /dev/null
@@ -0,0 +1,119 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Strings for component 'user', language 'en', branch 'MOODLE_20_STABLE'
+ *
+ * @package   core_user
+ * @copyright 2018 Adrian Greeve <adriangreeve.com>
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+$string['privacy:courserequestpath'] = 'Requested courses';
+$string['privacy:descriptionpath'] = 'Profile description';
+$string['privacy:devicespath'] = 'User devices';
+$string['privacy:draftfilespath'] = 'Draft files';
+$string['privacy:lastaccesspath'] = 'Last access to courses';
+$string['privacy:metadata:address'] = 'The address of the user.';
+$string['privacy:metadata:aim'] = 'The AIM identifier of the user.';
+$string['privacy:metadata:alternatename'] = 'An alternative name for the user.';
+$string['privacy:metadata:appid'] = 'The app id, usually something like com.moodle.moodlemobile';
+$string['privacy:metadata:auth'] = 'The authentication plugin used for this user record.';
+$string['privacy:metadata:autosubscribe'] = 'A preference as to if the user should be auto-subscribed to forums the user posts in.';
+$string['privacy:metadata:calendartype'] = 'A user preference for the type of calendar to use.';
+$string['privacy:metadata:category'] = 'The category identifier.';
+$string['privacy:metadata:city'] = 'The city of the user.';
+$string['privacy:metadata:confirmed'] = 'If this is an active user or not.';
+$string['privacy:metadata:country'] = 'The country that the user is in.';
+$string['privacy:metadata:courseid'] = 'An identifier for a course.';
+$string['privacy:metadata:currentlogin'] = 'The current login for this user.';
+$string['privacy:metadata:data'] = 'Data relating to the custom user field from the user.';
+$string['privacy:metadata:deleted'] = 'A flag to show if the user has been deleted or not.';
+$string['privacy:metadata:department'] = 'The department that this user can be found in.';
+$string['privacy:metadata:description'] = 'General details about this user.';
+$string['privacy:metadata:devicename'] = 'The device name, occam or iPhone etc..';
+$string['privacy:metadata:devicetablesummary'] = 'This table stores user\'s mobile devices information in order to send PUSH notifications';
+$string['privacy:metadata:email'] = 'An email address for contact.';
+$string['privacy:metadata:emailstop'] = 'A preference to stop email being sent to the user.';
+$string['privacy:metadata:fieldid'] = 'The ID relating to the custom user field.';
+$string['privacy:metadata:filelink'] = 'There are multiple different files for the user stored in the files table.';
+$string['privacy:metadata:firstaccess'] = 'The time that this user first accessed the site.';
+$string['privacy:metadata:firstip'] = 'The first IP address recorded';
+$string['privacy:metadata:firstname'] = 'The first name of the user.';
+$string['privacy:metadata:firstnamephonetic'] = 'The phonetic details about the user\'s first name.';
+$string['privacy:metadata:fullname'] = 'The fullname for this course.';
+$string['privacy:metadata:hash'] = 'A hash of a previous password.';
+$string['privacy:metadata:icq'] = 'The ICQ number of the user.';
+$string['privacy:metadata:id'] = 'The identifier for the user.';
+$string['privacy:metadata:idnumber'] = 'An identification number given by the institution.';
+$string['privacy:metadata:imagealt'] = 'Alternative text for the user\'s image.';
+$string['privacy:metadata:infotablesummary'] = 'Stores custom user information.';
+$string['privacy:metadata:institution'] = 'The institution that this user is a member of.';
+$string['privacy:metadata:lang'] = 'A user preference for the language shown.';
+$string['privacy:metadata:lastaccess'] = 'The time that the user last accessed the site.';
+$string['privacy:metadata:lastaccesstablesummary'] = 'Information about the last time a user accessed a course.';
+$string['privacy:metadata:lastip'] = 'The last IP address for the user.';
+$string['privacy:metadata:lastlogin'] = 'The last login of this user.';
+$string['privacy:metadata:lastname'] = 'The surname of the user.';
+$string['privacy:metadata:lastnamephonetic'] = 'The phonetic details about the user\'s surname.';
+$string['privacy:metadata:maildigest'] = 'A setting for the mail digest for this user.';
+$string['privacy:metadata:maildisplay'] = 'A preference for the user about displaying their email address to other users.';
+$string['privacy:metadata:middlename'] = 'The middle name of the user.';
+$string['privacy:metadata:mnethostid'] = 'An identifier for the mnet host if used.';
+$string['privacy:metadata:model'] = 'The device name, occam or iPhone etc..';
+$string['privacy:metadata:msn'] = 'The MSN identifier of the user.';
+$string['privacy:metadata:password'] = 'The password for this user to log into the system.';
+$string['privacy:metadata:passwordresettablesummary'] = 'A table tracking password reset confirmation tokens';
+$string['privacy:metadata:passwordtablesummary'] = 'A rotating log of hashes of previously used passwords for the user.';
+$string['privacy:metadata:phone'] = 'A phone number for the user.';
+$string['privacy:metadata:picture'] = 'The picture details associated with this user.';
+$string['privacy:metadata:platform'] = 'The device platform, Android or iOS etc';
+$string['privacy:metadata:policyagreed'] = 'A flag to determine if the user has agreed to the site policy.';
+$string['privacy:metadata:pushid'] = 'The device PUSH token/key/identifier/registration id';
+$string['privacy:metadata:reason'] = 'The reason for requesting this course.';
+$string['privacy:metadata:requester'] = 'An identifier to a user that requested this course.';
+$string['privacy:metadata:requestsummary'] = 'Stores information about requests for courses that users make.';
+$string['privacy:metadata:suspended'] = 'A flag to show if the user has been suspended on this system.';
+$string['privacy:metadata:username'] = 'The username for this user.';
+$string['privacy:metadata:secret'] = 'Secret.. not sure.';
+$string['privacy:metadata:sessdata'] = 'Session content';
+$string['privacy:metadata:sessiontablesummary'] = 'Database based session storage';
+$string['privacy:metadata:shortname'] = 'A short name for the course.';
+$string['privacy:metadata:sid'] = 'The session ID';
+$string['privacy:metadata:skype'] = 'The skype identifier of the user.';
+$string['privacy:metadata:state'] = '0 means a normal session';
+$string['privacy:metadata:summary'] = 'A description of the course.';
+$string['privacy:metadata:theme'] = 'A user preference for the theme to display.';
+$string['privacy:metadata:timeaccess'] = 'The time for access to the course.';
+$string['privacy:metadata:timecreated'] = 'The time this record was created.';
+$string['privacy:metadata:timemodified'] = 'The time this records was modified.';
+$string['privacy:metadata:timererequested'] = 'The time the user re-requested the password reset.';
+$string['privacy:metadata:timerequested'] = 'The time that the user first requested this password reset';
+$string['privacy:metadata:timezone'] = 'The timezone that the user resides in.';
+$string['privacy:metadata:token'] = 'secret set and emailed to user';
+$string['privacy:metadata:trackforums'] = 'A preference for forums and tracking them.';
+$string['privacy:metadata:trustbitmask'] = 'The trust bit mask';
+$string['privacy:metadata:yahoo'] = 'The yahoo identifier of the user.';
+$string['privacy:metadata:url'] = 'A URL related to this user.';
+$string['privacy:metadata:userid'] = 'The user ID linked to this table.';
+$string['privacy:metadata:usertablesummary'] = 'This table stores the main personal data about the user.';
+$string['privacy:metadata:uuid'] = 'The device vendor UUID';
+$string['privacy:metadata:version'] = 'The device version, 6.1.2, 4.2.2 etc..';
+$string['privacy:passwordhistorypath'] = 'Password history';
+$string['privacy:passwordresetpath'] = 'Password resets';
+$string['privacy:profileimagespath'] = 'Profile images';
+$string['privacy:privatefilespath'] = 'Private files';
+$string['privacy:sessionpath'] = 'Session data';
diff --git a/user/classes/privacy/provider.php b/user/classes/privacy/provider.php
new file mode 100644 (file)
index 0000000..1619f5c
--- /dev/null
@@ -0,0 +1,505 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Privacy class for requesting user data.
+ *
+ * @package    core_user
+ * @copyright  2018 Adrian Greeve <adrian@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace core_user\privacy;
+
+defined('MOODLE_INTERNAL') || die();
+
+use \core_privacy\local\metadata\collection;
+use \core_privacy\local\request\transform;
+use \core_privacy\local\request\contextlist;
+use \core_privacy\local\request\approved_contextlist;
+use \core_privacy\local\request\writer;
+
+/**
+ * Privacy class for requesting user data.
+ *
+ * @package    core_comment
+ * @copyright  2018 Adrian Greeve <adrian@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class provider implements \core_privacy\local\metadata\provider, \core_privacy\local\request\subsystem\provider {
+
+    /**
+     * Returns information about the user data stored in this component.
+     *
+     * @param  collection $collection A list of information about this component
+     * @return collection The collection object filled out with information about this component.
+     */
+    public static function get_metadata(collection $collection) : collection {
+        $userfields = [
+            'id' => 'privacy:metadata:id',
+            'auth' => 'privacy:metadata:auth',
+            'confirmed' => 'privacy:metadata:confirmed',
+            'policyagreed' => 'privacy:metadata:policyagreed',
+            'deleted' => 'privacy:metadata:deleted',
+            'suspended' => 'privacy:metadata:suspended',
+            'mnethostid' => 'privacy:metadata:mnethostid',
+            'username' => 'privacy:metadata:username',
+            'password' => 'privacy:metadata:password',
+            'idnumber' => 'privacy:metadata:idnumber',
+            'firstname' => 'privacy:metadata:firstname',
+            'lastname' => 'privacy:metadata:lastname',
+            'email' => 'privacy:metadata:email',
+            'emailstop' => 'privacy:metadata:emailstop',
+            'icq' => 'privacy:metadata:icq',
+            'skype' => 'privacy:metadata:skype',
+            'yahoo' => 'privacy:metadata:yahoo',
+            'aim' => 'privacy:metadata:aim',
+            'msn' => 'privacy:metadata:msn',
+            'phone1' => 'privacy:metadata:phone',
+            'phone2' => 'privacy:metadata:phone',
+            'institution' => 'privacy:metadata:institution',
+            'department' => 'privacy:metadata:department',
+            'address' => 'privacy:metadata:address',
+            'city' => 'privacy:metadata:city',
+            'country' => 'privacy:metadata:country',
+            'lang' => 'privacy:metadata:lang',
+            'calendartype' => 'privacy:metadata:calendartype',
+            'theme' => 'privacy:metadata:theme',
+            'timezone' => 'privacy:metadata:timezone',
+            'firstaccess' => 'privacy:metadata:firstaccess',
+            'lastaccess' => 'privacy:metadata:lastaccess',
+            'lastlogin' => 'privacy:metadata:lastlogin',
+            'currentlogin' => 'privacy:metadata:currentlogin',
+            'lastip' => 'privacy:metadata:lastip',
+            'secret' => 'privacy:metadata:secret',
+            'picture' => 'privacy:metadata:picture',
+            'url' => 'privacy:metadata:url',
+            'description' => 'privacy:metadata:description',
+            'maildigest' => 'privacy:metadata:maildigest',
+            'maildisplay' => 'privacy:metadata:maildisplay',
+            'autosubscribe' => 'privacy:metadata:autosubscribe',
+            'trackforums' => 'privacy:metadata:trackforums',
+            'timecreated' => 'privacy:metadata:timecreated',
+            'timemodified' => 'privacy:metadata:timemodified',
+            'trustbitmask' => 'privacy:metadata:trustbitmask',
+            'imagealt' => 'privacy:metadata:imagealt',
+            'lastnamephonetic' => 'privacy:metadata:lastnamephonetic',
+            'firstnamephonetic' => 'privacy:metadata:firstnamephonetic',
+            'middlename' => 'privacy:metadata:middlename',
+            'alternatename' => 'privacy:metadata:alternatename'
+        ];
+
+        $passwordhistory = [
+            'userid' => 'privacy:metadata:userid',
+            'hash' => 'privacy:metadata:hash',
+            'timecreated' => 'privacy:metadata:timecreated'
+        ];
+
+        $lastaccess = [
+            'userid' => 'privacy:metadata:userid',
+            'courseid' => 'privacy:metadata:courseid',
+            'timeaccess' => 'privacy:metadata:timeaccess'
+        ];
+
+        $userpasswordresets = [
+            'userid' => 'privacy:metadata:userid',
+            'timerequested' => 'privacy:metadata:timerequested',
+            'timererequested' => 'privacy:metadata:timererequested',
+            'token' => 'privacy:metadata:token'
+        ];
+
+        $userdevices = [
+            'userid' => 'privacy:metadata:userid',
+            'appid' => 'privacy:metadata:appid',
+            'name' => 'privacy:metadata:devicename',
+            'model' => 'privacy:metadata:model',
+            'platform' => 'privacy:metadata:platform',
+            'version' => 'privacy:metadata:version',
+            'pushid' => 'privacy:metadata:pushid',
+            'uuid' => 'privacy:metadata:uuid',
+            'timecreated' => 'privacy:metadata:timecreated',
+            'timemodified' => 'privacy:metadata:timemodified'
+        ];
+
+        $usersessions = [
+            'state' => 'privacy:metadata:state',
+            'sid' => 'privacy:metadata:sid',
+            'userid' => 'privacy:metadata:userid',
+            'sessdata' => 'privacy:metadata:sessdata',
+            'timecreated' => 'privacy:metadata:timecreated',
+            'timemodified' => 'privacy:metadata:timemodified',
+            'firstip' => 'privacy:metadata:firstip',
+            'lastip' => 'privacy:metadata:lastip'
+        ];
+
+        $courserequest = [
+            'fullname' => 'privacy:metadata:fullname',
+            'shortname' => 'privacy:metadata:shortname',
+            'summary' => 'privacy:metadata:summary',
+            'category' => 'privacy:metadata:category',
+            'reason' => 'privacy:metadata:reason',
+            'requester' => 'privacy:metadata:requester'
+        ];
+
+        $collection->add_database_table('user', $userfields, 'privacy:metadata:usertablesummary');
+        $collection->add_database_table('user_password_history', $passwordhistory, 'privacy:metadata:passwordtablesummary');
+        $collection->add_database_table('user_password_resets', $userpasswordresets, 'privacy:metadata:passwordresettablesummary');
+        $collection->add_database_table('user_lastaccess', $lastaccess, 'privacy:metadata:lastaccesstablesummary');
+        $collection->add_database_table('user_devices', $userdevices, 'privacy:metadata:devicetablesummary');
+        $collection->add_database_table('course_request', $courserequest, 'privacy:metadata:requestsummary');
+        $collection->add_database_table('sessions', $usersessions, 'privacy:metadata:sessiontablesummary');
+        $collection->add_subsystem_link('core_files', [], 'privacy:metadata:filelink');
+
+        return $collection;
+    }
+
+    /**
+     * Get the list of contexts that contain user information for the specified user.
+     *
+     * @param   int $userid The user to search.
+     * @return  contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
+     */
+    public static function get_contexts_for_userid(int $userid) : contextlist {
+        $params = ['userid' => $userid, 'contextuser' => CONTEXT_USER];
+        $sql = "SELECT id
+                  FROM {context}
+                 WHERE instanceid = :userid and contextlevel = :contextuser";
+        $contextlist = new contextlist();
+        $contextlist->add_from_sql($sql, $params);
+        return $contextlist;
+    }
+
+    /**
+     * Export all user data for the specified user, in the specified contexts.
+     *
+     * @param approved_contextlist $contextlist The approved contexts to export information for.
+     */
+    public static function export_user_data(approved_contextlist $contextlist) {
+        $context = $contextlist->current();
+        $user = \core_user::get_user($contextlist->get_user()->id);
+        static::export_user($user, $context);
+        static::export_password_history($user->id, $context);
+        static::export_password_resets($user->id, $context);
+        static::export_lastaccess($user->id, $context);
+        static::export_course_requests($user->id, $context);
+        static::export_user_devices($user->id, $context);
+        static::export_user_session_data($user->id, $context);
+    }
+
+    /**
+     * Delete all data for all users in the specified context.
+     *
+     * @param context $context The specific context to delete data for.
+     */
+    public static function delete_data_for_all_users_in_context(\context $context) {
+        // Only delete data for a user context.
+        if ($context->contextlevel == CONTEXT_USER) {
+            static::delete_user_data($context->instanceid, $context);
+        }
+    }
+
+    /**
+     * Delete all user data for the specified user, in the specified contexts.
+     *
+     * @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
+     */
+    public static function delete_data_for_user(approved_contextlist $contextlist) {
+        foreach ($contextlist as $context) {
+            // Let's be super certain that we have the right information for this user here.
+            if ($context->contextlevel == CONTEXT_USER && $contextlist->get_user()->id == $context->instanceid) {
+                static::delete_user_data($contextlist->get_user()->id, $contextlist->current());
+            }
+        }
+    }
+
+    /**
+     * Deletes non vital information about a user.
+     *
+     * @param  int      $userid  The user ID to delete
+     * @param  \context $context The user context
+     */
+    protected static function delete_user_data(int $userid, \context $context) {
+        global $DB;
+
+        // Delete password history.
+        $DB->delete_records('user_password_history', ['userid' => $userid]);
+        // Delete last access.
+        $DB->delete_records('user_lastaccess', ['userid' => $userid]);
+        // Delete password resets.
+        $DB->delete_records('user_password_resets', ['userid' => $userid]);
+        // Delete user devices.
+        $DB->delete_records('user_devices', ['userid' => $userid]);
+        // Delete user course requests.
+        $DB->delete_records('course_request', ['requester' => $userid]);
+        // Delete sessions.
+        $DB->delete_records('sessions', ['userid' => $userid]);
+        // Do I delete user preferences? Seems like the right place to do it.
+        $DB->delete_records('user_preferences', ['userid' => $userid]);
+
+        // Delete all of the files for this user.
+        $fs = get_file_storage();
+        $fs->delete_area_files($context->id, 'user');
+
+        // For the user record itself we only want to remove unnecessary data. We still need the core data to keep as a record
+        // that we actually did follow the request to be forgotten.
+        $user = \core_user::get_user($userid);
+        // Update fields we wish to change to nothing.
+        $user->deleted = 1;
+        $user->idnumber = '';
+        $user->emailstop = 0;
+        $user->icq = '';
+        $user->skype = '';
+        $user->yahoo = '';
+        $user->aim = '';
+        $user->msn = '';
+        $user->phone1 = '';
+        $user->phone2 = '';
+        $user->institution = '';
+        $user->department = '';
+        $user->address = '';
+        $user->city = '';
+        $user->country = '';
+        $user->lang = '';
+        $user->calendartype = '';
+        $user->theme = '';
+        $user->timezone = '';
+        $user->firstaccess = 0;
+        $user->lastaccess = 0;
+        $user->lastlogin = 0;
+        $user->currentlogin = 0;
+        $user->lastip = 0;
+        $user->secret = '';
+        $user->picture = '';
+        $user->url = '';
+        $user->description = '';
+        $user->descriptionformat = 0;
+        $user->mailformat = 0;
+        $user->maildigest = 0;
+        $user->maildisplay = 0;
+        $user->autosubscribe = 0;
+        $user->trackforums = 0;
+        $user->timecreated = 0;
+        $user->timemodified = 0;
+        $user->trustbitmask = 0;
+        $user->imagealt = '';
+        $user->lastnamephonetic = '';
+        $user->firstnamephonetic = '';
+        $user->middlename = '';
+        $user->alternatename = '';
+        $DB->update_record('user', $user);
+    }
+
+    /**
+     * Export core user data.
+     *
+     * @param  \stdClass $user The user object.
+     * @param  \context $context The user context.
+     */
+    protected static function export_user(\stdClass $user, \context $context) {
+        $data = (object) [
+            'auth' => $user->auth,
+            'confirmed' => transform::yesno($user->confirmed),
+            'policyagreed' => transform::yesno($user->policyagreed),
+            'deleted' => transform::yesno($user->deleted),
+            'suspended' => transform::yesno($user->suspended),
+            'username' => $user->username,
+            'idnumber' => $user->idnumber,
+            'firstname' => format_string($user->firstname, true, ['context' => $context]),
+            'lastname' => format_string($user->lastname, true, ['context' => $context]),
+            'email' => $user->email,
+            'emailstop' => transform::yesno($user->emailstop),
+            'icq' => format_string($user->icq, true, ['context' => $context]),
+            'skype' => format_string($user->skype, true, ['context' => $context]),
+            'yahoo' => format_string($user->yahoo, true, ['context' => $context]),
+            'aim' => format_string($user->aim, true, ['context' => $context]),
+            'msn' => format_string($user->msn, true, ['context' => $context]),
+            'phone1' => format_string($user->phone1, true, ['context' => $context]),
+            'phone2' => format_string($user->phone2, true, ['context' => $context]),
+            'institution' => format_string($user->institution, true, ['context' => $context]),
+            'department' => format_string($user->department, true, ['context' => $context]),
+            'address' => format_string($user->address, true, ['context' => $context]),
+            'city' => format_string($user->city, true, ['context' => $context]),
+            'country' => format_string($user->country, true, ['context' => $context]),
+            'lang' => $user->lang,
+            'calendartype' => $user->calendartype,
+            'theme' => $user->theme,
+            'timezone' => $user->timezone,
+            'firstaccess' => transform::datetime($user->firstaccess),
+            'lastaccess' => transform::datetime($user->lastaccess),
+            'lastlogin' => transform::datetime($user->lastlogin),
+            'currentlogin' => $user->currentlogin,
+            'lastip' => $user->lastip,
+            'secret' => $user->secret,
+            'picture' => $user->picture,
+            'url' => $user->url,
+            'description' => format_text($user->description, $user->descriptionformat, ['context' => $context]),
+            'maildigest' => transform::yesno($user->maildigest),
+            'maildisplay' => $user->maildisplay,
+            'autosubscribe' => transform::yesno($user->autosubscribe),
+            'trackforums' => transform::yesno($user->trackforums),
+            'timecreated' => transform::datetime($user->timecreated),
+            'timemodified' => transform::datetime($user->timemodified),
+            'imagealt' => format_string($user->imagealt, true, ['context' => $context]),
+            'lastnamephonetic' => format_string($user->lastnamephonetic, true, ['context' => $context]),
+            'firstnamephonetic' => format_string($user->firstnamephonetic, true, ['context' => $context]),
+            'middlename' => format_string($user->middlename, true, ['context' => $context]),
+            'alternatename'  => format_string($user->alternatename, true, ['context' => $context])
+        ];
+        if (isset($data->description)) {
+            $data->description = writer::with_context($context)->rewrite_pluginfile_urls(
+                    [get_string('privacy:descriptionpath', 'user')], 'user', 'profile', '', $data->description);
+        }
+        writer::with_context($context)->export_area_files([], 'user', 'profile', 0)
+                ->export_data([], $data);
+        // Export profile images.
+        writer::with_context($context)->export_area_files([get_string('privacy:profileimagespath', 'user')], 'user', 'icon', 0);
+        // Export private files.
+        writer::with_context($context)->export_area_files([get_string('privacy:privatefilespath', 'user')], 'user', 'private', 0);
+        // Export draft files.
+        writer::with_context($context)->export_area_files([get_string('privacy:draftfilespath', 'user')], 'user', 'draft', false);
+    }
+
+    /**
+     * Export information about the last time a user accessed a course.
+     *
+     * @param  int $userid The user ID.
+     * @param  \context $context The user context.
+     */
+    protected static function export_lastaccess(int $userid, \context $context) {
+        global $DB;
+        $sql = "SELECT c.id, c.fullname, ul.timeaccess
+                  FROM {user_lastaccess} ul
+                  JOIN {course} c ON c.id = ul.courseid
+                 WHERE ul.userid = :userid";
+        $params = ['userid' => $userid];
+        $records = $DB->get_records_sql($sql, $params);
+        if (!empty($records)) {
+            $lastaccess = (object) array_map(function($record) use ($context) {
+                return [
+                    'course_name' => format_string($record->fullname, true, ['context' => $context]),
+                    'timeaccess' => transform::datetime($record->timeaccess)
+                ];
+            }, $records);
+            writer::with_context($context)->export_data([get_string('privacy:lastaccesspath', 'user')], $lastaccess);
+        }
+    }
+
+    /**
+     * Exports information about password resets.
+     *
+     * @param  int $userid The user ID
+     * @param  \context $context Context for this user.
+     */
+    protected static function export_password_resets(int $userid, \context $context) {
+        global $DB;
+        $records = $DB->get_records('user_password_resets', ['userid' => $userid]);
+        if (!empty($records)) {
+            $passwordresets = (object) array_map(function($record) {
+                return [
+                    'timerequested' => transform::datetime($record->timerequested),
+                    'timererequested' => transform::datetime($record->timererequested)
+                ];
+            }, $records);
+            writer::with_context($context)->export_data([get_string('privacy:passwordresetpath', 'user')], $passwordresets);
+        }
+    }
+
+    /**
+     * Exports information about the user's mobile devices.
+     *
+     * @param  int $userid The user ID.
+     * @param  \context $context Context for this user.
+     */
+    protected static function export_user_devices(int $userid, \context $context) {
+        global $DB;
+        $records = $DB->get_records('user_devices', ['userid' => $userid]);
+        if (!empty($records)) {
+            $userdevices = (object) array_map(function($record) {
+                return [
+                    'appid' => $record->appid,
+                    'name' => $record->name,
+                    'model' => $record->model,
+                    'platform' => $record->platform,
+                    'version' => $record->version,
+                    'timecreated' => transform::datetime($record->timecreated),
+                    'timemodified' => transform::datetime($record->timemodified)
+                ];
+            }, $records);
+            writer::with_context($context)->export_data([get_string('privacy:devicespath', 'user')], $userdevices);
+        }
+    }
+
+    /**
+     * Exports information about course requests this user made.
+     *
+     * @param  int    $userid  The user ID.
+     * @param  \context $context The context object
+     */
+    protected static function export_course_requests(int $userid, \context $context) {
+        global $DB;
+        $sql = "SELECT cr.shortname, cr.fullname, cr.summary, cc.name AS category, cr.reason
+                  FROM {course_request} cr
+                  JOIN {course_categories} cc ON cr.category = cc.id
+                 WHERE cr.requester = :userid";
+        $params = ['userid' => $userid];
+        $records = $DB->get_records_sql($sql, $params);
+        if ($records) {
+            writer::with_context($context)->export_data([get_string('privacy:courserequestpath', 'user')], (object) $records);
+        }
+    }
+
+    /**
+     * Get details about the user's password history.
+     *
+     * @param int $userid The user ID that we are getting the password history for.
+     * @param \context $context the user context.
+     */
+    protected static function export_password_history(int $userid, \context $context) {
+        global $DB;
+
+        // Just provide a count of how many entries we have.
+        $recordcount = $DB->count_records('user_password_history', ['userid' => $userid]);
+        if ($recordcount) {
+            $passwordhistory = (object) ['password_history_count' => $recordcount];
+            writer::with_context($context)->export_data([get_string('privacy:passwordhistorypath', 'user')], $passwordhistory);
+        }
+    }
+
+    /**
+     * Exports information about the user's session.
+     *
+     * @param  int $userid The user ID.
+     * @param  \context $context The context for this user.
+     */
+    protected static function export_user_session_data(int $userid, \context $context) {
+        global $DB, $SESSION;
+
+        $records = $DB->get_records('sessions', ['userid' => $userid]);
+        if (!empty($records)) {
+            $sessiondata = (object) array_map(function($record) {
+                return [
+                    'state' => $record->state,
+                    'sessdata' => base64_decode($record->sessdata),
+                    'timecreated' => transform::datetime($record->timecreated),
+                    'timemodified' => transform::datetime($record->timemodified),
+                    'firstip' => $record->firstip,
+                    'lastip' => $record->lastip
+                ];
+            }, $records);
+            writer::with_context($context)->export_data([get_string('privacy:sessionpath', 'user')], $sessiondata);
+        }
+    }
+}
diff --git a/user/tests/privacy_test.php b/user/tests/privacy_test.php
new file mode 100644 (file)
index 0000000..bdd6643
--- /dev/null
@@ -0,0 +1,373 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+/**
+ * Privacy tests for core_user.
+ *
+ * @package    core_user
+ * @category   test
+ * @copyright  2018 Adrian Greeve <adrian@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+global $CFG;
+
+use \core_privacy\tests\provider_testcase;
+
+require_once($CFG->dirroot . "/user/lib.php");
+
+/**
+ * Unit tests for core_user.
+ *
+ * @copyright  2018 Adrian Greeve <adrian@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class core_user_privacy_testcase extends provider_testcase {
+
+    /**
+     * Check that context information is returned correctly.
+     */
+    public function test_get_contexts_for_userid() {
+        $this->resetAfterTest();
+        $user = $this->getDataGenerator()->create_user();
+        // Create some other users as well.
+        $user2 = $this->getDataGenerator()->create_user();
+        $user3 = $this->getDataGenerator()->create_user();
+
+        $context = context_user::instance($user->id);
+        $contextlist = \core_user\privacy\provider::get_contexts_for_userid($user->id);
+        $this->assertSame($context, $contextlist->current());
+    }
+
+    /**
+     * Test that data is exported as expected for a user.
+     */
+    public function test_export_user_data() {
+        $this->resetAfterTest();
+        $user = $this->getDataGenerator()->create_user();
+        $course = $this->getDataGenerator()->create_course();
+        $context = \context_user::instance($user->id);
+
+        $this->create_data_for_user($user, $course);
+
+        $approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'core_user', [$context->id]);
+
+        $writer = \core_privacy\local\request\writer::with_context($context);
+        \core_user\privacy\provider::export_user_data($approvedlist);
+
+        // Make sure that the password history only returns a count.
+        $history = $writer->get_data([get_string('privacy:passwordhistorypath', 'user')]);
+        $objectcount = new ArrayObject($history);
+        // This object should only have one property.
+        $this->assertCount(1, $objectcount);
+        $this->assertEquals(1, $history->password_history_count);
+
+        // Password resets should have two fields - timerequested and timererequested.
+        $resetarray = (array) $writer->get_data([get_string('privacy:passwordresetpath', 'user')]);
+        $detail = array_shift($resetarray);
+        $this->assertTrue(array_key_exists('timerequested', $detail));
+        $this->assertTrue(array_key_exists('timererequested', $detail));
+
+        // Last access to course.
+        $lastcourseaccess = (array) $writer->get_data([get_string('privacy:lastaccesspath', 'user')]);
+        $entry = array_shift($lastcourseaccess);
+        $this->assertEquals($course->fullname, $entry['course_name']);
+        $this->assertTrue(array_key_exists('timeaccess', $entry));
+
+        // User devices.
+        $userdevices = (array) $writer->get_data([get_string('privacy:devicespath', 'user')]);
+        $entry = array_shift($userdevices);
+        $this->assertEquals('com.moodle.moodlemobile', $entry['appid']);
+        // Make sure these fields are not exported.
+        $this->assertFalse(array_key_exists('pushid', $entry));
+        $this->assertFalse(array_key_exists('uuid', $entry));
+
+        // Session data.
+        $sessiondata = (array) $writer->get_data([get_string('privacy:sessionpath', 'user')]);
+        $entry = array_shift($sessiondata);
+        // Make sure that the sid is not exported.
+        $this->assertFalse(array_key_exists('sid', $entry));
+        // Check that some of the other fields are present.
+        $this->assertTrue(array_key_exists('state', $entry));
+        $this->assertTrue(array_key_exists('sessdata', $entry));
+        $this->assertTrue(array_key_exists('timecreated', $entry));
+
+        // Course requests
+        $courserequestdata = (array) $writer->get_data([get_string('privacy:courserequestpath', 'user')]);
+        $entry = array_shift($courserequestdata);
+        // Make sure that the password is not exported.
+        $this->assertFalse(array_key_exists('password', $entry));
+        // Check that some of the other fields are present.
+        $this->assertTrue(array_key_exists('fullname', $entry));
+        $this->assertTrue(array_key_exists('shortname', $entry));
+        $this->assertTrue(array_key_exists('summary', $entry));
+
+         // User details.
+        $userdata = (array) $writer->get_data([]);
+        // Check that the password is not exported.
+        $this->assertFalse(array_key_exists('password', $userdata));
+        // Check that some critical fields exist.
+        $this->assertTrue(array_key_exists('firstname', $userdata));
+        $this->assertTrue(array_key_exists('lastname', $userdata));
+        $this->assertTrue(array_key_exists('email', $userdata));
+    }
+
+    /**
+     * Test that user data is deleted for one user.
+     */
+    public function test_delete_data_for_all_users_in_context() {
+        global $DB;
+        $this->resetAfterTest();
+        $user = $this->getDataGenerator()->create_user([
+            'idnumber' => 'A0023',
+            'emailstop' => 1,
+            'icq' => 'aksdjf98',
+            'phone1' => '555 3257',
+            'institution' => 'test',
+            'department' => 'Science',
+            'city' => 'Perth',
+            'country' => 'au'
+        ]);
+        $user2 = $this->getDataGenerator()->create_user();
+        $course = $this->getDataGenerator()->create_course();
+
+        $this->create_data_for_user($user, $course);
+        $this->create_data_for_user($user2, $course);
+
+        \core_user\privacy\provider::delete_data_for_all_users_in_context(context_user::instance($user->id));
+
+        // These tables should not have any user data for $user. Only for $user2.
+        $records = $DB->get_records('user_password_history');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+        $records = $DB->get_records('user_password_resets');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+        $records = $DB->get_records('user_lastaccess');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+        $records = $DB->get_records('user_devices');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+
+        // Now check that there is still a record for the deleted user, but that non-critical information is removed.
+        $record = $DB->get_record('user', ['id' => $user->id]);
+        $this->assertEmpty($record->idnumber);
+        $this->assertEmpty($record->emailstop);
+        $this->assertEmpty($record->icq);
+        $this->assertEmpty($record->phone1);
+        $this->assertEmpty($record->institution);
+        $this->assertEmpty($record->department);
+        $this->assertEmpty($record->city);
+        $this->assertEmpty($record->country);
+        $this->assertEmpty($record->timezone);
+        $this->assertEmpty($record->timecreated);
+        $this->assertEmpty($record->timemodified);
+        $this->assertEmpty($record->firstnamephonetic);
+        // Check for critical fields.
+        // Deleted should now be 1.
+        $this->assertEquals(1, $record->deleted);
+        $this->assertEquals($user->id, $record->id);
+        $this->assertEquals($user->username, $record->username);
+        $this->assertEquals($user->password, $record->password);
+        $this->assertEquals($user->firstname, $record->firstname);
+        $this->assertEquals($user->lastname, $record->lastname);
+        $this->assertEquals($user->email, $record->email);
+    }
+
+    /**
+     * Test that user data is deleted for one user.
+     */
+    public function test_delete_data_for_user() {
+        global $DB;
+        $this->resetAfterTest();
+        $user = $this->getDataGenerator()->create_user([
+            'idnumber' => 'A0023',
+            'emailstop' => 1,
+            'icq' => 'aksdjf98',
+            'phone1' => '555 3257',
+            'institution' => 'test',
+            'department' => 'Science',
+            'city' => 'Perth',
+            'country' => 'au'
+        ]);
+        $user2 = $this->getDataGenerator()->create_user();
+        $course = $this->getDataGenerator()->create_course();
+
+        $this->create_data_for_user($user, $course);
+        $this->create_data_for_user($user2, $course);
+
+        // Provide multiple different context to check that only the correct user is deleted.
+        $contexts = [context_user::instance($user->id)->id, context_user::instance($user2->id)->id, context_system::instance()->id];
+        $approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'core_user', $contexts);
+
+        \core_user\privacy\provider::delete_data_for_user($approvedlist);
+
+        // These tables should not have any user data for $user. Only for $user2.
+        $records = $DB->get_records('user_password_history');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+        $records = $DB->get_records('user_password_resets');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+        $records = $DB->get_records('user_lastaccess');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+        $records = $DB->get_records('user_devices');
+        $this->assertCount(1, $records);
+        $data = array_shift($records);
+        $this->assertNotEquals($user->id, $data->userid);
+        $this->assertEquals($user2->id, $data->userid);
+
+        // Now check that there is still a record for the deleted user, but that non-critical information is removed.
+        $record = $DB->get_record('user', ['id' => $user->id]);
+        $this->assertEmpty($record->idnumber);
+        $this->assertEmpty($record->emailstop);
+        $this->assertEmpty($record->icq);
+        $this->assertEmpty($record->phone1);
+        $this->assertEmpty($record->institution);
+        $this->assertEmpty($record->department);
+        $this->assertEmpty($record->city);
+        $this->assertEmpty($record->country);
+        $this->assertEmpty($record->timezone);
+        $this->assertEmpty($record->timecreated);
+        $this->assertEmpty($record->timemodified);
+        $this->assertEmpty($record->firstnamephonetic);
+        // Check for critical fields.
+        // Deleted should now be 1.
+        $this->assertEquals(1, $record->deleted);
+        $this->assertEquals($user->id, $record->id);
+        $this->assertEquals($user->username, $record->username);
+        $this->assertEquals($user->password, $record->password);
+        $this->assertEquals($user->firstname, $record->firstname);
+        $this->assertEquals($user->lastname, $record->lastname);
+        $this->assertEquals($user->email, $record->email);
+    }
+
+    /**
+     * Create user data for a user.
+     *
+     * @param  stdClass $user A user object.
+     * @param  stdClass $course A course.
+     */
+    protected function create_data_for_user($user, $course) {
+        global $DB;
+        $this->resetAfterTest();
+        // Last course access.
+        $lastaccess = (object) [
+            'userid' => $user->id,
+            'courseid' => $course->id,
+            'timeaccess' => time() - DAYSECS
+        ];
+        $DB->insert_record('user_lastaccess', $lastaccess);
+
+        // Password history.
+        $history = (object) [
+            'userid' => $user->id,
+            'hash' => 'HID098djJUU',
+            'timecreated' => time()
+        ];
+        $DB->insert_record('user_password_history', $history);
+
+        // Password resets.
+        $passwordreset = (object) [
+            'userid' => $user->id,
+            'timerequested' => time(),
+            'timererequested' => time(),
+            'token' => $this->generate_random_string()
+        ];
+        $DB->insert_record('user_password_resets', $passwordreset);
+
+        // User mobile devices.
+        $userdevices = (object) [
+            'userid' => $user->id,
+            'appid' => 'com.moodle.moodlemobile',
+            'name' => 'occam',
+            'model' => 'Nexus 4',
+            'platform' => 'Android',
+            'version' => '4.2.2',
+            'pushid' => 'kishUhd',
+            'uuid' => 'KIhud7s',
+            'timecreated' => time(),
+            'timemodified' => time()
+        ];
+        $DB->insert_record('user_devices', $userdevices);
+
+        // Course request.
+        $courserequest = (object) [
+            'fullname' => 'Test Course',
+            'shortname' => 'TC',
+            'summary' => 'Summary of course',
+            'summaryformat' => 1,
+            'category' => 1,
+            'reason' => 'Because it would be nice.',
+            'requester' => $user->id,
+            'password' => ''
+        ];
+        $DB->insert_record('course_request', $courserequest);
+
+        // User session table data.
+        $usersessions = (object) [
+            'state' => 0,
+            'sid' => $this->generate_random_string(), // Needs a unique id.
+            'userid' => $user->id,
+            'sessdata' => 'Nothing',
+            'timecreated' => time(),
+            'timemodified' => time(),
+            'firstip' => '0.0.0.0',
+            'lastip' => '0.0.0.0'
+        ];
+        $DB->insert_record('sessions', $usersessions);
+    }
+
+    /**
+     * Create a random string.
+     *
+     * @param  integer $length length of the string to generate.
+     * @return string A random string.
+     */
+    protected function generate_random_string($length = 6) {
+        $response = '';
+        $source = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+
+        if ($length > 0) {
+
+            $response = '';
+            $source = str_split($source, 1);
+
+            for ($i = 1; $i <= $length; $i++) {
+                $num = mt_rand(1, count($source));
+                $response .= $source[$num - 1];
+            }
+        }
+
+        return $response;
+    }
+}