The documentation indicates that there are two functions to implement. The delete_data_for_all_users_in_context handles deleting all users' data for a provided context when a defined retention period has expired. The retention period is part of the new privacy settings. The delete_data_for_user handles deleting user data for the provided contexts, when a user has requested to be forgotten.
Looking at the examples in the documentation and in the two modules I have been referring to, forum and choice, these functions determine the data records that need to be deleted and then delete them from the database. Doing it this way, instead of using a specific module's API, seems odd to me. I would have thought using the module API would be safer. But it also means that the data is deleted without leaving information about why and how it was deleted. Most API's would log a deleting event in order to have accountability for the activity. It's possible that logging this deletion violates the GDPR's "forget me" policy? I will need to look into this.
For now, I'll follow the same strategy, and create the record deletion code in these functions.
Continuing with my simplified example, using only the attempts table, these functions are very straightforward. The delete_data_for_all_users_in_context function needs to delete all of the questionnaire_attempts records with the questionnaire id of the context passed into the function. So, the code looks like this:
The delete_data_for_user function needs to delete all data for each provided context for the specified user. The parameter passed in is a new structure, \core_privacy\local\request\approved_contextlist, which contains the user and the context information we need. It provides methods to get the user and context information. Knowing that, the code becomes very similar to the previous function, except that it will delete all of the attempt records with the contexts' questionnaire id's and the specified user id. The code looks like this:public static function delete_data_for_all_users_in_context(\context $context) { global $DB; if (!($context instanceof \context_module)) { return; } if ($cm = get_coursemodule_from_id('questionnaire', $context->instanceid)) { $DB->delete_records('questionnaire_attempts', ['qid' => $cm->instance]); } }
To test these functions, I get the script provided from the Privacy API Utilities. Executing this function allows me to specify a username which will have its data removed. Before I execute this on my test site, I backup a copy of the database. My functions are not complete at the moment and will only delete the "attempts" record, leaving other data intact. If my functions work, I can restore the database afterward.public static function delete_data_for_user(\core_privacy\local\request\approved_contextlist $contextlist) { global $DB; if (empty($contextlist->count())) { return; } $userid = $contextlist->get_user()->id; foreach ($contextlist->get_contexts() as $context) { if (!($context instanceof \context_module)) { continue; } if ($cm = get_coursemodule_from_id('questionnaire', $context->instanceid)) { $DB->delete_records('questionnaire_attempts', ['qid' => $cm->instance, 'userid' => $userid]); } } }
Executing the test script, shows a lot of output. Searching through that output, I find:
Processing mod_questionnaire (42/515) (Monday, 4 June 2018, 8:44 pm)which is good. And, when I check the questionnaire_attempts data table, I see that the records for that user have indeed been deleted. Looks like this part of the API is working.
Now that I have the basic version working, I'll go back and make sure I do the complete job.
Looking ahead, I may need to learn about subcontexts, which are used in the forum provider. On the API documentation page, you can see it referred to. I believe its the key concept in creating the directory like structure of an export, as shown in the image below:
Stay tuned for Part 4, where I will determine if this is needed, and figure out how to do it.
No comments:
Post a Comment