moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 17:06:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-67788 mod_h5pactivity: update activity attempt privacy

Browse source
This commit is contained in:
Ferran Recio 2020-03-27 10:44:30 +01:00
parent 0aeec79a2a
commit 6cdf1d76ff
3 changed files with 614 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

275
mod/h5pactivity/classes/privacy/provider.php
View file

@ -25,6 +25,16 @@
namespace mod_h5pactivity\privacy;
use core_privacy\local\metadata\collection;
use core_privacy\local\request\approved_contextlist;
use core_privacy\local\request\approved_userlist;
use core_privacy\local\request\contextlist;
use core_privacy\local\request\helper;
use core_privacy\local\request\transform;
use core_privacy\local\request\userlist;
use core_privacy\local\request\writer;
use stdClass;
defined('MOODLE_INTERNAL') || die();
/**
@ -33,7 +43,11 @@ defined('MOODLE_INTERNAL') || die();
* @copyright 2020 Ferran Recio <ferran@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements \core_privacy\local\metadata\null_provider {
class provider implements
\core_privacy\local\metadata\provider,
\core_privacy\local\request\core_userlist_provider,
\core_privacy\local\request\plugin\provider {
/**
* Get the language string identifier with the component's language
* file to explain why this plugin stores no data.
@ -43,4 +57,263 @@ class provider implements \core_privacy\local\metadata\null_provider {
public static function get_reason() : string {
return 'privacy:metadata';
}
/**
* Return the fields which contain personal data.
*
* @param collection $collection The initialised collection to add items to.
* @return collection A listing of user data stored through this system.
*/
public static function get_metadata(collection $collection) : collection {
$collection->add_database_table('h5pactivity_attempts', [
'userid' => 'privacy:metadata:userid',
'attempt' => 'privacy:metadata:attempt',
'timecreated' => 'privacy:metadata:timecreated',
'timemodified' => 'privacy:metadata:timemodified',
'rawscore' => 'privacy:metadata:rawscore',
], 'privacy:metadata:xapi_track');
$collection->add_database_table('h5pactivity_attempts_results', [
'attempt' => 'privacy:metadata:attempt',
'timecreated' => 'privacy:metadata:timecreated',
'rawscore' => 'privacy:metadata:rawscore',
], 'privacy:metadata:xapi_track_results');
return $collection;
}
/**
* Get the list of contexts that contain user information for the specified user.
*
* @param int $userid The user to search.
* @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
*/
public static function get_contexts_for_userid(int $userid) : contextlist {
$sql = "SELECT ctx.id
FROM {h5pactivity_attempts} ss
JOIN {modules} m
ON m.name = :activityname
JOIN {course_modules} cm
ON cm.instance = ss.h5pactivityid
AND cm.module = m.id
JOIN {context} ctx
ON ctx.instanceid = cm.id
AND ctx.contextlevel = :modlevel
WHERE ss.userid = :userid";
$params = ['activityname' => 'h5pactivity', 'modlevel' => CONTEXT_MODULE, 'userid' => $userid];
$contextlist = new contextlist();
$contextlist->add_from_sql($sql, $params);
return $contextlist;
}
/**
* Get the list of users who have data within a context.
*
* @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
*/
public static function get_users_in_context(userlist $userlist) {
$context = $userlist->get_context();
if (!is_a($context, \context_module::class)) {
return;
}
$sql = "SELECT ss.userid
FROM {h5pactivity_attempts} ss
JOIN {modules} m
ON m.name = 'h5pactivity'
JOIN {course_modules} cm
ON cm.instance = ss.h5pactivityid
AND cm.module = m.id
JOIN {context} ctx
ON ctx.instanceid = cm.id
AND ctx.contextlevel = :modlevel
WHERE ctx.id = :contextid";
$params = ['modlevel' => CONTEXT_MODULE, 'contextid' => $context->id];
$userlist->add_from_sql('userid', $sql, $params);
}
/**
* Export all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts to export information for.
*/
public static function export_user_data(approved_contextlist $contextlist) {
global $DB;
// Remove contexts different from CONTEXT_MODULE.
$contexts = array_reduce($contextlist->get_contexts(), function($carry, $context) {
if ($context->contextlevel == CONTEXT_MODULE) {
$carry[] = $context->id;
}
return $carry;
}, []);
if (empty($contexts)) {
return;
}
$user = $contextlist->get_user();
$userid = $user->id;
// Get H5P attempts data.
foreach ($contexts as $contextid) {
$context = \context::instance_by_id($contextid);
$data = helper::get_context_data($context, $user);
writer::with_context($context)->export_data([], $data);
helper::export_context_files($context, $user);
}
// Get attempts track data.
list($insql, $inparams) = $DB->get_in_or_equal($contexts, SQL_PARAMS_NAMED);
$sql = "SELECT har.id,
ha.attempt,
har.description,
har.interactiontype,
har.response,
har.additionals,
har.rawscore,
har.maxscore,
har.timecreated,
ctx.id as contextid
FROM {h5pactivity_attempts_results} har
JOIN {h5pactivity_attempts} ha
ON har.attemptid = ha.id
JOIN {course_modules} cm
ON cm.instance = ha.h5pactivityid
JOIN {context} ctx
ON ctx.instanceid = cm.id
WHERE ctx.id $insql
AND ha.userid = :userid";
$params = array_merge($inparams, ['userid' => $userid]);
$alldata = [];
$attemptsdata = $DB->get_recordset_sql($sql, $params);
foreach ($attemptsdata as $track) {
$alldata[$track->contextid][$track->attempt][] = (object)[
'description' => $track->description,
'response' => $track->response,
'interactiontype' => $track->interactiontype,
'additionals' => $track->additionals,
'rawscore' => $track->rawscore,
'maxscore' => $track->maxscore,
'timecreated' => transform::datetime($track->timecreated),
];
}
$attemptsdata->close();
// The result data is organised in:
// {Course name}/{H5P activity name}/{My attempts}/{Attempt X}/data.json
// where X is the attempt number.
array_walk($alldata, function($attemptsdata, $contextid) {
$context = \context::instance_by_id($contextid);
array_walk($attemptsdata, function($data, $attempt) use ($context) {
$subcontext = [
get_string('myattempts', 'mod_h5pactivity'),
get_string('attempt', 'mod_h5pactivity'). " $attempt"
];
writer::with_context($context)->export_data(
$subcontext,
(object)['results' => $data]
);
});
});
}
/**
* Delete all user data which matches the specified context.
*
* @param context $context A user context.
*/
public static function delete_data_for_all_users_in_context(\context $context) {
// This should not happen, but just in case.
if ($context->contextlevel != CONTEXT_MODULE) {
return;
}
$cm = get_coursemodule_from_id('h5pactivity', $context->instanceid);
if (!$cm) {
// Only h5pactivity module will be handled.
return;
}
self::delete_all_attempts($cm);
}
/**
* Delete all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
*/
public static function delete_data_for_user(approved_contextlist $contextlist) {
foreach ($contextlist as $context) {
if ($context->contextlevel != CONTEXT_MODULE) {
continue;
}
$cm = get_coursemodule_from_id('h5pactivity', $context->instanceid);
if (!$cm) {
// Only h5pactivity module will be handled.
continue;
}
$user = $contextlist->get_user();
self::delete_all_attempts($cm, $user);
}
}
/**
* Delete multiple users within a single context.
*
* @param approved_userlist $userlist The approved context and user information to delete information for.
*/
public static function delete_data_for_users(approved_userlist $userlist) {
$context = $userlist->get_context();
if (!is_a($context, \context_module::class)) {
return;
}
$cm = get_coursemodule_from_id('h5pactivity', $context->instanceid);
if (!$cm) {
// Only h5pactivity module will be handled.
return;
}
$userids = $userlist->get_userids();
foreach ($userids as $userid) {
self::delete_all_attempts ($cm, (object)['id' => $userid]);
}
}
/**
* Wipe all attempt data for specific course_module and an optional user.
*
* @param stdClass $cm a course_module record
* @param stdClass $user a user record
*/
private static function delete_all_attempts(stdClass $cm, stdClass $user = null): void {
global $DB;
$where = 'a.h5pactivityid = :h5pactivityid';
$conditions = ['h5pactivityid' => $cm->instance];
if (!empty($user)) {
$where .= ' AND a.userid = :userid';
$conditions['userid'] = $user->id;
}
$DB->delete_records_select('h5pactivity_attempts_results', "attemptid IN (
SELECT a.id
FROM {h5pactivity_attempts} a
WHERE $where)", $conditions);
$DB->delete_records('h5pactivity_attempts', $conditions);
}
}

8
mod/h5pactivity/lang/en/h5pactivity.php
View file

@ -49,6 +49,12 @@ $string['page-mod-h5pactivity-x'] = 'Any H5P module page';
$string['pluginadministration'] = 'H5P administration';
$string['pluginname'] = 'H5P activity';
$string['previewmode'] = 'This content is displayed in preview mode. No attempt tracking will be stored.';
$string['privacy:metadata'] = 'The H5P activity plugin does not store any personal data.';
$string['privacy:metadata:attempt'] = 'The attempt number';
$string['privacy:metadata:rawscore'] = 'The score obtained';
$string['privacy:metadata:timecreated'] = 'The time when the tracked element was created';
$string['privacy:metadata:timemodified'] = 'The last time element was tracked';
$string['privacy:metadata:userid'] = 'The ID of the user who accessed the H5P activity';
$string['privacy:metadata:xapi_track'] = 'Attempt tracking information';
$string['privacy:metadata:xapi_track_results'] = 'Attempt results tracking information';
$string['statement_received'] = 'xAPI statement received';
$string['view'] = 'View';

333
mod/h5pactivity/tests/privacy_test.php Normal file
View file

@ -0,0 +1,333 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* mod_h5pactivity privacy tests
*
* @package mod_h5pactivity
* @category test
* @copyright 2020 Ferran Recio <ferran@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_h5pactivity\privacy;
defined('MOODLE_INTERNAL') || die();
use \core_privacy\local\request\approved_contextlist;
use \core_privacy\local\request\approved_userlist;
use \core_privacy\local\request\writer;
use \core_privacy\tests\provider_testcase;
/**
* Privacy tests class for mod_h5pactivity.
*
* @package mod_h5pactivity
* @category test
* @copyright 2020 Ferran Recio <ferran@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class mod_h5pactivity_privacy_testcase extends provider_testcase {
/** @var stdClass User without any attempt. */
protected $student0;
/** @var stdClass User with some attempt. */
protected $student1;
/** @var stdClass User with some attempt. */
protected $student2;
/** @var context context_module of the H5P activity. */
protected $context;
/**
* Test getting the context for the user ID related to this plugin.
*/
public function test_get_contexts_for_userid() {
$this->resetAfterTest(true);
$this->setAdminUser();
$this->h5pactivity_setup_test_scenario_data();
// The student0 hasn't any attempt.
$contextlist = provider::get_contexts_for_userid($this->student0->id);
$this->assertCount(0, (array) $contextlist->get_contextids());
// The student1 has data in the mod_h5pactivity context.
$contextlist = provider::get_contexts_for_userid($this->student1->id);
$this->assertCount(1, (array) $contextlist->get_contextids());
$this->assertContains($this->context->id, $contextlist->get_contextids());
}
/**
* Test getting the user IDs for the context related to this plugin.
*/
public function test_get_users_in_context() {
$this->resetAfterTest(true);
$this->setAdminUser();
$this->h5pactivity_setup_test_scenario_data();
$component = 'mod_h5pactivity';
$userlist = new \core_privacy\local\request\userlist($this->context, $component);
provider::get_users_in_context($userlist);
// Students 1 and 2 have attempts in the H5P context, student 0 does not.
$this->assertCount(2, $userlist);
$expected = [$this->student1->id, $this->student2->id];
$actual = $userlist->get_userids();
sort($expected);
sort($actual);
$this->assertEquals($expected, $actual);
}
/**
* Test that data is exported correctly for this plugin.
*/
public function test_export_user_data() {
$this->resetAfterTest(true);
$this->setAdminUser();
$this->h5pactivity_setup_test_scenario_data();
$component = 'mod_h5pactivity';
// Validate exported data for student0 (without any attempt).
$this->setUser($this->student0);
$writer = writer::with_context($this->context);
$this->export_context_data_for_user($this->student0->id, $this->context, $component);
$subcontextattempt1 = [
get_string('myattempts', 'mod_h5pactivity'),
get_string('attempt', 'mod_h5pactivity'). " 1"
];
$data = $writer->get_data($subcontextattempt1);
$this->assertEmpty($data);
// Validate exported data for student1.
writer::reset();
$this->setUser($this->student1);
$writer = writer::with_context($this->context);
$this->assertFalse($writer->has_any_data());
$this->export_context_data_for_user($this->student1->id, $this->context, $component);
$data = $writer->get_data([]);
$this->assertEquals('H5P activity 1', $data->name);
$data = $writer->get_data($subcontextattempt1);
$this->assertCount(1, (array) $data);
$this->assertCount(3, (array) reset($data));
$subcontextattempt2 = [
get_string('myattempts', 'mod_h5pactivity'),
get_string('attempt', 'mod_h5pactivity'). " 2"
];
$data = $writer->get_data($subcontextattempt2);
$this->assertCount(3, (array) reset($data));
// The student1 has only 1 tracked attempts.
$subcontextattempt3 = [
get_string('myattempts', 'mod_h5pactivity'),
get_string('attempt', 'mod_h5pactivity'). " 3"
];
$data = $writer->get_data($subcontextattempt3);
$this->assertEmpty($data);
}
/**
* Test for provider::delete_data_for_all_users_in_context().
*/
public function test_delete_data_for_all_users_in_context() {
global $DB;
$this->resetAfterTest(true);
$this->setAdminUser();
$this->h5pactivity_setup_test_scenario_data();
// Before deletion, we should have 4 entries in the attempts table.
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(4, $count);
// Before deletion, we should have 12 entries in the results table.
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(12, $count);
// Delete data based on the context.
provider::delete_data_for_all_users_in_context($this->context);
// After deletion, the attempts entries should have been deleted.
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(0, $count);
// After deletion, the results entries should have been deleted.
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(0, $count);
}
/**
* Test for provider::delete_data_for_user().
*/
public function test_delete_data_for_user() {
global $DB;
$this->resetAfterTest(true);
$this->setAdminUser();
$this->h5pactivity_setup_test_scenario_data();
$params = ['userid' => $this->student1->id];
// Before deletion, we should have 4 entries in the attempts table.
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(4, $count);
// Before deletion, we should have 12 entries in the results table.
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(12, $count);
// Save student1 attempts ids.
$attemptsids = $DB->get_records_menu('h5pactivity_attempts', $params, '', 'attempt, id');
list($resultselect, $attemptids) = $DB->get_in_or_equal($attemptsids);
$resultselect = 'id ' . $resultselect;
$approvedcontextlist = new approved_contextlist($this->student1, 'h5pactivity', [$this->context->id]);
provider::delete_data_for_user($approvedcontextlist);
// After deletion, the h5pactivity_attempts entries for the first student should have been deleted.
$count = $DB->count_records('h5pactivity_attempts', $params);
$this->assertEquals(0, $count);
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(2, $count);
// After deletion, the results entries for the first student should have been deleted.
$count = $DB->count_records_select('h5pactivity_attempts_results', $resultselect, $attemptids);
$this->assertEquals(0, $count);
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(6, $count);
// Confirm that the h5pactivity hasn't been removed.
$h5pactivitycount = $DB->get_records('h5pactivity');
$this->assertCount(1, (array) $h5pactivitycount);
// Delete track for student0 (nothing has to be removed).
$approvedcontextlist = new approved_contextlist($this->student0, 'h5pactivity', [$this->context->id]);
provider::delete_data_for_user($approvedcontextlist);
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(2, $count);
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(6, $count);
}
/**
* Test for provider::delete_data_for_users().
*/
public function test_delete_data_for_users() {
global $DB;
$component = 'mod_h5pactivity';
$this->resetAfterTest(true);
$this->setAdminUser();
// In this scenario we need a 3rd user to test batch deletion.
// Create student2 with 2 attempts.
$this->h5pactivity_setup_test_scenario_data(true);
// Before deletion, we should have 6 entries in the attempts table.
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(6, $count);
// Before deletion, we should have 18 entries in the results table.
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(18, $count);
// Save student1 and student2 attempts ids.
$params1 = ['userid' => $this->student1->id];
$attempts1ids = $DB->get_records_menu('h5pactivity_attempts', $params1, '', 'attempt, id');
$params2 = ['userid' => $this->student2->id];
$attempts2ids = $DB->get_records_menu('h5pactivity_attempts', $params2, '', 'attempt, id');
list($resultselect, $attemptids) = $DB->get_in_or_equal(array_merge($attempts1ids, $attempts2ids));
$resultselect = 'id ' . $resultselect;
// Delete student 1 ans 2 data, retain student 3 data.
$approveduserids = [$this->student1->id, $this->student2->id];
$approvedlist = new approved_userlist($this->context, $component, $approveduserids);
provider::delete_data_for_users($approvedlist);
// After deletion, the h5pactivity_attempts entries for student1 and student2 should have been deleted.
$count = $DB->count_records('h5pactivity_attempts', $params1);
$this->assertEquals(0, $count);
$count = $DB->count_records('h5pactivity_attempts', $params2);
$this->assertEquals(0, $count);
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(2, $count);
// After deletion, the results entries for the first and second student should have been deleted.
$count = $DB->count_records_select('h5pactivity_attempts_results', $resultselect, $attemptids);
$this->assertEquals(0, $count);
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(6, $count);
// Confirm that the h5pactivity hasn't been removed.
$h5pactivitycount = $DB->get_records('h5pactivity');
$this->assertCount(1, (array) $h5pactivitycount);
// Delete results track for student0 (nothing has to be removed).
$approveduserids = [$this->student0->id];
$approvedlist = new approved_userlist($this->context, $component, $approveduserids);
provider::delete_data_for_users($approvedlist);
$count = $DB->count_records('h5pactivity_attempts');
$this->assertEquals(2, $count);
$count = $DB->count_records('h5pactivity_attempts_results');
$this->assertEquals(6, $count);
}
/**
* Helper function to setup 3 users and 2 H5P attempts for student1 and student2.
* $this->student0 is always created without any attempt.
*
* @param bool $extrauser generate a 3rd user (default false).
*/
protected function h5pactivity_setup_test_scenario_data(bool $extrauser = false): void {
global $DB;
$generator = $this->getDataGenerator();
$course = $this->getDataGenerator()->create_course();
$params = ['course' => $course];
$activity = $this->getDataGenerator()->create_module('h5pactivity', $params);
$cm = get_coursemodule_from_id('h5pactivity', $activity->cmid, 0, false, MUST_EXIST);
$this->context = \context_module::instance($activity->cmid);
// Users enrolments.
$studentrole = $DB->get_record('role', ['shortname' => 'student']);
$generator = $this->getDataGenerator()->get_plugin_generator('mod_h5pactivity');
// Create student0 withot any attempt.
$this->student0 = $this->getDataGenerator()->create_and_enrol($course, 'student');
// Create student1 with 2 attempts.
$this->student1 = $this->getDataGenerator()->create_and_enrol($course, 'student');
$params = ['cmid' => $cm->id, 'userid' => $this->student1->id];
$generator->create_content($activity, $params);
$generator->create_content($activity, $params);
// Create student2 with 2 attempts.
$this->student2 = $this->getDataGenerator()->create_and_enrol($course, 'student');
$params = ['cmid' => $cm->id, 'userid' => $this->student2->id];
$generator->create_content($activity, $params);
$generator->create_content($activity, $params);
if ($extrauser) {
$this->student3 = $this->getDataGenerator()->create_and_enrol($course, 'student');
$params = ['cmid' => $cm->id, 'userid' => $this->student3->id];
$generator->create_content($activity, $params);
$generator->create_content($activity, $params);
}
}
}