Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61785

Allow admins to confirm which expired contexts should be deleted

XMLWordPrintable

    • MOODLE_35_STABLE
    • MOODLE_33_STABLE, MOODLE_34_STABLE
    • MDL-61785_master
    • Hide

      Note that this issue is blocked by MDL-61743; MDL-61743 is a requirement because otherwise the link to core_privacy does not work properly and you may get errors during the scheduled task execution.

      Prerequisites

      1. You will need the following:
        • course1, A course without end date
        • course2, An ongoing course (course start date < now < course end date)
        • course3, A finished course (course end date < now)
        • user1, A non-admin user that has logged in at some point in the past (just log in if you don't have any) and without enrolments
        • user3, A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course1
        • user4, A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course2
        • user2, A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course3

      Test

      1. Log in as admin
      2. Go to "Site admin > Privacy and policy > Data registry"
      3. Select 'Site' node from the contexts tree if it is not already selected
      4. Create a new category and a new purpose (the purpose with retention period of 0 years)
      5. Press 'Save changes' so the category and the purpose you just added are linked to the 'Site' node
      6. Open a CLI and execute this: 

        php admin/tool/task/cli/schedule_task.php --execute=\\tool_dataprivacy\\task\\expired_retention_period

      1. Open your database manager and inspect tool_dataprivacy_ctxexpired
        • You should see user1 and user2 context ids listed there
        • You should see user1 and course3 context ids listed there

      Other changes related to this issue will be tested in MDL-61830

      Show
      Note that this issue is blocked by MDL-61743 ; MDL-61743 is a requirement because otherwise the link to core_privacy does not work properly and you may get errors during the scheduled task execution. Prerequisites You will need the following: course1 , A course without end date course2 , An ongoing course (course start date < now < course end date) course3 , A finished course (course end date < now) user1 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) and without enrolments user3 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course1 user4 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course2 user2 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course3 Test Log in as admin Go to "Site admin > Privacy and policy > Data registry" Select 'Site' node from the contexts tree if it is not already selected Create a new category and a new purpose (the purpose with retention period of 0 years) Press 'Save changes' so the category and the purpose you just added are linked to the 'Site' node Open a CLI and execute this: php admin/tool/task/cli/schedule_task.php --execute=\\tool_dataprivacy\\task\\expired_retention_period Open your database manager and inspect tool_dataprivacy_ctxexpired You should see user1 and user2 context ids listed there You should see user1 and course3 context ids listed there Other changes related to this issue will be tested in MDL-61830

      In MDL-59720 we introduced a scheduled task that iterates through expired contexts (expired according its retention period) At the moment we just delete them but ideally we would provide a report for admins so they can confirm which contexts should be deleted.

      User Story Acceptance Criteria
      As a privacy officer, I want to be able to view a report listing data which should no longer be held, so that I can select which data to remove to comply with the principle of "Privacy by Design".
      • Moodle will provide a report listing all types of data which has passed its retention period, so that the Privacy Officer can review and choose which data areas are to be erased.
      • This report will highlight data areas (courses, plugins, etc) and will not include the actual data itself.
      • Choosing to delete all selected data should queue the selected data for deletion.
      • Scheduled task will run to look for queued jobs and will remove the relevant data (that which the Privacy Officer selected).
      • Admin account and any associated data must be considered exempt from the deletion process (see next point).

        1. monllao-mockups.jpg
          monllao-mockups.jpg
          1016 kB

            dmonllao David Monllaó
            dmonllao David Monllaó
            Jun Pataleta Jun Pataleta
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.