Commit c2b73b54 authored by David Mudrák's avatar David Mudrák

MDL-64737 editor_atto: Fix the privacy export_user_data() implementation

Multiple issues fixed:

* Fixed order of the statements to avoid access to undefined variables.
* Fixed population of the SQL query parameter to make sure they match
  the placeholder in the query.
* Fixed missing table aliases in the second query to make sure the query
  actually works as expected.
parent 1f47c7fc
......@@ -96,23 +96,30 @@ class provider implements
$user = $contextlist->get_user();
// Firstly export all autosave records from all contexts in the list owned by the given user.
list($contextsql, $contextparams) = $DB->get_in_or_equal($contextlist->get_contextids(), SQL_PARAMS_NAMED);
$contextparams['userid'] = $user->id;
$sql = "SELECT *
FROM {editor_atto_autosave}
WHERE userid = :userid AND contextid {$contextsql}";
list($contextsql, $contextparams) = $DB->get_in_or_equal($contextlist->get_contextids(), SQL_PARAMS_NAMED);
$contextparams['userid'] = $contextlist->get_user()->id;
$autosaves = $DB->get_recordset_sql($sql, $contextparams);
self::export_autosaves($user, $autosaves);
$sql = "SELECT *
FROM {editor_atto_autosave}
JOIN {context} c ON c.id = eas.contextid
WHERE c.id {$contextsql} AND contextlevel = :contextuser AND c.instanceid = :userid";
// Additionally export all eventual records in the given user's context regardless the actual owner.
// We still consider them to be the user's personal data even when edited by someone else.
list($contextsql, $contextparams) = $DB->get_in_or_equal($contextlist->get_contextids(), SQL_PARAMS_NAMED);
$contextparams['userid'] = $contextlist->get_user()->id;
$contextparams['userid'] = $user->id;
$contextparams['contextuser'] = CONTEXT_USER;
$sql = "SELECT eas.*
FROM {editor_atto_autosave} eas
JOIN {context} c ON c.id = eas.contextid
WHERE c.id {$contextsql} AND c.contextlevel = :contextuser AND c.instanceid = :userid";
$autosaves = $DB->get_recordset_sql($sql, $contextparams);
self::export_autosaves($user, $autosaves);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment