Proyectos de Subversion Moodle

<?php

// This file is part of Moodle - http://moodle.org/

//

// Moodle is free software: you can redistribute it and/or modify

// it under the terms of the GNU General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.

//

// Moodle is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU General Public License for more details.

//

// You should have received a copy of the GNU General Public License

// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

namespace tool_dataprivacy;

/**

 * Expired contexts tests.

 *

 * @package    tool_dataprivacy

 * @copyright  2018 David Monllao

 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

 */

class expired_contexts_test extends \advanced_testcase {

    /**

     * Setup the basics with the specified retention period.

     *

     * @param   string  $system Retention policy for the system.

     * @param   string  $user Retention policy for users.

     * @param   string  $course Retention policy for courses.

     * @param   string  $activity Retention policy for activities.

     */

    protected function setup_basics(string $system, string $user, string $course = null, string $activity = null): \stdClass {

        $this->resetAfterTest();

        $purposes = (object) [

            'system' => $this->create_and_set_purpose_for_contextlevel($system, CONTEXT_SYSTEM),

            'user' => $this->create_and_set_purpose_for_contextlevel($user, CONTEXT_USER),

        ];

        if (null !== $course) {

            $purposes->course = $this->create_and_set_purpose_for_contextlevel($course, CONTEXT_COURSE);

        }

        if (null !== $activity) {

            $purposes->activity = $this->create_and_set_purpose_for_contextlevel($activity, CONTEXT_MODULE);

        }

        return $purposes;

    }

    /**

     * Create a retention period and set it for the specified context level.

     *

     * @param   string  $retention

     * @param   int     $contextlevel

     * @return  purpose

     */

    protected function create_and_set_purpose_for_contextlevel(string $retention, int $contextlevel): purpose {

        $purpose = new purpose(0, (object) [

            'name' => 'Test purpose ' . rand(1, 1000),

            'retentionperiod' => $retention,

            'lawfulbases' => 'gdpr_art_6_1_a',

        ]);

        $purpose->create();

        $cat = new category(0, (object) ['name' => 'Test category']);

        $cat->create();

        if ($contextlevel <= CONTEXT_USER) {

            $record = (object) [

                'purposeid'     => $purpose->get('id'),

                'categoryid'    => $cat->get('id'),

                'contextlevel'  => $contextlevel,

            ];

            api::set_contextlevel($record);

        } else {

            list($purposevar, ) = data_registry::var_names_from_context(

                    \context_helper::get_class_for_level($contextlevel)

                );

            set_config($purposevar, $purpose->get('id'), 'tool_dataprivacy');

        }

        return $purpose;

    }

    /**

     * Ensure that a user with no lastaccess is not flagged for deletion.

     */

    public function test_flag_not_setup(): void {

        $this->resetAfterTest();

        $user = $this->getDataGenerator()->create_user();

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a user with no lastaccess is not flagged for deletion.

     */

    public function test_flag_user_no_lastaccess(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user();

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a user with a recent lastaccess is not flagged for deletion.

     */

    public function test_flag_user_recent_lastaccess(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time()]);

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a user with a lastaccess in the past is flagged for deletion.

     */

    public function test_flag_user_past_lastaccess(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        // Although there is a block in the user context, everything in the user context is regarded as one.

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

    }

    /**

     * Ensure that a user with a lastaccess in the past but active enrolments is not flagged for deletion.

     */

    public function test_flag_user_past_lastaccess_still_enrolled(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $course = $this->getDataGenerator()->create_course(['startdate' => time(), 'enddate' => time() + YEARSECS]);

        $this->getDataGenerator()->enrol_user($user->id, $course->id, 'student');

        $otheruser = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($otheruser->id, $course->id, 'student');

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a user with a lastaccess in the past and no active enrolments is flagged for deletion.

     */

    public function test_flag_user_update_existing(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'P5Y');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $usercontext = \context_user::instance($user->id);

        // Create an existing expired_context.

        $expiredcontext = new expired_context(0, (object) [

                'contextid' => $usercontext->id,

                'defaultexpired' => 0,

                'status' => expired_context::STATUS_EXPIRED,

            ]);

        $expiredcontext->save();

        $this->assertEquals(0, $expiredcontext->get('defaultexpired'));

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

        // The user context will now have expired.

        $updatedcontext = new expired_context($expiredcontext->get('id'));

        $this->assertEquals(1, $updatedcontext->get('defaultexpired'));

    }

    /**

     * Ensure that a user with a lastaccess in the past and expired enrolments.

     */

    public function test_flag_user_past_lastaccess_unexpired_past_enrolment(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'P1Y');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $course = $this->getDataGenerator()->create_course(['startdate' => time() - YEARSECS, 'enddate' => time() - WEEKSECS]);

        $this->getDataGenerator()->enrol_user($user->id, $course->id, 'student');

        $otheruser = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($otheruser->id, $course->id, 'student');

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a user with a lastaccess in the past and expired enrolments.

     */

    public function test_flag_user_past_override_role(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $usercontext = \context_user::instance($user->id);

        $systemcontext = \context_system::instance();

        $role = $DB->get_record('role', ['shortname' => 'manager']);

        $override = new purpose_override(0, (object) [

                'purposeid' => $purposes->user->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'P5Y',

            ]);

        $override->save();

        role_assign($role->id, $user->id, $systemcontext->id);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

        $expiredrecord = expired_context::get_record(['contextid' => $usercontext->id]);

        $this->assertFalse($expiredrecord);

    }

    /**

     * Ensure that a user with a lastaccess in the past and expired enrolments.

     */

    public function test_flag_user_past_lastaccess_expired_enrolled(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $course = $this->getDataGenerator()->create_course(['startdate' => time() - YEARSECS, 'enddate' => time() - WEEKSECS]);

        $this->getDataGenerator()->enrol_user($user->id, $course->id, 'student');

        $otheruser = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($otheruser->id, $course->id, 'student');

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(1, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

    }

    /**

     * Ensure that a user with a lastaccess in the past and enrolments without a course end date are respected

     * correctly.

     */

    public function test_flag_user_past_lastaccess_missing_enddate_required(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $course = $this->getDataGenerator()->create_course();

        $this->getDataGenerator()->enrol_user($user->id, $course->id, 'student');

        $otheruser = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($otheruser->id, $course->id, 'student');

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Ensure that course end dates are not required.

        set_config('requireallenddatesforuserdeletion', 1, 'tool_dataprivacy');

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a user with a lastaccess in the past and enrolments without a course end date are respected

     * correctly when the end date is not required.

     */

    public function test_flag_user_past_lastaccess_missing_enddate_not_required(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $course = $this->getDataGenerator()->create_course();

        $this->getDataGenerator()->enrol_user($user->id, $course->id, 'student');

        $otheruser = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($otheruser->id, $course->id, 'student');

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Ensure that course end dates are required.

        set_config('requireallenddatesforuserdeletion', 0, 'tool_dataprivacy');

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

    }

    /**

     * Ensure that a user with a recent lastaccess is not flagged for deletion.

     */

    public function test_flag_user_recent_lastaccess_existing_record(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time()]);

        $usercontext = \context_user::instance($user->id);

        // Create an existing expired_context.

        $expiredcontext = new expired_context(0, (object) [

                'contextid' => $usercontext->id,

                'status' => expired_context::STATUS_EXPIRED,

            ]);

        $expiredcontext->save();

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

        $this->expectException('dml_missing_record_exception');

        new expired_context($expiredcontext->get('id'));

    }

    /**

     * Ensure that a user with a recent lastaccess is not flagged for deletion.

     */

    public function test_flag_user_retention_changed(): void {

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - DAYSECS]);

        $usercontext = \context_user::instance($user->id);

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $context = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

        $expiredcontext = expired_context::get_record(['contextid' => $usercontext->id]);

        $this->assertNotFalse($expiredcontext);

        // Increase the retention period to 5 years.

        $purposes->user->set('retentionperiod', 'P5Y');

        $purposes->user->save();

        // Re-run the expiry job - the previously flagged user will be removed because the retention period has been increased.

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

        // The expiry record will now have been removed.

        $this->expectException('dml_missing_record_exception');

        new expired_context($expiredcontext->get('id'));

    }

    /**

     * Ensure that a user with a historically expired expired block record child is cleaned up.

     */

    public function test_flag_user_historic_block_unapproved(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - DAYSECS]);

        $usercontext = \context_user::instance($user->id);

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $blockcontext = \context_block::instance($block->instance->id);

        $this->setUser();

        // Create an existing expired_context which has not been approved for the block.

        $expiredcontext = new expired_context(0, (object) [

                'contextid' => $blockcontext->id,

                'status' => expired_context::STATUS_EXPIRED,

            ]);

        $expiredcontext->save();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

        $expiredblockcontext = expired_context::get_record(['contextid' => $blockcontext->id]);

        $this->assertFalse($expiredblockcontext);

        $expiredusercontext = expired_context::get_record(['contextid' => $usercontext->id]);

        $this->assertNotFalse($expiredusercontext);

    }

    /**

     * Ensure that a user with a block which has a default retention period which has not expired, is still expired.

     */

    public function test_flag_user_historic_unexpired_child(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $this->create_and_set_purpose_for_contextlevel('P5Y', CONTEXT_BLOCK);

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - DAYSECS]);

        $usercontext = \context_user::instance($user->id);

        $this->setUser($user);

        $block = $this->create_user_block('Title', 'Content', FORMAT_PLAIN);

        $blockcontext = \context_block::instance($block->instance->id);

        $this->setUser();

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(1, $flaggedusers);

        $expiredcontext = expired_context::get_record(['contextid' => $usercontext->id]);

        $this->assertNotFalse($expiredcontext);

    }

    /**

     * Ensure that a course with no end date is not flagged.

     */

    public function test_flag_course_no_enddate(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H', 'PT1H');

        $course = $this->getDataGenerator()->create_course();

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a course with an end date in the distant past, but a child which is unexpired is not flagged.

     */

    public function test_flag_course_past_enddate_future_child(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H', 'P5Y');

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * YEARSECS),

                'enddate' => time() - YEARSECS,

            ]);

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a course with an end date in the distant past is flagged.

     */

    public function test_flag_course_past_enddate(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H', 'PT1H');

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * YEARSECS),

                'enddate' => time() - YEARSECS,

            ]);

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(2, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a course with an end date in the distant past is flagged.

     */

    public function test_flag_course_past_enddate_multiple(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H', 'PT1H');

        $course1 = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * YEARSECS),

                'enddate' => time() - YEARSECS,

            ]);

        $forum1 = $this->getDataGenerator()->create_module('forum', ['course' => $course1->id]);

        $course2 = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * YEARSECS),

                'enddate' => time() - YEARSECS,

            ]);

        $forum2 = $this->getDataGenerator()->create_module('forum', ['course' => $course2->id]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(4, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a course with an end date in the future is not flagged.

     */

    public function test_flag_course_future_enddate(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H', 'PT1H');

        $course = $this->getDataGenerator()->create_course(['enddate' => time() + YEARSECS]);

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a course with an end date in the future is not flagged.

     */

    public function test_flag_course_recent_unexpired_enddate(): void {

        $this->resetAfterTest();

        $this->setup_basics('PT1H', 'PT1H', 'PT1H', 'PT1H');

        $course = $this->getDataGenerator()->create_course(['enddate' => time() - 1]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(0, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

    }

    /**

     * Ensure that a course with an end date in the distant past is flagged, taking into account any purpose override

     */

    public function test_flag_course_past_enddate_with_override_unexpired_role(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $role = $DB->get_record('role', ['shortname' => 'editingteacher']);

        $override = new purpose_override(0, (object) [

                'purposeid' => $purposes->course->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'P5Y',

            ]);

        $override->save();

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * DAYSECS),

                'enddate' => time() - DAYSECS,

            ]);

        $coursecontext = \context_course::instance($course->id);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(1, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

        $expiredrecord = expired_context::get_record(['contextid' => $coursecontext->id]);

        $this->assertEmpty($expiredrecord->get('expiredroles'));

        $unexpiredroles = $expiredrecord->get('unexpiredroles');

        $this->assertCount(1, $unexpiredroles);

        $this->assertContainsEquals($role->id, $unexpiredroles);

    }

    /**

     * Ensure that a course with an end date in the distant past is flagged, and any expired role is ignored.

     */

    public function test_flag_course_past_enddate_with_override_expired_role(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $role = $DB->get_record('role', ['shortname' => 'student']);

        // The role has a much shorter retention, but both should match.

        $override = new purpose_override(0, (object) [

                'purposeid' => $purposes->course->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'PT1M',

            ]);

        $override->save();

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * DAYSECS),

                'enddate' => time() - DAYSECS,

            ]);

        $coursecontext = \context_course::instance($course->id);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(1, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

        $expiredrecord = expired_context::get_record(['contextid' => $coursecontext->id]);

        $this->assertEmpty($expiredrecord->get('expiredroles'));

        $this->assertEmpty($expiredrecord->get('unexpiredroles'));

        $this->assertTrue((bool) $expiredrecord->get('defaultexpired'));

    }

    /**

     * Ensure that where a course has explicitly expired one role, but that role is explicitly not expired in a child

     * context, does not have the parent context role expired.

     */

    public function test_flag_course_override_expiredwith_override_unexpired_on_child(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('P1Y', 'P1Y', 'P1Y');

        $role = $DB->get_record('role', ['shortname' => 'editingteacher']);

        (new purpose_override(0, (object) [

                'purposeid' => $purposes->course->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'PT1S',

            ]))->save();

        $modpurpose = new purpose(0, (object) [

            'name' => 'Module purpose',

            'retentionperiod' => 'PT1S',

            'lawfulbases' => 'gdpr_art_6_1_a',

        ]);

        $modpurpose->create();

        (new purpose_override(0, (object) [

                'purposeid' => $modpurpose->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'P5Y',

            ]))->save();

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * DAYSECS),

                'enddate' => time() - DAYSECS,

            ]);

        $coursecontext = \context_course::instance($course->id);

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        $cm = get_coursemodule_from_instance('forum', $forum->id);

        $forumcontext = \context_module::instance($cm->id);

        api::set_context_instance((object) [

                'contextid' => $forumcontext->id,

                'purposeid' => $modpurpose->get('id'),

                'categoryid' => 0,

            ]);

        // Flag all expired contexts.

        $manager = new \tool_dataprivacy\expired_contexts_manager();

        list($flaggedcourses, $flaggedusers) = $manager->flag_expired_contexts();

        $this->assertEquals(1, $flaggedcourses);

        $this->assertEquals(0, $flaggedusers);

        // The course will not be expired as the default expiry has not passed, and the explicit role override has been

        // removed due to the child non-expiry.

        $expiredrecord = expired_context::get_record(['contextid' => $coursecontext->id]);

        $this->assertFalse($expiredrecord);

        // The forum will have an expiry for all _but_ the overridden role.

        $expiredrecord = expired_context::get_record(['contextid' => $forumcontext->id]);

        $this->assertEmpty($expiredrecord->get('expiredroles'));

        // The teacher is not expired.

        $unexpiredroles = $expiredrecord->get('unexpiredroles');

        $this->assertCount(1, $unexpiredroles);

        $this->assertContainsEquals($role->id, $unexpiredroles);

        $this->assertTrue((bool) $expiredrecord->get('defaultexpired'));

    }

    /**

     * Ensure that a user context previously flagged as approved is not removed if the user has any unexpired roles.

     */

    public function test_process_user_context_with_override_unexpired_role(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $user = $this->getDataGenerator()->create_user(['lastaccess' => time() - YEARSECS]);

        $usercontext = \context_user::instance($user->id);

        $systemcontext = \context_system::instance();

        $role = $DB->get_record('role', ['shortname' => 'manager']);

        $override = new purpose_override(0, (object) [

                'purposeid' => $purposes->user->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'P5Y',

            ]);

        $override->save();

        role_assign($role->id, $user->id, $systemcontext->id);

        // Create an existing expired_context.

        $expiredcontext = new expired_context(0, (object) [

                'contextid' => $usercontext->id,

                'defaultexpired' => 1,

                'status' => expired_context::STATUS_APPROVED,

            ]);

        $expiredcontext->add_unexpiredroles([$role->id]);

        $expiredcontext->save();

        $mockprivacymanager = $this->getMockBuilder(\core_privacy\manager::class)

            ->onlyMethods([

                'delete_data_for_user',

                'delete_data_for_users_in_context',

                'delete_data_for_all_users_in_context',

            ])

            ->getMock();

        $mockprivacymanager->expects($this->never())->method('delete_data_for_user');

        $mockprivacymanager->expects($this->never())->method('delete_data_for_all_users_in_context');

        $mockprivacymanager->expects($this->never())->method('delete_data_for_users_in_context');

        $manager = $this->getMockBuilder(\tool_dataprivacy\expired_contexts_manager::class)

            ->onlyMethods(['get_privacy_manager'])

            ->getMock();

        $manager->method('get_privacy_manager')->willReturn($mockprivacymanager);

        $manager->set_progress(new \null_progress_trace());

        list($processedcourses, $processedusers) = $manager->process_approved_deletions();

        $this->assertEquals(0, $processedcourses);

        $this->assertEquals(0, $processedusers);

        $this->expectException('dml_missing_record_exception');

        $updatedcontext = new expired_context($expiredcontext->get('id'));

    }

    /**

     * Ensure that a module context previously flagged as approved is removed with appropriate unexpiredroles kept.

     */

    public function test_process_course_context_with_override_unexpired_role(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'PT1H');

        $role = $DB->get_record('role', ['shortname' => 'editingteacher']);

        $override = new purpose_override(0, (object) [

                'purposeid' => $purposes->course->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'P5Y',

            ]);

        $override->save();

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * YEARSECS),

                'enddate' => time() - YEARSECS,

            ]);

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        $cm = get_coursemodule_from_instance('forum', $forum->id);

        $forumcontext = \context_module::instance($cm->id);

        $generator = $this->getDataGenerator()->get_plugin_generator('mod_forum');

        $student = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($student->id, $course->id, 'student');

        $generator->create_discussion((object) [

            'course' => $forum->course,

            'forum' => $forum->id,

            'userid' => $student->id,

        ]);

        $teacher = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($teacher->id, $course->id, 'editingteacher');

        $generator->create_discussion((object) [

            'course' => $forum->course,

            'forum' => $forum->id,

            'userid' => $teacher->id,

        ]);

        // Create an existing expired_context.

        $expiredcontext = new expired_context(0, (object) [

                'contextid' => $forumcontext->id,

                'defaultexpired' => 1,

                'status' => expired_context::STATUS_APPROVED,

            ]);

        $expiredcontext->add_unexpiredroles([$role->id]);

        $expiredcontext->save();

        $mockprivacymanager = $this->getMockBuilder(\core_privacy\manager::class)

            ->onlyMethods([

                'delete_data_for_user',

                'delete_data_for_users_in_context',

                'delete_data_for_all_users_in_context',

            ])

            ->getMock();

        $mockprivacymanager->expects($this->never())->method('delete_data_for_user');

        $mockprivacymanager->expects($this->never())->method('delete_data_for_all_users_in_context');

        $mockprivacymanager

            ->expects($this->once())

            ->method('delete_data_for_users_in_context')

            ->with($this->callback(function($userlist) use ($student, $teacher) {

                $forumlist = $userlist->get_userlist_for_component('mod_forum');

                $userids = $forumlist->get_userids();

                $this->assertCount(1, $userids);

                $this->assertContainsEquals($student->id, $userids);

                $this->assertNotContainsEquals($teacher->id, $userids);

                return true;

            }));

        $manager = $this->getMockBuilder(\tool_dataprivacy\expired_contexts_manager::class)

            ->onlyMethods(['get_privacy_manager'])

            ->getMock();

        $manager->method('get_privacy_manager')->willReturn($mockprivacymanager);

        $manager->set_progress(new \null_progress_trace());

        list($processedcourses, $processedusers) = $manager->process_approved_deletions();

        $this->assertEquals(1, $processedcourses);

        $this->assertEquals(0, $processedusers);

        $updatedcontext = new expired_context($expiredcontext->get('id'));

        $this->assertEquals(expired_context::STATUS_CLEANED, $updatedcontext->get('status'));

    }

    /**

     * Ensure that a module context previously flagged as approved is removed with appropriate expiredroles kept.

     */

    public function test_process_course_context_with_override_expired_role(): void {

        global $DB;

        $this->resetAfterTest();

        $purposes = $this->setup_basics('PT1H', 'PT1H', 'P5Y');

        $role = $DB->get_record('role', ['shortname' => 'student']);

        $override = new purpose_override(0, (object) [

                'purposeid' => $purposes->course->get('id'),

                'roleid' => $role->id,

                'retentionperiod' => 'PT1M',

            ]);

        $override->save();

        $course = $this->getDataGenerator()->create_course([

                'startdate' => time() - (2 * YEARSECS),

                'enddate' => time() - YEARSECS,

            ]);

        $forum = $this->getDataGenerator()->create_module('forum', ['course' => $course->id]);

        $cm = get_coursemodule_from_instance('forum', $forum->id);

        $forumcontext = \context_module::instance($cm->id);

        $generator = $this->getDataGenerator()->get_plugin_generator('mod_forum');

        $student = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($student->id, $course->id, 'student');

        $generator->create_discussion((object) [

            'course' => $forum->course,

            'forum' => $forum->id,

            'userid' => $student->id,

        ]);

        $teacher = $this->getDataGenerator()->create_user();

        $this->getDataGenerator()->enrol_user($teacher->id, $course->id, 'editingteacher');

        $generator->create_discussion((object) [

            'course' => $forum->course,

            'forum' => $forum->id,

            'userid' => $teacher->id,

        ]);

        // Create an existing expired_context.

        $expiredcontext = new expired_context(0, (object) [

                'contextid' => $forumcontext->id,

                'defaultexpired' => 0,

                'status' => expired_context::STATUS_APPROVED,

            ]);

        $expiredcontext->add_expiredroles([$role->id]);

        $expiredcontext->save();

        $mockprivacymanager = $this->getMockBuilder(\core_privacy\manager::class)