I am working on a plugin for Moodle and it was pointed out to me we need to use the Privacy API for GDPR compliance. I implemented it and ran the test suites it has just to see how I was doing. It seems to find and export data alright, and even deletes most of it. The problem I have is the DB tables specific to my plugin. I can't seem to delete those.
I've tried writing SQL join queries but that didn't seem to work and in another forum I saw someone mention delete records works better on one table. The big issue I seem to have is not getting the right context list for the user. What's really odd is the contextlist Moodle passes to this function seems off by 1, for instance it shows the course_module instance as 121, when it should be 122. Where does Moodle get the context info from? And for some users it doesn't even seem to create a context. Can anyone point me toward any examples or forums this is touched on?
This is the full function in the provider.php file:
public static function delete_data_for_user(approved_contextlist $contextlist) {
global $DB;
if (empty($contextlist->count())) {
return;
}
$userid = $contextlist->get_user()->id;
foreach ($contextlist->get_contexts() as $context) {
$instanceid = $DB->get_field('course_modules', 'instance', ['id' => $context->instanceid], MUST_EXIST);
// Tables to delete from with same key if context matches.
$tables = ['cmi5launch_usercourse', 'cmi5launch_sessions', 'cmi5launch_aus'];
foreach ($tables as $table) {
$sql = array("moodlecourseid" => $instanceid, "userid" => $userid);
$record = $DB->delete_records($table, $sql);
}
}
Again it seems to work mostly, it deletes the user from Moodle contexts, just not the plugin tables, which I am attempting to do to be GDPR compliant. Any thoughts?