<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Privacy Subsystem implementation for core_notes.
 *
 * @package    core_notes
 * @copyright  2018 Zig Tan <zig@moodle.com>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

namespace core_notes\privacy;

use core_privacy\local\metadata\collection;
use core_privacy\local\request\approved_contextlist;
use core_privacy\local\request\contextlist;
use core_privacy\local\request\transform;
use core_privacy\local\request\writer;
use core_privacy\local\request\userlist;
use \core_privacy\local\request\approved_userlist;

defined('MOODLE_INTERNAL') || die();

global $CFG;
require_once($CFG->dirroot . '/notes/lib.php');

/**
 * Implementation of the privacy subsystem plugin provider for core_notes.
 *
 * @copyright  2018 Zig Tan <zig@moodle.com>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class provider implements
        \core_privacy\local\metadata\provider,
        \core_privacy\local\request\core_userlist_provider,
        \core_privacy\local\request\plugin\provider {

    /**
     * Return the fields which contain personal data.
     *
     * @param collection $items a reference to the collection to use to store the metadata.
     * @return collection the updated collection of metadata items.
     */
    public static function get_metadata(collection $items) : collection {
        // The core_notes components utilises the shared mdl_post table.
        $items->add_database_table(
            'post',
            [
                'content' => 'privacy:metadata:core_notes:content',
                'courseid' => 'privacy:metadata:core_notes:courseid',
                'created' => 'privacy:metadata:core_notes:created',
                'lastmodified' => 'privacy:metadata:core_notes:lastmodified',
                'publishstate' => 'privacy:metadata:core_notes:publishstate',
                'userid' => 'privacy:metadata:core_notes:userid'
            ],
            'privacy:metadata:core_notes'
        );

        return $items;
    }

    /**
     * Get the list of contexts that contain user information for the specified user.
     *
     * @param int $userid the userid.
     * @return contextlist the list of contexts containing user info for the user.
     */
    public static function get_contexts_for_userid(int $userid) : contextlist {
        global $DB;

        $contextlist = new contextlist();

        $publishstates = [
            NOTES_STATE_PUBLIC,
            NOTES_STATE_SITE
        ];
        list($publishstatesql, $publishstateparams) = $DB->get_in_or_equal($publishstates, SQL_PARAMS_NAMED);

        // Retrieve all the Course contexts associated with notes written by the user, and also written about the user.
        // Only notes written about the user that are public or site wide will be exported.
        $sql = "SELECT c.id
                  FROM {context} c
            INNER JOIN {post} p ON p.courseid = c.instanceid AND c.contextlevel = :contextcoursewrittenby
                 WHERE p.module = 'notes'
                   AND p.usermodified = :usermodified
                 UNION
                SELECT c.id
                  FROM {context} c
            INNER JOIN {post} p ON p.courseid = c.instanceid AND c.contextlevel = :contextcoursewrittenfor
                 WHERE p.module = 'notes'
                   AND p.userid = :userid
                   AND p.publishstate {$publishstatesql}";

        $params = [
            'contextcoursewrittenby'  => CONTEXT_COURSE,
            'usermodified'            => $userid,
            'contextcoursewrittenfor' => CONTEXT_COURSE,
            'userid'                  => $userid
        ];
        $params += $publishstateparams;

        $contextlist->add_from_sql($sql, $params);

        return $contextlist;
    }

    /**
     * Get the list of users who have data within a context.
     *
     * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
     */
    public static function get_users_in_context(userlist $userlist) {
        global $DB;

        $context = $userlist->get_context();

        if (!$context instanceof \context_course) {
            return;
        }

        $params = [
            'instanceid' => $context->instanceid
        ];

        $sql = "SELECT usermodified as userid
                  FROM {post}
                 WHERE module = 'notes'
                       AND courseid = :instanceid";

        $userlist->add_from_sql('userid', $sql, $params);

        $publishstates = [
            NOTES_STATE_PUBLIC,
            NOTES_STATE_SITE
        ];

        list($publishstatesql, $publishstateparams) = $DB->get_in_or_equal($publishstates, SQL_PARAMS_NAMED);
        $params += $publishstateparams;

        $sql = "SELECT userid
                  FROM {post}
                 WHERE module = 'notes'
                       AND courseid = :instanceid
                       AND publishstate {$publishstatesql}";

        $userlist->add_from_sql('userid', $sql, $params);
    }

    /**
     * Export personal data for the given approved_contextlist.
     * User and context information is contained within the contextlist.
     *
     * @param approved_contextlist $contextlist a list of contexts approved for export.
     */
    public static function export_user_data(approved_contextlist $contextlist) {
        global $DB;

        if (empty($contextlist->count())) {
            return;
        }

        $userid = $contextlist->get_user()->id;

        list($contextsql, $contextparams) = $DB->get_in_or_equal($contextlist->get_contextids(), SQL_PARAMS_NAMED);

        // Export all notes written by and written about the user, and organize it by the associated Course context(s).
        $sql = "SELECT p.courseid as courseid,
                       p.content as content,
                       p.publishstate as publishstate,
                       p.userid as userid,
                       p.usermodified as usermodified,
                       p.created as datecreated,
                       p.lastmodified as datemodified
                  FROM {context} c
            INNER JOIN {post} p ON p.courseid = c.instanceid AND c.contextlevel = :contextcourse
                 WHERE p.module = 'notes'
                   AND (p.usermodified = :usermodified OR p.userid = :userid)
                   AND c.id {$contextsql}";

        $params = [
            'contextcourse' => CONTEXT_COURSE,
            'usermodified'  => $userid,
            'userid'        => $userid
        ];
        $params += $contextparams;

        $notes = $DB->get_recordset_sql($sql, $params);
        foreach ($notes as $note) {
            $contextcourse = \context_course::instance($note->courseid);

            // The exported notes will be organized in {Course Context}/Notes/{publishstate}/usernote-{userid}.json.
            $subcontext = [
                get_string('notes', 'notes'),
                $note->publishstate
            ];

            $name = 'usernote-' . transform::user($note->userid);

            $notecontent = (object) [
               'content' => $note->content,
               'publishstate' => $note->publishstate,
               'userid' => transform::user($note->userid),
               'usermodified' => transform::user($note->usermodified),
               'datecreated' => transform::datetime($note->datecreated),
               'datemodified' => transform::datetime($note->datemodified)
            ];

            writer::with_context($contextcourse)->export_related_data($subcontext, $name, $notecontent);
        }
        $notes->close();
    }

    /**
     * Delete all data for all users in the specified context.
     *
     * @param \context $context the context to delete in.
     */
    public static function delete_data_for_all_users_in_context(\context $context) {
        global $DB;

        if ($context->contextlevel != CONTEXT_COURSE) {
            return;
        }

        $DB->delete_records('post', ['module' => 'notes', 'courseid' => $context->instanceid]);
    }

    /**
     * Delete multiple users within a single context.
     *
     * @param approved_userlist $userlist The approved context and user information to delete information for.
     */
    public static function delete_data_for_users(approved_userlist $userlist) {
        global $DB;

        $context = $userlist->get_context();
        if ($context->contextlevel != CONTEXT_COURSE) {
            return;
        }

        $userids = $userlist->get_userids();
        if (empty($userids)) {
            return;
        }

        list($usersql, $userparams) = $DB->get_in_or_equal($userids, SQL_PARAMS_NAMED);
        $select = "module = :module AND courseid = :courseid AND usermodified {$usersql}";
        $params = ['module' => 'notes', 'courseid' => $context->instanceid] + $userparams;

        $DB->delete_records_select('post', $select, $params);
    }

    /**
     * Delete all user data for the specified user, in the specified contexts.
     *
     * @param approved_contextlist $contextlist a list of contexts approved for deletion.
     */
    public static function delete_data_for_user(approved_contextlist $contextlist) {
        global $DB;

        if (empty($contextlist->count())) {
            return;
        }

        $userid = $contextlist->get_user()->id;

        foreach ($contextlist->get_contexts() as $context) {
            $conditions = [
                'module'        => 'notes',
                'courseid'      => $context->instanceid,
                'usermodified'  => $userid
            ];

            $DB->delete_records('post', $conditions);
        }
    }
}