fixes bug in data delete_data_for_users() implementation.

ensure that only the records for the given user are deleted by checking for its inclusion in the approved users list.
ucsf-education · Jun 6, 2024 · 7a69bd9 · 7a69bd9
1 parent ab35dab
commit 7a69bd9
Showing 1 changed file with 4 additions and 8 deletions.
diff --git a/classes/privacy/provider.php b/classes/privacy/provider.php
@@ -199,14 +199,10 @@ public static function get_users_in_context(userlist $userlist): void {
      * @throws dml_exception
      */
     public static function delete_data_for_users(approved_userlist $userlist): void {
-        $users = $userlist->get_users();
-        foreach ($users as $user) {
-            $contextlist = new approved_contextlist(
-                $user,
-                'block_course_recent',
-                [context_user::instance($user->id)->id]
-            );
-            self::delete_data_for_user($contextlist);
+        global $DB;
+        $context = $userlist->get_context();
+        if ($context instanceof context_user && in_array($context->instanceid, $userlist->get_userids())) {
+            $DB->delete_records('block_course_recent', ['userid' => $context->instanceid]);
         }
     }
 }