Commit 5f9ddb23 authored by Matthias Larisch's avatar Matthias Larisch

Merge branch 'privacy-policy'

parents 96ede9c1 c6284c63
Pipeline #22585323 passed with stages
in 7 minutes and 26 seconds
......@@ -11,6 +11,7 @@
- Registered users need to fill their birthday and be 18+ for data protection and liability reasons. !377 @NerdyProjects
- Remove google analytics !374 @NerdyProjects
- Remove external paypal donate button and host locally !374 @NerdyProjects
- Privacy policy need to be agreed before the page can be used !379 @NerdyProjects
## Bugfixes
- Removing a user from regions is possible again. !372 #14 @NerdyProjects
......
......@@ -75,8 +75,9 @@ if (S::may()) {
$app = $func->getPage();
$usesWebpack = false;
$class = Routing::getClassName($app, 'Control');
if (($class = S::getRouteOverride()) === null) {
$class = Routing::getClassName($app, 'Control');
}
if ($class) {
$obj = DI::$shared->get(ltrim($class, '\\'));
......
......@@ -42,3 +42,13 @@ group:
join: Dieser Arbeitsgruppe beitreten
safe: Änderungen speichern
no_groups: Hier gibt es noch keine Arbeitsgruppen
legal:
newpp: Neue Datenschutzerklärung
acknowledge: Stimmst du der Datenschutzerklärung zu?
not_acknowledge_description: Um die foodsharing.de Plattform benutzen zu können, musst du der beschriebenenen Datenschutzerklärung zustimmen. Stimmst du nicht zu, musst du deinen Account löschen.
agree_privacy_policy: Ich stimme der Datenschutzvereinbarung zu.
delete_account: Ich stimme nicht zu und möchte meinen Account löschen.
actions:
safe: Ich bin mit den Bestimmungen einverstanden
must_accept_pp: Um bei foodsharing.de mitzumachen, musst du den Datenschutzbedingungen zustimmen.
ALTER TABLE fs_foodsaver ADD `privacy_policy_accepted_date` DATETIME DEFAULT NULL after `anmeldedatum`;
ALTER TABLE fs_foodsaver_archive ADD `privacy_policy_accepted_date` DATETIME DEFAULT NULL after `anmeldedatum`;
......@@ -716,7 +716,8 @@ abstract class Db
`token`,
`mailbox_id`,
`option`,
`geschlecht`
`geschlecht`,
`privacy_policy_accepted_date`
FROM `fs_foodsaver`
......
......@@ -23,6 +23,7 @@ class Routing
'index' => 'Index',
'info' => 'Info',
'listFaq' => 'FAQList',
'legal' => 'Legal',
'login' => 'Login',
'logout' => 'Logout',
'mailbox' => 'Mailbox',
......
......@@ -7,6 +7,8 @@ use Flourish\fSession;
use Foodsharing\DI;
use Foodsharing\Lib\Func;
use Foodsharing\Modules\Core\Model;
use Foodsharing\Modules\Legal\LegalControl;
use Foodsharing\Modules\Legal\LegalGateway;
class S
{
......@@ -78,7 +80,8 @@ class S
'type' => $user['type'],
'token' => $user['token'],
'mailbox_id' => $user['mailbox_id'],
'gender' => $user['geschlecht']
'gender' => $user['geschlecht'],
'privacy_policy_accepted_date' => $user['privacy_policy_accepted_date']
));
self::set('buddy-ids', $user['buddys']);
......@@ -96,6 +99,22 @@ class S
return $user[$index];
}
public static function getRouteOverride()
{
$legalModel = DI::$shared->get(LegalGateway::class);
$ppVersion = $legalModel->getPpVersion();
if (self::id() && $ppVersion && $ppVersion > self::user('privacy_policy_accepted_date')) {
/* Allow Settings page, otherwise redirect to legal page */
if (in_array(self::$func->getPage(), ['settings', 'logout'])) {
return null;
}
return LegalControl::class;
}
return null;
}
public static function id()
{
return fAuthorization::getUserToken();
......
<?php
namespace Foodsharing\Modules\Legal;
use Foodsharing\Lib\Session\S;
use Foodsharing\Modules\Core\Control;
use Foodsharing\Modules\Core\Model;
use Foodsharing\Modules\Core\View;
use Symfony\Component\Form\FormFactoryBuilder;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
class LegalControl extends Control
{
private $gateway;
/**
* @var FormFactoryBuilder
*/
private $formFactory;
public function __construct(LegalGateway $gateway, View $view, Model $model)
{
$this->model = $model;
$this->view = $view;
$this->gateway = $gateway;
parent::__construct();
}
/**
* @required
*/
public function setFormFactory(FormFactoryBuilder $formFactory)
{
$this->formFactory = $formFactory;
}
public function index(Request $request, Response $response)
{
$data = new LegalData();
$data->privacy_policy_date = $this->gateway->getPpVersion();
$data->privacy_policy = S::user('privacy_policy_accepted_date') == $data->privacy_policy_date;
$form = $this->formFactory->getFormFactory()->create(LegalForm::class, $data);
$form->handleRequest($request);
if ($form->isSubmitted()) {
if ($form->isValid()) {
$this->gateway->agreeToPp(S::id(), $data->privacy_policy_date);
/* need to reload session cache. TODO: This should be further abstracted */
$this->model->relogin();
$this->func->goSelf();
}
}
$response->setContent($this->render('pages/Legal/page.twig', [
'pp' => $this->gateway->getPp(),
'form' => $form->createView()]));
}
}
<?php
namespace Foodsharing\Modules\Legal;
use Symfony\Component\Validator\Constraints as Assert;
class LegalData
{
/**
* @Assert\Type("string")
* @Assert\NotBlank()
*/
public $privacy_policy_date;
/**
* @Assert\Type("boolean")
* @Assert\IsTrue(message="legal.must_accept_pp")
*/
public $privacy_policy;
}
<?php
namespace Foodsharing\Modules\Legal;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
use Symfony\Component\Form\Extension\Core\Type\HiddenType;
use Symfony\Component\Form\FormBuilderInterface;
class LegalForm extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('privacy_policy_date', HiddenType::class)
->add('privacy_policy', CheckboxType::class, ['label' => 'legal.agree_privacy_policy', 'required' => true]);
}
}
<?php
namespace Foodsharing\Modules\Legal;
use Foodsharing\Modules\Core\BaseGateway;
class LegalGateway extends BaseGateway
{
const PP_CONTENT = 28;
public function getPpVersion()
{
return $this->db->fetchValue('SELECT `last_mod` FROM fs_content WHERE id = :content_id', [':content_id' => self::PP_CONTENT]);
}
public function getPp()
{
return $this->db->fetchValue('SELECT `body` FROM fs_content WHERE id = :content_id', ['content_id' => self::PP_CONTENT]);
}
public function agreeToPp($fsId, $ppVersion)
{
$this->db->update('fs_foodsaver', ['privacy_policy_accepted_date' => $ppVersion], ['id' => $fsId]);
}
}
......@@ -73,6 +73,7 @@ class Foodsharing extends \Codeception\Module\Db
'handy' => $this->faker->phoneNumber,
'photo_public' => 1,
'active' => 1,
'privacy_policy_accepted_date' => '2016-01-19 14:00:32',
], $extra_params);
$params['passwd'] = $this->encryptMd5($params['email'], $pass);
$params['geb_datum'] = $this->toDateTime($params['geb_datum']);
......
......@@ -7,6 +7,7 @@ class RegisterCest
private $first_name;
private $last_name;
private $password;
private $birthdate;
public function _before()
{
......@@ -83,6 +84,19 @@ class RegisterCest
$I->fillField('email_adress', $this->email);
$I->fillField('password', $this->password);
$I->click('#loginbar input[type=submit]');
$I->seeInDatabase('fs_foodsaver', [
'email' => $this->stripped_email,
'name' => $this->first_name,
'nachname' => $this->last_name,
'geb_datum' => $this->birthdate,
'newsletter' => 0
]);
$I->waitForText('Ich stimme nicht zu und möchte ');
$I->checkOption('#legal_form_privacy_policy');
//$I->submitForm('legal_form', []);
$I->click('Ich bin mit den Bestimmungen einverstanden');
$I->waitForText('Willkommen ' . $this->first_name . '!');
$I->seeInDatabase('fs_foodsaver', [
......
{% extends 'layouts/default.twig' %}
{% block main %}
{{ form_start(form) }}
{% embed 'components/field.twig' with {'title': 'legal.newpp'|trans, 'classes': ['ui-padding']} %}
{% block content %}
{{ pp|raw }}
{% endblock %}
{% endembed %}
{% embed 'components/field.twig' with {'title': 'legal.acknowledge'|trans, 'classes': ['ui-padding']} %}
{% block content %}
{{ 'legal.not_acknowledge_description'|trans }}
{{ form_row(form.privacy_policy) }}
<a href="/?page=settings&sub=deleteaccount">{{ 'legal.delete_account'|trans }}</a>
{% endblock %}
{% endembed %}
<input type="submit" value="{{ 'legal.actions.safe'|trans }}" />
{{ form_end(form) }}
{% endblock %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment