Accept terms of service - Web only
Feature rollout plan
https://gitlab.com/gitlab-com/infrastructure/issues/4121
Background
In the past we have accepted passive acceptance of the terms governing contributions to the product, meaning that by simply contributing, a contributor was agreeing to be bound by all of the requirements in our contributor guidelines. However, under GDPR we are going to need to have our contributors agree to certain consents and waivers (these are still in the drafting phase), which we will require an affirmative acceptance.
We need to implement a process to obtain affirmative acceptance of the contributor terms, and ideally a way to track and audit the acceptance. This can be done by clickthrough or other standard method.
Requirements
- When you go to GitLab, you login as normal (if you are logged out). Next step.
- GitLab checks checks if you have accepted the terms. If yes, nothing new. Otherwise next step.
- Present user with a page to accept terms. You are blocked on this page.
-
You accept the terms. Then you proceed. Or if you decline, you are signed out.
-
The accept is logged in the database with at least the timestamp. (To capture the audit requirement.)
-
For new users, the existing flow is the same. They register as normal, the sign up flow is not changed. But once they have signed up and they access GitLab for the first time, they get the accept terms page.
-
For users that are logged in, they will be presented with the accept-page on the next interaction (clicking a link), after they accept, they are directed to where they were going
-
The feature is configured in the admin settings. It is off by default.
- This will only block web traffic. API and Git traffic will not be blocked. Those will be blocked in https://gitlab.com/gitlab-org/gitlab-ce/issues/45849.