Commit 790b2c27 authored by Maria Sorica's avatar Maria Sorica Committed by Cecilia Vela Gurovic
Browse files

Bug 1734171: Revoke privacy consent

1. Add the Yes/No switch to the users privacy page that will
allow the user to withdraw their consent if they change their mind.
2. Display the date when a user consented to a privacy statement.

behatnotneeded

Change-Id: If9f85125287a7384e27c1b45aefa98ad37e97776
parent 79649c70
......@@ -22,26 +22,33 @@ if (!is_logged_in()) {
throw new AccessDeniedException();
}
// Get all institutions of a user.
$userinstitutions = array_keys($USER->get('institutions'));
// Include the 'mahara' institution so that we may show the site privacy statement as well.
array_push($userinstitutions, 'mahara');
// Get all the latest privacy statement (institution and site) the user has agreed to.
$data = get_latest_privacy_versions($userinstitutions);
$form = privacy_form();
// JQuery logic for panel hide/show.
// Needed here because there are multiple dropdown panels on this page.
$js = <<< EOF
function showPanel(el) {
elementid = $(el).attr('id');
$("#dropdown" + elementid).toggleClass("collapse");
$( document ).ready(function() {
$(".state-label").click(function() {
$(this).siblings( ".switch-inner" ).toggleClass("redraw-consent");
showSubmitButton();
});
});
function showSubmitButton() {
if ($('body').find(".redraw-consent").length == 0) {
$('#agreetoprivacy_submit_container').addClass('js-hidden');
$('#agreetoprivacy_submit').addClass('js-hidden');
}
else {
$('#agreetoprivacy_submit_container').removeClass('js-hidden');
$('#agreetoprivacy_submit').removeClass('js-hidden');
}
}
EOF;
$smarty = smarty();
setpageicon($smarty, 'icon-umbrella');
$smarty->assign('results', $data);
$smarty->assign('form', $form);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('description', get_string('userprivacypagedescription', 'admin'));
$smarty->display('account/userprivacy.tpl');
......@@ -742,6 +742,79 @@ function auth_get_available_auth_types($institution=null) {
return $result;
}
/**
* Build the agree with or withdraw consent to privacy statement
*
* @param ignoreagreevalue true when a new privacy statement needs to be accepted,
* false when the form will be displayed to allow the consent withdraw.
* @return form
*/
function privacy_form($ignoreagreevalue = false) {
global $USER;
// Get all institutions of a user.
$userinstitutions = array_keys($USER->get('institutions'));
// Include the 'mahara' institution so that we may show the site privacy statement as well.
array_push($userinstitutions, 'mahara');
// Check if there are new privacies that need to be accepted.
$latestversions = get_latest_privacy_versions($userinstitutions, $ignoreagreevalue);
if (empty($latestversions)) {
// We may be masquerading as user
return '<div>' . get_string('noprivacystatementsaccepted', 'account') . '</div>';
}
foreach ($latestversions as $privacy) {
$privacytitle = $privacy->institution == 'mahara' ? get_string('siteprivacystatement', 'admin') : get_string('institutionprivacystatement', 'admin');
$smarty = smarty_core();
$smarty->assign('privacy', $privacy);
$smarty->assign('privacytitle', $privacytitle);
$smarty->assign('privacytime', format_date(strtotime($privacy->ctime)));
$smarty->assign('ignoreagreevalue', $ignoreagreevalue);
$htmlbegin = $smarty->fetch('privacy_panel_begin.tpl');
//Build form elements.
$elements[$privacy->institution . 'text'] = array(
'type' => 'markup',
'value' => $htmlbegin,
);
$elements[$privacy->institution . 'id'] = array(
'type' => 'hidden',
'value' => $privacy->id,
);
$elements[$privacy->institution] = array(
'type' => 'switchbox',
'title' => get_string('privacyagreement', 'admin'),
'description' => $privacy->agreed ? get_string('privacyagreedto', 'admin', format_date(strtotime($privacy->agreedtime))) : '',
'defaultvalue' => $privacy->agreed ? true : false,
'disabled' => ($privacy->agreed && $ignoreagreevalue) ? true : false,
'required' => true,
);
$elements[$privacy->institution . 'switch'] = array(
'type' => 'hidden',
'value' => ($privacy->agreed && $ignoreagreevalue) ? 'disabled' : 'enabled',
);
$smarty = smarty_core();
$smarty->assign('ignoreagreevalue', $ignoreagreevalue);
$htmlend = $smarty->fetch('privacy_panel_end.tpl');
$elements[$privacy->institution . 'text2'] = array(
'type' => 'markup',
'value' => $htmlend,
);
}
$classhidden = $ignoreagreevalue ? '' : 'js-hidden';
$elements['submit'] = array(
'class' => 'btn-primary ' . $classhidden,
'type' => 'submit',
'value' => get_string('savechanges', 'admin')
);
$form = pieform(array(
'name' => 'agreetoprivacy',
'elements' => $elements,
));
return $form;
}
/**
* Checks that all the required fields are set, and handles setting them if required.
*
......@@ -762,45 +835,9 @@ function auth_check_required_fields() {
}
// Privacy statement.
if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement() && !$restoreadmin && !$loginanyway) {
// Get all institutions of a user.
$userinstitutions = array_keys($USER->get('institutions'));
// Include the 'mahara' institution so that we may show the site privacy statement as well.
array_push($userinstitutions, 'mahara');
// Check if there are new privacies that need to be accepted.
$latestversions = get_latest_privacy_versions($userinstitutions, true);
foreach ($latestversions as $privacy) {
$elements[$privacy->institution . 'text'] = array(
'type' => 'markup',
'value' => '<h2>' . ($privacy->institution == 'mahara' ? get_string('siteprivacystatement', 'admin') : get_string('institutionprivacystatement', 'admin')) . '</h2>' . $privacy->content,
);
$elements[$privacy->institution . 'id'] = array(
'type' => 'hidden',
'value' => $privacy->id,
);
$elements[$privacy->institution] = array(
'type' => 'switchbox',
'title' => get_string('privacyagreement', 'admin'),
'description' => $privacy->agreed ? get_string('privacyagreedto', 'admin', format_date(strtotime($privacy->agreedtime))) : '',
'defaultvalue' => $privacy->agreed ? true : false,
'disabled' => $privacy->agreed ? true : false,
'required' => true,
);
$elements[$privacy->institution . 'switch'] = array(
'type' => 'hidden',
'value' => $privacy->agreed ? 'disabled' : 'enabled',
);
}
$elements['submit'] = array(
'class' => 'btn-primary',
'type' => 'submit',
'value' => get_string('savechanges', 'admin')
);
$form = pieform(array(
'name' => 'agreetoprivacy',
'elements' => $elements,
));
// Build the agree with privacy statement form.
$form = privacy_form(true);
define('TITLE', get_string('privacy', 'admin'));
$smarty = smarty();
setpageicon($smarty, 'icon-umbrella');
......@@ -810,7 +847,8 @@ function auth_check_required_fields() {
'<strong><a class="" href="' . get_config('wwwroot') . '?loginanyway">', '</a></strong>'));
}
$smarty->assign('form', $form);
$smarty->display('account/useracceptprivacy.tpl');
$smarty->assign('description', get_string('newprivacy', 'admin'));
$smarty->display('account/userprivacy.tpl');
exit;
}
......
......@@ -84,3 +84,4 @@ $string['resizeonuploaduserdefaultdescription2'] = '"Automatic resizing of image
$string['devicedetection'] = 'Device detection';
$string['devicedetectiondescription'] = 'Enable mobile device detection when browsing this site.';
$string['noprivacystatementsaccepted'] = 'This account has not accepted any current privacy statements.';
\ No newline at end of file
{include file="header.tpl"}
<div class="lead">{str tag="userprivacypagedescription" section="admin"}</div>
{foreach from=$results item=result key=key}
<div class="panel panel-default" id="{$result->id}" onclick="showPanel(this)">
<div class="last form-group collapsible-group">
<fieldset class="pieform-fieldset last collapsible">
<legend>
<h4>
<a href="#dropdown" data-toggle="collapse" aria-expanded="false" aria-controls="dropdown" class="collapsed">
{if $result->institution == 'mahara'}
{str tag="siteprivacystatement" section="admin"}
{else}
{str tag="institutionprivacystatement" section="admin"}
{/if}
<span class="icon icon-chevron-down collapse-indicator right pull-right"> </span>
</a>
</h4>
</legend>
<div class="fieldset-body collapse" id="dropdown{$result->id}">
<span class="text-midtone pull-right">{str tag="lastupdated" section="admin"} {$result->ctime|date_format:'%d %B %Y %H:%M %p'}</span>
<br>
{$result->content|safe}
</div>
</fieldset>
</div>
</div>
{/foreach}
{if $loginanyway}
<p class="lead alert alert-warning">
{$loginanyway|safe}
</p>
{/if}
<div class="lead">{$description}</div>
<div>{$form|safe}</div>
{include file="privacy_modal.tpl"}
{include file="footer.tpl"}
{include file="header.tpl"}
{if $loginanyway}
<p class="lead">
{$loginanyway|safe}
</p>
{/if}
<div class="lead">{str tag="newprivacy" section="admin"}</div>
<div>{$form|safe}</div>
{* Modal form *}
<div tabindex="0" class="modal fade" id="privacy-confirm-form">
<div class="modal-dialog">
......@@ -70,6 +60,4 @@
$('#agreetoprivacy_submit').focus();
}
});
</script>
{include file="footer.tpl"}
</script>
\ No newline at end of file
{if $ignoreagreevalue}
<h2>{$privacytitle}</h2>
{$privacy->content|safe}
{else}
<div class="panel panel-default">
<div class="last form-group collapsible-group">
<fieldset class="pieform-fieldset last collapsible">
<legend>
<h4>
<a href="#dropdown{$privacy->id}" data-toggle="collapse" aria-expanded="false" aria-controls="dropdown" class="collapsed">
{$privacytitle}
<span class="icon icon-chevron-down collapse-indicator right pull-right"></span>
</a>
</h4>
</legend>
<div class="fieldset-body collapse" id="dropdown{$privacy->id}">
<span class="text-midtone pull-right">{str tag='lastupdated' section='admin'} {$privacytime} </span>
{$privacy->content|safe}
{/if}
{if !$ignoreagreevalue}
</div>
</fieldset>
</div>
</div>
{/if}
......@@ -2,19 +2,19 @@
{if $changepassword}
{if $changeusername}
<h1>{str tag="chooseusernamepassword"}</h1>
<p class="lead">{str tag="chooseusernamepasswordinfo" arg1=$sitename}</p>
{else}
<h1>{str tag="changepassword"}</h1>
<p class="lead">{str tag="changepasswordinfo"}</p>
{/if}
{if $loginasoverridepasswordchange}
<p class="lead">
<p class="lead alert alert-warning">
{$loginasoverridepasswordchange|safe}
</p>
{/if}
......@@ -26,4 +26,3 @@
{$form|safe}
{include file="footer.tpl"}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment