Commit 382e5f7e authored by Maria Sorica's avatar Maria Sorica

Bug 1734169: Suspend user if privacy statement is refused

If a privacy switch has the value 'No', a confirmation
form will be displayed to make sure this is really the
users decision.
If yes, the users account is suspended.

behatnotneeded

Change-Id: Ifa7c175569cbad780a449c8431d4d9f981839c21
parent 44a6284e
...@@ -750,58 +750,72 @@ function auth_get_available_auth_types($institution=null) { ...@@ -750,58 +750,72 @@ function auth_get_available_auth_types($institution=null) {
*/ */
function auth_check_required_fields() { function auth_check_required_fields() {
global $USER, $SESSION; global $USER, $SESSION;
$refused = param_boolean('refuseprivacy', false);
// for the case we are mascarading as the user and we want to return to be admin user
$restoreadmin = param_integer('restore', 0);
// Privacy statement. // Privacy statement.
if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement() && !$restoreadmin) { if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement()) {
// Get all institutions of a user.
$userinstitutions = array_keys($USER->get('institutions')); if ($refused) {
// Include the 'mahara' institution so that we may show the site privacy statement as well. $elements['refused'] = array(
array_push($userinstitutions, 'mahara');
// Check if there are new privacies that need to be accepted.
$latestversions = get_latest_privacy_versions($userinstitutions, true);
foreach ($latestversions as $privacy) {
$elements[$privacy->institution . 'text'] = array(
'type' => 'markup',
'value' => '<h2>' . ($privacy->institution == 'mahara' ? get_string('siteprivacystatement', 'admin') : get_string('institutionprivacystatement', 'admin')) . '</h2>' . $privacy->content,
);
$elements[$privacy->institution . 'id'] = array(
'type' => 'hidden', 'type' => 'hidden',
'value' => $privacy->id, 'value' => 1
); );
$elements[$privacy->institution] = array( $elements['submit'] = array(
'type' => 'switchbox', 'type' => 'submitcancel',
'title' => get_string('privacyagreement', 'admin'), 'class' => 'btn-default',
'description' => $privacy->agreed ? get_string('privacyagreedto', 'admin', format_date(strtotime($privacy->agreedtime))) : '', 'value' => array(get_string('yes'), get_string('no')),
'defaultvalue' => $privacy->agreed ? true : false, 'goto' => get_config('wwwroot'),
'disabled' => $privacy->agreed ? true : false,
'required' => true,
); );
$elements[$privacy->institution . 'switch'] = array( $form = pieform(array(
'type' => 'hidden', 'name' => 'refuseprivacy',
'value' => $privacy->agreed ? 'disabled' : 'enabled', 'elements' => $elements,
));
}
else {
// Get all institutions of a user.
$userinstitutions = array_keys($USER->get('institutions'));
// Include the 'mahara' institution so that we may show the site privacy statement as well.
array_push($userinstitutions, 'mahara');
// Check if there are new privacies that need to be accepted.
$latestversions = get_latest_privacy_versions($userinstitutions, true);
foreach ($latestversions as $privacy) {
$elements[$privacy->institution . 'text'] = array(
'type' => 'markup',
'value' => '<h2>' . ($privacy->institution == 'mahara' ? get_string('siteprivacystatement', 'admin') : get_string('institutionprivacystatement', 'admin')) . '</h2>' . $privacy->content,
);
$elements[$privacy->institution . 'id'] = array(
'type' => 'hidden',
'value' => $privacy->id,
);
$elements[$privacy->institution] = array(
'type' => 'switchbox',
'title' => get_string('privacyagreement', 'admin'),
'description' => $privacy->agreed ? get_string('privacyagreedto', 'admin', format_date(strtotime($privacy->agreedtime))) : '',
'defaultvalue' => $privacy->agreed ? true : false,
'disabled' => $privacy->agreed ? true : false,
'required' => true,
);
$elements[$privacy->institution . 'switch'] = array(
'type' => 'hidden',
'value' => $privacy->agreed ? 'disabled' : 'enabled',
);
}
$elements['submit'] = array(
'class' => 'btn-primary',
'type' => 'submit',
'value' => get_string('savechanges', 'admin')
); );
$form = pieform(array(
'name' => 'agreetoprivacy',
'elements' => $elements,
));
} }
$elements['submit'] = array(
'class' => 'btn-primary',
'type' => 'submit',
'value' => get_string('savechanges', 'admin')
);
$form = pieform(array(
'name' => 'agreetoprivacy',
'jsform' => false,
'jssuccesscallback' => 'contentSaved',
'elements' => $elements,
));
define('TITLE', get_string('privacy', 'admin')); define('TITLE', get_string('privacy', 'admin'));
$smarty = smarty(); $smarty = smarty();
setpageicon($smarty, 'icon-umbrella'); setpageicon($smarty, 'icon-umbrella');
$smarty->assign('form', $form); $smarty->assign('form', $form);
$smarty->assign('refused', $refused);
$smarty->display('account/useracceptprivacy.tpl'); $smarty->display('account/useracceptprivacy.tpl');
exit; exit;
} }
...@@ -1198,21 +1212,43 @@ function agreetoprivacy_submit(Pieform $form, $values) { ...@@ -1198,21 +1212,43 @@ function agreetoprivacy_submit(Pieform $form, $values) {
$userinstitutions = array_keys($USER->get('institutions')); $userinstitutions = array_keys($USER->get('institutions'));
array_push($userinstitutions, 'mahara'); array_push($userinstitutions, 'mahara');
$hasrefused = false;
foreach ($userinstitutions as $institution) { foreach ($userinstitutions as $institution) {
if ($values[$institution . 'switch'] == 'disabled') { // check if the institution has a privacy statement
// if not, it depends on the site one and we can skip it
// if yes, check if the user has already accepted it (switch is disabled)
if (!isset($values[$institution]) || $values[$institution . 'switch'] == 'disabled') {
continue; continue;
} }
$agreed = (empty($values[$institution]) ? 0 : $values[$institution]);
try { try {
$agreed = (empty($values[$institution]) ? 0 : $values[$institution]);
save_user_reply_to_agreement($USER->get('id'), $values[$institution . 'id'], $agreed); save_user_reply_to_agreement($USER->get('id'), $values[$institution . 'id'], $agreed);
$SESSION->add_ok_msg(get_string('agreementsaved', 'admin')); if ($values[$institution]) {
$SESSION->add_ok_msg(get_string('agreementsaved', 'admin'));
}
else {
$hasrefused = true;
}
} }
catch (SQLException $e) { catch (SQLException $e) {
$SESSION->add_ok_msg(get_string('savefailed', 'admin')); $SESSION->add_ok_msg(get_string('savefailed', 'admin'));
} }
} }
if ($hasrefused) {
redirect(get_config('wwwroot') . '?refuseprivacy=true');
}
$SESSION->set('nocheckrequiredfields', true);
redirect();
}
function refuseprivacy_submit(Pieform $form, $values) {
global $USER, $SESSION;
suspend_user($USER->get('id'), 'privacyrefusal');
$SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
$SESSION->set('nocheckrequiredfields', true); $SESSION->set('nocheckrequiredfields', true);
$USER->logout();
redirect(); redirect();
} }
/** /**
......
...@@ -1351,3 +1351,7 @@ $string['privacyagreement'] = 'I consent to this privacy statement'; ...@@ -1351,3 +1351,7 @@ $string['privacyagreement'] = 'I consent to this privacy statement';
$string['privacyagreementdescription'] = 'By choosing "Yes", you give your consent to the clauses of the privacy statement above.'; $string['privacyagreementdescription'] = 'By choosing "Yes", you give your consent to the clauses of the privacy statement above.';
$string['privacyagreedto'] = 'You agreed to this privacy statement in %s.'; $string['privacyagreedto'] = 'You agreed to this privacy statement in %s.';
$string['agreementsaved'] = 'Agreement saved'; $string['agreementsaved'] = 'Agreement saved';
$string['refuseprivacy'] = 'Refuse privacy statement';
$string['confirmprivacyrefusal'] = 'Are you really sure you wish to continue?';
$string['privacyrefusaldetails'] = 'If you do not consent to the privacy statement, your account will be suspended.';
$string['privacyrefusal'] = 'Refused to consent to the privacy statement.';
...@@ -866,6 +866,7 @@ $string['youraccounthasbeensuspendedtextcron'] = 'Your account at %s has been su ...@@ -866,6 +866,7 @@ $string['youraccounthasbeensuspendedtextcron'] = 'Your account at %s has been su
$string['youraccounthasbeensuspendedreasontext'] = "Your account at %s has been suspended by %s. Reason:\n\n%s"; $string['youraccounthasbeensuspendedreasontext'] = "Your account at %s has been suspended by %s. Reason:\n\n%s";
$string['youraccounthasbeensuspendedreasontextcron'] = "Your account at %s has been suspended. Reason:\n\n%s"; $string['youraccounthasbeensuspendedreasontextcron'] = "Your account at %s has been suspended. Reason:\n\n%s";
$string['youraccounthasbeenunsuspendedtext2'] = 'Your account at %s has been unsuspended. You may once again log in and use the site.'; // can't provide a login link because we don't know how they log in - it might be by xmlrpc $string['youraccounthasbeenunsuspendedtext2'] = 'Your account at %s has been unsuspended. You may once again log in and use the site.'; // can't provide a login link because we don't know how they log in - it might be by xmlrpc
$string['youraccounthasbeensuspendedtext3'] = 'Your account on %s has been suspended because you refused to consent to the privacy statement';
// size of stuff // size of stuff
$string['sizemb'] = 'MB'; $string['sizemb'] = 'MB';
......
...@@ -1426,7 +1426,7 @@ function suspend_user($suspendeduserid, $reason, $suspendinguserid=null) { ...@@ -1426,7 +1426,7 @@ function suspend_user($suspendeduserid, $reason, $suspendinguserid=null) {
$suspendrec = new StdClass; $suspendrec = new StdClass;
$suspendrec->id = $suspendeduserid; $suspendrec->id = $suspendeduserid;
$suspendrec->suspendedcusr = $suspendinguserid; $suspendrec->suspendedcusr = $suspendinguserid;
$suspendrec->suspendedreason = $reason; $suspendrec->suspendedreason = $reason == 'privacyrefusal' ? get_string($reason, 'admin') : $reason;
$suspendrec->suspendedctime = db_format_timestamp(time()); $suspendrec->suspendedctime = db_format_timestamp(time());
update_record('usr', $suspendrec, 'id'); update_record('usr', $suspendrec, 'id');
...@@ -1449,6 +1449,10 @@ function suspend_user($suspendeduserid, $reason, $suspendinguserid=null) { ...@@ -1449,6 +1449,10 @@ function suspend_user($suspendeduserid, $reason, $suspendinguserid=null) {
get_config('sitename'), display_name($suspendinguserid, $suspendeduserid)); get_config('sitename'), display_name($suspendinguserid, $suspendeduserid));
} }
} }
else if ($reason == 'privacyrefusal') {
$message->message = get_string_from_language($lang, 'youraccounthasbeensuspendedtext3', 'mahara',
get_config('sitename'));
}
else { else {
if ($iscron) { if ($iscron) {
// Suspended by a cron task // Suspended by a cron task
......
{include file="header.tpl"} {include file="header.tpl"}
<div class="lead">{str tag="newprivacy" section="admin"}</div>
<div>{$form|safe}</div> {if $refused}
<div class="panel panel-danger view-container">
<h2 class="panel-heading">{str tag="refuseprivacy" section="admin"}</h2>
<div class="panel-body">
<h5>{str tag="privacyrefusaldetails" section="admin"}</h5>
<p>{str tag="confirmprivacyrefusal" section="admin"}</p>
{$form|safe}
</div>
</div>
{else}
<div class="lead">{str tag="newprivacy" section="admin"}</div>
<div>{$form|safe}</div>
{/if}
{include file="footer.tpl"} {include file="footer.tpl"}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment