Bug 1734169: Use modal for are you sure question

 */

function auth_check_required_fields() {

    global $USER, $SESSION;

    $refused = param_boolean('refuseprivacy', false);

    // Privacy statement.

    if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement()) {

        if ($refused) {

            $elements['refused'] = array(

                'type' => 'hidden',

                'value' => 1

            );

            $elements['submit'] = array(

                'type' => 'submitcancel',

                'class' => 'btn-default',

                'value' => array(get_string('yes'), get_string('no')),

                'goto' => get_config('wwwroot'),

            );

            $form = pieform(array(

                'name'       => 'refuseprivacy',

                'elements' => $elements,

            ));

    // for the case we are mascarading as the user and we want to return to be admin user

    $restoreadmin = param_integer('restore', 0);

    $loginanyway = false;

    if ($USER->get('parentuser') && param_exists('loginanyway')) {

        $USER->loginanyway = true;

    }

        else {

    if ($USER->get('loginanyway')) {

        $loginanyway = true;

    }

    // Privacy statement.

    if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement() && !$restoreadmin && !$loginanyway) {

        // Get all institutions of a user.

        $userinstitutions = array_keys($USER->get('institutions'));

        // Include the 'mahara' institution so that we may show the site privacy statement as well.

            'name'       => 'agreetoprivacy',

            'elements' => $elements,

        ));

        }

        define('TITLE', get_string('privacy', 'admin'));

        $smarty = smarty();

        setpageicon($smarty, 'icon-umbrella');

        if ($USER->get('parentuser')) {

            $smarty->assign('loginanyway',

            get_string('loginasoverrideprivacyaccept', 'admin',

                       '<strong><a class="" href="' . get_config('wwwroot') . '?loginanyway">', '</a></strong>'));

        }

        $smarty->assign('form', $form);

        $smarty->assign('refused', $refused);

        $smarty->display('account/useracceptprivacy.tpl');

        exit;

    }

    }

    // Check if the user wants to log in anyway

    if ($USER->get('passwordchange') && $USER->get('parentuser') && param_exists('loginanyway')) {

        $USER->loginanyway = true;

    if ($USER->get('passwordchange') && $loginanyway) {

        $changepassword = false;

    }

    $userinstitutions = array_keys($USER->get('institutions'));

    array_push($userinstitutions, 'mahara');

    $hasrefused = false;

    $hasrefused = param_integer('hasrefused', 0);

    foreach ($userinstitutions as $institution) {

        // check if the institution has a privacy statement

        // if not, it depends on the site one and we can skip it

        try {

            $agreed = (empty($values[$institution]) ? 0 : $values[$institution]);

            save_user_reply_to_agreement($USER->get('id'), $values[$institution . 'id'], $agreed);

            if ($values[$institution]) {

            $SESSION->add_ok_msg(get_string('agreementsaved', 'admin'));

            }

            else {

                $hasrefused = true;

            if ($hasrefused) {

                suspend_user($USER->get('id'), 'privacyrefusal');

                $SESSION->add_ok_msg(get_string('usersuspended', 'admin'));

                $USER->logout();

                redirect();

            }

        }

        catch (SQLException $e) {

            $SESSION->add_ok_msg(get_string('savefailed', 'admin'));

        }

    }

    if ($hasrefused) {

        redirect(get_config('wwwroot') . '?refuseprivacy=true');

    }

    $SESSION->set('nocheckrequiredfields', true);

    redirect();

}

function refuseprivacy_submit(Pieform $form, $values) {

    global $USER, $SESSION;

    suspend_user($USER->get('id'), 'privacyrefusal');

    $SESSION->add_ok_msg(get_string('usersuspended', 'admin'));

    $SESSION->set('nocheckrequiredfields', true);

    $USER->logout();

    $USER->renew();

    redirect();

}

/**

    processingStart();

    var button = jQuery(btn);

    if (button.length) {

        button.text(get_string('processing') + ' ...');

        // we add a hidden input field so the "disabled" button still gets to

        // pass its value through

        var node = jQuery('<input type="hidden" />').attr({

            'name': button.attr('name')

        });

        button.after(node);

        if (button.prop("tagName").toLowerCase() == 'input') {

            button.prop('value', get_string('processing') + ' ...');

        }

        else {

            button.text(get_string('processing') + ' ...');

        }

        button.prop('disabled', true);

        button.blur();

    processingStop();

}

// This is to style the in processing button back to it's original state

// Takes a jQuery object

function formAbortProcessing(jbtn) {

    processingStop();

    var button = jbtn;

    var buttonnext = button.next('input');

    if (button.length) {

       // reset the form button back to it's pre-submitted state

       button.prop('disabled', false);

       if (buttonnext.attr('name') == button.attr('name')) {

           button.prop('value', buttonnext.prop('value'));

           buttonnext.remove();

       }

    }

}

function formError(form, data) {

    displayMessage(data.message, 'error', true);

    scrollTo(0, 0);

$string['loginastwice'] = 'Attempt to log in as another user when already logged in as another user';

$string['loginasrestorenodata'] = 'No user data to restore';

$string['loginasoverridepasswordchange'] = 'As you are masquerading as another user, you may choose to %slog in anyway%s ignoring the password change screen.';

$string['loginasoverrideprivacyaccept'] = 'As you are masquerading as another user, you may choose to %slog in anyway%s ignoring the accept privacy statement screen.';

// Institutions

$string['Add'] = 'Add';

{include file="header.tpl"}

{if $refused}

    <div class="panel panel-danger view-container">

        <h2 class="panel-heading">{str tag="refuseprivacy" section="admin"}</h2>

        <div class="panel-body">

            <h5>{str tag="privacyrefusaldetails" section="admin"}</h5>

            <p>{str tag="confirmprivacyrefusal" section="admin"}</p>

            {$form|safe}

        </div>

    </div>

{else}

{if $loginanyway}

    <p class="lead">

    {$loginanyway|safe}

    </p>

{/if}

<div class="lead">{str tag="newprivacy" section="admin"}</div>

<div>{$form|safe}</div>

{/if}

{* Modal form *}

    <div tabindex="0" class="modal fade" id="privacy-confirm-form">

        <div class="modal-dialog">

            <div class="modal-content">

                <div class="modal-header">

                    <button type="button" class="btn close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>

                    <h4 class="modal-title">

                        {str tag=refuseprivacy section=admin}

                    </h4>

                </div>

                <div class="modal-body">

                    <p><strong>{str tag=privacyrefusaldetails section=admin}</strong></p>

                    <p>{str tag=confirmprivacyrefusal section=admin}</p>

                    <div class="btn-group">

                        <button id="confirm-no-button" type="button" class="btn btn-default">{str tag="yes"}</button>

                        <button id="back-button" type="button" class="btn btn-default">{str tag="no"}</button>

                    </div>

                </div>

            </div>

        </div>

    </div>

    <script type="application/javascript">

    var acceptprivacy = false;

    $j("#agreetoprivacy").on('submit', function(event) {

        if ($j("#agreetoprivacy input:checkbox").length == $j("#agreetoprivacy input:checkbox:checked").length) {

            acceptprivacy = true;

        }

        if (!acceptprivacy) {

            event.preventDefault();

            event.stopPropagation();

            processingStop();

            $j("#privacy-confirm-form").modal('show');

        }

    });

    $j("#confirm-no-button").on('click', function() {

        acceptprivacy = true;

        $j("#privacy-confirm-form").modal('hide');

        formAbortProcessing($j("#agreetoprivacy_submit"));

        $j('<input />').attr('type', 'hidden').attr('name', "hasrefused").attr('value', "1").appendTo('#agreetoprivacy');

        // settimeout to 0 so it waits for everything else to finish before trigger the submit button

        setTimeout(function() {

            $j('#agreetoprivacy_submit').trigger( "click" );

        }, 0);

    });

    $j("#back-button").on('click', function() {

        formAbortProcessing($j("#agreetoprivacy_submit"));

        $j("#privacy-confirm-form").modal('hide');

    });

    $('.modal').on('shown.bs.modal', function() {

        $('#confirm-no-button').focus();

    });

    $('.modal').on('hidden.bs.modal', function() {

        if (!acceptprivacy) {

            formAbortProcessing($j("#agreetoprivacy_submit"));

            $('#agreetoprivacy_submit').focus();

        }

    });

    </script>

{include file="footer.tpl"}

@javascript @core @gdpr

Feature: Strict privacy switch

        As a new user logging in for the first time

        When strict privacy is enabled

        I should be required to accept the privacy statement

Background:

    # And the following site settings are set:

     #| 'usersallowedmultipleinstitutions' | 0 |

    # | 'institutionstrictprivacy' | 1 |

Scenario: Create user who logs in with strict privacy enabled

    Given I log in as "admin" with password "Kupuhipa1"

    And I choose "Site options" in "Configure site" from administration menu

    And I expand "Institution settings" node

    # Need to disable multiple inst first, or set strict privacy doesn't work.

    And I disable the switch "Users allowed multiple institutions"

    And I enable the switch "Strict privacy"

    # Check this worked as otherwise there is no point in continuing

    And the field "Strict privacy" matches value "1"

    And I press "Update site options"

    # Background adding of user doesn't work for this test

    And I choose "Add user" in "Users" from administration menu

    And I set the following fields to these values:

    | First name | Bob |

    | Last name | One |

    | Email | UserB@example.com |

    | Username | bob |

    | password | Kupuhipa1 |

    And I press "Create user"

    And I disable the switch "Force password change on next login"

    And I enable the switch "Disable email"

    And I press "Save changes"

    And I log out

    Given I log in as "bob" with password "Kupuhipa1"

    Then I should see "Before entering your account, please read the privacy statement displayed below."

    # Try to ignore privacy statement

    And I choose "Pages and collections" in "Portfolio" from main menu

    Then I should see "Before entering your account, please read the privacy statement displayed below."

    And I press "Save changes"

    Then I should see "If you do not consent to the privacy statement, your account will be suspended."

    Then I press "No"

    # consent to privacy statement

    And I enable the switch "I consent to this privacy statement"

    And I press "Save changes"

    Then I should see "Welcome"