Commit 658da452 authored by Robert Lyon's avatar Robert Lyon Committed by Maria Sorica

Bug 1734169: Use modal for are you sure question

@TODO
- add a textarea field for reason to not accept
- add test to suspend user when it doesn't accept

Change-Id: I7479e8ac1863f7712d45d92e5b60deced2847391
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 382e5f7e
......@@ -750,27 +750,18 @@ function auth_get_available_auth_types($institution=null) {
*/
function auth_check_required_fields() {
global $USER, $SESSION;
$refused = param_boolean('refuseprivacy', false);
// Privacy statement.
if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement()) {
if ($refused) {
$elements['refused'] = array(
'type' => 'hidden',
'value' => 1
);
$elements['submit'] = array(
'type' => 'submitcancel',
'class' => 'btn-default',
'value' => array(get_string('yes'), get_string('no')),
'goto' => get_config('wwwroot'),
);
$form = pieform(array(
'name' => 'refuseprivacy',
'elements' => $elements,
));
// for the case we are mascarading as the user and we want to return to be admin user
$restoreadmin = param_integer('restore', 0);
$loginanyway = false;
if ($USER->get('parentuser') && param_exists('loginanyway')) {
$USER->loginanyway = true;
}
else {
if ($USER->get('loginanyway')) {
$loginanyway = true;
}
// Privacy statement.
if (get_config('institutionstrictprivacy') && !$USER->has_latest_agreement() && !$restoreadmin && !$loginanyway) {
// Get all institutions of a user.
$userinstitutions = array_keys($USER->get('institutions'));
// Include the 'mahara' institution so that we may show the site privacy statement as well.
......@@ -810,12 +801,15 @@ function auth_check_required_fields() {
'name' => 'agreetoprivacy',
'elements' => $elements,
));
}
define('TITLE', get_string('privacy', 'admin'));
$smarty = smarty();
setpageicon($smarty, 'icon-umbrella');
if ($USER->get('parentuser')) {
$smarty->assign('loginanyway',
get_string('loginasoverrideprivacyaccept', 'admin',
'<strong><a class="" href="' . get_config('wwwroot') . '?loginanyway">', '</a></strong>'));
}
$smarty->assign('form', $form);
$smarty->assign('refused', $refused);
$smarty->display('account/useracceptprivacy.tpl');
exit;
}
......@@ -835,8 +829,7 @@ function auth_check_required_fields() {
}
// Check if the user wants to log in anyway
if ($USER->get('passwordchange') && $USER->get('parentuser') && param_exists('loginanyway')) {
$USER->loginanyway = true;
if ($USER->get('passwordchange') && $loginanyway) {
$changepassword = false;
}
......@@ -1212,7 +1205,8 @@ function agreetoprivacy_submit(Pieform $form, $values) {
$userinstitutions = array_keys($USER->get('institutions'));
array_push($userinstitutions, 'mahara');
$hasrefused = false;
$hasrefused = param_integer('hasrefused', 0);
foreach ($userinstitutions as $institution) {
// check if the institution has a privacy statement
// if not, it depends on the site one and we can skip it
......@@ -1223,32 +1217,20 @@ function agreetoprivacy_submit(Pieform $form, $values) {
try {
$agreed = (empty($values[$institution]) ? 0 : $values[$institution]);
save_user_reply_to_agreement($USER->get('id'), $values[$institution . 'id'], $agreed);
if ($values[$institution]) {
$SESSION->add_ok_msg(get_string('agreementsaved', 'admin'));
}
else {
$hasrefused = true;
if ($hasrefused) {
suspend_user($USER->get('id'), 'privacyrefusal');
$SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
$USER->logout();
redirect();
}
}
catch (SQLException $e) {
$SESSION->add_ok_msg(get_string('savefailed', 'admin'));
}
}
if ($hasrefused) {
redirect(get_config('wwwroot') . '?refuseprivacy=true');
}
$SESSION->set('nocheckrequiredfields', true);
redirect();
}
function refuseprivacy_submit(Pieform $form, $values) {
global $USER, $SESSION;
suspend_user($USER->get('id'), 'privacyrefusal');
$SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
$SESSION->set('nocheckrequiredfields', true);
$USER->logout();
$USER->renew();
redirect();
}
/**
......
......@@ -139,8 +139,6 @@ function formStartProcessing(form, btn) {
processingStart();
var button = jQuery(btn);
if (button.length) {
button.text(get_string('processing') + ' ...');
// we add a hidden input field so the "disabled" button still gets to
// pass its value through
var node = jQuery('<input type="hidden" />').attr({
......@@ -148,6 +146,12 @@ function formStartProcessing(form, btn) {
'name': button.attr('name')
});
button.after(node);
if (button.prop("tagName").toLowerCase() == 'input') {
button.prop('value', get_string('processing') + ' ...');
}
else {
button.text(get_string('processing') + ' ...');
}
button.prop('disabled', true);
button.blur();
......@@ -174,6 +178,22 @@ function formStopProcessing(form, btn) {
processingStop();
}
// This is to style the in processing button back to it's original state
// Takes a jQuery object
function formAbortProcessing(jbtn) {
processingStop();
var button = jbtn;
var buttonnext = button.next('input');
if (button.length) {
// reset the form button back to it's pre-submitted state
button.prop('disabled', false);
if (buttonnext.attr('name') == button.attr('name')) {
button.prop('value', buttonnext.prop('value'));
buttonnext.remove();
}
}
}
function formError(form, data) {
displayMessage(data.message, 'error', true);
scrollTo(0, 0);
......
......@@ -894,6 +894,7 @@ $string['loginasdenied'] = 'Attempt to log in as another user without permission
$string['loginastwice'] = 'Attempt to log in as another user when already logged in as another user';
$string['loginasrestorenodata'] = 'No user data to restore';
$string['loginasoverridepasswordchange'] = 'As you are masquerading as another user, you may choose to %slog in anyway%s ignoring the password change screen.';
$string['loginasoverrideprivacyaccept'] = 'As you are masquerading as another user, you may choose to %slog in anyway%s ignoring the accept privacy statement screen.';
// Institutions
$string['Add'] = 'Add';
......
{include file="header.tpl"}
{if $refused}
<div class="panel panel-danger view-container">
<h2 class="panel-heading">{str tag="refuseprivacy" section="admin"}</h2>
<div class="panel-body">
<h5>{str tag="privacyrefusaldetails" section="admin"}</h5>
<p>{str tag="confirmprivacyrefusal" section="admin"}</p>
{$form|safe}
{if $loginanyway}
<p class="lead">
{$loginanyway|safe}
</p>
{/if}
<div class="lead">{str tag="newprivacy" section="admin"}</div>
<div>{$form|safe}</div>
{* Modal form *}
<div tabindex="0" class="modal fade" id="privacy-confirm-form">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="btn close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title">
{str tag=refuseprivacy section=admin}
</h4>
</div>
<div class="modal-body">
<p><strong>{str tag=privacyrefusaldetails section=admin}</strong></p>
<p>{str tag=confirmprivacyrefusal section=admin}</p>
<div class="btn-group">
<button id="confirm-no-button" type="button" class="btn btn-default">{str tag="yes"}</button>
<button id="back-button" type="button" class="btn btn-default">{str tag="no"}</button>
</div>
{else}
<div class="lead">{str tag="newprivacy" section="admin"}</div>
<div>{$form|safe}</div>
{/if}
</div>
</div>
</div>
</div>
<script type="application/javascript">
var acceptprivacy = false;
$j("#agreetoprivacy").on('submit', function(event) {
if ($j("#agreetoprivacy input:checkbox").length == $j("#agreetoprivacy input:checkbox:checked").length) {
acceptprivacy = true;
}
if (!acceptprivacy) {
event.preventDefault();
event.stopPropagation();
processingStop();
$j("#privacy-confirm-form").modal('show');
}
});
$j("#confirm-no-button").on('click', function() {
acceptprivacy = true;
$j("#privacy-confirm-form").modal('hide');
formAbortProcessing($j("#agreetoprivacy_submit"));
$j('<input />').attr('type', 'hidden').attr('name', "hasrefused").attr('value', "1").appendTo('#agreetoprivacy');
// settimeout to 0 so it waits for everything else to finish before trigger the submit button
setTimeout(function() {
$j('#agreetoprivacy_submit').trigger( "click" );
}, 0);
});
$j("#back-button").on('click', function() {
formAbortProcessing($j("#agreetoprivacy_submit"));
$j("#privacy-confirm-form").modal('hide');
});
$('.modal').on('shown.bs.modal', function() {
$('#confirm-no-button').focus();
});
$('.modal').on('hidden.bs.modal', function() {
if (!acceptprivacy) {
formAbortProcessing($j("#agreetoprivacy_submit"));
$('#agreetoprivacy_submit').focus();
}
});
</script>
{include file="footer.tpl"}
@javascript @core @gdpr
Feature: Strict privacy switch
As a new user logging in for the first time
When strict privacy is enabled
I should be required to accept the privacy statement
Background:
# And the following site settings are set:
#| 'usersallowedmultipleinstitutions' | 0 |
# | 'institutionstrictprivacy' | 1 |
Scenario: Create user who logs in with strict privacy enabled
Given I log in as "admin" with password "Kupuhipa1"
And I choose "Site options" in "Configure site" from administration menu
And I expand "Institution settings" node
# Need to disable multiple inst first, or set strict privacy doesn't work.
And I disable the switch "Users allowed multiple institutions"
And I enable the switch "Strict privacy"
# Check this worked as otherwise there is no point in continuing
And the field "Strict privacy" matches value "1"
And I press "Update site options"
# Background adding of user doesn't work for this test
And I choose "Add user" in "Users" from administration menu
And I set the following fields to these values:
| First name | Bob |
| Last name | One |
| Email | UserB@example.com |
| Username | bob |
| password | Kupuhipa1 |
And I press "Create user"
And I disable the switch "Force password change on next login"
And I enable the switch "Disable email"
And I press "Save changes"
And I log out
Given I log in as "bob" with password "Kupuhipa1"
Then I should see "Before entering your account, please read the privacy statement displayed below."
# Try to ignore privacy statement
And I choose "Pages and collections" in "Portfolio" from main menu
Then I should see "Before entering your account, please read the privacy statement displayed below."
And I press "Save changes"
Then I should see "If you do not consent to the privacy statement, your account will be suspended."
Then I press "No"
# consent to privacy statement
And I enable the switch "I consent to this privacy statement"
And I press "Save changes"
Then I should see "Welcome"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment