Commit 79649c70 authored by Maria Sorica's avatar Maria Sorica Committed by Kristina Hoeppner

Bug 1734169: Add privacy statement to the register form

behatnotneeded

Change-Id: I9d7685dc6c3b0871fa2471ce27c0a4aa67af0b34
parent 835a7b7b
...@@ -2328,6 +2328,50 @@ function auth_generate_registration_form($formname, $authname='internal', $goto) ...@@ -2328,6 +2328,50 @@ function auth_generate_registration_form($formname, $authname='internal', $goto)
) )
); );
} }
// Add site privacy statement and T&C to the register form.
$siteprivacy = get_latest_privacy_versions(array('mahara'));
$elements['privacy'] = array(
'type' => 'markup',
'value' => '<div id ="siteprivacy">' .
'<h2>' . get_string('siteprivacystatement', 'admin') . '</h2>' .
'<p class="text-midtone">' . get_string('registerprivacy1') . '</p>' .
'<div id ="siteprivacytext">' . $siteprivacy[0]->content . '</div>' .
'</div>',
);
$elements['privacyswitch'] = array(
'type' => 'switchbox',
'title' => get_string('privacyagreement', 'admin'),
'description' => get_string('registerprivacydetails', 'admin'),
'required' => true,
);
$elements['privacyid'] = array(
'type' => 'hidden',
'value' => $siteprivacy[0]->id,
);
// Add institution privacy if an institution has been selected.
$elements['instprivacy'] = array(
'type' => 'markup',
'value' => '<div id ="instprivacy" class ="js-hidden">' .
'<h2>' . get_string('institutionprivacystatement', 'admin') . '</h2>' .
'<p class="text-midtone">' . get_string('registerprivacy1') . '</p>' .
'<div id ="instprivacytext"></div>' .
'</div>',
);
$elements['instprivacyswitch'] = array(
'type' => 'switchbox',
'title' => get_string('privacyagreement', 'admin'),
'description' => get_string('registerprivacydetails', 'admin'),
'class' => 'instprivacyswitch js-hidden',
);
$elements['instprivacyid'] = array(
'type' => 'text',
'class' => 'js-hidden',
);
// Add the terms and conditions.
$elements['terms'] = array(
'type' => 'markup',
'value' => "<h2>Terms and condititions</h2>" . get_site_page_content('termsandconditions'),
);
$registerterms = get_config('registerterms'); $registerterms = get_config('registerterms');
if ($registerterms) { if ($registerterms) {
...@@ -2411,17 +2455,19 @@ function auth_generate_registration_form_js($aform, $registerconfirm) { ...@@ -2411,17 +2455,19 @@ function auth_generate_registration_form_js($aform, $registerconfirm) {
}); });
'; ';
} }
else { // Display the institution privacy statement, if it exist.
$url = get_config('wwwroot') . 'json/termsandconditions.php'; $url = get_config('wwwroot') . 'json/privacystatement.php';
$js = ' $js = '
var registerconfirm = ' . json_encode($registerconfirm) . '; var registerconfirm = ' . json_encode($registerconfirm) . ';
jQuery(function($) { jQuery(function($) {
function show_reason(reasonid, value) { function show_privacy(institutionid, value) {
if (value) { $("#register_instprivacyid").attr("value", "");
$("#" + reasonid + "_container").removeClass("js-hidden"); $("#instprivacy").addClass("js-hidden");
$("#" + reasonid + "_container textarea").removeClass("js-hidden"); $("#instprivacytext").html("");
$("#" + reasonid + "_container").next("tr.textarea").removeClass("js-hidden"); $(".instprivacyswitch").addClass("js-hidden");
// need to fetch the correct terms and conditions for the institution
if (value !== "0" && value !== "mahara") {
// Fetch the institution privacy statement.
$.ajax({ $.ajax({
type: "POST", type: "POST",
dataType: "json", dataType: "json",
...@@ -2430,11 +2476,21 @@ function auth_generate_registration_form_js($aform, $registerconfirm) { ...@@ -2430,11 +2476,21 @@ function auth_generate_registration_form_js($aform, $registerconfirm) {
"institution": value, "institution": value,
} }
}).done(function (data) { }).done(function (data) {
if (data.content) { if (data && data.content) {
$("#termscontainer").html(data.content); $("#instprivacy").removeClass("js-hidden");
$("#instprivacytext").html(data.content);
$(".instprivacyswitch").removeClass("js-hidden");
$("#register_instprivacyid").attr("value", data.id);
} }
}); });
} }
}
function show_reason(reasonid, value) {
if (value) {
$("#" + reasonid + "_container").removeClass("js-hidden");
$("#" + reasonid + "_container textarea").removeClass("js-hidden");
$("#" + reasonid + "_container").next("tr.textarea").removeClass("js-hidden");
}
else { else {
$("#" + reasonid + "_container").addClass("js-hidden"); $("#" + reasonid + "_container").addClass("js-hidden");
$("#" + reasonid + "_container textarea").addClass("js-hidden"); $("#" + reasonid + "_container textarea").addClass("js-hidden");
...@@ -2444,22 +2500,28 @@ function auth_generate_registration_form_js($aform, $registerconfirm) { ...@@ -2444,22 +2500,28 @@ function auth_generate_registration_form_js($aform, $registerconfirm) {
// For when page loads after error found on form completion // For when page loads after error found on form completion
var defaultselect = $j("#' . $institutionid . '").val(); var defaultselect = $j("#' . $institutionid . '").val();
var reasonid = "' . $reasonid . '"; var reasonid = "' . $reasonid . '";
if (defaultselect != 0 && registerconfirm[defaultselect] == 1) { if (defaultselect != 0) {
show_reason(reasonid, defaultselect); if (registerconfirm[defaultselect] == 1) {
show_reason(reasonid, defaultselect);
}
show_privacy("' . $institutionid . '", defaultselect);
} }
// For when select changes // For when select changes
$("#' . $institutionid . '").change(function() { $("#' . $institutionid . '").change(function() {
if (this.value && registerconfirm[this.value] == 1) { if (this.value) {
show_reason(reasonid, this.value); if (registerconfirm[this.value] == 1) {
} show_reason(reasonid, this.value);
else { }
show_reason(reasonid, null); else {
show_reason(reasonid, null);
}
show_privacy("' . $institutionid . '", this.value);
} }
}); });
}); });
'; ';
}
return array($formhtml, $js); return array($formhtml, $js);
} }
...@@ -2503,6 +2565,16 @@ function auth_register_validate(Pieform $form, $values) { ...@@ -2503,6 +2565,16 @@ function auth_register_validate(Pieform $form, $values) {
$institution = $values['institution']; $institution = $values['institution'];
safe_require('auth', 'internal'); safe_require('auth', 'internal');
// Privacy statements must have been accepted by the user.
if (!$values['instprivacyswitch'] && $values['instprivacyid'] != '') {
$SESSION->add_error_msg(get_string('registerprivacyrefusal', 'admin'));
$form->set_error('instprivacyswitch', get_string('registerprivacyrefusal', 'admin'));
}
if (!$values['privacyswitch']) {
$SESSION->add_error_msg(get_string('registerprivacyrefusal', 'admin'));
$form->set_error('privacyswitch', get_string('registerprivacyrefusal', 'admin'));
}
// First name and last name must contain at least one non whitespace // First name and last name must contain at least one non whitespace
// character, so that there's something to read // character, so that there's something to read
if (!$form->get_error('firstname') && !preg_match('/\S/', $values['firstname'])) { if (!$form->get_error('firstname') && !preg_match('/\S/', $values['firstname'])) {
...@@ -2588,7 +2660,9 @@ function auth_register_submit(Pieform $form, $values) { ...@@ -2588,7 +2660,9 @@ function auth_register_submit(Pieform $form, $values) {
if (function_exists('local_register_submit')) { if (function_exists('local_register_submit')) {
local_register_submit($values); local_register_submit($values);
} }
$extra = new StdClass;
$extra->privacy = array($values['privacyid'], $values['instprivacyid']);
$values['extra'] = serialize($extra);
try { try {
if (!record_exists('usr_registration', 'email', $values['email'])) { if (!record_exists('usr_registration', 'email', $values['email'])) {
insert_record('usr_registration', $values); insert_record('usr_registration', $values);
......
<?php
/**
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
define('JSON', 1);
define('NOSESSKEY', 1);
require(dirname(dirname(__FILE__)) . '/init.php');
$institution = param_alphanum('institution', null);
// Get the institution privacy statement.
$privacy = get_latest_privacy_versions(array($institution));
json_headers();
print json_encode($privacy[0]);
...@@ -1356,3 +1356,5 @@ $string['refuseprivacy'] = 'Refuse privacy statement'; ...@@ -1356,3 +1356,5 @@ $string['refuseprivacy'] = 'Refuse privacy statement';
$string['confirmprivacyrefusal'] = 'Are you really sure you wish to continue?'; $string['confirmprivacyrefusal'] = 'Are you really sure you wish to continue?';
$string['privacyrefusaldetails'] = 'If you do not consent to the privacy statement, your account will be suspended.'; $string['privacyrefusaldetails'] = 'If you do not consent to the privacy statement, your account will be suspended.';
$string['privacyrefusal'] = 'Refused to consent to the privacy statement.'; $string['privacyrefusal'] = 'Refused to consent to the privacy statement.';
$string['registerprivacyrefusal'] = 'Your account will not be created when you do not consent to the privacy statement.';
$string['registerprivacydetails'] = 'Please read the privacy statement. If you do not consent to it, you cannot create an account on the site.';
...@@ -473,7 +473,7 @@ $string['displayname'] = 'Display name'; ...@@ -473,7 +473,7 @@ $string['displayname'] = 'Display name';
$string['fullname'] = 'Full name'; $string['fullname'] = 'Full name';
$string['registerwelcome'] = 'Welcome! To use this site you must register first.'; $string['registerwelcome'] = 'Welcome! To use this site you must register first.';
$string['registeragreeterms'] = 'You must also agree to the <a href="terms.php">terms and conditions</a>.'; $string['registeragreeterms'] = 'You must also agree to the <a href="terms.php">terms and conditions</a>.';
$string['registerprivacy'] = 'The data we collect here will be stored according to our <a href="privacy.php">privacy statement</a>.'; $string['registerprivacy1'] = 'The data we collect here will be stored according to our privacy statement.';
$string['registerstep3fieldsoptional'] = '<h3>Choose an optional profile picture</h3><p>You have now successfully registered with %s. You may now choose an optional profile picture to be displayed as your avatar.</p>'; $string['registerstep3fieldsoptional'] = '<h3>Choose an optional profile picture</h3><p>You have now successfully registered with %s. You may now choose an optional profile picture to be displayed as your avatar.</p>';
$string['registerstep3fieldsmandatory'] = '<h3>Fill out mandatory profile fields</h3><p>The following fields are required. You must fill them out before your registration is complete.</p>'; $string['registerstep3fieldsmandatory'] = '<h3>Fill out mandatory profile fields</h3><p>The following fields are required. You must fill them out before your registration is complete.</p>';
$string['registeringdisallowed'] = 'Sorry, you cannot register for this system at this time.'; $string['registeringdisallowed'] = 'Sorry, you cannot register for this system at this time.';
......
...@@ -3235,18 +3235,26 @@ function get_site_admins() { ...@@ -3235,18 +3235,26 @@ function get_site_admins() {
function get_latest_privacy_versions($institutions = array(), $ignoreagreevalue = false) { function get_latest_privacy_versions($institutions = array(), $ignoreagreevalue = false) {
global $USER; global $USER;
$joinsql = $ignoreagreevalue ? 'LEFT JOIN' : 'JOIN'; $userdetails = '';
$useragreementsql = '';
$params = array();
if ($USER->is_logged_in()) {
$userdetails = ' u.agreed, u.ctime AS agreedtime,';
$joinsql = $ignoreagreevalue ? 'LEFT JOIN' : 'JOIN';
$useragreementsql = $joinsql . " {usr_agreement} u ON s2.current = u.sitecontentid AND u.usr = ? AND u.agreed = 1";
$params = array($USER->get('id'));
}
$latestversions = get_records_sql_assoc(" $latestversions = get_records_sql_array("
SELECT s.id, s.version, s.content, s.ctime, s.institution, u.agreed, u.ctime AS agreedtime, SELECT s.id, s.version, s.content, s.ctime, s.institution, " . $userdetails . "
CASE s.institution WHEN 'mahara' THEN 1 ELSE 2 END as type CASE s.institution WHEN 'mahara' THEN 1 ELSE 2 END as type
FROM {site_content_version} s FROM {site_content_version} s
INNER JOIN (SELECT MAX(id) as current, institution INNER JOIN (SELECT MAX(id) as current, institution
FROM {site_content_version} FROM {site_content_version}
GROUP BY institution) s2 ON s.institution = s2.institution AND s.id = s2.current GROUP BY institution) s2 ON s.institution = s2.institution AND s.id = s2.current
{$joinsql} {usr_agreement} u ON s2.current = u.sitecontentid AND u.usr = ? AND u.agreed = 1 " . $useragreementsql . "
WHERE s.institution IN (" . join(',',array_map('db_quote',$institutions)) . ") WHERE s.institution IN (" . join(',',array_map('db_quote', $institutions)) . ")
ORDER BY type", array($USER->get('id'))); ORDER BY type", $params);
return $latestversions; return $latestversions;
} }
......
...@@ -172,7 +172,12 @@ if (isset($key)) { ...@@ -172,7 +172,12 @@ if (isset($key)) {
set_field('usr_institution', 'staff', 1, 'usr', $user->id, 'institution', $registration->institution); set_field('usr_institution', 'staff', 1, 'usr', $user->id, 'institution', $registration->institution);
} }
} }
// Save in DB the privacy statement(s) the user has accepted while registering.
if (!empty($extrafields->privacy)) {
foreach ($extrafields->privacy as $privacyid) {
save_user_reply_to_agreement($user->id, $privacyid, 1);
}
}
if (!empty($registration->lang) && $registration->lang != 'default') { if (!empty($registration->lang) && $registration->lang != 'default') {
set_account_preference($user->id, 'lang', $registration->lang); set_account_preference($user->id, 'lang', $registration->lang);
...@@ -207,16 +212,9 @@ if (!$form) { ...@@ -207,16 +212,9 @@ if (!$form) {
list($formhtml, $js) = auth_generate_registration_form_js($form, $registerconfirm); list($formhtml, $js) = auth_generate_registration_form_js($form, $registerconfirm);
$registerdescription = get_string('registerwelcome'); $registerdescription = get_string('registerwelcome');
if ($registerterms = get_config('registerterms')) {
$registerdescription .= ' ' . get_string('registeragreeterms');
}
$registerdescription .= ' ' . get_string('registerprivacy');
$smarty = smarty(); $smarty = smarty();
$smarty->assign('register_form', $formhtml); $smarty->assign('register_form', $formhtml);
$smarty->assign('registerdescription', $registerdescription); $smarty->assign('registerdescription', $registerdescription);
if ($registerterms) {
$smarty->assign('termsandconditions', '<a name="user_acceptterms"></a>' . get_site_page_content('termsandconditions'));
}
$smarty->assign('INLINEJAVASCRIPT', $js); $smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->display('register.tpl'); $smarty->display('register.tpl');
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
{if $register_form} {if $register_form}
<p>{$registerdescription|clean_html|safe}</P> <p>{$registerdescription|clean_html|safe}</P>
{$register_form|safe} {$register_form|safe}
<div id="termscontainer">{if $termsandconditions}{$termsandconditions|clean_html|safe}{/if}</div>
{elseif $register_profile_form} {elseif $register_profile_form}
{$register_profile_form|safe} {$register_profile_form|safe}
{/if} {/if}
......
...@@ -4,18 +4,20 @@ In order to check that a person can register ...@@ -4,18 +4,20 @@ In order to check that a person can register
As an admin As an admin
So people can have access to their Mahara So people can have access to their Mahara
Scenario: Registering as a new student and checking switch can flick back and forth (Bug 1431569) Background:
Given I log in as "admin" with password "Kupuhipa1" Given the following "institutions" exist:
And the following "institutions" exist:
| name | displayname | registerallowed | registerconfirm | | name | displayname | registerallowed | registerconfirm |
| instone | Institution One | ON | ON | | instone | Institution One | ON | ON |
And I log out
Scenario: Registering as a new student and checking switch can flick back and forth (Bug 1431569)
Given I am on homepage
And I follow "Register" And I follow "Register"
And I fill in the following: And I fill in the following:
| First name | Lightening | | First name | Lightening |
| Last name | McQueen | | Last name | McQueen |
| Email address | fakeymcfakey@example.org | | Email address | fakeymcfakey@example.org |
| Registration reason | I will absolutely make this institution more amazing!! | | Registration reason | I will absolutely make this institution more amazing!! |
And I enable the switch "I consent to this privacy statement"
# we wait a human amount of time so the spam trap is avoided # we wait a human amount of time so the spam trap is avoided
And I wait "4" seconds And I wait "4" seconds
And I press "Register" And I press "Register"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment