Koha/opac/opac-patron-consent.pl
Katrin Fischer bd75309933
Bug 33197: Rename GDPR_Policy system preference
GDPR is a European Union (and, at time of writing, UK) law.
The GDPR_Policy system preference is about a patron
giving consent to their personal data being processed in
line with the library's privacy policy.

The name of the preference is vague: there could be
many policies implemented by libraries to comply with
GDPR. It also makes the preference look irrelevant for
libraries outside the areas where GDPR applies, while
it may be useful for libraries anywhere.

This renames GDPR_Policy to PrivacyPolicyConsent and
adjusts the system preference descriptions.

To test:
* Apply the patch
* Run database update
* Search for GDPR_Policy in the system preference
  - you should not find anything.
* Search for DataPrivacyConsent in the system preferences
  - you should find it and be able to activate it
* Verify the feature works as expected
  - If the preference is set to "enforced", you will be
    asked to give consent to the data privacy agreement
    in the OPAC when you log in
* Verify the page is now phrased neutrally using 'privacy policy'

Bonus: Consent date is now formatted according to DateFormat
       system preference.
Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-05 10:18:54 -03:00

81 lines
2.6 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2018 Rijksmuseum
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw/-utf8/;
use C4::Auth qw( get_template_and_user );
use C4::Output qw( output_html_with_http_headers );
use Koha::DateUtils qw( dt_from_string );
use Koha::Patron::Consents;
use Koha::Patrons;
use constant GDPR_PROCESSING => 'GDPR_PROCESSING';
my $query = CGI->new;
my $op = $query->param('op') // q{};
my $gdpr_check = $query->param('gdpr_processing') // q{};
my ( $template, $borrowernumber, $cookie ) = get_template_and_user({
template_name => "opac-patron-consent.tt",
query => $query,
type => "opac",
});
my $patron = Koha::Patrons->find($borrowernumber);
my $gdpr_proc_consent;
if( C4::Context->preference('PrivacyPolicyConsent') ) {
$gdpr_proc_consent = Koha::Patron::Consents->search({
borrowernumber => $borrowernumber,
type => GDPR_PROCESSING,
})->next;
$gdpr_proc_consent //= Koha::Patron::Consent->new({
borrowernumber => $borrowernumber,
type => GDPR_PROCESSING,
});
}
# Handle saves here
if( $op eq 'gdpr_proc_save' && $gdpr_proc_consent ) {
if( $gdpr_check eq 'agreed' ) {
$gdpr_proc_consent->given_on( dt_from_string() );
$gdpr_proc_consent->refused_on( undef );
} elsif( $gdpr_check eq 'disagreed' ) {
$gdpr_proc_consent->given_on( undef );
$gdpr_proc_consent->refused_on( dt_from_string() );
}
$gdpr_proc_consent->store;
}
# If user refused GDPR consent and we enforce GDPR, logout (when saving)
if( $op =~ /save/ && C4::Context->preference('PrivacyPolicyConsent') eq 'Enforced' && $gdpr_proc_consent->refused_on )
{
print $query->redirect('/cgi-bin/koha/opac-main.pl?logout.x=1');
exit;
}
$template->param( patron => $patron );
if( $gdpr_proc_consent ) {
$template->param(
gdpr_proc_consent => $gdpr_proc_consent->given_on // q{},
gdpr_proc_refusal => $gdpr_proc_consent->refused_on // q{},
);
}
output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };