Marcel de Rooy
dac230963d
This patch adds a consents tab to the OPAC user account menu. We now
add a GDPR section here, but it is open for future extensions. Think of
a newsletter checkbox for instance.
Script opac-patron-consent handles the tab. And now only includes some
GDPR code but is also written for more general use too.
Test plan:
[1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual.
[2] Set pref to Permissive. Try to save a consent or a refusal. Note that
you are not logged out when saving a refusal.
[3] Set pref to Enforced. Save a refusal. You should be logged out.
Log in again and verify that the consents tab shows a No.
Note: a follow-up patch will add further enforcements.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
82 lines
2.7 KiB
Perl
Executable file
82 lines
2.7 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# Copyright 2018 Rijksmuseum
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU General Public License as published by the Free Software
|
|
# Foundation; either version 3 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with Koha; if not, write to the Free Software Foundation, Inc.,
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
use Modern::Perl;
|
|
use CGI qw/-utf8/;
|
|
|
|
use C4::Auth qw/get_template_and_user/;
|
|
use C4::Output qw/output_html_with_http_headers/;
|
|
use Koha::DateUtils qw/dt_from_string/;
|
|
use Koha::Patron::Consents;
|
|
use Koha::Patrons;
|
|
|
|
use constant GDPR_PROCESSING => 'GDPR_PROCESSING';
|
|
|
|
my $query = new CGI;
|
|
my $op = $query->param('op') // q{};
|
|
my $gdpr_check = $query->param('gdpr_processing') // q{};
|
|
|
|
my ( $template, $borrowernumber, $cookie ) = get_template_and_user({
|
|
template_name => "opac-patron-consent.tt",
|
|
query => $query,
|
|
type => "opac",
|
|
authnotrequired => 0,
|
|
});
|
|
|
|
my $patron = Koha::Patrons->find($borrowernumber);
|
|
my $gdpr_proc_consent;
|
|
if( C4::Context->preference('GDPR_Policy') ) {
|
|
$gdpr_proc_consent = Koha::Patron::Consents->search({
|
|
borrowernumber => $borrowernumber,
|
|
type => GDPR_PROCESSING,
|
|
})->next;
|
|
$gdpr_proc_consent //= Koha::Patron::Consent->new({
|
|
borrowernumber => $borrowernumber,
|
|
type => GDPR_PROCESSING,
|
|
});
|
|
}
|
|
|
|
# Handle saves here
|
|
if( $op eq 'gdpr_proc_save' && $gdpr_proc_consent ) {
|
|
if( $gdpr_check eq 'agreed' ) {
|
|
$gdpr_proc_consent->given_on( dt_from_string() );
|
|
$gdpr_proc_consent->refused_on( undef );
|
|
} elsif( $gdpr_check eq 'disagreed' ) {
|
|
$gdpr_proc_consent->given_on( undef );
|
|
$gdpr_proc_consent->refused_on( dt_from_string() );
|
|
}
|
|
$gdpr_proc_consent->store;
|
|
}
|
|
|
|
# If user refused GDPR consent and we enforce GDPR, logout (when saving)
|
|
if( $op =~ /save/ && C4::Context->preference('GDPR_Policy') eq 'Enforced' && $gdpr_proc_consent->refused_on )
|
|
{
|
|
print $query->redirect('/cgi-bin/koha/opac-main.pl?logout.x=1');
|
|
exit;
|
|
}
|
|
|
|
$template->param( patron => $patron );
|
|
if( $gdpr_proc_consent ) {
|
|
$template->param(
|
|
gdpr_proc_consent => $gdpr_proc_consent->given_on // q{},
|
|
gdpr_proc_refusal => $gdpr_proc_consent->refused_on // q{},
|
|
);
|
|
}
|
|
|
|
output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };
|