From dac230963dd69fe7a07b13ab69512728fce9f9fd Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Mon, 28 May 2018 09:28:50 +0200 Subject: [PATCH] Bug 20819: Add your consents tab to opac-user MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This patch adds a consents tab to the OPAC user account menu. We now add a GDPR section here, but it is open for future extensions. Think of a newsletter checkbox for instance. Script opac-patron-consent handles the tab. And now only includes some GDPR code but is also written for more general use too. Test plan: [1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual. [2] Set pref to Permissive. Try to save a consent or a refusal. Note that you are not logged out when saving a refusal. [3] Set pref to Enforced. Save a refusal. You should be logged out. Log in again and verify that the consents tab shows a No. Note: a follow-up patch will add further enforcements. Signed-off-by: Marcel de Rooy Signed-off-by: Séverine QUEUNE Signed-off-by: Josef Moravec Signed-off-by: Nick Clemens --- .../bootstrap/en/includes/usermenu.inc | 7 ++ .../en/modules/opac-patron-consent.tt | 89 +++++++++++++++++++ opac/opac-patron-consent.pl | 82 +++++++++++++++++ 3 files changed, 178 insertions(+) create mode 100644 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-patron-consent.tt create mode 100755 opac/opac-patron-consent.pl diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc index da5e1ec8a8..42f073b9fe 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc +++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc @@ -24,6 +24,13 @@
  • [% END %] your personal details
  • + + [% IF Koha.Preference('GDPR_Policy') # remove when extending %] + [% IF consentview %]
  • [% ELSE %]
  • [% END %] + your consents +
  • + [% END %] + [% IF Koha.Preference( 'TagsEnabled' ) == 1 %] [% IF ( tagsview ) %]
  • diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-patron-consent.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-patron-consent.tt new file mode 100644 index 0000000000..50b09e62a6 --- /dev/null +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-patron-consent.tt @@ -0,0 +1,89 @@ +[% USE Koha %] +[% SET consentview = 1 %] +[% INCLUDE 'doc-head-open.inc' %] +[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog › Your consents +[% INCLUDE 'doc-head-close.inc' %] +[% BLOCK cssinclude %][% END %] + +[% INCLUDE 'bodytag.inc' bodyid='opac-patron-consent' %] +[% INCLUDE 'masthead.inc' %] + +
    + + +
    +
    +
    + +
    +
    +
    + + [% IF Koha.Preference('GDPR_Policy') %] +
    +

    In order to keep you logged in, we need your consent to process personal data as specified in the EU General Data Protection Regulation of May 25, 2018.

    +

    Please save your consent below or log out. Thank you!

    +
    + [% END %] + +

    Your consents

    + +
    + [% IF Koha.Preference('GDPR_Policy') %] +
    GDPR consents
    + + +
    +
    • +

      I have read the privacy policy and agree with your processing of my personal data as outlined therein.

      +

      Yes, I agree.
      + No, I do not agree. Please remove my account within a reasonable time.

      + [% IF gdpr_proc_consent %] +

      Your consent was registered on [% gdpr_proc_consent %].

      + [% END %] +
    +
    +
    + [% END %] + +
    + +
    +
    +
    +
    +
    + +[% INCLUDE 'opac-bottom.inc' %] +[% BLOCK jsinclude %] + +[% END %] diff --git a/opac/opac-patron-consent.pl b/opac/opac-patron-consent.pl new file mode 100755 index 0000000000..8f7fb25c0a --- /dev/null +++ b/opac/opac-patron-consent.pl @@ -0,0 +1,82 @@ +#!/usr/bin/perl + +# Copyright 2018 Rijksmuseum +# +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +use Modern::Perl; +use CGI qw/-utf8/; + +use C4::Auth qw/get_template_and_user/; +use C4::Output qw/output_html_with_http_headers/; +use Koha::DateUtils qw/dt_from_string/; +use Koha::Patron::Consents; +use Koha::Patrons; + +use constant GDPR_PROCESSING => 'GDPR_PROCESSING'; + +my $query = new CGI; +my $op = $query->param('op') // q{}; +my $gdpr_check = $query->param('gdpr_processing') // q{}; + +my ( $template, $borrowernumber, $cookie ) = get_template_and_user({ + template_name => "opac-patron-consent.tt", + query => $query, + type => "opac", + authnotrequired => 0, +}); + +my $patron = Koha::Patrons->find($borrowernumber); +my $gdpr_proc_consent; +if( C4::Context->preference('GDPR_Policy') ) { + $gdpr_proc_consent = Koha::Patron::Consents->search({ + borrowernumber => $borrowernumber, + type => GDPR_PROCESSING, + })->next; + $gdpr_proc_consent //= Koha::Patron::Consent->new({ + borrowernumber => $borrowernumber, + type => GDPR_PROCESSING, + }); +} + +# Handle saves here +if( $op eq 'gdpr_proc_save' && $gdpr_proc_consent ) { + if( $gdpr_check eq 'agreed' ) { + $gdpr_proc_consent->given_on( dt_from_string() ); + $gdpr_proc_consent->refused_on( undef ); + } elsif( $gdpr_check eq 'disagreed' ) { + $gdpr_proc_consent->given_on( undef ); + $gdpr_proc_consent->refused_on( dt_from_string() ); + } + $gdpr_proc_consent->store; +} + +# If user refused GDPR consent and we enforce GDPR, logout (when saving) +if( $op =~ /save/ && C4::Context->preference('GDPR_Policy') eq 'Enforced' && $gdpr_proc_consent->refused_on ) +{ + print $query->redirect('/cgi-bin/koha/opac-main.pl?logout.x=1'); + exit; +} + +$template->param( patron => $patron ); +if( $gdpr_proc_consent ) { + $template->param( + gdpr_proc_consent => $gdpr_proc_consent->given_on // q{}, + gdpr_proc_refusal => $gdpr_proc_consent->refused_on // q{}, + ); +} + +output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 }; -- 2.39.5