From 6f2a0acc2d614e630deabba872a136de6e6aa349 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Mon, 28 May 2018 14:59:31 +0200 Subject: [PATCH] Bug 20819: Add check in get_template_and_user to enforce GDPR MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If you choose to enforce GDPR policy, a user needs to give consent for data processing before he does something else in the OPAC while being logged in. Test plan: [1] Set GDPR_Policy to Disabled or Permissive. Usual behavior. [2] Set to Enforced. Save a refusal on your consents. Notice that you are logged out when saving. When you login again, all OPAC requests are redirected to your consents tab. Signed-off-by: Marcel de Rooy Signed-off-by: Séverine QUEUNE Signed-off-by: Josef Moravec Signed-off-by: Nick Clemens --- C4/Auth.pm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 4854477807..64f8823c85 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -37,6 +37,7 @@ use Koha::DateUtils qw(dt_from_string); use Koha::Library::Groups; use Koha::Libraries; use Koha::Patrons; +use Koha::Patron::Consents; use POSIX qw/strftime/; use List::MoreUtils qw/ any /; use Encode qw( encode is_utf8); @@ -180,6 +181,22 @@ sub get_template_and_user { ); } + # If we enforce GDPR and the user did not consent, redirect + if( $in->{type} eq 'opac' && $user && + $in->{'template_name'} !~ /opac-patron-consent/ && + C4::Context->preference('GDPR_Policy') eq 'Enforced' ) + { + my $consent = Koha::Patron::Consents->search({ + borrowernumber => getborrowernumber($user), + type => 'GDPR_PROCESSING', + given_on => { '!=', undef }, + })->next; + if( !$consent ) { + print $in->{query}->redirect(-uri => '/cgi-bin/koha/opac-patron-consent.pl', -cookie => $cookie); + safe_exit; + } + } + if ( $in->{type} eq 'opac' && $user ) { my $kick_out; -- 2.39.5