Add consent tracking support for avatars.
Review Request #9946 — Created May 15, 2018 and submitted
Avatar backends may need to send identifying information, such as an
e-mail address or a hash of an e-mail address, to another service. For
applications complying with the GDPR, this may require gathering consent
from users.This change introduces a new attribute on the backend,
consent_requirement_id
, which specifies the ID of a consent
requirement that must be granted before the backend can be used to
render an avatar. This is only enforced if the new
AvatarServiceRegistry.ENABLE_CONSENT_CHECKS
is set in siteconfig. Any
backends requiring consent that haven't been granted consent will be
skipped when rendering avatars.The Gravatar backend has been updated accordingly to enable consent
checks.
Unit tests passed.
Tested using the Gravatar backend (set as default on the server and on my
user), with consent not set, denied, and granted. In all but the granted
state, avatars did not appear for my user anywhere. In the granted state,
they did. I was able to toggle this and change it at any time.
- Change Summary:
-
Fixed some Review Bot complaints.
- Commit:
-
4792d969f5bbeb38c6276a5c3d9058a3ad26aee08bcf64a2ec87ffe69e96f6408d8f8c1be7c056b4