Add consent tracking support for avatars.

Review Request #9946 — Created May 15, 2018 and submitted

chipx86
Djblets
release-1.0.x
e3e5297...
djblets

Avatar backends may need to send identifying information, such as an
e-mail address or a hash of an e-mail address, to another service. For
applications complying with the GDPR, this may require gathering consent
from users.

This change introduces a new attribute on the backend,
consent_requirement_id, which specifies the ID of a consent
requirement that must be granted before the backend can be used to
render an avatar. This is only enforced if the new
AvatarServiceRegistry.ENABLE_CONSENT_CHECKS is set in siteconfig. Any
backends requiring consent that haven't been granted consent will be
skipped when rendering avatars.

The Gravatar backend has been updated accordingly to enable consent
checks.

Unit tests passed.

Tested using the Gravatar backend (set as default on the server and on my
user), with consent not set, denied, and granted. In all but the granted
state, avatars did not appear for my user anywhere. In the granted state,
they did. I was able to toggle this and change it at any time.

  • 0
  • 0
  • 3
  • 0
  • 3
Description From Last Updated
Checks run (1 failed, 1 succeeded)
flake8 failed.
JSHint passed.

flake8

chipx86
david
  1. 
      
  2. callers adhering? What does that even mean?

    1. I think I deleted some words. Should have been "Callers adhering to the GDPR."

  3. 
      
chipx86
david
  1. Ship It!
  2. 
      
chipx86
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-1.0.x (1cce965)
Loading...