Require consent to privacy policy and TOS.

Review Request #9960 — Created May 17, 2018 and submitted

Information

Review Board
release-3.0.x
6aad39a...

Reviewers

If an administrator has specified URLs to their privacy policy and/or
terms of service, and marked that they want users to consent to the use
of their data, they ought to get the user's acceptance of these
policies.

This involves several small, related parts:

  • Added a way for admins to link to their terms of service (which is
    almost always separate from the privacy policy).
  • Added the consent requirement for the policies. This is only added to
    the registry in the case where one or both of the privacy policy and
    terms of service URLs are set.
  • Added some logic to repopulate the registry of consent requirements
    when siteconfig changes.
  • Modified the valid_prefs_required decorator to not only ensure that
    users have made a choice about the policies, but that said choice is to
    accept them.
  • Tested the various visual states of the requirement in the privacy
    choices UI (privacy policy only, terms of service only, both), and in
    all states (no choice, accepted, rejected).
  • Tried to load my dashboard with no choice selected; was redirected to
    the settings.
  • Tried to load my dashboard with the policies rejected; was redirected
    to the settings.
  • Accepted the policies and was able to load the dashboard.
  • Ran unit tests.
Description From Last Updated

E127 continuation line over-indented for visual indent

reviewbotreviewbot

Can we reference the consent ID in question here from the class, instead of hard-coding?

chipx86chipx86

This can be one line.

chipx86chipx86

The reset is going to break extensions. We need to specifically unregister the ones we manage here.

chipx86chipx86

E501 line too long (82 > 79 characters)

reviewbotreviewbot

E501 line too long (80 > 79 characters)

reviewbotreviewbot

Swap these.

chipx86chipx86

This can be simplified as: for requirement in (GravatarConsentRequirement, PolicyConsentRequirement): try: registry.unregister_by_attr(...) except ItemLookupError: pass That'll help a lot for …

chipx86chipx86
Checks run (1 failed, 1 succeeded)
flake8 failed.
JSHint passed.

flake8

david
chipx86
  1. 
      
  2. reviewboard/accounts/decorators.py (Diff revision 2)
     
     
    Show all issues

    Can we reference the consent ID in question here from the class, instead of hard-coding?

  3. reviewboard/accounts/decorators.py (Diff revision 2)
     
     
     
     
    Show all issues

    This can be one line.

  4. reviewboard/accounts/privacy.py (Diff revision 2)
     
     
     
     
    Show all issues

    The reset is going to break extensions. We need to specifically unregister the ones we manage here.

  5. 
      
david
Review request changed
Commit:
c424de4eff7a55301edcc669da39d4226e8997d8
80fdb20a2f688e2dca2090ac103bd1af8fec2401

Checks run (1 failed, 1 succeeded)

flake8 failed.
JSHint passed.

flake8

david
chipx86
  1. 
      
  2. reviewboard/accounts/decorators.py (Diff revision 4)
     
     
     
    Show all issues

    Swap these.

  3. reviewboard/accounts/privacy.py (Diff revision 4)
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    Show all issues

    This can be simplified as:

    for requirement in (GravatarConsentRequirement, PolicyConsentRequirement):
        try:
            registry.unregister_by_attr(...)
        except ItemLookupError:
            pass
    

    That'll help a lot for future expansion too.

  4. 
      
david
chipx86
  1. Ship It!
  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-3.0.x (6aad39a)