Require consent to privacy policy and TOS.

Review Request #9960 — Created May 17, 2018 and submitted — Latest diff uploaded

Information

Review Board
release-3.0.x
6aad39a...

Reviewers

If an administrator has specified URLs to their privacy policy and/or
terms of service, and marked that they want users to consent to the use
of their data, they ought to get the user's acceptance of these
policies.

This involves several small, related parts:

  • Added a way for admins to link to their terms of service (which is
    almost always separate from the privacy policy).
  • Added the consent requirement for the policies. This is only added to
    the registry in the case where one or both of the privacy policy and
    terms of service URLs are set.
  • Added some logic to repopulate the registry of consent requirements
    when siteconfig changes.
  • Modified the valid_prefs_required decorator to not only ensure that
    users have made a choice about the policies, but that said choice is to
    accept them.
  • Tested the various visual states of the requirement in the privacy
    choices UI (privacy policy only, terms of service only, both), and in
    all states (no choice, accepted, rejected).
  • Tried to load my dashboard with no choice selected; was redirected to
    the settings.
  • Tried to load my dashboard with the policies rejected; was redirected
    to the settings.
  • Accepted the policies and was able to load the dashboard.
  • Ran unit tests.