Added user consent pages (#6430)

- "Your Rights & Consent" user settings page

public/language/en-GB/register.json

@@ -21,11 +21,6 @@
 	"interstitial.intro": "We require some additional information before we can create your account.",
 	"interstitial.errors-found": "We could not complete your registration:",
 
-	"gdpr_lead": "This community forum collects and processes your personal information.",
-	"gdpr_intro": "We use this information strictly to personalise your experience in this community, as well as to associate the posts you make to your user account. During the registration step you were asked to provide a username and email address, you can also optionally provide additional information to complete your user profile on this website.<br /><br />We retain this information for the life of your user account, and you are able to withdraw consent at any time by deleting your account. At any time you may request a copy of your contribution to this website, via your user settings page.<br /><br />If you have any questions or concerns, we encourage you to reach out to this forum's administrative team.",
-	"gdpr_email_intro": "Occasionally, we may send emails to your registered email address in order to provide updates and/or to notify you of new activity that is pertinent to you. You can customise the frequency of the community digest (including disabling it outright), as well as select which types of notifications to receive via email.",
-	"gdpr_digest_frequency": "By default, this community delivers email digests every %1.",
-	"gdpr_digest_off": "Currently, this community does not send out email digests",
 	"gdpr_agree_data": "I consent to the collection and processing of my personal information on this website.",
 	"gdpr_agree_email": "I consent to receive digest and notification emails from this website.",
 	"gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails."

public/language/en-GB/user.json

@@ -160,5 +160,24 @@
 	"info.email-history": "Email History",
 	"info.moderation-note": "Moderation Note",
 	"info.moderation-note.success": "Moderation note saved",
-	"info.moderation-note.add": "Add note"
+	"info.moderation-note.add": "Add note",
+
+	"consent.title": "Your Rights & Consent",
+	"consent.lead": "This community forum collects and processes your personal information.",
+	"consent.intro": "We use this information strictly to personalise your experience in this community, as well as to associate the posts you make to your user account. During the registration step you were asked to provide a username and email address, you can also optionally provide additional information to complete your user profile on this website.<br /><br />We retain this information for the life of your user account, and you are able to withdraw consent at any time by deleting your account. At any time you may request a copy of your contribution to this website, via your Rights &amp; Consent page.<br /><br />If you have any questions or concerns, we encourage you to reach out to this forum's administrative team.",
+	"consent.email_intro": "Occasionally, we may send emails to your registered email address in order to provide updates and/or to notify you of new activity that is pertinent to you. You can customise the frequency of the community digest (including disabling it outright), as well as select which types of notifications to receive via email, via your user settings page.",
+	"consent.digest_frequency": "By default, this community delivers email digests every %1.",
+	"consent.digest_off": "Currently, this community does not send out email digests",
+	"consent.received": "You have provided consent for this website to collect and process your information. No additional action is required.",
+	"consent.not_received": "You have not provided consent for data collection and processing. At any time this website&apos;s administration may elect to delete your account in order to become compliant with the General Data Protection Regulation.",
+	"consent.give": "Give consent",
+
+	"consent.right_of_access": "You have the Right of Access",
+	"consent.right_of_access_description": "You have the right to access any data collected by this website upon request. You can retrieve a copy of this data by clicking the appropriate button below.",
+	"consent.right_to_rectification": "You have the Right to Rectification",
+	"consent.right_to_rectification_description": "You have the right to change or update any inaccurate data provided to us. Your profile can be updated by editing your profile, and post content can always be edited. If this is not the case, please contact this site&apos;s administrative team.",
+	"consent.right_to_erasure": "You have the Right to Erasure",
+	"consent.right_to_erasure_description": "At any time, you are able to revoke your consent to data collection and/or processing by deleting your account.",
+	"consent.right_to_data_portability": "You have the Right to Data Portability",
+	"consent.right_to_data_portability_description": "You may request from us a machine-readable export of any collected data about you and your account. You can do so by clicking the appropriate button below."
 }

public/src/client/account/consent.js

@@ -0,0 +1,22 @@
+'use strict';
+
+
+define('forum/account/consent', ['forum/account/header'], function (header) {
+	var Consent = {};
+
+	Consent.init = function () {
+		header.init();
+
+		$('[data-action="consent"]').on('click', function () {
+			socket.emit('user.gdpr.consent', {}, function (err) {
+				if (err) {
+					return app.alertError(err.message);
+				}
+
+				ajaxify.refresh();
+			});
+		});
+	};
+
+	return Consent;
+});

src/controllers/accounts.js

@@ -12,6 +12,7 @@ var accountsController = {
 	chats: require('./accounts/chats'),
 	session: require('./accounts/session'),
 	uploads: require('./accounts/uploads'),
+	consent: require('./accounts/consent'),
 };
 
 module.exports = accountsController;

src/controllers/accounts/consent.js

@@ -0,0 +1,53 @@
+'use strict';
+
+var async = require('async');
+
+var db = require('../../database');
+var meta = require('../../meta');
+var helpers = require('../helpers');
+var accountHelpers = require('./helpers');
+
+var consentController = {};
+
+consentController.get = function (req, res, next) {
+	var userData;
+
+	async.waterfall([
+		function (next) {
+			accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, next);
+		},
+		function (_userData, next) {
+			userData = _userData;
+			if (!userData) {
+				return next();
+			}
+
+			// Direct database call is used here because `gdpr_consent` is a protected user field and is automatically scrubbed from standard user data retrieval calls
+			db.getObjectField('user:' + userData.uid, 'gdpr_consent', function (err, consented) {
+				if (err) {
+					return next(err);
+				}
+
+				userData.gdpr_consent = !!parseInt(consented, 10);
+
+				next(null, userData);
+			});
+		},
+	], function (err, userData) {
+		if (err) {
+			return next(err);
+		}
+
+		userData.digest = {
+			frequency: meta.config.dailyDigestFreq,
+			enabled: meta.config.dailyDigestFreq !== 'off',
+		};
+
+		userData.title = '[[user:consent.title]]';
+		userData.breadcrumbs = helpers.buildBreadcrumbs([{ text: userData.username, url: '/user/' + userData.userslug }, { text: '[[user:consent.title]]' }]);
+
+		res.render('account/consent', userData);
+	});
+};
+
+module.exports = consentController;

src/controllers/accounts/helpers.js

@@ -68,6 +68,17 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) {
 								globalMod: true,
 								admin: true,
 							},
+						}, {
+							id: 'consent',
+							route: 'consent',
+							name: '[[user:consent.title]]',
+							visibility: {
+								self: true,
+								other: false,
+								moderator: false,
+								globalMod: false,
+								admin: false,
+							},
 						}],
 					}, next);
 				},

src/routes/accounts.js

@@ -30,6 +30,7 @@ module.exports = function (app, middleware, controllers) {
 	setupPageRoute(app, '/user/:userslug/info', middleware, accountMiddlewares, controllers.accounts.info.get);
 	setupPageRoute(app, '/user/:userslug/settings', middleware, accountMiddlewares, controllers.accounts.settings.get);
 	setupPageRoute(app, '/user/:userslug/uploads', middleware, accountMiddlewares, controllers.accounts.uploads.get);
+	setupPageRoute(app, '/user/:userslug/consent', middleware, accountMiddlewares, controllers.accounts.consent.get);
 
 	app.delete('/api/user/:userslug/session/:uuid', [middleware.exposeUid, middleware.ensureSelfOrGlobalPrivilege], controllers.accounts.session.revoke);
 

src/socket.io/user.js

@@ -340,3 +340,9 @@ SocketUser.setModerationNote = function (socket, data, callback) {
 		},
 	], callback);
 };
+
+SocketUser.gdpr = {};
+
+SocketUser.gdpr.consent = function (socket, data, callback) {
+	user.setUserField(socket.uid, 'gdpr_consent', 1, callback);
+};

src/user/data.js

@@ -80,7 +80,7 @@ module.exports = function (User) {
 					fields = fields.filter(function (field) {
 						var isFieldWhitelisted = field && results.whitelist.includes(field);
 						if (!isFieldWhitelisted) {
-							winston.verbose('[user/getUsersFields] ' + field + ' removed because it is not whitelisted, see `filter:user.whietlistFields`');
+							winston.verbose('[user/getUsersFields] ' + field + ' removed because it is not whitelisted, see `filter:user.whitelistFields`');
 						}
 						return isFieldWhitelisted;
 					});

src/views/partials/gdpr_consent.tpl

@@ -1,17 +1,17 @@
 <div class="form-group">
-	<p class="lead">[[register:gdpr_lead]]</p>
-	<p>[[register:gdpr_intro]]</p>
+	<p class="lead">[[user:consent.lead]]</p>
+	<p>[[user:consent.intro]]</p>
 	<div class="checkbox">
 		<label>
 			<input type="checkbox" name="gdpr_agree_data" id="gdpr_agree_data"> <strong>[[register:gdpr_agree_data]]</strong>
 		</label>
 	</div>
 	<p>
-		[[register:gdpr_email_intro]]
+		[[user:consent.email_intro]]
 		<!-- IF digestEnabled -->
-		[[register:gdpr_digest_frequency, {digestFrequency}]]
+		[[user:consent.digest_frequency, {digestFrequency}]]
 		<!-- ELSE -->
-		[[register:gdpr_digest_off]]
+		[[user:consent.digest_off]]
 		<!-- END -->
 	</p>