Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Privacy System to smf #4892

Open
wants to merge 34 commits into
base: release-2.1
from
Open
Changes from 25 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
5889093
Added UI for Privacy Settings
albertlast Aug 4, 2018
4ebc4dd
Added download and some prep for gui
albertlast Aug 5, 2018
ce5e3b1
formating
albertlast Aug 5, 2018
f0f429e
fix personal message download
albertlast Aug 5, 2018
bb20a4e
frontend of download user data
albertlast Aug 6, 2018
fd5cc1e
wrong text name
albertlast Aug 6, 2018
a9297da
Enable to disable privacy function some prep for policy
albertlast Aug 6, 2018
36cc3f4
policy gui
albertlast Aug 6, 2018
e20db6a
Update and Create for policy
albertlast Aug 6, 2018
7090e38
Better error handling when no data was found
albertlast Aug 6, 2018
ac8bd19
Display policy
albertlast Aug 7, 2018
e3a652e
evaluate the policy state
albertlast Aug 7, 2018
5e26187
Enforce new policy
albertlast Aug 7, 2018
85c5b86
remove old policy
albertlast Aug 7, 2018
b039640
registration integration
albertlast Aug 7, 2018
79372a7
mysql don't like sql
albertlast Aug 8, 2018
bf0235c
mysql keep not liking sql
albertlast Aug 8, 2018
f1a912c
mysql
albertlast Aug 8, 2018
d92ca15
mysql
albertlast Aug 8, 2018
e94880a
Added current txt language reordner mysql and pg query
albertlast Aug 9, 2018
7e3759b
forgot to delete the c
albertlast Aug 9, 2018
f3b103e
fix user redirect, fix maintaince mode
albertlast Aug 9, 2018
11e3a34
Align permission name, added language to reports
albertlast Aug 9, 2018
7e2dbae
fix different implementation of fetch_all
albertlast Aug 9, 2018
a9c416d
Allow the save button to save
albertlast Aug 14, 2018
3d7de77
db_prefix and novalid -> invalid
albertlast Oct 28, 2018
0e06689
do mysql ip convert
albertlast Oct 28, 2018
66f502c
don't ask the admin to validate his policy
albertlast Oct 28, 2018
fb3edfa
invalid
albertlast Oct 28, 2018
0444aae
Never trust sesqui
albertlast Oct 28, 2018
d0265a5
Fixed some scrutinizer issues
albertlast Oct 30, 2018
bcaaf9c
fix mysql broken behavior
albertlast Oct 31, 2018
4061335
fix all other mysql
albertlast Oct 31, 2018
2b7232e
fixed syntax
albertlast Oct 31, 2018
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.
+860 −4
Diff settings

Always

Just for now

Copy path View file
@@ -114,6 +114,8 @@ function AdminMain()
'likes' => array($txt['likes']),
'mentions' => array($txt['mentions']),
'alerts' => array($txt['notifications']),
'privacy' => array($txt['privacy']),
'policy' => array($txt['policy']),
),
),
'antispam' => array(
Copy path View file
@@ -65,6 +65,8 @@ function ModifyFeatureSettings()
'likes' => 'ModifyLikesSettings',
'mentions' => 'ModifyMentionsSettings',
'alerts' => 'ModifyAlertsSettings',
'privacy' => 'ModifyPrivacySettings',
'policy' => 'ModifyPolicySettings',
);
loadGeneralSettingParameters($subActions, 'basic');
@@ -95,6 +97,10 @@ function ModifyFeatureSettings()
'alerts' => array(
'description' => $txt['notifications_desc'],
),
'privacy' => array(
),
'policy' => array(
),
),
);
@@ -2275,4 +2281,293 @@ function ModifyAlertsSettings()
$context['sub_template'] = 'alert_configuration';
}
/**
* Config array for changing privacy settings
* Accessed from ?action=admin;area=featuresettings;sa=privacy;
*
* @param bool $return_config Whether or not to return the config_vars array
* @return void|array Returns nothing or returns the $config_vars array if $return_config is true
*/
function ModifyPrivacySettings($return_config = false)
{
global $txt, $scripturl, $context;
$config_vars = array(
array('check', 'enable_privacy_userexport'),
array('permissions', 'privacy_userexport_own'),
array('permissions', 'privacy_userexport_any'),
);
call_integration_hook('integrate_privacy_settings', array(&$config_vars));
if ($return_config)
return $config_vars;
// Saving?
if (isset($_GET['save']))
{
checkSession();
call_integration_hook('integrate_save_privacy_settings');
saveDBSettings($config_vars);
$_SESSION['adm-save'] = true;
redirectexit('action=admin;area=featuresettings;sa=privacy');
}
$context['post_url'] = $scripturl . '?action=admin;area=featuresettings;save;sa=privacy';
$context['settings_title'] = $txt['privacy'];
prepareDBSettingContext($config_vars);
}
/**
* Config array for changing policy settings
* Accessed from ?action=admin;area=featuresettings;sa=policy;
*
* @param bool $return_config Whether or not to return the config_vars array
* @return void|array Returns nothing or returns the $config_vars array if $return_config is true
*/
function ModifyPolicySettings($return_config = false)

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Oct 23, 2018

Member

This function needs some logic to ensure that enable_policy_function cannot be set to true unless policy_version and any other necessary values are defined.

Right now, if the admin makes the mistake of enabling the policy function without setting up everything else first, the admin will be redirected on every page load to the page where he is prompted to accept the policy. But the admin will be unable to do so because there is no policy to accept, and so he will be stuck in an endless loop and will be unable to fix his forum except by editing his database directly.

This comment has been minimized.

Copy link
@albertlast

albertlast Oct 28, 2018

Author Collaborator

Since i check everywhere if enabled_policy_function is true:

if (!empty($modSettings['enable_policy_function']) && !$user_info['is_guest'] && !$user_info['is_admin'])

I see no need here todo any checks in the settings.

{
global $txt, $scripturl, $context, $sourcedir, $modSettings, $smcFunc;
// Needed for the WYSIWYG editor.
require_once($sourcedir . '/Subs-Editor.php');
$context['sub_template'] = 'edit_policy';
$context['page_title'] = $txt['policy_management'];
$config_vars = array(
array('check', 'enable_policy_function'),
array('text', 'policy_text'),
);
$currentVersion = !empty($modSettings['policy_version']) ? substr($modSettings['policy_version'], 11) : 0;
// Now create the editor.
$editorOptions = array(
'id' => 'policy_text',
'value' => !empty($modSettings['policy_text' . $currentVersion]) ? $modSettings['policy_text' . $currentVersion] : '',
'height' => '250px',
'width' => '100%',
'labels' => array(
'post_button' => $txt['policy_save'],
),
'preview_type' => 2,
'required' => true,
);
create_control_richedit($editorOptions);
// Store the ID for old compatibility.
$context['post_box_name'] = $editorOptions['id'];
call_integration_hook('integrate_policy_settings', array(&$config_vars));
$request = $smcFunc['db_query']('', '
SELECT count( case when th.value is null then 1 end) novalid,
count( case when th.value is not null and th.value != {string:policy_version} then 1 end) outdated,
count( case when th.value = {string:policy_version} then 1 end) fresh
FROM smf_members mem
This conversation was marked as resolved by albertlast

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Oct 23, 2018

Member

smf_{db_prefix}

LEFT JOIN smf_themes th ON (mem.id_member = th.id_member AND th.id_theme = 1 AND th.variable = {string:policy_approved})',
This conversation was marked as resolved by albertlast

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Oct 23, 2018

Member

smf_{db_prefix}

array(
'policy_version' => 'policy_text' . $currentVersion,
'policy_approved' => 'policy_approved',
)
);
list ($context['policy']['novalid'], $context['policy']['outdated'], $context['policy']['fresh']) = $smcFunc['db_fetch_row']($request);
This conversation was marked as resolved by albertlast

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Oct 23, 2018

Member

Minor language change: "invalid" would be better that "novalid"

$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT a.variable, count(b.value) amount
FROM {db_prefix}settings a
LEFT JOIN {db_prefix}themes b ON (a.variable = b.value and b.variable = {string:policy_approved})
WHERE a.variable like {string:avar}
GROUP BY a.variable
ORDER BY a.variable desc',
array(
'policy_approved' => 'policy_approved',
'avar' => 'policy_text%',
)
);
$context['poc']['policy_management'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request))
{
$context['poc']['policy_management'][] = array(
'name' => $row['variable'],
'amount' => $row['amount'],
'new' => ($row['variable'] == 'policy_text' . $currentVersion ? true : false),
);
}
$smcFunc['db_free_result']($request);
if ($return_config)
return $config_vars;
// Saving?
if (isset($_GET['save']))
{
checkSession();
call_integration_hook('integrate_save_policy_settings');
if (!empty($_REQUEST['enforce_new']))
{
if ($smcFunc['db_title'] == 'MySQLi')
$select = '
UPDATE {db_prefix}themes c
JOIN (
SELECT a.id_member
FROM {db_prefix}themes a
LEFT JOIN {db_prefix}themes b ON (a.id_member = b.id_member and b.variable = {string:bvar})
WHERE a.variable = {string:avar} and a.value = {string:aval}
AND ( b.value != {string:bval} or b.value is null)
) d ON (d.id_member = c.id_member)
SET c.value = {string:value}
WHERE c.variable = {string:avar}';
else
$select = '
UPDATE {db_prefix}themes
SET value = {string:value}
WHERE EXISTS (
SELECT a.id_member
FROM {db_prefix}themes a
LEFT JOIN {db_prefix}themes b ON (a.id_member = b.id_member and b.variable = {string:bvar})
WHERE a.variable = {string:avar} and a.value = {string:aval}
AND ( b.value != {string:bval} or b.value is null)
AND a.id_member = {db_prefix}themes.id_member
)
AND variable = {string:avar}';
$smcFunc['db_query']('',
$select,
array(
'value' => '0',
'bvar' => 'policy_approved',
'avar' => 'policy_isvalid',
'aval' => '1',
'bval' => 'policy_text' . $currentVersion,
)
);
}
elseif (!empty($_REQUEST['save_setting']))
{
unset($config_vars[1]);
saveDBSettings($config_vars);
}
elseif (!empty($_REQUEST['save_new_policy']) || !empty($_REQUEST['update_policy']))
{
if (!empty($_REQUEST['save_new_policy']))
$currentVersion++;
$config_vars[] = array('text', 'policy_text'.$currentVersion);
$_POST['policy_text'.$currentVersion] = $_REQUEST['policy_text'];
$config_vars[] = array('text', 'policy_version');
$_POST['policy_version'] = 'policy_text'.$currentVersion;
unset($config_vars[1]);
saveDBSettings($config_vars);
}
$_SESSION['adm-save'] = true;
redirectexit('action=admin;area=featuresettings;sa=policy');
}
elseif (isset($_GET['manage']))
{
checkSession();
call_integration_hook('integrate_manage_policy_settings');
// set user with the policy unvalid
if ($smcFunc['db_title'] == 'MySQLi')
This conversation was marked as resolved by albertlast

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Oct 23, 2018

Member

I'd rather avoid having two versions of the queries in this section. If necessary, feel free to create another $smcFunc['db_***'] function to handle this cleanly.

This comment has been minimized.

Copy link
@albertlast

albertlast Oct 23, 2018

Author Collaborator

Make less sense to place sutch special query in a generic env,
this query is only here needed.

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Oct 31, 2018

Member

We do our best to keep all alternate SQL queries in the Subs-Db-* files at all times. That ensures that if changes need to be made in the future, we know exactly where to look to find all the code that needs to be changed. If MySQL and PostgreSQL can't run the same query to do the same task in this case, then an abstraction function is required in order to comply with SMF's coding practices. I won't be able to merge this until the change is made.

This comment has been minimized.

Copy link
@albertlast

albertlast Oct 31, 2018

Author Collaborator

got fixed.

$select = '
UPDATE {db_prefix}themes c
JOIN (
SELECT a.id_member
FROM {db_prefix}themes a
LEFT JOIN {db_prefix}themes b ON (a.id_member = b.id_member and b.variable = {string:bvar})
WHERE a.variable = {string:avar} and a.value = {string:aval}
AND b.value = {string:bval}
) d ON (d.id_member = c.id_member)
SET value = {string:value}
WHERE c.variable = {string:avar}';
else
$select = '
UPDATE {db_prefix}themes
SET value = {string:value}
WHERE EXISTS (
SELECT a.id_member
FROM {db_prefix}themes a
LEFT JOIN {db_prefix}themes b ON (a.id_member = b.id_member and b.variable = {string:bvar})
WHERE a.variable = {string:avar} and a.value = {string:aval}
AND b.value = {string:bval}
AND a.id_member = {db_prefix}themes.id_member
)
AND variable = {string:avar}';
$smcFunc['db_query']('',
$select,
array(
'value' => '0',
'bvar' => 'policy_approved',
'avar' => 'policy_isvalid',
'aval' => '1',
'bval' => $_REQUEST['delete_policy'],
)
);
// empty users
if ($smcFunc['db_title'] == 'MySQLi')
$select = '
UPDATE {db_prefix}themes c
JOIN (
SELECT a.id_member
FROM {db_prefix}themes a
LEFT JOIN {db_prefix}themes b ON (a.id_member = b.id_member and b.variable = {string:bvar})
WHERE a.variable = {string:avar} and a.value = {int:aval}
AND b.value = {string:bval}
) d ON (d.id_member = c.id_member)
SET c.value = {string:value}
WHERE c.variable = {string:avar}';
else
$select = '
UPDATE {db_prefix}themes
SET value = {string:value}
WHERE EXISTS (
SELECT a.id_member
FROM {db_prefix}themes a
LEFT JOIN {db_prefix}themes b ON (a.id_member = b.id_member and b.variable = {string:bvar})
WHERE a.variable = {string:avar} and a.value = {string:aval}
AND b.value = {string:bval}
AND a.id_member = {db_prefix}themes.id_member
)
and variable = {string:bvar}';
$smcFunc['db_query']('',
$select,
array(
'value' => '',
'bvar' => 'policy_approved',
'avar' => 'policy_isvalid',
'aval' => '0',
'bval' => $_REQUEST['delete_policy'],
)
);
$smcFunc['db_query']('','
DELETE FROM {db_prefix}settings
WHERE variable = {string:policy_text}',
array(
'policy_text' => $_REQUEST['delete_policy'],
)
);
$_SESSION['adm-save'] = true;
redirectexit('action=admin;area=featuresettings;sa=policy');
}
$context['post_url'] = $scripturl . '?action=admin;area=featuresettings;save;sa=policy';
$context['settings_title'] = $txt['privacy'];
prepareDBSettingContext($config_vars);
}
?>
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.