New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.9] Privacy Tool Suite #20800

merged 426 commits into from Aug 27, 2018



mbabker commented Jun 20, 2018

This pull request is the result of a combined effort for introducing a privacy tool suite into Joomla in response to laws and regulations such as GDPR. Introduced with this pull request are several new extensions and new capabilities in existing APIs to support this work.

New API Features

XMLDocument Supports Downloaded Documents

Joomla\CMS\Document\XMLDocument presently only supports an inline document disposition, only displaying the document in the browser. A new setDownload() method is added to the class to set whether the document should be downloaded (true) or displayed inline (false). A new isDownload() method is added to check this status.

com_messages Send Message to All Super Users

We have introduced some notifications with the tool suite that called for sending messages to all super users. We elected to use the capabilities present in com_messages to support this, and we have added MessagesModelMessage::notifySuperUsers() to support this capability.

New Extensions

Action Logging System

This is the finalization of the "Recording Action Logs" project from GSoC 2016, this system provides an infrastructure to create an audit log of activity performed on a website and can be fine tuned to the site admin's preferences. Extensions are able to hook into this system to add custom messages or have the system process standard CRUD actions. Work in progress documentation can be found at

Action Logs Component

The component allows site admins to review the action log, export it, and purge entries.

Action Logs Plugin

The "Action Log - Joomla" plugin is used to log CRUD actions for supported content related extensions and miscellaneous actions such as extension management.

Latest Actions Module

An admin module showing the latest logged actions is available.

Privacy System

This is the heart of law and regulation related capabilities and provides several subsystems. Note that this system on its own does NOT make your website compliant with any laws and regulations but is a tool to assist site owners with compliancy. Work in progress documentation can be found at

Privacy Component

The main interaction point for privacy actions and management. The component offers several functions to help site owners with privacy related matters.

Capabilities List

To assist with informing site owners of privacy related capability concerns and data collection, a capabilities screen will display information reported by extensions through a dedicated plugin event. Unlike other events which are generally targeted to single plugin groups, the model here explicitly imports plugins from several different plugin groups which commonly collect or process data (such as the captcha group as the Google reCAPTCHA integration processes a client's IP address).

Consent Tracking

The component supports an audit log tracking all consents given on the web site, in core this is used for the consent plugin (explained later) to track consent to the privacy policy but extensions can log their own consents here as well.

Information Requests

Rights given under GDPR and similar privacy regulations include the right to access your data and the right to be forgotten. The information requests system is used to track and act on these requests. A request can be created in two ways:

  • By a site administrator through the backend
  • By a registered user through the frontend

Once the request is confirmed, the site admin will have action buttons appropriate to the request available to them to act upon the request. Processing for requests is plugin driven, all actions are performed by plugins to allow maximum flexibility and configuration for each affected extension.

Privacy Policy Consent Plugin

When enabled, the plugin can be used to mandate that registered users consent to the site's privacy policy (defined in the plugin) before doing anything else on the website.

Confirm Consent Plugin

For our email related forms (contact, email to a friend, and the privacy policy form), this plugin adds a consent checkbox to the form for the user to agree to processing the form's information.

Terms and Conditions Plugin

When enabled, the plugin can be used to require newly registering users to agree to the site's terms and conditions (defined in the plugin).

Privacy Dashboard Module

An admin module showing a summary of the information request data is available.

Urgent Requests Notification

A quickicon plugin is available which can be used to alert the site admin to requests which are considered urgent (confirmed and older than the age configured in the component settings, default to 14 days).

Miscellaneous Extensions

Log Rotation Plugin

When enabled, this implements a log rotation capability to log files created through the Joomla\CMS\Log API and stored to the configured log path, this allows log files to be rotated and removed.

Contributing Fixes

If needed, pull requests with changes for this branch should be made against the dev/privacy branch of - that branch is mirrored to my personal CMS fork so we can make this pull request

Installable Packages

Fully built "release" packages are available from

alikon and others added some commits May 23, 2018

[Feature] Report Privacy Related Capabilities in Admin (#37)
* Begin the capabilities reporting screen, list some core capabilities

* Add the plugin reporting hook to capability collection

* Add notes about hashed cookie name

* Import installer plugin group to capabilities to be able to include install from web without needing a second plugin

* Add info about core communications to due to conflicting opinions/guidance on handling of IP addresses
String to be reviewed by an English native ;-)
COM_PRIVACY_MSG_CONSENT_NO_CONSENT="There are no stored consents."
Fix CS
Fix code standards: mixing tabs/spaces, html return lines
Merge pull request #1 from JoomliC/patch-2
Don't use a form submission for the export because the UI framework c…
…an't cope with something that doesn't redirect or reload the page
Merge pull request #237 from joomla-projects/alikon-postgresql-fix
[Postgresql] - fix backquote to doublequote

This comment has been minimized.

Sandra97 commented Aug 25, 2018

This PR is sitting here since more than 2 months. It has been tested by many users, no major issues or release blockers has been reported AFAIK.
Is there any VALID reason why this PR has not been reviewed/merged or anything by CMS maintainers?
The community is waiting for these features. Are we going to let this PR die, and put to the trash the great work of a small bunch of volunteers???


This comment has been minimized.


brianteeman commented Aug 25, 2018

Or even an invalid reason so we know what to address


This comment has been minimized.


roland-d commented Aug 25, 2018

All maintainers have tested this PR so can't merge it 😝


This comment has been minimized.


brianteeman commented Aug 25, 2018

Didmt expect an invalid (and untrue) reason so quickly;)

alikon and others added some commits Aug 25, 2018


This comment has been minimized.


Hackwar commented Aug 25, 2018

This is a PR that has a sub-project with its own issue tracker and in the 2 months a lot of issues have come up and have been fixed:

Rest assured that Michael would not delay the release of 3.9 if not necessary.


This comment has been minimized.


mbabker commented Aug 25, 2018


This comment has been minimized.


infograf768 commented Aug 26, 2018

By curiosity, I did a grep for new file mode on this .diff
This PR adds 188 files to Joomla.
Quite a bunch of them are updates sql , postgres and sqlazure (14 each if I do not mistake)
Can't these be reduced?


This comment has been minimized.


brianteeman commented Aug 26, 2018

Talk about trying to find a stupid reason not to merge this


This comment has been minimized.

gwsdesk commented Aug 26, 2018

"love is in the air"


This comment has been minimized.

TobsBobs commented Aug 26, 2018

I use this

Fully built "release" packages are available from

for test.


This comment has been minimized.


infograf768 commented Aug 27, 2018

Some findings

If no actions logs to export, when clicking on Export All as CSV, we get

[27-Aug-2018 10:50:18 Europe/Berlin] PHP Notice:  Undefined variable: extensions in /Applications/MAMP/htdocs/joomla39/administrator/components/com_actionlogs/models/fields/extension.php on line 55
[27-Aug-2018 10:50:18 Europe/Berlin] PHP Warning:  array_unique() expects parameter 1 to be array, null given in /Applications/MAMP/htdocs/joomla39/administrator/components/com_actionlogs/models/fields/extension.php on line 55
[27-Aug-2018 10:50:18 Europe/Berlin] PHP Warning:  Invalid argument supplied for foreach() in /Applications/MAMP/htdocs/joomla39/administrator/components/com_actionlogs/models/fields/extension.php on line 57

This comment has been minimized.


alikon commented Aug 27, 2018

@laoneo laoneo merged commit 17bb05a into joomla:3.9-dev Aug 27, 2018

4 checks passed

Hound No violations found. Woof!
continuous-integration/appveyor/pr AppVeyor build succeeded
continuous-integration/drone/pr the build was successful
continuous-integration/travis-ci/pr The Travis CI build passed

This comment has been minimized.


laoneo commented Aug 27, 2018

Thanks to all the involved people here, great job!!

@mbabker would you like to tackle the open issues here or keep working in the privacy repo?


This comment has been minimized.


alikon commented Aug 27, 2018

@infograf768 your report #20800 (comment) should be fixed here joomla-projects/privacy-framework#240

@laoneo , @mbabker
imo should be more manageable keep working in the privacy repo (where we have already open issues & pr's)
but there will be no issue if you decide is better to work on the 3.9 main repo 😉


This comment has been minimized.

Schrijvers123 commented on 8144522 Oct 30, 2018

Why 30 days? 60 or 90 days is common by large companies.

This comment has been minimized.

marcodings replied Oct 31, 2018

Why impose a maximum at all ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment