[3.9] Privacy Tool Suite #20800
[3.9] Privacy Tool Suite #20800
Conversation
* Begin the capabilities reporting screen, list some core capabilities * Add the plugin reporting hook to capability collection * Add notes about hashed cookie name * Import installer plugin group to capabilities to be able to include install from web without needing a second plugin * Add info about core communications to joomla.org due to conflicting opinions/guidance on handling of IP addresses
String to be reviewed by an English native ;-) COM_PRIVACY_MSG_CONSENT_NO_CONSENT="There are no stored consents."
Add missing string COM_PRIVACY_MSG_CONSENT_NO_CONSENT
…an't cope with something that doesn't redirect or reload the page
change cannot to can't
[Postgresql] - fix backquote to doublequote
|
This PR is sitting here since more than 2 months. It has been tested by many users, no major issues or release blockers has been reported AFAIK. |
|
Or even an invalid reason so we know what to address |
|
All maintainers have tested this PR so can't merge it 😝 |
|
Didmt expect an invalid (and untrue) reason so quickly;) |
|
This is a PR that has a sub-project with its own issue tracker and in the 2 months a lot of issues have come up and have been fixed: https://github.com/joomla-projects/privacy-framework/issues Rest assured that Michael would not delay the release of 3.9 if not necessary. |
|
I’m not delaying anything, but I’m not going to personally merge a PR that
I oversaw a lot of the project effort on without adequate testing and
feedback. And for a while, that bit has been missing.
For me merging this triggers the release cycle. Unlike fields or routing or
4.0 features which got time to mature in a dev branch, this is basically
merge it and beta starts.
For me, it’s stable enough to do that. Others may have different
opinions. I don’t want to shove my opinion down the throat of others. And
I don’t want to ship something that has only been reviewed by those who
built it (with a few notable exceptions beyond that).
I’m one of a handful with merge rights. And not one who is technically a
leader within production right now. There are plenty of others IMO who
could/should provide feedback or make an informed decision.
On Sat, Aug 25, 2018 at 2:30 PM Hannes Papenberg ***@***.***> wrote:
This is a PR that has a sub-project with its own issue tracker and in the
2 months a lot of issues have come up and have been fixed:
https://github.com/joomla-projects/privacy-framework/issues
Rest assured that Michael would not delay the release of 3.9 if not
necessary.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20800 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAWfoenKKowaza_FfzTy9McZv-Fts7Kwks5uUaXEgaJpZM4Uuc0u>
.
--
- Michael Please pardon any errors, this message was sent from my iPhone.
|
|
By curiosity, I did a grep for |
|
Talk about trying to find a stupid reason not to merge this |
|
"love is in the air" |
|
I use this
for test. |
|
Some findings
|
|
@infograf768 can you open a new issue on https://github.com/joomla-projects/privacy-framework |
|
Thanks to all the involved people here, great job!! @mbabker would you like to tackle the open issues here or keep working in the privacy repo? |
|
@infograf768 your report #20800 (comment) should be fixed here https://github.com/joomla-projects/privacy-framework/pull/240 @laoneo , @mbabker |
This pull request is the result of a combined effort for introducing a privacy tool suite into Joomla in response to laws and regulations such as GDPR. Introduced with this pull request are several new extensions and new capabilities in existing APIs to support this work.
New API Features
XMLDocument Supports Downloaded Documents
Joomla\CMS\Document\XMLDocumentpresently only supports an inline document disposition, only displaying the document in the browser. A newsetDownload()method is added to the class to set whether the document should be downloaded (true) or displayed inline (false). A newisDownload()method is added to check this status.com_messages Send Message to All Super Users
We have introduced some notifications with the tool suite that called for sending messages to all super users. We elected to use the capabilities present in com_messages to support this, and we have added
MessagesModelMessage::notifySuperUsers()to support this capability.New Extensions
Action Logging System
This is the finalization of the "Recording Action Logs" project from GSoC 2016, this system provides an infrastructure to create an audit log of activity performed on a website and can be fine tuned to the site admin's preferences. Extensions are able to hook into this system to add custom messages or have the system process standard CRUD actions. Work in progress documentation can be found at https://docs.joomla.org/J3.x:User_Action_Logs.
Action Logs Component
The component allows site admins to review the action log, export it, and purge entries.
Action Logs Plugin
The "Action Log - Joomla" plugin is used to log CRUD actions for supported content related extensions and miscellaneous actions such as extension management.
Latest Actions Module
An admin module showing the latest logged actions is available.
Privacy System
This is the heart of law and regulation related capabilities and provides several subsystems. Note that this system on its own does NOT make your website compliant with any laws and regulations but is a tool to assist site owners with compliancy. Work in progress documentation can be found at https://docs.joomla.org/J3.x:Privacy.
Privacy Component
The main interaction point for privacy actions and management. The component offers several functions to help site owners with privacy related matters.
Capabilities List
To assist with informing site owners of privacy related capability concerns and data collection, a capabilities screen will display information reported by extensions through a dedicated plugin event. Unlike other events which are generally targeted to single plugin groups, the model here explicitly imports plugins from several different plugin groups which commonly collect or process data (such as the captcha group as the Google reCAPTCHA integration processes a client's IP address).
Consent Tracking
The component supports an audit log tracking all consents given on the web site, in core this is used for the consent plugin (explained later) to track consent to the privacy policy but extensions can log their own consents here as well.
Information Requests
Rights given under GDPR and similar privacy regulations include the right to access your data and the right to be forgotten. The information requests system is used to track and act on these requests. A request can be created in two ways:
Once the request is confirmed, the site admin will have action buttons appropriate to the request available to them to act upon the request. Processing for requests is plugin driven, all actions are performed by plugins to allow maximum flexibility and configuration for each affected extension.
Privacy Policy Consent Plugin
When enabled, the plugin can be used to mandate that registered users consent to the site's privacy policy (defined in the plugin) before doing anything else on the website.
Confirm Consent Plugin
For our email related forms (contact, email to a friend, and the privacy policy form), this plugin adds a consent checkbox to the form for the user to agree to processing the form's information.
Terms and Conditions Plugin
When enabled, the plugin can be used to require newly registering users to agree to the site's terms and conditions (defined in the plugin).
Privacy Dashboard Module
An admin module showing a summary of the information request data is available.
Urgent Requests Notification
A quickicon plugin is available which can be used to alert the site admin to requests which are considered urgent (confirmed and older than the age configured in the component settings, default to 14 days).
Miscellaneous Extensions
Log Rotation Plugin
When enabled, this implements a log rotation capability to log files created through the
Joomla\CMS\LogAPI and stored to the configured log path, this allows log files to be rotated and removed.Contributing Fixes
If needed, pull requests with changes for this branch should be made against the
dev/privacybranch of https://github.com/joomla-projects/privacy-framework - that branch is mirrored to my personal CMS fork so we can make this pull requestInstallable Packages
Fully built "release" packages are available from https://developer.joomla.org/privacy-pack/