Merge pull request #19330 from woocommerce/update/gdpr-actions

GDPR - Personal data export and removal
woocommerce · Apr 17, 2018 · 5c8adcd · 5c8adcd
2 parents 718c91f + f9e45be
commit 5c8adcd
Show file tree

Hide file tree

Showing 10 changed files with 847 additions and 72 deletions.
diff --git a/includes/admin/list-tables/class-wc-admin-list-table-orders.php b/includes/admin/list-tables/class-wc-admin-list-table-orders.php
@@ -135,9 +135,10 @@ public function define_bulk_actions( $actions ) {
 			unset( $actions['edit'] );
 		}
 
-		$actions['mark_processing'] = __( 'Change status to processing', 'woocommerce' );
-		$actions['mark_on-hold']    = __( 'Change status to on-hold', 'woocommerce' );
-		$actions['mark_completed']  = __( 'Change status to completed', 'woocommerce' );
+		$actions['mark_processing']      = __( 'Change status to processing', 'woocommerce' );
+		$actions['mark_on-hold']         = __( 'Change status to on-hold', 'woocommerce' );
+		$actions['mark_completed']       = __( 'Change status to completed', 'woocommerce' );
+		$actions['remove_personal_data'] = __( 'Remove personal data', 'woocommerce' );
 
 		return $actions;
 	}
@@ -622,39 +623,46 @@ public static function order_preview_get_order_details( $order ) {
 	 * @return string
 	 */
 	public function handle_bulk_actions( $redirect_to, $action, $ids ) {
-		// Bail out if this is not a status-changing action.
-		if ( false === strpos( $action, 'mark_' ) ) {
-			return $redirect_to;
-		}
-
-		$order_statuses = wc_get_order_statuses();
-		$new_status     = substr( $action, 5 ); // Get the status name from action.
-		$report_action  = 'marked_' . $new_status;
+		$ids     = array_map( 'absint', $ids );
+		$changed = 0;
 
-		// Sanity check: bail out if this is actually not a status, or is
-		// not a registered status.
-		if ( ! isset( $order_statuses[ 'wc-' . $new_status ] ) ) {
-			return $redirect_to;
-		}
+		if ( 'remove_personal_data' === $action ) {
+			$report_action = 'removed_personal_data';
 
-		$changed = 0;
-		$ids     = array_map( 'absint', $ids );
+			foreach ( $ids as $id ) {
+				$order = wc_get_order( $id );
 
-		foreach ( $ids as $id ) {
-			$order = wc_get_order( $id );
-			$order->update_status( $new_status, __( 'Order status changed by bulk edit:', 'woocommerce' ), true );
-			do_action( 'woocommerce_order_edit_status', $id, $new_status );
-			$changed++;
+				if ( $order ) {
+					do_action( 'woocommerce_remove_order_personal_data', $order );
+					$changed++;
+				}
+			}
+		} elseif ( false !== strpos( $action, 'mark_' ) ) {
+			$order_statuses = wc_get_order_statuses();
+			$new_status     = substr( $action, 5 ); // Get the status name from action.
+			$report_action  = 'marked_' . $new_status;
+
+			// Sanity check: bail out if this is actually not a status, or is not a registered status.
+			if ( isset( $order_statuses[ 'wc-' . $new_status ] ) ) {
+				foreach ( $ids as $id ) {
+					$order = wc_get_order( $id );
+					$order->update_status( $new_status, __( 'Order status changed by bulk edit:', 'woocommerce' ), true );
+					do_action( 'woocommerce_order_edit_status', $id, $new_status );
+					$changed++;
+				}
+			}
 		}
 
-		$redirect_to = add_query_arg(
-			array(
-				'post_type'    => $this->list_table_type,
-				$report_action => true,
-				'changed'      => $changed,
-				'ids'          => join( ',', $ids ),
-			), $redirect_to
-		);
+		if ( $changed ) {
+			$redirect_to = add_query_arg(
+				array(
+					'post_type'   => $this->list_table_type,
+					'bulk_action' => $report_action,
+					'changed'     => $changed,
+					'ids'         => join( ',', $ids ),
+				), $redirect_to
+			);
+		}
 
 		return esc_url_raw( $redirect_to );
 	}
@@ -666,23 +674,29 @@ public function bulk_admin_notices() {
 		global $post_type, $pagenow;
 
 		// Bail out if not on shop order list page.
-		if ( 'edit.php' !== $pagenow || 'shop_order' !== $post_type ) {
+		if ( 'edit.php' !== $pagenow || 'shop_order' !== $post_type || ! isset( $_REQUEST['bulk_action'] ) ) { // WPCS: input var ok, CSRF ok.
 			return;
 		}
 
 		$order_statuses = wc_get_order_statuses();
+		$number         = isset( $_REQUEST['changed'] ) ? absint( $_REQUEST['changed'] ) : 0; // WPCS: input var ok, CSRF ok.
+		$bulk_action    = wc_clean( wp_unslash( $_REQUEST['bulk_action'] ) ); // WPCS: input var ok, CSRF ok.
 
 		// Check if any status changes happened.
 		foreach ( $order_statuses as $slug => $name ) {
-			if ( isset( $_REQUEST[ 'marked_' . str_replace( 'wc-', '', $slug ) ] ) ) {  // WPCS: input var ok.
-
-				$number = isset( $_REQUEST['changed'] ) ? absint( $_REQUEST['changed'] ) : 0; // WPCS: input var ok.
-				/* translators: %s: orders count */
+			if ( 'marked_' . str_replace( 'wc-', '', $slug ) === $bulk_action ) { // WPCS: input var ok, CSRF ok.
+				/* translators: %d: orders count */
 				$message = sprintf( _n( '%d order status changed.', '%d order statuses changed.', $number, 'woocommerce' ), number_format_i18n( $number ) );
 				echo '<div class="updated"><p>' . esc_html( $message ) . '</p></div>';
 				break;
 			}
 		}
+
+		if ( 'removed_personal_data' === $bulk_action ) { // WPCS: input var ok, CSRF ok.
+			/* translators: %d: orders count */
+			$message = sprintf( _n( 'Removed personal data from %d order.', 'Removed personal data from %d orders.', $number, 'woocommerce' ), number_format_i18n( $number ) );
+			echo '<div class="updated"><p>' . esc_html( $message ) . '</p></div>';
+		}
 	}
 
 	/**

diff --git a/includes/admin/meta-boxes/class-wc-meta-box-order-data.php b/includes/admin/meta-boxes/class-wc-meta-box-order-data.php
@@ -344,7 +344,9 @@ public static function output( $post ) {
 									$field_value = make_clickable( esc_html( $field_value ) );
 								}
 
-								echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
+								if ( $field_value ) {
+									echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
+								}
 							}
 							?>
 						</div>
@@ -450,7 +452,9 @@ public static function output( $post ) {
 										$field_value = $order->get_meta( '_' . $field_name );
 									}
 
-									echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . make_clickable( esc_html( $field_value ) ) . '</p>';
+									if ( $field_value ) {
+										echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
+									}
 								}
 							}
 

diff --git a/includes/class-wc-install.php b/includes/class-wc-install.php
@@ -527,6 +527,9 @@ private static function create_tables() {
 			// used by WC_Comments::wp_count_comments() to get the number of comments by type.
 			$wpdb->query( "ALTER TABLE {$wpdb->comments} ADD INDEX woo_idx_comment_type (comment_type)" );
 		}
+
+		// Add constraint to download logs.
+		$wpdb->query( "ALTER TABLE {$wpdb->prefix}wc_download_log ADD FOREIGN KEY (permission_id) REFERENCES {$wpdb->prefix}woocommerce_downloadable_product_permissions(permission_id) ON DELETE CASCADE" );
 	}
 
 	/**