Joomla! Issue Tracker | Joomla! CMS #22047 - [3.9]Update privacyconsent.php to properly 'namespace' the consents state

Fixed in Code Base
9 Sep 2018
Medium
Build: 3.9-dev
# 22047
Diff
joeforjoomla:3.9-dev

Pending

User tests: Successful: Unsuccessful:

joeforjoomla
7 Sep 2018

Pull Request for Issue joomla-projects/privacy-framework#242.

Summary of Changes

Change the 'where' clause to properly apply remind, expiration and user consented status by namespacing consents based on the 'subject' field.

Refer to issue joomla-projects/privacy-framework#242

Testing Instructions

Test that the privacyconsent plugin only manages the state of consents of the core PLG_SYSTEM_PRIVACYCONSENT_SUBJECT

Expected result

Consents stored in the #__privacy_consents table by third-party extensions must not be affected nor affect the working mode of the privacyconsent plugin.

c460371 7 Sep 2018

Update privacyconsent.php

joeforjoomla - open - 7 Sep 2018

joeforjoomla - change - 7 Sep 2018

Status

New

⇒

Pending

joomla-cms-bot - change - 7 Sep 2018

Category

⇒

Front End Plugins

joeforjoomla - change - 7 Sep 2018

The description was changed

joeforjoomla - edited - 7 Sep 2018

joeforjoomla - change - 8 Sep 2018

Title

…

Update privacyconsent.php to properly 'namespace' the consents state

[3.9]Update privacyconsent.php to properly 'namespace' the consents state

joeforjoomla - edited - 8 Sep 2018

sanderpotjer - comment - 8 Sep 2018

I have tested this item ✅ successfully on c460371

I could argue that the subject should also be taken into account for the onUserAfterDelete function if you really want "Consents stored in the #__privacy_consents table by third-party extensions must not be affected nor affect the working mode of the privacyconsent plugin."

But at the other hand it is the only way to make sure that all user related consents are deleted upon deleting a user, also if 3rd party extensions "Forget" to implement the onUserAfterDelete.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22047.}

sanderpotjer - test_item - 8 Sep 2018 - Tested successfully

sanderpotjer - comment - 8 Sep 2018

Another thing to consider for this PR: in this way we force any other 3rd party implementation to add their own remindExpiringConsents function. It will require some work, but it might be nice to make that more optional. So adding consents without the requirement to have all functions in your own plugin.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22047.}

joeforjoomla - comment - 8 Sep 2018

I agree @sanderpotjer but i think it's better leave it as now for the onUserAfterDelete function, it's perfectly acceptable to delete even third-party consents upon a user deletion.

For the other thing, it's up to third-party extensions to choose if the consents must have an expiration time or not. Not in all cases this is required and could be done even in a manual way.

mbabker - comment - 8 Sep 2018

Another thing to consider for this PR: in this way we force any other 3rd party implementation to add their own remindExpiringConsents function. It will require some work, but it might be nice to make that more optional.

The code in the core plugins is really geared toward the core features/workflow, some of it may work for third party but not always.

With that said, some work started on a core job/cron type system since we've been adding a lot of plugins lately that have a cron-like schedule (either hardcoded or configurable). I'd say that with that job system in place, a lot of the logic for the remind/invalidate stuff could move into a component helper class with parameters for key values that could more easily be re-used. Until we get there though, since plugins aren't really part of the API, we're fine with this as is.