def get_fields(self, **kwargs):
request = kwargs.get("request", None)
gdpr_settings = get_gdpr_settings(request)
if not gdpr_settings:
return []
user_consent = None
if request.user.is_authenticated():
user_consent = GDPRUserConsent.get_for_user(
request.user, request.shop)
fields = []
for page in get_active_consent_pages(request.shop):
# user already has consented to this page, ignore it
if user_consent and not user_consent.should_reconsent_to_page(
page):
continue
key = "accept_{}".format(page.id)
field = forms.BooleanField(label=mark_safe(
ugettext(
"I have read and accept the <a href='{}' target='_blank' class='gdpr_consent_doc_check'>{}</a>"
).format(reverse("shuup:cms_page", kwargs=dict(url=page.url)),
page.title)),
required=True,
error_messages=dict(
required=self.error_message))
definition = FormFieldDefinition(name=key, field=field)
fields.append(definition)
return fields
def post(self, request, *args, **kwargs):
shop = request.shop
cookie_categories = list(
GDPRCookieCategory.objects.filter(shop=shop, always_active=True))
for field, value in request.POST.items():
field_match = re.match(COOKIE_CONSENT_RE, field)
if field_match and value.lower() in ["on", "1"]:
cookie_category = GDPRCookieCategory.objects.filter(
shop=shop, id=field_match.groups()[0]).first()
if cookie_category:
cookie_categories.append(cookie_category)
consent_documents = []
if has_installed("shuup.simple_cms"):
consent_documents = get_active_consent_pages(shop)
cookie_data = get_cookie_consent_data(cookie_categories,
consent_documents)
if request.META.get("HTTP_REFERER"):
redirect_url = request.META["HTTP_REFERER"]
else:
redirect_url = force_text(reverse("shuup:index"))
response = HttpResponseRedirect(redirect_url)
add_consent_to_response_cookie(response, cookie_data)
return response
def post(self, request, *args, **kwargs):
shop = request.shop
cookie_categories = list(GDPRCookieCategory.objects.filter(shop=shop, always_active=True))
for field, value in request.POST.items():
field_match = re.match(COOKIE_CONSENT_RE, field)
if field_match and value.lower() in ["on", "1"]:
cookie_category = GDPRCookieCategory.objects.filter(shop=shop, id=field_match.groups()[0]).first()
if cookie_category:
cookie_categories.append(cookie_category)
consent_documents = []
if has_installed("shuup.simple_cms"):
consent_documents = get_active_consent_pages(shop)
cookie_data = get_cookie_consent_data(cookie_categories, consent_documents)
if request.META.get("HTTP_REFERER"):
redirect_url = request.META["HTTP_REFERER"]
else:
redirect_url = force_text(reverse("shuup:index"))
response = HttpResponseRedirect(redirect_url)
add_consent_to_response_cookie(response, cookie_data)
return response
def get_fields(self, **kwargs):
request = kwargs.get("request", None)
if not has_installed("shuup.gdpr") or not request:
return []
gdpr_settings = GDPRSettings.get_for_shop(request.shop)
if not gdpr_settings.enabled:
return []
fields = []
for page in get_active_consent_pages(request.shop):
key = "accept_{}".format(page.id)
field = forms.BooleanField(
label=_("I have read and accept the {}").format(page.title),
required=True,
help_text=_("Read the <a href='{}' target='_blank'>{}</a>.").format(
reverse("shuup:cms_page", kwargs=dict(url=page.url)),
page.title
),
error_messages=dict(required=self.error_message)
)
definition = FormFieldDefinition(name=key, field=field)
fields.append(definition)
return fields
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end",
static("shuup_gdpr/shuup_gdpr_styles.css"))
user = request.user
if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request":
request,
"csrf_token":
context["csrf_token"],
"url":
"/%s" % consent_page.url,
"accept_url":
reverse("shuup:gdpr_policy_consent",
kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja",
context=render_context))
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
context=render_context))
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
def should_reconsent(self, shop, user):
consent_pages_ids = set([page.id for page in get_active_consent_pages(shop)])
page_ids = set([doc.page.id for doc in self.documents.all()])
if consent_pages_ids != page_ids:
return True
# all matches, check versions
for consent_document in self.documents.all():
version = Version.objects.get_for_object(consent_document.page).first()
if consent_document.version != version:
return True
return False
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end", static("shuup-gdpr.css"))
user = request.user
if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"url": "/%s" % consent_page.url,
"accept_url": reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja", context=render_context)
)
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja", context=render_context)
)
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup-gdpr.js"))
def should_reconsent(self, shop, user):
consent_pages_ids = set(
[page.id for page in get_active_consent_pages(shop)])
page_ids = set([doc.page.id for doc in self.documents.all()])
if consent_pages_ids != page_ids:
return True
# all matches, check versions
for consent_document in self.documents.all():
version = Version.objects.get_for_object(
consent_document.page).first()
if consent_document.version != version:
return True
return False
def get_fields(self, **kwargs):
request = kwargs.get("request", None)
gdpr_settings = get_gdpr_settings(request)
if not gdpr_settings:
return []
fields = []
for page in get_active_consent_pages(request.shop):
key = "accept_{}".format(page.id)
field = forms.BooleanField(label=mark_safe(
ugettext(
"I have read and accept the <a href='{}' target='_blank' class='gdpr_consent_doc_check'>{}</a>"
).format(reverse("shuup:cms_page", kwargs=dict(url=page.url)),
page.title)),
required=True,
error_messages=dict(
required=self.error_message))
definition = FormFieldDefinition(name=key, field=field)
fields.append(definition)
return fields
def get_fields(self, **kwargs):
request = kwargs.get("request", None)
if not has_installed("shuup.gdpr") or not request:
return []
gdpr_settings = GDPRSettings.get_for_shop(request.shop)
if not gdpr_settings.enabled:
return []
fields = []
for page in get_active_consent_pages(request.shop):
key = "accept_{}".format(page.id)
field = forms.BooleanField(
label=mark_safe(ugettext(
"I have read and accept the <a href='{}' target='_blank' class='gdpr_consent_doc_check'>{}</a>"
).format(reverse("shuup:cms_page", kwargs=dict(url=page.url)), page.title)),
required=True,
error_messages=dict(required=self.error_message)
)
definition = FormFieldDefinition(name=key, field=field)
fields.append(definition)
return fields
def get_documents(self, request, **kwargs):
return get_active_consent_pages(request.shop)
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
def get_documents(self, request, **kwargs):
return get_active_consent_pages(request.shop)
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
