Keep old versions of the privacy statement and make them available

Bug #1734182 reported by Kristina Hoeppner on 2017-11-23
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
Maria Sorica

Bug Description

We need to make a series of changes in Mahara to comply with the GDPR. More info is available on the wiki at https://wiki.mahara.org/wiki/Developer_Area/Specifications_in_Development/GDPR_compliance

We need to keep old versions of the privacy statement and consents and show them to administrators and also users. See bug #1734171 for an idea for displaying them to a user.

Site and institution administrators could view theirs in the admin area's "Privacy" statement section. They would be listed in reverse chronological order starting with the current live version.

Institution admins would be able to see the site privacy statement as well as they may need to refer to them in order to know what specific items they may need to cover in their institution privacy statement.

Admins can create a new privacy statement (but not revert or edit existing ones).

Each version needs to be directly accessible from an admin report (and also in the user's settings; see bug #1734171).

Wishlist item for the admin report: bug #1734188

description: updated
Mark Webster (mark-webster-v) wrote :

Changes proposed:

1. Remove T&C from the Static Pages admin.

2. Create new DB table ("site_terms"?) with fields - id[PK], content, ctime, author, institution, version. Will contain all versions of T&C. version will be auto-filled in the yyyymmddxx format used throughout Mahara.

3. Add new "Privacy" admin page under "Configure Site" for managing site T&C:

    * New admin page where sitewide ("mahara" institution) T&C can be viewed and updated.
    * Modifying T&C creates new version. Previous versions remain in DB.
    * Admin page to include dropdown list of previous versions in reverse order. Selecting
      a previous version updates the display to show that version.
    * Edit button only enabled on most recent version to avoid accidental use of old T&C.

4. Add new "Privacy" admin page under "Institutions" for managing institution T&C:

    * New admin page where institution T&C can be viewed and updated.
    * Modifying T&C creates new version. Previous versions remain in DB.
    * Admin page to include dropdown list of previous versions in reverse order. Selecting
      a previous version updates the display to show that version.
    * Edit button only enabled on most recent version to avoid accidental use of old T&C.

5. Add new page under "User menu" -> "Settings" -> "Privacy".

    * Display current T&C.
    * Display dropdown list of pervious versions in reverse order. Selecting version updates
      the display to show that version.

Changed in mahara:
assignee: nobody → Maria (maria-sorica)

Institution and site T&C pages:

It would be good to also note down who made the changes. This would only need to be displayed in the admin section and not on the T&C page itself. It would help though to know who made a change.

Institution T&C page:

I think the institution admin will need to be able to see the site T&C as they only need to add to them. Can they be displayed for information purposes on the screen on which the institution adds their own?

User T&C page:

I think it would be good to make clear what are site T&C and what are institution T&C as we also have them in panels when consent is asked for.

The date when the user accepted the T&C should be displayed.

Maria Sorica (maria-sorica) wrote :

Institution and site T&C pages:

When a T&C is modified a new entry will be added in the DB. In it the new content, it’s author, the new version and the date will be saved.

Institution T&C page:

The site T&C will be displayed in an expandable box on the institution T&C creation page. (The institution admin will need to accept the site policies so they will have the site T&C available in the "User menu" -> "Settings" -> "Privacy" section as well)

User T&C page:

The site T&C and the institution T&C will be displayed in different panels on the users T&C page. A title could be added to the panel (Site T&C / [Institution name] T&C) to make it easier for the user to differentiate between site and institution T&C.

Maria Sorica (maria-sorica) wrote :

Instead of Terms and conditions, the Privacy Statement will be stored in the table being more relevant for the GDPR.

Changed in mahara:
status: Confirmed → In Progress

Descriptions changed to "privacy statement" as that is what we'll need to deal with directly. Changes to the T&Cs can come at a later stage.

summary: - Keep old versions of the T&C and make them available
+ Keep old versions of the privacy statement and make them available
description: updated
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8381

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8382

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8388

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8393

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8394

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8403

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8405

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8404

Reviewed: https://reviews.mahara.org/8381
Committed: https://git.mahara.org/mahara/mahara/commit/63256d28a736d1833ee2df944d44eb5f63b483b3
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 63256d28a736d1833ee2df944d44eb5f63b483b3
Author: Robert Lyon <email address hidden>
Date: Thu Dec 28 07:59:12 2017 +1300

Bug 1734182: site_content mauthor to be set to 'root' user on install

This way if we ever query / display who has edited the content we can
know user = 0 is the installed version.

behatnotneeded

Change-Id: I81973a315d7953f29249425ae52712ec2334634f
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8377
Committed: https://git.mahara.org/mahara/mahara/commit/8b3f3a31eb7ae01e8761aec1813664bf4dc12813
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 8b3f3a31eb7ae01e8761aec1813664bf4dc12813
Author: Maria Sorica <email address hidden>
Date: Thu Dec 28 10:51:01 2017 +0000

Bug 1734182: Create the 'site_content_version' table

behatnotneeded

Change-Id: I2cecf16fbbd54b8e4b95ba9d78c51c34d19171f4

Changed in mahara:
status: In Progress → Fix Committed
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8434

Reviewed: https://reviews.mahara.org/8432
Committed: https://git.mahara.org/mahara/mahara/commit/0a13b03448d829787db66b198268ba312c4cdf3d
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 0a13b03448d829787db66b198268ba312c4cdf3d
Author: Robert Lyon <email address hidden>
Date: Tue Jan 16 10:32:00 2018 +1300

Bug 1734182: Displaying the existing site/institution privacy within table

Rather than loading page with just existing content we can load table
with table and content displayed together for easier comprehension of
which row relates to which statement

Also added the 'Cancel' link so one can cancel out of the form without
saving

behatnotneeded

Change-Id: Idae22c7659c5ea9f63e98e77b73abccaecd97462
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8394
Committed: https://git.mahara.org/mahara/mahara/commit/99561341a1c7ea98f29c688a7352936f39e21c88
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 99561341a1c7ea98f29c688a7352936f39e21c88
Author: Maria Sorica <email address hidden>
Date: Fri Dec 29 16:50:34 2017 +0000

Bug 1734182: Add the edit/view logic to the site privacy page

behatnotneeded

Change-Id: I5559d777409f9416e52b911dedd73a3c6fb36fe4

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8434
Committed: https://git.mahara.org/mahara/mahara/commit/0de122671664d6f972d4ddd6c354c189ef821b33
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 0de122671664d6f972d4ddd6c354c189ef821b33
Author: Robert Lyon <email address hidden>
Date: Wed Jan 17 08:29:13 2018 +1300

Bug 1734182: Change menu from 'Privacy statement' to 'Legal'

That way we can have other things like terms and conditions also part
of this system

Change-Id: I00d44a856142095dc3d48f9953a5c775b06b6891
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8404
Committed: https://git.mahara.org/mahara/mahara/commit/1d3609fa3b1e261592fc2d0cd394ac2697319a11
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 1d3609fa3b1e261592fc2d0cd394ac2697319a11
Author: Maria Sorica <email address hidden>
Date: Thu Jan 4 14:54:05 2018 +0000

Bug 1734182: Add the first privacy statement of an institution

behatnotneeded

Change-Id: I1330f4975460a5fff7313b0af139735caf8b9d99

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8403
Committed: https://git.mahara.org/mahara/mahara/commit/121c0f106b733c3866faf343e226017cd2d45cf1
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 121c0f106b733c3866faf343e226017cd2d45cf1
Author: Maria Sorica <email address hidden>
Date: Thu Jan 4 14:14:26 2018 +0000

Bug 1734182: Display the site privacy on institution privacy page

behatnotneeded

Change-Id: I50c0bb5767f866ce0a8b5a961cbd0dd177962323

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8393
Committed: https://git.mahara.org/mahara/mahara/commit/de00191e0772b63014cdf3b3be8632aae486a26d
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit de00191e0772b63014cdf3b3be8632aae486a26d
Author: Maria Sorica <email address hidden>
Date: Fri Dec 29 16:06:58 2017 +0000

Bug 1734182: Display the Privacy Statement on page /privacy.php

behatnotneeded

Change-Id: If7c5d5b4c0f2da9dfb29a5294cb70f2fbe1c1045

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8405
Committed: https://git.mahara.org/mahara/mahara/commit/45953f35f2982e6fe95ddf6941a94a0a056f28f4
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 45953f35f2982e6fe95ddf6941a94a0a056f28f4
Author: Maria Sorica <email address hidden>
Date: Thu Jan 4 16:03:26 2018 +0000

Bug 1734182: Add view/edit logic to institution privacy statement

behatnotneeded

Change-Id: If1d564c309ebf32025299035fb8cca4d0981f603

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8392
Committed: https://git.mahara.org/mahara/mahara/commit/05aad4e56f2f825121ad8b284b9743784a1e2613
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 05aad4e56f2f825121ad8b284b9743784a1e2613
Author: Maria Sorica <email address hidden>
Date: Fri Dec 29 13:51:19 2017 +0000

Bug 1734182: Display all versions of the site privacy statement

The versions are displayed under Administration -> Configure site ->
Privacy statement in order to have a log of when changes were made
by whom.

behatnotneeded

Change-Id: I9a4e72e9ae97453e171e849bff5c4b8f1204e2e1

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8388
Committed: https://git.mahara.org/mahara/mahara/commit/80072229ad1d53e8a5ecc05fd2277dd1d9b2904e
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 80072229ad1d53e8a5ecc05fd2277dd1d9b2904e
Author: Maria Sorica <email address hidden>
Date: Thu Dec 28 16:08:45 2017 +0000

Bug 1734182: Move privacy to site_content_version table

On site update, delete Privacy Statement from the 'site_content'
table and add it to the 'site_content_version' table.

behatnotneeded

Change-Id: Idd765bad0e72165c940e5f6090d3c8861ae8fcd5

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8382
Committed: https://git.mahara.org/mahara/mahara/commit/bec503ce5af85534f44d15e5f4701e5f42cafe23
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit bec503ce5af85534f44d15e5f4701e5f42cafe23
Author: Maria Sorica <email address hidden>
Date: Thu Dec 28 14:24:29 2017 +0000

Bug 1734182: Add privacy to the site_content_version table

Add the site Privacy Statement to the 'site_content_version' table during installation

behatnotneeded

Change-Id: I50016c5d91df776025aa8ebb54077ae953844603

tags: added: nominatedfeature
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers