gdpr_rails 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bdac527992aa3750ca683a3b17605e9f5726b4bf
-  data.tar.gz: b020e00e20481d8c6eea547fefe3534015ad263a
+  metadata.gz: 6181a2509e31b54aae04f5200f9379312f252826
+  data.tar.gz: 8368d29d88f66c2829cf21f3818bbffb3bc0010e
 SHA512:
-  metadata.gz: 758502951aaf60f3168c55c95938462dc9cf1433ae7fc0dc259a4a746a7d371eadc71b04b5c85605b3a8bc84accee94dfd6f614a2b982085b520a4ba387061e7
-  data.tar.gz: 8630dddce297c8bd2be235bac6eb52c385c968ca42f7db3961605e72d87784be9733b7bb1d66a53a336f852db6e52f9fd0ab32a86c2597c44c7b15206ef7e1ea
+  metadata.gz: 6a64af678175901f4d3557512b6f6c6f714a28aea94339dcbf749039f2f28c0a95fab855e654caf8b7ff34bb6e5172d1ff55d84033e9931decdeed15f586a7dd
+  data.tar.gz: 14be1400c6c09ef867262e9bed12d286072a9774c95067c42b880e870cb759c8ebd6ee3e81c0a0c075d6db7c80fc5f604ad19cb47946fe4d13c2ad301ad6ed94

data/README.md

@@ -33,7 +33,7 @@ Portability module lets you define export options, that will generate a navigabl
 + Behind the scenes uses the paperclip gem in which you can set up storages, like S3, Google
 
 #### Scripts & Cookies
-Configurable *scripts* which will bind cookie names in order to handle the script rendering and the cookie clean up. 
+Configurable *scripts* which will bind cookie names in order to handle the script rendering and the cookie clean up.
 
 #### Forgetability
 + TBD, for now we simply delete all the data when a user closes the account.  This could be handled in the future with encryption like in emails or other kind of sensible fields on a database.
@@ -42,11 +42,11 @@ Configurable *scripts* which will bind cookie names in order to handle the scrip
 ![admin panel](./panel.jpg)
 
 ## Installation
-Add this line to your application's Gemfile: 
+Add this line to your application's Gemfile:
 
 as `gem 'gdpr_rails'`
 
-Then in your application.rb require the policy_manager lib with 
+Then in your application.rb require the policy_manager lib with
 
 `require "policy_manager"`
 
@@ -57,20 +57,26 @@ Install & run the migrations
 ## Usage examples
 
 ### Basic config
+
 ```ruby
-config = PolicyManager::Config.setup do |c|  
+config = PolicyManager::Config.setup do |c|
   c.logout_url = "logout"
   c.from_email = "admin@acme.com"
   c.admin_email_inbox = "foo@baaz.org"
-  # is_admin method in order for engine to know  
-  # how to authorize admin only areas  
-  c.is_admin_method = ->(o){ 
+
+  c.user_resource = User # defaults to User
+  c.admin_user_resource = AdminUser # defaults to User
+  # is_admin method in order for engine to know
+  # how to authorize admin only areas
+  c.is_admin_method = ->(o){
     o.is_god? || o.is_admin? || o.is_me? || o.watheva
   }
+
+end
 ```
 
-In order for this engine to work you must supply some rules according to your needs, in order to be in comply with the GDPR you will need 3 rules at least. A cookie consent, a Privacy& TOS and an Age  confirmation (+16). 
-So, let's start by doing that: 
+In order for this engine to work you must supply some rules according to your needs, in order to be in comply with the GDPR you will need 3 rules at least. A cookie consent, a Privacy& TOS and an Age  confirmation (+16).
+So, let's start by doing that:
 
 ## Term rules
 
@@ -80,6 +86,14 @@ In your app router add the following:
   mount PolicyManager::Engine => "/policies"
 ```
 
+Then add the concern to your `User` model:
+
+```ruby
+class User < ApplicationRecord
+  include PolicyManager::Concerns::UserBehavior
+end
+```
+
 Then add an initializer, `config/initializers/gdpr.rb` and inside it set your policy rules.
 
 ```ruby
@@ -125,7 +139,7 @@ When the policies are configured will generate some helper methods on User model
 + **validates_on:** will require users validation, will automagically create virtual attributes for the policy you set, so, if you set `age` in your config you must supply in your forms a `policy_rule_age` checkbox in your form, if you don't supply those then the user validation will return errors on `policy_rule_age` . Don't forget to add the fields in your strong params in the controller which handles the request.
 + **if:** you can add conditions as a Proc in order skip validations:
 ```ruby
-  c.add_rule({name: "age", validates_on: [:create, :update], 
+  c.add_rule({name: "age", validates_on: [:create, :update],
               if: ->(o){ o.enabled_for_validation } })
 ```
 + **on_reject**: Proc which will be triggered when user rejects a policy (has an argument that contains the controller context)
@@ -138,10 +152,10 @@ When the policies are configured will generate some helper methods on User model
   c.add_rule({name: "cookie", sessionless: true, on_reject: ->(context){
       PolicyManager::Script.cookies
       .select{|o| !o.permanent }
-      .each{|o| 
-        o.cookies.each{|c| 
-          context.send(:cookies).delete(c, domain: o.domain)  
-        } 
+      .each{|o|
+        o.cookies.each{|c|
+          context.send(:cookies).delete(c, domain: o.domain)
+        }
       }
     }
   })
@@ -149,7 +163,7 @@ When the policies are configured will generate some helper methods on User model
 
 #### Policy handling:
 
-There are some endpoints that will handle json in order to interact with client applications, like react interfaces, $.ajax etc. 
+There are some endpoints that will handle json in order to interact with client applications, like react interfaces, $.ajax etc.
 you can also use the html web panel directly from the engine.
 So, if the Engine was mounted on `/policies` then your routes will be:
 
@@ -163,9 +177,9 @@ So, if the Engine was mounted on `/policies` then your routes will be:
 
 ## Scripts & Cookies
 
-This is supposed to in mix with your declared cookie term. So, this configuration let's you declare your external scripts that are related with tracking, ie: Google Analytics, Kissmetrics, Google Tag manager, etc... This configuration expects that you declare scripts that will be rendered over certain contexts (environments) and have the names (and domains) of the cookies that those scripts generates.  
+This is supposed to in mix with your declared cookie term. So, this configuration let's you declare your external scripts that are related with tracking, ie: Google Analytics, Kissmetrics, Google Tag manager, etc... This configuration expects that you declare scripts that will be rendered over certain contexts (environments) and have the names (and domains) of the cookies that those scripts generates.
 
-#### example: 
+#### example:
 ```ruby
   c.add_script(
     name: "google analytics",
@@ -198,11 +212,11 @@ Export option & Portability rules will allow you to set up how and which data yo
 + **resource**: which model , ie: `User`
 + **index_template**: The first page. defaults to a simple ul li list of links tied to your rules, this expects a Pathname or a String with yout template
 + **layout**: A layout template to wrap the static site,  this expects a Pathname or a String with your template
-+ **after_zip**: a callback to handle the zip file on the resource, something like: 
++ **after_zip**: a callback to handle the zip file on the resource, something like:
 ```ruby
-after_zip: ->(zip_path, resource){ 
-  puts "THIS IS GREAT #{zip_path} was zipped, now what ??" 
-}   
+after_zip: ->(zip_path, resource){
+  puts "THIS IS GREAT #{zip_path} was zipped, now what ??"
+}
 ```
 
 + **mail_helpers**:  If you have some helpers you want to add to the mailers, then you can pass an Array of helpers, `[MailHelper, OtherMailHelper]`,
@@ -219,17 +233,17 @@ and will auto paginate records
 PolicyManager::Config.setup do |c|
 
   # minimal exporter setup
-  c.exporter = { 
-    path: Rails.root + "tmp/export", 
-    resource: User 
+  c.exporter = {
+    path: Rails.root + "tmp/export",
+    resource: User
   }
 
   # portability rules, collection render. This will call a @user.articles
   # and will auto paginate records
   # template expects a string or path
   c.add_portability_rule({
-    name: "exportable_data", 
-    collection: :articles, 
+    name: "exportable_data",
+    collection: :articles,
     template: "hello, a collection will be rendered here use @collection.to_json",
     per: 10
   })
@@ -237,9 +251,9 @@ PolicyManager::Config.setup do |c|
   # portability rules, member render. This will call a @user.account_data
   # template expects a string or path
   c.add_portability_rule({
-    name: "my_account", 
+    name: "my_account",
     member: :account_data,
-    template: "hellow , here a resource will be rendered <%= @member.to_json %> "          
+    template: "hellow , here a resource will be rendered <%= @member.to_json %> "
   })
 
 end
@@ -269,7 +283,7 @@ portability_request         DELETE /portability_requests/:id(.:format)
 
 
 # TO DO
-+   anonimyzer 
++   anonimyzer
 
 #### Acknowledgments
 + [Prey Team](https://github.com/orgs/prey/people)

data/app/controllers/policy_manager/application_controller.rb

@@ -13,7 +13,7 @@ module PolicyManager
     end
 
     def user_authenticated?
-      if current_user.blank?
+      if !current_user
         render :file => "public/401.html", :layout => false, :status => :unauthorized
       end
     end
@@ -22,6 +22,14 @@ module PolicyManager
       I18n.locale = Config.user_language(current_user)
     end
 
+    def current_user
+      @_current_user ||=  super || (Config.has_different_admin_user_resource? && admin_user)
+    end
+
+    def admin_user
+      self.send("current_#{Config.admin_user_resource.name.underscore}")
+    end
+
     protect_from_forgery with: :exception
   end
 end

data/app/jobs/policy_manager/exporter_job.rb

@@ -1,9 +1,9 @@
 module PolicyManager
   class ExporterJob < ApplicationJob
     queue_as :default
-   
+
     def perform(user_id)
-      user = User.find(user_id)
+      user = Config.user_resource.find(user_id)
       Config.exporter.perform(user)
     end
   end

data/app/mailers/policy_manager/portability_mailer.rb

@@ -3,7 +3,7 @@ module PolicyManager
 
     def progress_notification(portability_request_id)
       @portability_request = PortabilityRequest.find(portability_request_id)
-      @user = User.find(@portability_request.user_id)
+      @user = Config.user_resource.find(@portability_request.user_id)
       
       opts = { :to => @user.email, :subject => I18n.t("terms_app.mails.progress.subject") }
       opts.merge!({
@@ -18,7 +18,7 @@ module PolicyManager
 
     def completed_notification(portability_request_id)
       @portability_request = PortabilityRequest.find(portability_request_id)
-      @user = User.find(@portability_request.user_id)
+      @user = Config.user_resource.find(@portability_request.user_id)
       @link = @portability_request.download_link
       
       opts = { :to => @user.email, :subject => I18n.t("terms_app.mails.completed.subject") }
@@ -33,7 +33,7 @@ module PolicyManager
     end
 
     def admin_notification(user_id)
-      @user = User.find(user_id)
+      @user = Config.user_resource.find(user_id)
   
       opts = { :to => Config.admin_email(@user), :subject => I18n.t("terms_app.mails.admin.subject", email: @user.email) }
       opts.merge!({

data/app/models/policy_manager/portability_request.rb

@@ -5,7 +5,7 @@ module PolicyManager
   class PortabilityRequest < ApplicationRecord
     include Paperclip::Glue
 
-    belongs_to :user
+    belongs_to :user, class_name: Config.user_resource.to_s
 
     has_attached_file :attachment, 
       path: Config.exporter.try(:attachment_path) || Rails.root.join("tmp/portability/:id/build.zip").to_s, 

data/app/models/policy_manager/user_term.rb

@@ -4,7 +4,7 @@ module PolicyManager
   class UserTerm < ApplicationRecord
     include AASM
     
-    belongs_to :user
+    belongs_to :user, class_name: Config.user_resource.to_s
     belongs_to :term
 
     validates_uniqueness_of :term_id, :scope => :user_id

data/app/views/layouts/policy_manager/application.html.erb

@@ -42,40 +42,43 @@
         <div class="sidebar-sticky">
           <ul class="nav flex-column">
             <% if PolicyManager::Config.is_admin?(current_user) %>
+
               <li class="nav-item">
                 <a class="nav-link" href="<%= categories_path %>">
                   <i class="fas fa-balance-scale"></i>
-                  <%= I18n.t("terms_app.menu.policies") %> 
+                  <%= I18n.t("terms_app.menu.policies") %>
                 </a>
               </li>
-            <% end %>
-            
 
-            <% if PolicyManager::Config.is_admin?(current_user) %>
               <li class="nav-item">
                 <a class="nav-link" href="<%= portability_requests_path %>">
                   <i class="fas fa-suitcase"></i>
                   <%= I18n.t("terms_app.menu.portability_requests") %>
                 </a>
+              </li
+
+            <% end %>
+
+            <% if current_user.is_a? PolicyManager::Config.user_resource %>
+
+              <li class="separator"></li>
+
+              <li class="nav-item">
+                <a class="nav-link" href="<%= pending_user_terms_path %>">
+                  <i class="fas fa-user-secret"></i>
+                  <%= I18n.t("terms_app.menu.user_pending_policies") %>
+                </a>
+              </li>
+
+              <li class="nav-item">
+                <a class="nav-link" href="<%= user_portability_requests_path %>">
+                  <i class="fas fa-suitcase"></i>
+                  <%= I18n.t("terms_app.menu.user_portability_requests") %>
+                </a>
               </li>
+
             <% end %>
 
-            <li class="separator"></li>
-
-            <li class="nav-item">
-              <a class="nav-link" href="<%= pending_user_terms_path %>">
-                <i class="fas fa-user-secret"></i>
-                <%= I18n.t("terms_app.menu.user_pending_policies") %>       
-              </a>
-            </li>
-          
-            <li class="nav-item">
-              <a class="nav-link" href="<%= user_portability_requests_path %>">
-                <i class="fas fa-suitcase"></i>
-                <%= I18n.t("terms_app.menu.user_portability_requests") %>
-              </a>
-            </li>
-  
           </ul>
 
         </div>

data/config/locales/fr.yml

@@ -0,0 +1,124 @@
+fr:
+  terms_app:
+    title: Gestionnaire de données personnelles
+    sub_title: Gestionnaire de données personnelles
+    sign_out: Se déconnecter
+    menu:
+      policies: Consentements
+      portability_requests: Demandes de portabilité
+      user_portability_requests: Mes demandes de portabilité
+      user_pending_policies: Consentements en attente de validation
+    misc:
+      back: Précédent
+      edit: Modifier
+      show: Afficher
+      save: Sauvegarder
+      download: Télécharger
+      are_you_sure: Êtes-vous certain(e) ?
+    states:
+      draft: Brouillon
+      published: Publié
+    categories:
+      index:
+        title: Traitements
+        table:
+          name: Intitulé
+          terms: Conditions
+          show: Afficher
+      show:
+        title: "%{name}"
+        new: Nouvelle condition
+        table:
+          id: ID
+          content: Contenu
+          state: Etat
+          updated_at: Modifié à
+          show: Afficher
+    terms:
+      index:
+        title: Conditions
+        button: Nouvelle condition
+        table:
+          description: Description
+          category: Traitement
+          updated_at: Modifié à
+          show: Afficher
+          edit: Modifier
+          destroy: Supprimer
+      new:
+        title: "Nouvelle condition pour %{name}"
+        state: Etat
+        description: Description
+        button: Bouton
+        error: Une erreur s'est produise lors de la création de la condition
+        created: Créée avec succès
+        updated: Modifiée avec succès
+        destroyed: Supprimée avec succès
+      edit:
+        title: Modifier la condition pour %{name}
+        state: Etat
+        description: Description
+        error: Enregistrement en cours
+      show:
+        title: Condition
+        last_update: dernière modification
+        table:
+          name: Intitulé
+          terms: Conditions
+          show: Afficher
+    user_terms:
+      pending:
+        title: Consentements en attente de validation
+        empty: Vous n'avez pas de constements en attent de validation
+      show:
+        accepted:
+          message: Consentement enregistré
+          question: Souhaitez-vous changer d'avis ?
+          reject: Refuser
+          not_now: Pas maintenant
+        pending:
+          message: Veuillez accepter ce traitement
+          agree: Accepter
+          not_now: Pas maintenant
+    user_portability_requests:
+      index:
+        title: Mes demandes de portabilité
+        empty: Vous n'avez pas de demande de portabilité
+        table:
+          state: Etat
+          file: Fichier
+          created_at: Créée à
+          destroy: Supprimer
+        button: Nouvelle demande de portabilité
+        states:
+          pending: En attente
+          progress: En cours de traitement
+          completed: Finalisée
+        has_pending: Vous avez déjà une demande de portabilité en cours, vous ne pouvez en avoir plus.
+        created: Votre demande de portabilité a bien été enregistrée.
+    portability_requests:
+      index:
+        title: Demandes de portabilité en attente
+        destroyed: Supprimée avec succès
+        empty: Il n'y a aucune demande de portabilité
+        table:
+          user: Utilisateur
+          state: Etat
+          created_at: Créée à
+          destroy: Supprimer
+          confirm: Confirmation
+        states:
+          pending: En attente
+          progress: En cours de traitement
+          completed: Finalisée
+    mails:
+      admin:
+        subject: L'utilisateur %{email} vient d'effectuer une demande de portabilité.
+      progress:
+        subject: Votre demande de portabilité est cours de préparation.
+      completed:
+        subject: Vos données sont disponibles.
+  will_paginate:
+    previous_label: "<"
+    next_label: ">"
+    page_gap: "…"

data/lib/policy_manager/config.rb

@@ -1,21 +1,29 @@
 module PolicyManager
   class Config
 
-    mattr_accessor :exporter, 
-                   :from_email, 
+    mattr_accessor :exporter,
+                   :from_email,
                    :is_admin_method,
-                   :logout_url, 
+                   :logout_url,
                    :user_language_method,
                    :scripts,
                    :admin_email_inbox,
-                   :error_notifier
+                   :error_notifier,
+                   :user_resource,
+                   :admin_user_resource
 
     def self.setup
       @@rules = []
       @@portability_rules = []
       @@portability_templates = []
       @@scripts = []
+
       yield self
+
+      # sets this defaults after configuration
+      @@user_resource ||= User
+      @@admin_user_resource ||= User
+
       self
     end
 
@@ -26,13 +34,21 @@ module PolicyManager
     def self.admin_email(user)
       @@admin_email_inbox.is_a?(Proc) ? @@admin_email_inbox.call(user) : @@admin_email_inbox
     end
-    
+
     def self.exporter=(opts)
       @@exporter = Exporter.new(opts)
     end
 
     def self.is_admin?(user)
-      @@is_admin_method.call(user)
+      if has_different_admin_user_resource?
+        user.is_a? admin_user_resource
+      else
+        @@is_admin_method.call(user)
+      end
+    end
+
+    def self.has_different_admin_user_resource?
+      user_resource != admin_user_resource
     end
 
     def self.user_language(user)

data/lib/policy_manager/version.rb

@@ -1,3 +1,3 @@
 module PolicyManager
-  VERSION = '0.2.1'
+  VERSION = '0.2.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gdpr_rails
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Miguel Michelson
@@ -9,22 +9,28 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-04 00:00:00.000000000 Z
+date: 2018-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 5.1.4
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 5.1.4
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.3'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -241,6 +247,7 @@ files:
 - app/views/policy_manager/user_terms/show.json.jbuilder
 - config/locales/en.yml
 - config/locales/es.yml
+- config/locales/fr.yml
 - config/routes.rb
 - db/migrate/20180326193825_create_policy_manager_terms.rb
 - db/migrate/20180326193827_create_policy_manager_user_terms.rb