Bug 20819: Add check in get_template_and_user to enforce GDPR

If you choose to enforce GDPR policy, a user needs to give consent for
data processing before he does something else in the OPAC while being
logged in.

Test plan:
[1] Set GDPR_Policy to Disabled or Permissive. Usual behavior.
[2] Set to Enforced. Save a refusal on your consents. Notice that
    you are logged out when saving. When you login again, all OPAC
    requests are redirected to your consents tab.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 4854477..64f8823 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -37,6 +37,7 @@ use Koha::DateUtils qw(dt_from_string);
 use Koha::Library::Groups;
 use Koha::Libraries;
 use Koha::Patrons;
+use Koha::Patron::Consents;
 use POSIX qw/strftime/;
 use List::MoreUtils qw/ any /;
 use Encode qw( encode is_utf8);
@@ -180,6 +181,22 @@ sub get_template_and_user {
         );
     }
 
+    # If we enforce GDPR and the user did not consent, redirect
+    if( $in->{type} eq 'opac' && $user &&
+        $in->{'template_name'} !~ /opac-patron-consent/ &&
+        C4::Context->preference('GDPR_Policy') eq 'Enforced' )
+    {
+        my $consent = Koha::Patron::Consents->search({
+            borrowernumber => getborrowernumber($user),
+            type => 'GDPR_PROCESSING',
+            given_on => { '!=', undef },
+        })->next;
+        if( !$consent ) {
+            print $in->{query}->redirect(-uri => '/cgi-bin/koha/opac-patron-consent.pl', -cookie => $cookie);
+            safe_exit;
+        }
+    }
+
     if ( $in->{type} eq 'opac' && $user ) {
         my $kick_out;