Bug 20819: Add consent to self-registration process

We add a section for the GDPR consent in opac-memberentry (only for the
self-registration). Not when editing personal details.

Test plan:
[1] Enable selfregistration (with confirm) and GDPR policy.
[2] Register a new account in OPAC. Verify that the GDPR checkbox is
    required.
[3] After you submit, you should see a date in borrower_modifications
    field gdpr_proc_consent.
[4] When you confirm, verify that the consent is visible on your consents.
[5] Enable selfregistration without confirmation mail. Register again.
[6] Check your consents tab again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt
index 6c645c9..25f9c10 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt
@@ -894,8 +894,20 @@
                     [% END %]
                 [% END %]
 
-                [% UNLESS action == 'edit' %]
+                [% IF Koha.Preference('GDPR_Policy') && action != 'edit' %]
+                    <fieldset class="rows" id="memberentry_gdpr_consent">
+                        <legend>GDPR consent</legend>
+                        <ol>
+                        <li>
+                            <label></label><span><input type="checkbox" name="borrower_gdpr_proc_consent" value="agreed"> I agree with your processing of my personal data as outlined in the <a target="_blank" href="[% PrivacyPolicyURL %]">privacy policy</a>. <span class="required">Required</span></span>
+                        </li>
+                        </ol>
+                    </fieldset>
+               [% END %]
+
+               [% UNLESS action == 'edit' %]
                     <fieldset class="rows" id="memberentry_captcha">
+                        <legend>Verification</legend>
                         <ol>
 
                             <li>

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index 4eeacf0..335d1c4 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -30,6 +30,7 @@ use C4::Members::Attributes qw( GetBorrowerAttributes );
 use C4::Form::MessagingPreferences;
 use Koha::AuthUtils;
 use Koha::Patrons;
+use Koha::Patron::Consent;
 use Koha::Patron::Modification;
 use Koha::Patron::Modifications;
 use C4::Scrubber;
@@ -209,7 +210,9 @@ if ( $action eq 'create' ) {
 
             $borrower{categorycode}     ||= C4::Context->preference('PatronSelfRegistrationDefaultCategory');
             $borrower{password}         ||= Koha::AuthUtils::generate_password;
+            my $consent_dt = delete $borrower{gdpr_proc_consent};
             my $patron = Koha::Patron->new( \%borrower )->store;
+            Koha::Patron::Consent->new({ borrowernumber => $patron->borrowernumber, type => 'GDPR_PROCESSING', given_on => $consent_dt })->store if $consent_dt;
             if ( $patron ) {
                 C4::Members::Attributes::SetBorrowerAttributes( $patron->borrowernumber, $attributes );
                 if ( C4::Context->preference('EnhancedMessagingPreferences') ) {
@@ -366,6 +369,7 @@ sub GetMandatoryFields {
       C4::Context->preference("PatronSelfRegistrationBorrowerMandatoryField");
 
     my @fields = split( /\|/, $BorrowerMandatoryField );
+    push @fields, 'gdpr_proc_consent' if C4::Context->preference('GDPR_Policy');
 
     foreach (@fields) {
         $mandatory_fields{$_} = 1;
@@ -472,6 +476,9 @@ sub ParseCgiForBorrower {
         $borrower{'dateofbirth'} = undef;
     }
 
+    # Replace checkbox 'agreed' by datetime in gdpr_proc_consent
+    $borrower{gdpr_proc_consent} = dt_from_string if  $borrower{gdpr_proc_consent} && $borrower{gdpr_proc_consent} eq 'agreed';
+
     return %borrower;
 }
 

diff --git a/opac/opac-registration-verify.pl b/opac/opac-registration-verify.pl
index 552b692..ce78ffa 100755 (executable)
--- a/opac/opac-registration-verify.pl
+++ b/opac/opac-registration-verify.pl
@@ -25,6 +25,7 @@ use C4::Members;
 use C4::Form::MessagingPreferences;
 use Koha::AuthUtils;
 use Koha::Patrons;
+use Koha::Patron::Consent;
 use Koha::Patron::Modifications;
 
 my $cgi = new CGI;
@@ -62,12 +63,14 @@ if (
 
     my $patron_attrs = $m->unblessed;
     $patron_attrs->{password} ||= Koha::AuthUtils::generate_password;
-
+    my $consent_dt = delete $patron_attrs->{gdpr_proc_consent};
     $patron_attrs->{categorycode} ||= C4::Context->preference('PatronSelfRegistrationDefaultCategory');
     delete $patron_attrs->{timestamp};
     delete $patron_attrs->{verification_token};
     my $patron = Koha::Patron->new( $patron_attrs )->store;
 
+    Koha::Patron::Consent->new({ borrowernumber => $patron->borrowernumber, type => 'GDPR_PROCESSING', given_on => $consent_dt })->store if $consent_dt;
+
     if ($patron) {
         $m->delete();
         C4::Form::MessagingPreferences::handle_form_action($cgi, { borrowernumber => $patron->borrowernumber }, $template, 1, C4::Context->preference('PatronSelfRegistrationDefaultCategory') ) if C4::Context->preference('EnhancedMessagingPreferences');