AO3-6838 Update the TOS and TOS FAQ text, structure, and references (o…

…twcode#4957)

* AO3-6838 Update text with new terms of service

* New pages with placeholders

* Additional text changes

* User registration updates

* Review feedback & test fixes

* Fixup mis-typed translation keys

* Test fixes redux

* Update tos (general principles)

* Update content policy

* Update privacy policy

* Fix partial paths

* Reorganize to suppress some bits on new account page

* ToS popup changes

* Smaller text changes from review

* Add missing content plagiarism section

* Test fixes and improvements

* Rubocop/ERBLint fixes

* Interpolation fix

* Content policy text updates

* I18n tweaks for content/privacy policies

* Fix i18n key typo

* AO3-6838 Update TOS FAQ, update TOS CSS, and fix assorted bugs

* Update the CSS for the TOS prompt to ensure proper margins and line heights

* Fix accepting TOS prompt when logged in

acceptTOS(); is only defined in _javascripts when there is no current_user

* TOS FAQ and style changes

* Ensure correct numbering of TOS TOC sections on the account creation page

Add the docs class to the tos module, since tos are a type of docs, and the docs class is part of the selector we use for the TOC numbering.

* Minor test fixes from hands-on testing

* Fix defending fanworks link

* Ensure proper formatting of TOS displayed on account creation page

- move the page headings back to the views and duplicate them in the _legal partial
- add additional classes to the tos module on _legal partial
- wrap content of tos module in single userstuff div
- adjust width and margin on tos module so it's not so narrow

* A brief interlude to convert the tabs to spaces in 16-zone-system.css

* Add subnavigation for TOS pages

* Add aria-labels to TOS FAQ links in Content Policy

* If a user was logged in at the time of the TOS update, do not show them the TOS prompt again when they log out

* Make sure Privacy Policy, TOS, and TOS FAQ have Top links in bottom subnav

* Update skip links in TOS FAQ

* AO3-TOS Update TOS FAQ links in Content Policy

* Better class names for TOS page main content

We do not want to waste the lovely terms 'content' and 'privacy' on the main div. Use tos-content and tos-privacy instead.

* Update table of contents structure and style

* Display expandable section heading on same line as arrow when printing

* Remove unused keys following TOC restructure

* Address review comments regarding sytax and typos

* Fix label text for TOS FAQ link

---------

Co-authored-by: Brian Austin <[email protected]>

---------

Co-authored-by: Brian Austin <[email protected]>
Co-authored-by: Brian Austin <[email protected]>

.rubocop.yml

@@ -122,6 +122,11 @@ Migration/LargeTableSchemaUpdate:
     - users
     - works
 
+Naming/VariableNumber:
+  AllowedIdentifiers:
+    - age_over_13
+    - no_age_over_13
+
 Rails/DefaultScope:
   Enabled: true
 

SECURITY.md

@@ -5,7 +5,7 @@ with details and reproduction steps. We will get back to you as soon as possible
 and we may ask for additional information or guidance.
 
 Please avoid testing for security issues on the Archive of Our Own itself,
-as you risk disrupting other users and violating the [Terms of Service](https://archiveofourown.org/tos#IV.C.).
+as you risk disrupting other users and violating the [Terms of Service](https://archiveofourown.org/content#II.K.1).
 
 Please give us a reasonable amount of time to address the issue before any
 disclosure to the public or a third-party.

app/controllers/application_controller.rb

@@ -176,7 +176,7 @@ def load_admin_banner
   before_action :load_tos_popup
   def load_tos_popup
     # Integers only, YYYY-MM-DD format of date Board approved TOS
-    @current_tos_version = 20180523
+    @current_tos_version = 2024_11_19 # rubocop:disable Style/NumericLiterals
   end
 
   # store previous page in session to make redirecting back possible

app/controllers/home_controller.rb

@@ -7,13 +7,25 @@ class HomeController < ApplicationController
   def unicorn_test
   end
 
+  def content
+    @page_title = t(".page_title")
+    render action: "content", layout: "application"
+  end
+
+  def privacy
+    @page_title = t(".page_title")
+    render action: "privacy", layout: "application"
+  end
+
   # terms of service
   def tos
+    @page_title = t(".page_title")
     render action: "tos", layout: "application"
   end
 
   # terms of service faq
   def tos_faq
+    @page_title = t(".page_title")
     render action: "tos_faq", layout: "application"
   end
 

app/controllers/users/registrations_controller.rb

@@ -50,7 +50,7 @@ def configure_permitted_parameters
     devise_parameter_sanitizer.permit(
       :sign_up,
       keys: [
-        :password_confirmation, :email, :age_over_13, :terms_of_service, :accepted_tos_version
+        :password_confirmation, :email, :age_over_13, :data_processing, :terms_of_service, :accepted_tos_version
       ]
     )
   end

app/helpers/application_helper.rb

@@ -22,24 +22,23 @@ def classes_for_main
     show_sidebar = ((@user || @admin_posts || @collection || show_wrangling_dashboard) && !@hide_dashboard)
     class_names += " dashboard" if show_sidebar
 
-    if page_has_filters?
-      class_names += " filtered"
-    end
-
-    if %w(abuse_reports feedbacks known_issues).include?(controller.controller_name)
-      class_names = "system support " + controller.controller_name + ' ' + controller.action_name
-    end
-    if controller.controller_name == "archive_faqs"
-      class_names = "system docs support faq " + controller.action_name
-    end
-    if controller.controller_name == "wrangling_guidelines"
-      class_names = "system docs guideline " + controller.action_name
-    end
-    if controller.controller_name == "home"
-      class_names = "system docs " + controller.action_name
-    end
-    if controller.controller_name == "errors"
-      class_names = "system " + controller.controller_name + " error-" + controller.action_name
+    class_names += " filtered" if page_has_filters?
+
+    case controller.controller_name
+    when "abuse_reports", "feedbacks", "known_issues"
+      class_names = "system support #{controller.controller_name} #{controller.action_name}"
+    when "archive_faqs"
+      class_names = "system docs support faq #{controller.action_name}"
+    when "wrangling_guidelines"
+      class_names = "system docs guideline #{controller.action_name}"
+    when "home"
+      class_names = if %w(content privacy).include?(controller.action_name)
+                      "system docs tos tos-#{controller.action_name}"
+                    else
+                      "system docs #{controller.action_name}"
+                    end
+    when "errors"
+      class_names = "system #{controller.controller_name} error-#{controller.action_name}"
     end
 
     class_names
@@ -631,4 +630,15 @@ def disallow_robots?(item)
       item.users.all? { |u| u&.preference&.minimize_search_engines? }
     end
   end
-end # end of ApplicationHelper
+
+  # Determines if the page (controller and action combination) does not need
+  # to show the ToS (Terms of Service) popup.
+  def tos_exempt_page?
+    case params[:controller]
+    when "home"
+      %w[content dmca privacy tos tos_faq].include?(params[:action])
+    when "abuse_reports", "feedbacks"
+      params[:action] == "new"
+    end
+  end
+end

app/helpers/home_helper.rb

@@ -9,4 +9,106 @@ def html_to_text(string)
     end
     return string
   end
+
+  # A TOC section has an h4 header, p with intro link, and ol of subsections.
+  def tos_table_of_contents_section(action)
+    return unless %w[content privacy tos].include?(action)
+
+    content = tos_section_header(action) + tos_section_intro_link(action) + tos_subsection_list(action)
+    # If we're on /tos, /content, or /privacy, use the details tag to make
+    # sections expandable and collapsable.
+    if controller.controller_name == "home"
+      # Use the open attribute to make the page's corresponding section expanded
+      # by default.
+      content_tag(:details, content, open: controller.action_name == action)
+    else
+      content
+    end
+  end
+
+  private
+
+  def tos_section_header(action)
+    # If we're on /tos, /content, or /privacy, the corresponding section header
+    # gets extra text indicating it is the current section.
+    text = if controller.controller_name == "home" && controller.action_name == action
+             t("home.tos_toc.#{action}.header_current")
+           else
+             t("home.tos_toc.#{action}.header")
+           end
+    heading = content_tag(:h4, text, class: "heading")
+    # If we're on /tos, /content, or /privacy, use a summary tag around the h4
+    # so it serves as the toggle to expand or collapse its section.
+    if controller.controller_name == "home"
+      content_tag(:summary, heading)
+    else
+      heading
+    end
+  end
+
+  def tos_section_intro_link(action)
+    content_tag(:p, link_to(t("home.tos_toc.#{action}.intro"), tos_anchor_url(action, action)))
+  end
+
+  def tos_subsection_list(action)
+    items = case action
+            when "content"
+              content_policy_subsection_items
+            when "privacy"
+              privacy_policy_subsection_items
+            when "tos"
+              tos_subsection_items
+            end
+    content_tag(:ol, items.html_safe, style: "list-style-type: upper-alpha;")
+  end
+
+  # When we are on the /signup page, the entire TOS is displayed. This lets us
+  # make sure that page only uses plain anchors in its TOC while the /tos,
+  # /content, nad /privacy pages (found in the home controller) sometimes
+  # point to other pages.
+  def tos_anchor_url(action, anchor)
+    if controller.controller_name == "home"
+      url_for(only_path: true, action: action, anchor: anchor)
+    else
+      "##{anchor}"
+    end
+  end
+
+  def content_policy_subsection_items
+    content_tag(:li, link_to(t("home.tos_toc.content.offensive_content"), tos_anchor_url("content", "II.A"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.fanworks"), tos_anchor_url("content", "II.B"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.commercial_promotion"), tos_anchor_url("content", "II.C"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.copyright_infringement"), tos_anchor_url("content", "II.D"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.plagiarism"), tos_anchor_url("content", "II.E"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.personal_information_and_fannish_identities"), tos_anchor_url("content", "II.F"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.impersonation"), tos_anchor_url("content", "II.G"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.harassment"), tos_anchor_url("content", "II.H"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.user_icons"), tos_anchor_url("content", "II.I"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.mandatory_tags"), tos_anchor_url("content", "II.J"))) +
+      content_tag(:li, link_to(t("home.tos_toc.content.illegal_and_inappropriate_content"), tos_anchor_url("content", "II.K")))
+  end
+
+  def privacy_policy_subsection_items
+    content_tag(:li, link_to(t("home.tos_toc.privacy.applicability"), tos_anchor_url("privacy", "III.A"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.scope_of_personal_information_we_process"), tos_anchor_url("privacy", "III.B"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.types_of_personal_information_we_collect_and_process"), tos_anchor_url("privacy", "III.C"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.aggregate_and_anonymous_information"), tos_anchor_url("privacy", "III.D"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.your_rights_under_applicable_data_privacy_laws"), tos_anchor_url("privacy", "III.E"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.information_shared_with_third_parties"), tos_anchor_url("privacy", "III.F"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.termination_of_account"), tos_anchor_url("privacy", "III.G"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.retention_of_personal_information"), tos_anchor_url("privacy", "III.H"))) +
+      content_tag(:li, link_to(t("home.tos_toc.privacy.contact_us"), tos_anchor_url("privacy", "III.I")))
+  end
+
+  def tos_subsection_items
+    content_tag(:li, link_to(t("home.tos_toc.tos.general_terms"), tos_anchor_url("tos", "I.A"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.updates_to_the_tos"), tos_anchor_url("tos", "I.B"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.potential_problems"), tos_anchor_url("tos", "I.C"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.content_you_access"), tos_anchor_url("tos", "I.D"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.what_we_do_with_content"), tos_anchor_url("tos", "I.E"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.what_you_cant_do"), tos_anchor_url("tos", "I.F"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.registration_and_email_addresses"), tos_anchor_url("tos", "I.G"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.age_policy"), tos_anchor_url("tos", "I.H"))) +
+      content_tag(:li, link_to(t("home.tos_toc.tos.abuse_policy"), tos_anchor_url("tos", "I.I")))
+  end
 end

app/models/user.rb

@@ -210,20 +210,12 @@ def unread_inbox_comments_count
 
   validates :email, email_format: true, uniqueness: true
 
-  # Virtual attribute for age check and terms of service
-    attr_accessor :age_over_13
-    attr_accessor :terms_of_service
-    # attr_accessible :age_over_13, :terms_of_service
-
-  validates_acceptance_of :terms_of_service,
-                          allow_nil: false,
-                          message: ts("^Sorry, you need to accept the Terms of Service in order to sign up."),
-                          if: :first_save?
-
-  validates_acceptance_of :age_over_13,
-                          allow_nil: false,
-                          message: ts("^Sorry, you have to be over 13!"),
-                          if: :first_save?
+  # Virtual attribute for age check, data processing agreement, and terms of service
+  attr_accessor :age_over_13, :data_processing, :terms_of_service
+
+  validates :data_processing, acceptance: { allow_nil: false, if: :first_save? }
+  validates :age_over_13, acceptance: { allow_nil: false, if: :first_save? }
+  validates :terms_of_service, acceptance: { allow_nil: false, if: :first_save? }
 
   def to_param
     login

app/views/archive_faqs/show.html.erb

@@ -25,17 +25,17 @@
     <p class="notice"><%= ts("We're sorry, there are currently no entries in this category.") %></p>
   <% else %>
     <div <% if rtl? %>dir="rtl"<% end %> class="userstuff">
-      <div id="toc" class="toc" role="navigation">
-        <h3 class="heading">
-          <% #TODO: Change this back to 'Questions in the NAME Category' once Translation system in place %>
+      <nav id="toc" aria-labelledby="toc-nav-heading" class="toc">
+        <h3 class="heading" id="toc-nav-heading">
+          <%# TODO: The heading should be "Questions in the NAME Category" once interface translation is in place. If we do it now, everything except NAME will be in English/the interface default. %>
           <%= @archive_faq.title %>
         </h3>
-        <ul role="navigation">
+        <ul class="toc">
           <% for q in @questions %>
             <li><%= link_to q.question, archive_faq_path(@archive_faq, :anchor => q.anchor) %></li>
           <% end %>
         </ul>
-      </div>
+      </nav>
 
       <div id="faq">
         <% for q in @questions %>