Merge pull request #134 from interDist/privateco2

Privateco Ⅱ (mezuraj iloj kaj kuketoj)
tejoesperanto · Mar 17, 2018 · 0686455 · 0686455
2 parents f23214b + 3441764
commit 0686455
Show file tree

Hide file tree

Showing 38 changed files with 885 additions and 100 deletions.
diff --git a/core/context_processors.py b/core/context_processors.py
@@ -3,6 +3,7 @@
 
 def expose_selected_settings(request):
     SETTINGS = [
+        'ENVIRONMENT',
         'REDIRECT_FIELD_NAME',
         'INVALID_PREFIX',
         'MAPBOX_GL_CSS',

diff --git a/core/middleware.py b/core/middleware.py
@@ -0,0 +1,24 @@
+from django.urls import reverse
+from django.utils.deprecation import MiddlewareMixin
+
+from hosting.models import Preferences, Profile
+
+
+class AccountFlagsMiddleware(MiddlewareMixin):
+    """
+    Updates any flags and settings related to the user's account, whose value
+    cannot be pre-determined.
+    """
+
+    def process_request(self, request):
+        if not request.user.is_authenticated:
+            # Only relevant to logged in users.
+            return
+        if request.path.startswith(reverse('admin:index')) or request.path.startswith('/__debug__/'):
+            # Only relevant when using the website itself (not Django-Admin or debug tools).
+            return
+        profile = Profile.all_objects.filter(user=request.user)[0:1]
+        # Update user's analytics consent according to the DNT setting in the browser, first time
+        # when the user logs in (DNT==True => opt out). Prior to that the consent is undefined.
+        pref = Preferences.objects.filter(profile=profile, site_analytics_consent__isnull=True)
+        pref.update(site_analytics_consent=not request.DNT)
diff --git a/core/static/js/scripts.js b/core/static/js/scripts.js
@@ -12,6 +12,9 @@ $(document).ready(function() {
     // Lazy load images
     $('.lazy').addClass('loaded');
 
+    // Checkboxes with undefined value
+    $('input[type="checkbox"][data-initial="None"]').prop('indeterminate', true);
+
     // Button hover
     $('.btn').hover(function() {
         var $this = $(this);
@@ -62,6 +65,28 @@ $(document).ready(function() {
         }) });
     }
 
+    // Technologies usage banner
+    +function() {
+        var bots = /bot|crawl|spider|slurp|bingpreview|pinterest|mail\.ru|facebookexternalhit|feedfetcher|feedburner/i;
+        // see also https://ahrefs.com/images/robot/good-bots.jpg
+        if (bots.test(navigator.userAgent)
+                || Cookies.get('_consent')
+                || /^\/(privacy|privateco)\//.test(document.location.pathname))
+            return;
+        var $banner = $('#technologies-banner');
+        $banner.show().delay(500).animate({ bottom: 0 }, 1500, 'linear')
+               .find('.banner-close').click(function(event) {
+                   event.preventDefault();
+                   $(this).prop('disabled', true);
+                   $banner.fadeOut();
+                   Cookies.set(
+                       '_consent',
+                       typeof Date.prototype.toISOString !== "undefined" ? new Date().toISOString() : Date.now(),
+                       { expires: 550 }
+                   );
+               });
+    }();
+
     // Image links with custom highlighting
     +function() {
         var set_highlight = function() {

diff --git a/core/static/js/settings.js b/core/static/js/settings.js
@@ -10,7 +10,7 @@ $(document).ready(function() {
         if (onlyForCondition === true || onlyForCondition === false)
             if (onlyForCondition !== $(this).prop('checked'))
                 return;
-        var other_id = this.id.match(/(id_form-\d+-visible_online_)[a-z_-]+/);
+        var other_id = this.id.match(/(id_publish-\d+-visible_online_)[a-z_-]+/);
         var query = '[id^=' + other_id[1] + ']';
         $(query).not(this)
             .prop('checked', $(this).prop('checked'))
@@ -45,6 +45,15 @@ $(document).ready(function() {
             continuationHandler();
     });
 
+    // Places the 'more info' link into the checkbox' help block.
+    $('#analytics_more_link').each(function() {
+        $(this).closest('form')
+               .find('#id_site_analytics_consent')
+               .closest('.form-group')
+               .find('.help-block')
+               .append(this);
+    });
+
     window.updateVisibilitySetup = function($this) {
         $this.closest('form').find('#id_dirty').val($this.get(0).name);
     };
@@ -65,11 +74,17 @@ $(document).ready(function() {
                    });
         }
         else {
-            updateVisibilityFailure($this);
+            updatePrivacyFailure($this);
         }
     };
 
-    window.updateVisibilityFailure = function($this) {
+    window.updatePrivacyResult = function($this, response) {
+        if (response.result !== true) {
+            updatePrivacyFailure($this);
+        }
+    }
+
+    window.updatePrivacyFailure = function($this) {
         $this.closest('form').data('unsaved', true);
         var unsavedNotifier = function(event) {
             var notification = (document.documentElement.lang == "eo")
@@ -88,7 +103,7 @@ $(document).ready(function() {
             event.originalEvent.returnValue = notification;
             return notification;
         };
-        var submitButton = $this.closest('form').find('#id_vis_form_submit');
+        var submitButton = $this.closest('form').find('#id_privacy_form_submit');
         if (!arguments.callee.willAlert) {
             $(window).on('beforeunload', unsavedNotifier);
             submitButton.one('click', function() {

diff --git a/core/static/sass/_all.scss b/core/static/sass/_all.scss
@@ -155,6 +155,15 @@ header:not(.home) #subtitle,
     font-family: $font-stack-hint;
 }
 
+#technologies-banner {
+    position: fixed;
+    bottom: -500px;
+    margin-bottom: -4px;
+    z-index: 1070;
+    background-color: rgba(10, 5, 0, 0.95);
+    display: none;
+}
+
 
 /* Search & Accommodation details */
 #page.search form.search {
@@ -474,7 +483,10 @@ a.contact-details:not(:hover) {
             background-size: 40px 40px;
 }
 
-#page.settings #matrix_form {
+#page.settings #privacy_form {
+    table {
+        margin-bottom: 30px;
+    }
     th.header-in_book {
         vertical-align: middle !important;
         text-align: center !important;
@@ -508,6 +520,14 @@ a.contact-details:not(:hover) {
         top: 1px;
         right: 0px;
     }
+    .privacy-checkbox {
+        padding-left: 8px;
+        padding-right: 8px;
+        #analytics_more .help-block {
+            margin: 0;
+            text-align: justify;
+        }
+    }
 }
 
 .authorized-user {
@@ -734,7 +754,7 @@ footer {
     h2.owner {
         font-size: 24px;
     }
-    #page.settings #matrix_form {
+    #page.settings #privacy_form {
         th.header-public, th.header-authed {
             font-size: 85%;
         }

diff --git a/core/static/sass/_bootstrap_fixes.scss b/core/static/sass/_bootstrap_fixes.scss
@@ -72,6 +72,10 @@
     }
 }
 
+blockquote .table.small:before {
+    content: "";
+}
+
 .panel-cosy .panel-heading, .panel-heading-cosy {
     padding: 5px 15px;
 }

diff --git a/core/templates/base.html b/core/templates/base.html
@@ -36,6 +36,7 @@
         <script src="{% static 'js/jquery.min.js' %}"></script>
         <script src="{% static 'bootstrap/js/bootstrap.min.js' %}"></script>
         {% compress js %}
+            <script src="{% static 'js/cookies.min.js' %}"></script>
             <script src="{% static 'js/scripts.js' %}"></script>
             <script src="{% static 'js/messages.js' %}"></script>
             {% block extra_js %}{% endblock %}

diff --git a/core/templates/core/base.html b/core/templates/core/base.html
@@ -65,6 +65,35 @@
         {% endblock header %}
     </header>
 
+    <section id="technologies-banner" class="alert alert-warning" role="alertdialog" aria-label="{% trans "About Privacy: " %}">
+        <img src="{% static 'img/cookie.png' %}" alt="" data-attribution="CC0 Steven Giacomelli"
+             style="float: left; position: relative; left: -7px;" />
+        {% url 'privacy_policy' as privacy_policy_link %}
+        {% trans "cookies" context "URL" as policy_cookies_section %}
+        {% blocktrans with link=privacy_policy_link|add:"#"|add:policy_cookies_section trimmed %}
+            We use technologies such as cookies and browser storage to power the website. We also use cookies
+            to gather anonymised statistics. <a href="{{ link }}">Read more</a> about the technologies we use
+            and how to change your settings; by continuing to use the site without changing settings, you are
+            agreeing to such usage.
+        {% endblocktrans %}
+        {% if request.DNT %}
+            {% blocktrans trimmed %}
+                (BTW, we noticed that this browser is set with “Do Not Track”
+                and we are honouring this setting.)
+            {% endblocktrans %}
+        {% endif %}
+        <div class="btn-group pull-right">
+            <a type="button" id="banner-view-policy" class="btn btn-default btn-xs"
+               href="{{ privacy_policy_link }}#{{ policy_cookies_section }}">
+                {% trans "See our privacy policy." %}
+            </a>
+            <button type="button" class="btn btn-default btn-xs banner-close" autocomplete="off"
+                    title="{% trans "Hide" %}" aria-label="{% trans "Hide" %}">
+                <span class="fa fa-times fa-lg" aria-hidden="true"></span>
+            </button>
+        </div>
+    </section>
+
     {% block pre-page %}{% endblock %}
 
     <div id="page" role="{% block page_role %}main{% endblock %}" class="container{% block page_class %}{% endblock %}">
@@ -81,10 +110,12 @@
                     |
                     <span class="text-nowrap"><a href="{% url 'terms_conditions' %}">{% trans "Terms" %}</a></span>
                     |
+                    <span class="text-nowrap"><a href="{% url 'privacy_policy' %}">{% trans "Privacy" %}</a></span>
+                    |
                     <span class="text-nowrap"><a href="{% url 'supervisors' %}">{% trans "Supervisors" %}</a></span>
                     <span class="hidden-xs">|</span><br class="visible-xs-inline" style="margin-bottom: 10px" />
                     <span class="text-nowrap">
-                        <a href="http://tejo.org" title="Tutmonda Esperantista Junulara Organizo">
+                        <a href="http://tejo.org" title="Tutmonda Esperantista Junulara Organizo" rel="external">
                             <img src="{% static 'img/home/tejo.svg' %}"
                                  onerror="this.onerror = null; this.src = this.src.replace(/tejo\.svg$/, 'tejo-sm.png');"
                                  width="39" height="18" style="vertical-align:-15%" alt="TEJO" />
@@ -95,7 +126,12 @@
         {% endblock footer %}
     </footer>
 
-    {% include 'core/snippets/google_analytics.html' with DNT=request.DNT DEBUG=debug only %}
+    <script>
+        function anonymizeTitle() {
+            {% block ga_page_title %}{% endblock %}
+        }
+    </script>
+    {% include './snippets/google_analytics.html' with user=user ENV=ENVIRONMENT DEBUG=debug DNT=request.DNT only %}
 
     {% if user.is_authenticated %}
     <!-- PageId:{% random_identifier %} -->

diff --git a/core/templates/core/home.html b/core/templates/core/home.html
@@ -93,13 +93,13 @@ <h2 class="text-center">
 {% block page %}
     <div class="social-links social-networks sm-icons pull-left">
         {% spaceless %}
-        <a href="https://www.facebook.com/pasportaservo" target="_blank" title="Pasporta Servo {% trans "at" %} Facebook" class="highlight-custom">
+        <a href="https://www.facebook.com/pasportaservo" target="_blank" rel="external noreferrer" title="Pasporta Servo {% trans "at" %} Facebook" class="highlight-custom">
             <img src="{% static 'img/home/social_facebook-sm.png' %}" alt="[facebook]"/>
         </a>
-        <a href="https://twitter.com/pasportaservo" target="_blank" title="Pasporta Servo {% trans "at" %} Twitter" class="highlight-custom">
+        <a href="https://twitter.com/pasportaservo" target="_blank" rel="external noreferrer" title="Pasporta Servo {% trans "at" %} Twitter" class="highlight-custom">
             <img src="{% static 'img/home/social_twitter-sm.png' %}" alt="[twitter]"/>
         </a>
-        <a href="https://youtu.be/hkQZUI5f_ck" target="_blank" title="{% trans "About us" %}, {% trans "at" %} YouTube" class="highlight-custom">
+        <a href="https://youtu.be/hkQZUI5f_ck" target="_blank" rel="external noreferrer" title="{% trans "About us" %}, {% trans "at" %} YouTube" class="highlight-custom">
             <img src="{% static 'img/home/social_youtube-sm.png' %}" alt="[youtube]"/>
         </a>
         {% endspaceless %}
@@ -114,10 +114,10 @@ <h2 class="text-center">
         <a href="mailto:saluton [cxe] pasportaservo.org" title="{% trans "Contact us via email" %}" class="highlight-custom">
             <img src="{% static 'img/home/social_email-sm.png' %}" alt="[email]"/>
         </a>
-        <a href="https://trello.com/b/kerCH0sk/pasporta-servo-novaj-funkcioj" target="_blank" title="{% trans "Your ideas and suggestions" %}: Trello" class="highlight-custom narrow">
+        <a href="https://trello.com/b/kerCH0sk/pasporta-servo-novaj-funkcioj" target="_blank" rel="external noreferrer" title="{% trans "Your ideas and suggestions" %}: Trello" class="highlight-custom narrow">
             <img src="{% static 'img/home/social_trello-sm.png' %}" alt="[trello]"/>
         </a>
-        <a href="https://github.com/tejo-esperanto/pasportaservo" target="_blank" title="{% trans "Pasporta Servo's source code" %}: GitHub" class="highlight-custom">
+        <a href="https://github.com/tejo-esperanto/pasportaservo" target="_blank" rel="external noreferrer" title="{% trans "Pasporta Servo's source code" %}: GitHub" class="highlight-custom">
             <img src="{% static 'img/home/social_github-sm.png' %}" alt="[github]"/>
         </a>
         {% endspaceless %}

diff --git a/core/templates/core/snippets/google_analytics.html b/core/templates/core/snippets/google_analytics.html
@@ -1,14 +1,64 @@
-{% load solo_tags %}
+{% load solo_tags utils %}
 {% get_solo 'core.SiteConfiguration' as config %}
 
-{% if not DEBUG and not DNT %}
+{% if user.is_authenticated and user.profile %}
+    {% comment %}
+    We want to save the opt-out status for later, in case the user logs out of their
+    account. The browser then shall still honour the preference of the user.
+    Should another user log in using the same browser, the status will be updated.
+    {% endcomment %}
+    <script>
+        if (window.localStorage) {
+            var optoutKey = 'analytics.opt-out';
+            {% if user.profile.pref.site_analytics_consent %}
+                localStorage.setItem(optoutKey, false);
+            {% else %}
+                localStorage.setItem(optoutKey, true);
+            {% endif %}
+        }
+    </script>
+{% endif %}
+{% if ENV != 'PROD' or user.is_authenticated and user.profile and not user.profile.pref.site_analytics_consent %}
+    {% comment %}
+    Google Analytics is disabled when the logged in user explicitely opted out of measurement
+    activities or when the site accessed is not the production one. For users who are not
+    authenticated (visitors), the GA is included and can be disactivated by installing an
+    opt-out browser addon provided by Google or by turning on DNT. For users who were (in
+    the same browser) previously authenticated, we will honour their preference stored in
+    local storage for that purpose.
+    {% endcomment %}
+{% else %}
     <script>
         (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
         (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
         m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
         })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
 
+        (function(shouldDisableGA) {
+            {% if not user.is_authenticated or not user.profile %}
+                var optoutKey = 'analytics.opt-out';
+                var doNotTrack = {{ DNT|lower }};
+                if (window.localStorage && localStorage.getItem(optoutKey)) {
+                    shouldDisableGA = localStorage.getItem(optoutKey) == 'true';
+                }
+                else {
+                    shouldDisableGA = !Cookies.get('_consent') || doNotTrack;
+                }
+            {% endif %}
+            if (shouldDisableGA) {
+                window['ga-disable-{{ config.google_analytics_key }}'] = true;
+            }
+        })();
+
         ga('create', '{{ config.google_analytics_key }}', 'auto');
+        ga('set', 'anonymizeIp', true);
+        {% if user.is_authenticated %}ga('set', 'userId', '{{ user|public_id }}');{% endif %}
+        if (typeof anonymizeTitle !== "undefined") {
+            var pagetitle = anonymizeTitle();
+            if (pagetitle) {
+                ga('set', 'title', pagetitle);
+            }
+        }
         ga('send', 'pageview');
     </script>
 {% endif %}
diff --git a/core/templatetags/utils.py b/core/templatetags/utils.py
@@ -1,4 +1,5 @@
 import random
+from hashlib import sha256
 
 from django import template
 
@@ -17,6 +18,14 @@ def random_identifier(length=None):
                    for n in range(length))
 
 
+@register.filter(is_safe=True)
+def public_id(account):
+    try:
+        return sha256(str(account.pk).encode() + str(account.date_joined).encode()).hexdigest()
+    except Exception:
+        return ''
+
+
 register.simple_tag(func=lambda *args: list(args), name='list')