#5876 - Allow downloading or purging of data from user profile
| Identifier | #5876 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Allow downloading or purging of data from user profile |
| Status | Open |
| Handling member | Deleted |
| Version | 11 beta1 |
| Addon | actionlog |
| Description | Ever since #5555 was completed, we can reasonably be confident now that the privacy system will cooperate and ensure that data from other users will not be leaked or modified. As such, we should allow users the basic ability to download or purge their data from their profile:
The UI will be simplistic. Instead of presenting every database table, it will present based on hooks. There will be one tick per hook. Users tick which groups of tables they want to take action on. And at the bottom is a button to either download or purge. Every tick box is UNticked by default; we want members to explicitly tick them so they acknowledge those groups of data are actually what they want action for. Add a new property to modify_table_details (boolean $user_executed; true if the user executed the action). Then in core_cns, use modify_table_details to modify how we purge f_members if a member executed it: - f_members should be anonymised, not deleted. Add this as an allowed method, but leave at delete for the default. - Remove id, password fields, e-mail codes, etc from the list of fields to anonymise so the member doesn't get locked out of their account Purging runs default_handle_method. * Every privacy hook gets 2 new properties in info() (these are root properties, not ones on the database tables): - label: The hook label, which will show up as a label on the user's profile as tick boxes - description: A description for the privacy hook, namely to briefly describe to the user what kind of data exists within this hook / group Use the task queue when possible just like always. Also, add a new config option for specifying the number of days a user must wait before they can either download or purge their data again (probably should be a separate option for each). Defaults to 7 on both. Can be set to a negative number to completely disable a user's ability to perform that action (say if you want to require contacting staff, or if you want to require payment through the ecommerce system to do it). |
| Steps to reproduce | 555 |
| Additional information | This is development I'd personally like to see in Composr; I'll be providing it unmetered / unpaid myself. |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments