[Koha-bugs] [Bug 22646] New: Fix use of PrivacyPolicyURL

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Apr 5 09:48:13 CEST 2019 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22646

            Bug ID: 22646
           Summary: Fix use of PrivacyPolicyURL
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Patrons
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: magnus at libriotech.no
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
  Target Milestone: ---

Bug 20819 introduced two new sysprefs: GDPR_Policy and PrivacyPolicyURL. The
latter is used in a couple of places in the code: 

* koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-patron-consent.tt, line 44:

 38 [% IF Koha.Preference('GDPR_Policy') %]
 ...
 44 <p>I have read the <a target="_blank" href="[%
Koha.Preference('PrivacyPolicyURL') | url %]">privacy policy</a> and agree with
your processing of my personal data as outlined therein.</p>

* koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt, line 906:

 901 [% IF Koha.Preference('GDPR_Policy') && action != 'edit' %]
 ...
 906 <label></label><span><input type="checkbox"
name="borrower_gdpr_proc_consent" value="agreed"> I agree with your processing
of my personal data as outlined in the <a target="_blank" href="[%
PrivacyPolicyURL | url %]">privacy policy</a>. <span
class="required">Required</span></span>

Two problems here:

1. The second occurence forgets to do Koha.Preference('PrivacyPolicyURL'), so
no URL is included in the page

2. Neither occurence checks if PrivacyPolicyURL is defined before using it, but
the description of PrivacyPolicyURL does not say that it is mandatory if
GDPR_Policy is defined. So do we check if PrivacyPolicyURL is defined before
displaying the link, or do we say that PrivacyPolicyURL is mandatory if
GDPR_Policy is set? Personally I am under the impression that having a public
privacy policy is part of being GDPR compliant, so I will submit a patch that
adds a "mandatory" text to the sysprefs.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.

More information about the Koha-bugs mailing list