Add setting to require consent for notifications
Ensure GDPR compliance by default (Article 25 GDPR – privacy by design and by default). Under GDPR, consent must be freely given, specific, informed and unambiguous [1]. We were subscribing users without explicity consent, which goes against the "No pre-ticked boxes" principle. For compatibility with existing installations, we're using a setting, disabled by default. Once we release version 2.4.0 we will enable it by default, which won't affect existing installations but only new ones. [1] https://gdprinfo.eu/best-gdpr-newsletter-consent-examples-a-complete-guide-to-compliant-email-marketing
This commit is contained in:
Johann
@@ -105,20 +105,44 @@ describe User do
|
||||
end
|
||||
|
||||
describe "subscription_to_website_newsletter" do
|
||||
it "is true by default" do
|
||||
expect(subject.newsletter).to be true
|
||||
it "is true by default when the consent for notifications setting is disabled" do
|
||||
Setting["feature.gdpr.require_consent_for_notifications"] = false
|
||||
|
||||
expect(build(:user).newsletter).to be true
|
||||
end
|
||||
|
||||
it "is false by default when the consent for notifications setting is enabled" do
|
||||
Setting["feature.gdpr.require_consent_for_notifications"] = true
|
||||
|
||||
expect(build(:user).newsletter).to be false
|
||||
end
|
||||
end
|
||||
|
||||
describe "email_digest" do
|
||||
it "is true by default" do
|
||||
expect(subject.email_digest).to be true
|
||||
it "is true by default when the consent for notifications setting is disabled" do
|
||||
Setting["feature.gdpr.require_consent_for_notifications"] = false
|
||||
|
||||
expect(build(:user).email_digest).to be true
|
||||
end
|
||||
|
||||
it "is false by default when the consent for notifications setting is enabled" do
|
||||
Setting["feature.gdpr.require_consent_for_notifications"] = true
|
||||
|
||||
expect(build(:user).email_digest).to be false
|
||||
end
|
||||
end
|
||||
|
||||
describe "email_on_direct_message" do
|
||||
it "is true by default" do
|
||||
expect(subject.email_on_direct_message).to be true
|
||||
it "is true by default when the consent for notifications setting is disabled" do
|
||||
Setting["feature.gdpr.require_consent_for_notifications"] = false
|
||||
|
||||
expect(build(:user).email_on_direct_message).to be true
|
||||
end
|
||||
|
||||
it "is false by default when the consent for notifications setting is enabled" do
|
||||
Setting["feature.gdpr.require_consent_for_notifications"] = true
|
||||
|
||||
expect(build(:user).email_on_direct_message).to be false
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user