From e7f2210380f04c0c65f01d0ea0d2b18839f410fc Mon Sep 17 00:00:00 2001
From: Johann <johanndev1208@gmail.com>
Date: Tue, 16 Sep 2025 21:25:35 +0200
Subject: [PATCH] Add setting to require consent for notifications
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ensure GDPR compliance by default (Article 25 GDPR – privacy by design
and by default). Under GDPR, consent must be freely given, specific,
informed and unambiguous [1]. We were subscribing users without
explicity consent, which goes against the "No pre-ticked boxes"
principle.

For compatibility with existing installations, we're using a setting,
disabled by default. Once we release version 2.4.0 we will enable it by
default, which won't affect existing installations but only new ones.

[1] https://gdprinfo.eu/best-gdpr-newsletter-consent-examples-a-complete-guide-to-compliant-email-marketing
---
 .../admin/settings/features_tab_component.rb  |  1 +
 app/models/setting.rb                         |  1 +
 app/models/user.rb                            |  3 ++
 config/locales/en/settings.yml                |  3 ++
 config/locales/es/settings.yml                |  3 ++
 ...ove_default_value_in_user_notifications.rb |  9 +++++
 db/schema.rb                                  |  8 ++---
 spec/models/user_spec.rb                      | 36 +++++++++++++++----
 8 files changed, 54 insertions(+), 10 deletions(-)
 create mode 100644 db/migrate/20251009084919_remove_default_value_in_user_notifications.rb

diff --git a/app/components/admin/settings/features_tab_component.rb b/app/components/admin/settings/features_tab_component.rb
index 67d54d337..9b06e32a3 100644
--- a/app/components/admin/settings/features_tab_component.rb
+++ b/app/components/admin/settings/features_tab_component.rb
@@ -26,6 +26,7 @@ class Admin::Settings::FeaturesTabComponent < ApplicationComponent
       feature.sdg
       feature.machine_learning
       feature.remove_investments_supports
+      feature.gdpr.require_consent_for_notifications
       feature.dashboard.notification_emails
     ]
   end
diff --git a/app/models/setting.rb b/app/models/setting.rb
index d9b6f2fb1..7b997e563 100644
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -91,6 +91,7 @@ class Setting < ApplicationRecord
         "feature.machine_learning": false,
         "feature.remove_investments_supports": true,
         "feature.cookies_consent": false,
+        "feature.gdpr.require_consent_for_notifications": false,
         "homepage.widgets.feeds.debates": true,
         "homepage.widgets.feeds.processes": true,
         "homepage.widgets.feeds.proposals": true,
diff --git a/app/models/user.rb b/app/models/user.rb
index 30cee72c1..a030f7422 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,6 +1,9 @@
 class User < ApplicationRecord
   include Verification
   attribute :registering_from_web, default: false
+  %i[newsletter email_digest email_on_direct_message].each do |field|
+    attribute field, :boolean, default: -> { !Setting["feature.gdpr.require_consent_for_notifications"] }
+  end
 
   devise :database_authenticatable, :registerable, :confirmable, :recoverable, :rememberable,
          :trackable, :validatable, :omniauthable, :password_expirable, :secure_validatable,
diff --git a/config/locales/en/settings.yml b/config/locales/en/settings.yml
index 50ace1eb0..fc4e95012 100644
--- a/config/locales/en/settings.yml
+++ b/config/locales/en/settings.yml
@@ -140,6 +140,9 @@ en:
       sdg_description: Enable Sustainable Development Goals sections in the administration menu and in the Global Settings.
       cookies_consent: Cookies consent banner
       cookies_consent_description: Enable the cookies consent banner to inform users about the cookies the application uses.
+      gdpr:
+        require_consent_for_notifications: Explicit consent for notifications
+        require_consent_for_notifications_description: Require explicit user consent in order to send them newsletters and similar information as required by the General Data Protection Regulation (GDPR).
     remote_census:
       general:
         endpoint: "Endpoint"
diff --git a/config/locales/es/settings.yml b/config/locales/es/settings.yml
index 02bb55f5c..77c1acf87 100644
--- a/config/locales/es/settings.yml
+++ b/config/locales/es/settings.yml
@@ -140,6 +140,9 @@ es:
       sdg_description: Habilitar secciones relacionadas con Objetivos de Desarrollo Sostenible en el menú de administración y en la sección de Configuración Global.
       cookies_consent: Banner de consentimiento de cookies
       cookies_consent_description: Activa el banner de consentimiento de cookies para informar a los usuarios sobre las cookies que utiliza la aplicación.
+      gdpr:
+        require_consent_for_notifications: Consentimiento explícito para notificaciones
+        require_consent_for_notifications_description: Requerir que los usuarios tengan que dar consentimiento explícito para enviarles boletines e información similar tal y como describe Reglamento General de Protección de Datos (RGPD).
     remote_census:
       general:
         endpoint: "Endpoint"
diff --git a/db/migrate/20251009084919_remove_default_value_in_user_notifications.rb b/db/migrate/20251009084919_remove_default_value_in_user_notifications.rb
new file mode 100644
index 000000000..0c0d61d74
--- /dev/null
+++ b/db/migrate/20251009084919_remove_default_value_in_user_notifications.rb
@@ -0,0 +1,9 @@
+class RemoveDefaultValueInUserNotifications < ActiveRecord::Migration[7.1]
+  def change
+    change_table :users do |t|
+      t.change_default :newsletter, from: true, to: nil
+      t.change_default :email_digest, from: true, to: nil
+      t.change_default :email_on_direct_message, from: true, to: nil
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 10cc0d023..c7eb4545c 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2025_09_09_145207) do
+ActiveRecord::Schema[7.1].define(version: 2025_10_09_084919) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_trgm"
   enable_extension "plpgsql"
@@ -1609,7 +1609,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_09_09_145207) do
     t.string "erase_reason"
     t.datetime "erased_at", precision: nil
     t.boolean "public_activity", default: true
-    t.boolean "newsletter", default: true
+    t.boolean "newsletter"
     t.integer "notifications_count", default: 0
     t.boolean "registering_with_oauth", default: false
     t.string "locale"
@@ -1617,8 +1617,8 @@ ActiveRecord::Schema[7.1].define(version: 2025_09_09_145207) do
     t.integer "geozone_id"
     t.string "gender", limit: 10
     t.datetime "date_of_birth", precision: nil
-    t.boolean "email_digest", default: true
-    t.boolean "email_on_direct_message", default: true
+    t.boolean "email_digest"
+    t.boolean "email_on_direct_message"
     t.boolean "official_position_badge", default: false
     t.datetime "password_changed_at", precision: nil, default: "2015-01-01 01:01:01", null: false
     t.boolean "created_from_signature", default: false
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 851f12deb..4a9a9139b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -105,20 +105,44 @@ describe User do
     end
 
     describe "subscription_to_website_newsletter" do
-      it "is true by default" do
-        expect(subject.newsletter).to be true
+      it "is true by default when the consent for notifications setting is disabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = false
+
+        expect(build(:user).newsletter).to be true
+      end
+
+      it "is false by default when the consent for notifications setting is enabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = true
+
+        expect(build(:user).newsletter).to be false
       end
     end
 
     describe "email_digest" do
-      it "is true by default" do
-        expect(subject.email_digest).to be true
+      it "is true by default when the consent for notifications setting is disabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = false
+
+        expect(build(:user).email_digest).to be true
+      end
+
+      it "is false by default when the consent for notifications setting is enabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = true
+
+        expect(build(:user).email_digest).to be false
       end
     end
 
     describe "email_on_direct_message" do
-      it "is true by default" do
-        expect(subject.email_on_direct_message).to be true
+      it "is true by default when the consent for notifications setting is disabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = false
+
+        expect(build(:user).email_on_direct_message).to be true
+      end
+
+      it "is false by default when the consent for notifications setting is enabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = true
+
+        expect(build(:user).email_on_direct_message).to be false
       end
     end