consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add setting to require consent for notifications

Browse Source 
Ensure GDPR compliance by default (Article 25 GDPR – privacy by design
and by default). Under GDPR, consent must be freely given, specific,
informed and unambiguous [1]. We were subscribing users without
explicity consent, which goes against the "No pre-ticked boxes"
principle.

For compatibility with existing installations, we're using a setting,
disabled by default. Once we release version 2.4.0 we will enable it by
default, which won't affect existing installations but only new ones.

[1] https://gdprinfo.eu/best-gdpr-newsletter-consent-examples-a-complete-guide-to-compliant-email-marketing
This commit is contained in:
Johann
2025-09-16 21:25:35 +02:00
committed by Javi Martín
parent 208dc01d3b
commit e7f2210380
8 changed files with 54 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/components/admin/settings/features_tab_component.rb
View File

@@ -26,6 +26,7 @@ class Admin::Settings::FeaturesTabComponent < ApplicationComponent
feature.sdg feature.sdg
feature.machine_learning feature.machine_learning
feature.remove_investments_supports feature.remove_investments_supports
feature.gdpr.require_consent_for_notifications
feature.dashboard.notification_emails feature.dashboard.notification_emails
] ]
end end

1
app/models/setting.rb
View File

@@ -91,6 +91,7 @@ class Setting < ApplicationRecord
"feature.machine_learning": false, "feature.machine_learning": false,
"feature.remove_investments_supports": true, "feature.remove_investments_supports": true,
"feature.cookies_consent": false, "feature.cookies_consent": false,
"feature.gdpr.require_consent_for_notifications": false,
"homepage.widgets.feeds.debates": true, "homepage.widgets.feeds.debates": true,
"homepage.widgets.feeds.processes": true, "homepage.widgets.feeds.processes": true,
"homepage.widgets.feeds.proposals": true, "homepage.widgets.feeds.proposals": true,

3
app/models/user.rb
View File

@@ -1,6 +1,9 @@
class User < ApplicationRecord class User < ApplicationRecord
include Verification include Verification
attribute :registering_from_web, default: false attribute :registering_from_web, default: false
%i[newsletter email_digest email_on_direct_message].each do |field|
attribute field, :boolean, default: -> { !Setting["feature.gdpr.require_consent_for_notifications"] }
end
devise :database_authenticatable, :registerable, :confirmable, :recoverable, :rememberable, devise :database_authenticatable, :registerable, :confirmable, :recoverable, :rememberable,
:trackable, :validatable, :omniauthable, :password_expirable, :secure_validatable, :trackable, :validatable, :omniauthable, :password_expirable, :secure_validatable,

3
config/locales/en/settings.yml
View File

@@ -140,6 +140,9 @@ en:
sdg_description: Enable Sustainable Development Goals sections in the administration menu and in the Global Settings. sdg_description: Enable Sustainable Development Goals sections in the administration menu and in the Global Settings.
cookies_consent: Cookies consent banner cookies_consent: Cookies consent banner
cookies_consent_description: Enable the cookies consent banner to inform users about the cookies the application uses. cookies_consent_description: Enable the cookies consent banner to inform users about the cookies the application uses.
gdpr:
require_consent_for_notifications: Explicit consent for notifications
require_consent_for_notifications_description: Require explicit user consent in order to send them newsletters and similar information as required by the General Data Protection Regulation (GDPR).
remote_census: remote_census:
general: general:
endpoint: "Endpoint" endpoint: "Endpoint"

3
config/locales/es/settings.yml
View File

@@ -140,6 +140,9 @@ es:
sdg_description: Habilitar secciones relacionadas con Objetivos de Desarrollo Sostenible en el menú de administración y en la sección de Configuración Global. sdg_description: Habilitar secciones relacionadas con Objetivos de Desarrollo Sostenible en el menú de administración y en la sección de Configuración Global.
cookies_consent: Banner de consentimiento de cookies cookies_consent: Banner de consentimiento de cookies
cookies_consent_description: Activa el banner de consentimiento de cookies para informar a los usuarios sobre las cookies que utiliza la aplicación. cookies_consent_description: Activa el banner de consentimiento de cookies para informar a los usuarios sobre las cookies que utiliza la aplicación.
gdpr:
require_consent_for_notifications: Consentimiento explícito para notificaciones
require_consent_for_notifications_description: Requerir que los usuarios tengan que dar consentimiento explícito para enviarles boletines e información similar tal y como describe Reglamento General de Protección de Datos (RGPD).
remote_census: remote_census:
general: general:
endpoint: "Endpoint" endpoint: "Endpoint"

9
db/migrate/20251009084919_remove_default_value_in_user_notifications.rb Normal file
View File

@@ -0,0 +1,9 @@
class RemoveDefaultValueInUserNotifications < ActiveRecord::Migration[7.1]
def change
change_table :users do |t|
t.change_default :newsletter, from: true, to: nil
t.change_default :email_digest, from: true, to: nil
t.change_default :email_on_direct_message, from: true, to: nil
end
end
end

8
db/schema.rb
View File

@@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[7.1].define(version: 2025_09_09_145207) do ActiveRecord::Schema[7.1].define(version: 2025_10_09_084919) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm" enable_extension "pg_trgm"
enable_extension "plpgsql" enable_extension "plpgsql"
@@ -1609,7 +1609,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_09_09_145207) do
t.string "erase_reason" t.string "erase_reason"
t.datetime "erased_at", precision: nil t.datetime "erased_at", precision: nil
t.boolean "public_activity", default: true t.boolean "public_activity", default: true
t.boolean "newsletter", default: true t.boolean "newsletter"
t.integer "notifications_count", default: 0 t.integer "notifications_count", default: 0
t.boolean "registering_with_oauth", default: false t.boolean "registering_with_oauth", default: false
t.string "locale" t.string "locale"
@@ -1617,8 +1617,8 @@ ActiveRecord::Schema[7.1].define(version: 2025_09_09_145207) do
t.integer "geozone_id" t.integer "geozone_id"
t.string "gender", limit: 10 t.string "gender", limit: 10
t.datetime "date_of_birth", precision: nil t.datetime "date_of_birth", precision: nil
t.boolean "email_digest", default: true t.boolean "email_digest"
t.boolean "email_on_direct_message", default: true t.boolean "email_on_direct_message"
t.boolean "official_position_badge", default: false t.boolean "official_position_badge", default: false
t.datetime "password_changed_at", precision: nil, default: "2015-01-01 01:01:01", null: false t.datetime "password_changed_at", precision: nil, default: "2015-01-01 01:01:01", null: false
t.boolean "created_from_signature", default: false t.boolean "created_from_signature", default: false

36
spec/models/user_spec.rb
View File

@@ -105,20 +105,44 @@ describe User do
end end
describe "subscription_to_website_newsletter" do describe "subscription_to_website_newsletter" do
it "is true by default" do it "is true by default when the consent for notifications setting is disabled" do
expect(subject.newsletter).to be true Setting["feature.gdpr.require_consent_for_notifications"] = false
expect(build(:user).newsletter).to be true
end
it "is false by default when the consent for notifications setting is enabled" do
Setting["feature.gdpr.require_consent_for_notifications"] = true
expect(build(:user).newsletter).to be false
end end
end end
describe "email_digest" do describe "email_digest" do
it "is true by default" do it "is true by default when the consent for notifications setting is disabled" do
expect(subject.email_digest).to be true Setting["feature.gdpr.require_consent_for_notifications"] = false
expect(build(:user).email_digest).to be true
end
it "is false by default when the consent for notifications setting is enabled" do
Setting["feature.gdpr.require_consent_for_notifications"] = true
expect(build(:user).email_digest).to be false
end end
end end
describe "email_on_direct_message" do describe "email_on_direct_message" do
it "is true by default" do it "is true by default when the consent for notifications setting is disabled" do
expect(subject.email_on_direct_message).to be true Setting["feature.gdpr.require_consent_for_notifications"] = false
expect(build(:user).email_on_direct_message).to be true
end
it "is false by default when the consent for notifications setting is enabled" do
Setting["feature.gdpr.require_consent_for_notifications"] = true
expect(build(:user).email_on_direct_message).to be false
end end
end end