View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005524 | Composr | core_cns | public | 2024-01-03 16:21 | 2024-11-24 18:15 |
| Reporter | Patrick Schmalstig | Assigned To | Patrick Schmalstig | ||
| Severity | Feature-request | ||||
| Status | assigned | Resolution | open | ||
| Product Version | 11.beta5 | ||||
| Fixed in Version | |||||
| Summary | 0005524: Textually log per-member their agreements to the declarations | ||||
| Description | With laws like this Ohio one popping up ( https://governor.ohio.gov/administration/lt-governor/071123 ), it is becoming increasingly necessary to have a physical log of one's agreement to a site's rules or Terms and Conditions. When a site requires a member to declare things via tick boxes before registering, do the following: * Log the status of each tick box and whether or not it was ticked via hidden parameters for the remainder of the form. The value should be empty if the box was not ticked, or the full text of the declaration if it was ticked. * When the member is registered, read the values of these hidden parameters and log them in the database with the member account. This could probably be done through a restricted custom profile field. | ||||
| Additional Information | While it's not possible to register an account without ticking all the declarations, I do not simply want the system to assume a registered account = they agreed to all the declarations and just dump the values of the declaration text into the CPF on registration. For better legal compliance, the proper web form submission process with input fields should be followed. That way, the actions are directly tied to the member. Member registration should also reject itself, possibly with a hack attack, if the necessary hidden inputs for the declarations do not match the configured declaration text. There are only two possible cases where this could happen: * A member physically altered the HTML / form, thus why it might be considered a low-level hack attack * Edge case: The declarations config was modified by an admin after the member passed the rules screen but before submitting their registration. It may be possible to check against this by reading the date/time the config was edited versus a hidden timestamp, however this enables the possibility of the user modifying the timestamp, and we would not necessarily know they did that. | ||||
| Tags | Roadmap: Over the horizon, Roadmap: v11 partial implementation, Type: Legal compliance / Privacy | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
| related to | 0005525 | resolved | Patrick Schmalstig | Composr | Allow re-requiring existing members to agree to the rules / declarations |
| related to | 0005784 | resolved | Patrick Schmalstig | Composr | Add ability to send e-mails as site with defined template and create Support Ticket |
| related to | 0005998 | closed | Patrick Schmalstig | Composr alpha bug reports | Parental consent enabled by default |
|
|
Regarding child protection laws: * COPPA should be enabled by default * When staff are emailed, they are informed to reply with the ToS, the moderation tools used, and general confirmation that this agreement happened. * Add template support to the email module including a default template for "COPPA" confirmation. Generate it by PHP which includes current rules and the current content moderation tools (every addon that might possibly censor or moderate content / users needs to self-report through another set of hooks similar to privacy). * Document how all of this is going to work; some users' parents may need to be replied to offline (just copy the generated text from the email module to a word processor). |
|
|
We will also need to add an action log for when a specific email template was used, so we can audit that audit information was sent to the parent of a kid :D. Scientologists would be proud of this level of auditing. We will need to document this, and also document it that if doing it offline, you should also keep your own records. |
|
|
The saving of declarations and prompting for re-agreement has been implemented as of 11.alpha3 |
|
|
I decided against treating the edge case as a hack attack. I can see where that will cause issues. Instead, a user error will be thrown if the submitted declarations do not match what was configured. I plan to also implement simple emails of the declarations for v11.0 to ensure legal compliance. E-mail template functionality, which is not necessary for legal compliance but will improve the UI, will probably be a later version. |
|
|
Very basic support for sending e-mails with templates added in 0005784 . Currently resides in the tickets module as it is designed to be used with guest support tickets / e-mail integration. Consider refining the code and then moving it to the email module with tickets support if the addon is installed. |
|
|
Automated response: Add rules confirmation e-mail This commit adds support for automatic e-mails of the rules / declarations agreed to both when a member registers and when a member re-agrees to changes. It includes a full copy of the rules page and the Privacy Policy page. Issue will remain open as other parts of it have yet to be implemented. |
|
|
Fixed in Git commit 33a173af0b (https://gitlab.com/composr-foundation/composr/commit/33a173af0b - link will become active once code pushed to GitLab) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-03 16:21 | Patrick Schmalstig | New Issue | |
| 2024-01-03 16:21 | Patrick Schmalstig | Status | non-assigned => assigned |
| 2024-01-03 16:21 | Patrick Schmalstig | Assigned To | => Patrick Schmalstig |
| 2024-01-03 16:21 | Patrick Schmalstig | Tag Attached: Roadmap: v11 | |
| 2024-01-03 16:21 | Patrick Schmalstig | Tag Attached: Type: Legal compliance / Privacy | |
| 2024-01-03 16:28 | Patrick Schmalstig | Relationship added | related to 0005525 |
| 2024-01-14 18:03 | Patrick Schmalstig | Note Added: 0008191 | |
| 2024-01-14 18:36 | Chris Graham | Note Added: 0008193 | |
| 2024-03-30 03:33 | Patrick Schmalstig | Tag Detached: Roadmap: v11 | |
| 2024-03-30 03:33 | Patrick Schmalstig | Tag Attached: Roadmap: v11 partial implementation | |
| 2024-03-30 03:33 | Patrick Schmalstig | Tag Attached: Roadmap: Over the horizon | |
| 2024-03-30 03:33 | Patrick Schmalstig | Project | Composr alpha bug reports => Composr |
| 2024-03-30 03:48 | Patrick Schmalstig | Category | General / Uncategorised => core_cns |
| 2024-05-14 22:15 | Patrick Schmalstig | Additional Information Updated | View Revisions |
| 2024-05-15 00:40 | Patrick Schmalstig | Note Added: 0008758 | |
| 2024-05-19 20:06 | Patrick Schmalstig | Note Added: 0008769 | |
| 2024-05-19 20:07 | Patrick Schmalstig | Note Edited: 0008769 | View Revisions |
| 2024-05-19 20:08 | Patrick Schmalstig | Note Edited: 0008769 | View Revisions |
| 2024-06-04 20:01 | Patrick Schmalstig | Relationship added | related to 0005784 |
| 2024-06-04 20:02 | Patrick Schmalstig | Note Added: 0008806 | |
| 2024-11-24 18:10 | Patrick Schmalstig | Relationship added | related to 0005998 |
