From cdb3f044c46eb03069ff133cdc8f3cd14042d2af Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Wed, 18 Apr 2018 22:29:59 +0000 Subject: [PATCH] Privacy: add means to erase personal data by username or email address. First run. Props allendav, coreymckrill, ericdaams, azaozz. See #43637, #43602. git-svn-id: https://develop.svn.wordpress.org/trunk@42986 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/admin-ajax.php | 1 + src/wp-admin/includes/ajax-actions.php | 202 ++++++++++++++++++++++++- src/wp-admin/includes/user.php | 174 ++++++++++++++------- src/wp-admin/js/xfn.js | 121 +++++++++++++++ src/wp-includes/script-loader.php | 9 ++ 5 files changed, 451 insertions(+), 56 deletions(-) diff --git a/src/wp-admin/admin-ajax.php b/src/wp-admin/admin-ajax.php index 8e4585486c..93c32393e0 100644 --- a/src/wp-admin/admin-ajax.php +++ b/src/wp-admin/admin-ajax.php @@ -130,6 +130,7 @@ $core_actions_post = array( 'get-community-events', 'edit-theme-plugin-file', 'wp-privacy-export-personal-data', + 'wp-privacy-erase-personal-data', ); // Deprecated diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index 6d6a640d86..d3416c6126 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -4328,10 +4328,10 @@ function wp_ajax_edit_theme_plugin_file() { } function wp_ajax_wp_privacy_export_personal_data() { -// check_ajax_referer( 'wp-privacy-export-personal-data', 'security' ); + check_ajax_referer( 'wp-privacy-export-personal-data', 'security' ); if ( ! current_user_can( 'manage_options' ) ) { - wp_send_json_error( 'access denied' ); + wp_send_json_error( __( 'Error: Invalid request.' ) ); } $email_address = sanitize_text_field( $_POST['email'] ); @@ -4341,7 +4341,7 @@ function wp_ajax_wp_privacy_export_personal_data() { /** * Filters the array of exporter callbacks. * - * @since 4.9.5. + * @since 4.9.6 * * @param array $args { * An array of callable exporters of personal data. Default empty array. @@ -4429,7 +4429,7 @@ function wp_ajax_wp_privacy_export_personal_data() { * * Allows the export response to be consumed by destinations in addition to Ajax. * - * @since 4.9.5 + * @since 4.9.6 * * @param array $response The personal data for the given exporter and page. * @param int $exporter_index The index of the exporter that provided this data. @@ -4443,3 +4443,197 @@ function wp_ajax_wp_privacy_export_personal_data() { wp_send_json_success( $response ); } + +/** + * Ajax handler for erasing personal data. + * + * @since 4.9.6 + */ +function wp_ajax_wp_privacy_erase_personal_data() { + $request_id = (int) $_POST['id']; + + if ( empty( $request_id ) ) { + wp_send_json_error( __( 'Error: Invalid request ID.' ) ); + } + + if ( ! current_user_can( 'delete_users' ) ) { + wp_send_json_error( __( 'Error: Invalid request.' ) ); + } + + check_ajax_referer( 'wp-privacy-erase-personal-data-' . $request_id, 'security' ); + + // Find the request CPT + $request = get_post( $request_id ); + if ( 'user_remove_request' !== $request->post_type ) { + wp_send_json_error( __( 'Error: Invalid request ID.' ) ); + } + + $email_address = get_post_meta( $request_id, '_user_email', true ); + + if ( ! is_email( $email_address ) ) { + wp_send_json_error( __( 'Error: Invalid email address in request.' ) ); + } + + $eraser_index = (int) $_POST['eraser']; + $page = (int) $_POST['page']; + + /** + * Filters the array of personal data eraser callbacks. + * + * @since 4.9.6 + * + * @param array $args { + * An array of callable erasers of personal data. Default empty array. + * [ + * callback string Callable eraser that accepts an email address and + * a page and returns an array with the number of items + * removed, the number of items retained and any messages + * from the eraser, as well as if additional pages are + * available. + * eraser_friendly_name string Translated user facing friendly name for the eraser. + * ] + * } + */ + $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); + + // Do we have any registered erasers? + if ( 0 < count( $erasers ) ) { + if ( $eraser_index < 1 ) { + wp_send_json_error( __( 'Error: Eraser index cannot be less than one.' ) ); + } + + if ( $eraser_index > count( $erasers ) ) { + wp_send_json_error( __( 'Error: Eraser index is out of range.' ) ); + } + + if ( $page < 1 ) { + wp_send_json_error( __( 'Error: Page index cannot be less than one.' ) ); + } + + $index = $eraser_index - 1; // Convert to zero based for eraser index + $eraser = $erasers[ $index ]; + if ( ! is_array( $eraser ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Expected an array describing the eraser at index %d.' ), + $eraser_index + ) + ); + } + if ( ! array_key_exists( 'callback', $eraser ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Eraser array at index %d does not include a callback.' ), + $eraser_index + ) + ); + } + if ( ! is_callable( $eraser['callback'] ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Eraser callback at index %d is not a valid callback.' ), + $eraser_index + ) + ); + } + if ( ! array_key_exists( 'eraser_friendly_name', $eraser ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Eraser array at index %d does not include a friendly name.' ), + $eraser_index + ) + ); + } + + $callback = $erasers[ $index ]['callback']; + $eraser_friendly_name = $erasers[ $index ]['eraser_friendly_name']; + + $response = call_user_func( $callback, $email_address, $page ); + if ( is_wp_error( $response ) ) { + wp_send_json_error( $response ); + } + + if ( ! is_array( $response ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Did not receive array from %s eraser (index %d).' ), + $eraser_friendly_name, + $eraser_index + ) + ); + } + if ( ! array_key_exists( 'num_items_removed', $response ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Expected num_items_removed key in response array from %s eraser (index %d).' ), + $eraser_friendly_name, + $eraser_index + ) + ); + } + if ( ! array_key_exists( 'num_items_retained', $response ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Expected num_items_retained key in response array from %s eraser (index %d).' ), + $eraser_friendly_name, + $eraser_index + ) + ); + } + if ( ! array_key_exists( 'messages', $response ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Expected messages key in response array from %s eraser (index %d).' ), + $eraser_friendly_name, + $eraser_index + ) + ); + } + if ( ! is_array( $response['messages'] ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Expected messages key to reference an array in response array from %s eraser (index %d).' ), + $eraser_friendly_name, + $eraser_index + ) + ); + } + if ( ! array_key_exists( 'done', $response ) ) { + wp_send_json_error( + sprintf( + __( 'Error: Expected done flag in response array from %s eraser (index %d).' ), + $eraser_friendly_name, + $eraser_index + ) + ); + } + } else { + // No erasers, so we're done + $response = array( + 'num_items_removed' => 0, + 'num_items_retained' => 0, + 'messages' => array(), + 'done' => true, + ); + } + + /** + * Filters a page of personal data eraser data. + * + * Allows the erasure response to be consumed by destinations in addition to Ajax. + * + * @since 4.9.6 + * + * @param array $response The personal data for the given exporter and page. + * @param int $exporter_index The index of the exporter that provided this data. + * @param string $email_address The email address associated with this personal data. + * @param int $page The zero-based page for this response. + * @param int $request_id The privacy request post ID associated with this request. + */ + $response = apply_filters( 'wp_privacy_personal_data_erasure_page', $response, $eraser_index, $email_address, $page, $request_id ); + if ( is_wp_error( $response ) ) { + wp_send_json_error( $response ); + } + + wp_send_json_success( $response ); +} diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php index 355426d6d4..9638e5de64 100644 --- a/src/wp-admin/includes/user.php +++ b/src/wp-admin/includes/user.php @@ -583,7 +583,7 @@ Please click the following link to activate your user account: /** * Get action description from the name. * - * @since 5.0.0 + * @since 4.9.6 * @access private * * @return string @@ -600,7 +600,7 @@ function _wp_privacy_action_description( $request_type ) { /** * Log a request and send to the user. * - * @since 5.0.0 + * @since 4.9.6 * @access private * * @param string $email_address Email address sending the request to. @@ -640,7 +640,7 @@ function _wp_privacy_create_request( $email_address, $action, $description ) { /** * Resend an existing request and return the result. * - * @since 5.0.0 + * @since 4.9.6 * @access private * * @param int $privacy_request_id Request ID. @@ -680,7 +680,7 @@ function _wp_privacy_resend_request( $privacy_request_id ) { /** * Marks a request as completed by the admin and logs the datetime. * - * @since 5.0.0 + * @since 4.9.6 * @access private * * @param int $privacy_request_id Request ID. @@ -705,27 +705,27 @@ function _wp_privacy_completed_request( $privacy_request_id ) { /** * Handle list table actions. * - * @since 5.0.0 + * @since 4.9.6 * @access private */ function _wp_personal_data_handle_actions() { - if ( isset( $_POST['export_personal_data_email_retry'] ) ) { // WPCS: input var ok. + if ( isset( $_POST['privacy_action_email_retry'] ) ) { // WPCS: input var ok. check_admin_referer( 'bulk-privacy_requests' ); - $request_id = absint( current( array_keys( (array) wp_unslash( $_POST['export_personal_data_email_retry'] ) ) ) ); // WPCS: input var ok, sanitization ok. + $request_id = absint( current( array_keys( (array) wp_unslash( $_POST['privacy_action_email_retry'] ) ) ) ); // WPCS: input var ok, sanitization ok. $result = _wp_privacy_resend_request( $request_id ); if ( is_wp_error( $result ) ) { add_settings_error( - 'export_personal_data_email_retry', - 'export_personal_data_email_retry', + 'privacy_action_email_retry', + 'privacy_action_email_retry', $result->get_error_message(), 'error' ); } else { add_settings_error( - 'export_personal_data_email_retry', - 'export_personal_data_email_retry', + 'privacy_action_email_retry', + 'privacy_action_email_retry', __( 'Confirmation request re-resent successfully.' ), 'updated' ); @@ -837,7 +837,7 @@ function _wp_personal_data_handle_actions() { /** * Personal data export. * - * @since 5.0.0 + * @since 4.9.6 * @access private */ function _wp_personal_data_export_page() { @@ -898,22 +898,27 @@ function _wp_personal_data_export_page() { /** * Personal data anonymization. * - * @since 5.0.0 + * @since 4.9.6 * @access private */ function _wp_personal_data_removal_page() { - if ( ! current_user_can( 'manage_options' ) ) { + if ( ! current_user_can( 'delete_users' ) ) { wp_die( esc_html__( 'Sorry, you are not allowed to manage privacy on this site.' ) ); } _wp_personal_data_handle_actions(); + // "Borrow" xfn.js for now so we don't have to create new files. + wp_enqueue_script( 'xfn' ); + $requests_table = new WP_Privacy_Data_Removal_Requests_Table( array( 'plural' => 'privacy_requests', 'singular' => 'privacy_request', ) ); + $requests_table->process_bulk_action(); $requests_table->prepare_items(); + ?>

@@ -959,7 +964,7 @@ function _wp_personal_data_removal_page() { /** * Add requests pages. * - * @since 5.0.0 + * @since 4.9.6 * @access private */ function _wp_privacy_hook_requests_page() { @@ -982,7 +987,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { * which inherit from WP_Privacy_Requests_Table should define this. * e.g. 'export_personal_data' * - * @since 5.0.0 + * @since 4.9.6 * * @var string $request_type Name of action. */ @@ -991,7 +996,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Post type to be used. * - * @since 5.0.0 + * @since 4.9.6 * * @var string $post_type The post type. */ @@ -1000,7 +1005,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Get columns to show in the list table. * - * @since 5.0.0 + * @since 4.9.6 * * @param array Array of columns. */ @@ -1018,7 +1023,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Get a list of sortable columns. * - * @since 5.0.0 + * @since 4.9.6 * * @return array */ @@ -1029,7 +1034,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Default primary column. * - * @since 5.0.0 + * @since 4.9.6 * * @return string */ @@ -1041,7 +1046,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { * Get an associative array ( id => link ) with the list * of views available on this table. * - * @since 5.0.0 + * @since 4.9.6 * * @return array */ @@ -1066,7 +1071,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Get bulk actions. * - * @since 5.0.0 + * @since 4.9.6 * * @return array */ @@ -1080,7 +1085,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Process bulk actions. * - * @since 5.0.0 + * @since 4.9.6 */ public function process_bulk_action() { $action = $this->current_action(); @@ -1129,7 +1134,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Prepare items to output. * - * @since 5.0.0 + * @since 4.9.6 */ public function prepare_items() { global $wpdb; @@ -1194,7 +1199,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Checkbox column. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. * @return string @@ -1206,7 +1211,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Status column. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. * @return string @@ -1243,7 +1248,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Convert timestamp for display. * - * @since 5.0.0 + * @since 4.9.6 * * @param int $timestamp Event timestamp. * @return string @@ -1265,7 +1270,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Default column handler. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. * @param string $column_name Name of column being shown. @@ -1284,7 +1289,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Actions column. Overriden by children. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. * @return string @@ -1296,7 +1301,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Next steps column. Overriden by children. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. */ @@ -1305,7 +1310,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Generates content for a single row of the table * - * @since 5.0.0 + * @since 4.9.6 * * @param object $item The current item */ @@ -1320,7 +1325,7 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * Embed scripts used to perform actions. Overriden by children. * - * @since 5.0.0 + * @since 4.9.6 */ public function embed_scripts() {} } @@ -1328,13 +1333,13 @@ abstract class WP_Privacy_Requests_Table extends WP_List_Table { /** * WP_Privacy_Data_Export_Requests_Table class. * - * @since 5.0.0 + * @since 4.9.6 */ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table { /** * Action name for the requests this table will work with. * - * @since 5.0.0 + * @since 4.9.6 * * @var string $request_type Name of action. */ @@ -1343,7 +1348,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table { /** * Post type for the requests. * - * @since 5.0.0 + * @since 4.9.6 * * @var string $post_type The post type. */ @@ -1352,14 +1357,29 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table { /** * Actions column. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. * @return string */ public function column_email( $item ) { + $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); + $exporters_count = count( $exporters ); + $request_id = $item['request_id']; + $nonce = wp_create_nonce( 'wp-privacy-export-personal-data-' . $request_id ); + + $download_data_markup = '
'; + + $download_data_markup .= '' . __( 'Download Personal Data' ) . '' . + '' . + ''; + $row_actions = array( - 'download_data' => __( 'Download Personal Data' ), + 'download_data' => $download_data_markup, ); return sprintf( '%1$s %2$s', $item['email'], $this->row_actions( $row_actions ) ); @@ -1368,7 +1388,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table { /** * Next steps column. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. */ @@ -1383,7 +1403,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table { // TODO Complete in follow on patch. break; case 'request-failed': - submit_button( __( 'Retry' ), 'secondary', 'export_personal_data_email_retry[' . $item['request_id'] . ']', false ); + submit_button( __( 'Retry' ), 'secondary', 'privacy_action_email_retry[' . $item['request_id'] . ']', false ); break; case 'request-completed': echo ''; + + $remove_data_markup .= '' . __( 'Force Remove Personal Data' ) . '' . + '' . + ''; + + $row_actions = array( + 'remove_data' => $remove_data_markup, + ); } return sprintf( '%1$s %2$s', $item['email'], $this->row_actions( $row_actions ) ); @@ -1445,11 +1479,47 @@ class WP_Privacy_Data_Removal_Requests_Table extends WP_Privacy_Requests_Table { /** * Next steps column. * - * @since 5.0.0 + * @since 4.9.6 * * @param array $item Item being shown. */ public function column_next_steps( $item ) { + $status = get_post_status( $item['request_id'] ); + + switch ( $status ) { + case 'request-pending': + esc_html_e( 'Waiting for confirmation' ); + break; + case 'request-confirmed': + $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); + $erasers_count = count( $erasers ); + $request_id = $item['request_id']; + $nonce = wp_create_nonce( 'wp-privacy-erase-personal-data-' . $request_id ); + + echo '
'; + + ?> + + + + 'delete', + 'request_id' => array( $item['request_id'] ), + ), admin_url( 'tools.php?page=remove_personal_data' ) ), 'bulk-privacy_requests' ) ) . '">' . esc_html__( 'Remove request' ) . ''; + break; + } } } diff --git a/src/wp-admin/js/xfn.js b/src/wp-admin/js/xfn.js index d290ac3262..2934dd0c0f 100644 --- a/src/wp-admin/js/xfn.js +++ b/src/wp-admin/js/xfn.js @@ -20,3 +20,124 @@ jQuery( document ).ready(function( $ ) { $( '#link_rel' ).val( ( isMe ) ? 'me' : inputs.substr( 0,inputs.length - 1 ) ); }); }); + +// Privacy request action handling + +jQuery( document ).ready( function( $ ) { + var strings = window.privacyToolsL10n || {}; + + function set_action_state( $action, state ) { + $action.children().hide(); + $action.children( '.' + state ).show(); + } + + function clearResultsAfterRow( $requestRow ) { + if ( $requestRow.next().hasClass( 'request-results' ) ) { + $requestRow.next().remove(); + } + } + + function appendResultsAfterRow( $requestRow, classes, summaryMessage, additionalMessages ) { + clearResultsAfterRow( $requestRow ); + if ( additionalMessages.length ) { + // TODO - render additionalMessages after the summaryMessage + } + + $requestRow.after( function() { + return '

' + + summaryMessage + + '

'; + } ); + } + + $( '.remove_personal_data a' ).click( function( event ) { + event.preventDefault(); + event.stopPropagation(); + + var $this = $( this ); + var $action = $this.parents( '.remove_personal_data' ); + var $requestRow = $this.parents( 'tr' ); + var requestID = $action.data( 'request-id' ); + var nonce = $action.data( 'nonce' ); + var erasersCount = $action.data( 'erasers-count' ); + + var removedCount = 0; + var retainedCount = 0; + var messages = []; + + $action.blur(); + clearResultsAfterRow( $requestRow ); + + function on_erasure_done_success() { + set_action_state( $action, 'remove_personal_data_idle' ); + var summaryMessage = strings.noDataFound; + var classes = 'notice-success'; + if ( 0 == removedCount ) { + if ( 0 == retainedCount ) { + summaryMessage = strings.noDataFound; + } else { + summaryMessage = strings.noneRemoved; + classes = 'notice-warning'; + } + } else { + if ( 0 == retainedCount ) { + summaryMessage = strings.foundAndRemoved; + } else { + summaryMessage = strings.someNotRemoved; + classes = 'notice-warning'; + } + } + appendResultsAfterRow( $requestRow, 'notice-success', summaryMessage, [] ); + } + + function on_erasure_failure( textStatus, error ) { + set_action_state( $action, 'remove_personal_data_failed' ); + appendResultsAfterRow( $requestRow, 'notice-error', strings.anErrorOccurred, [] ); + } + + function do_next_erasure( eraserIndex, pageIndex ) { + $.ajax( { + url: ajaxurl, + data: { + action: 'wp-privacy-erase-personal-data', + eraser: eraserIndex, + id: requestID, + page: pageIndex, + security: nonce, + }, + method: 'post' + } ).done( function( response ) { + if ( ! response.success ) { + on_erasure_failure( 'error', response.data ); + return; + } + var responseData = response.data; + if ( responseData.num_items_removed ) { + removedCount += responseData.num_items_removed; + } + if ( responseData.num_items_retained ) { + retainedCount += responseData.num_items_removed; + } + if ( responseData.messages ) { + messages = messages.concat( responseData.messages ); + } + if ( ! responseData.done ) { + setTimeout( do_next_erasure( eraserIndex, pageIndex + 1 ) ); + } else { + if ( eraserIndex < erasersCount ) { + setTimeout( do_next_erasure( eraserIndex + 1, 1 ) ); + } else { + on_erasure_done_success(); + } + } + } ).fail( function( jqxhr, textStatus, error ) { + on_erasure_failure( textStatus, error ); + } ); + } + + // And now, let's begin + set_action_state( $action, 'remove_personal_data_processing' ); + + do_next_erasure( 1, 1 ); + } ) +} ); diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php index 45cb46348d..5685195330 100644 --- a/src/wp-includes/script-loader.php +++ b/src/wp-includes/script-loader.php @@ -709,6 +709,15 @@ function wp_default_scripts( &$scripts ) { ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); + did_action( 'init' ) && $scripts->localize( + 'xfn', 'privacyToolsL10n', array( + 'noDataFound' => __( 'No personal data was found for this user.' ), + 'foundAndRemoved' => __( 'All of the personal data found for this user was removed.' ), + 'noneRemoved' => __( 'Personal data was found for this user but was not removed.' ), + 'someNotRemoved' => __( 'Personal data was found for this user but some of the personal data found was not removed.' ), + 'anErrorOccurred' => __( 'An error occurred while attempting to find and remove personal data.' ), + ) + ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable' ), false, 1 ); did_action( 'init' ) && $scripts->localize(