Skip to content

Cookie consent preferences #861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tdonohue merged 32 commits into from
Sep 23, 2020
Merged

Cookie consent preferences #861

tdonohue merged 32 commits into from
Sep 23, 2020

Conversation

@LotteHofstede
Copy link
Contributor

@LotteHofstede LotteHofstede commented Sep 4, 2020
edited by artlowel
Loading

References

Description

This PR adds a cookie preference pop-up using Klaro and saves them per account.

Instructions for Reviewers

To test this feature, make sure the metadata field dspace.agreements.cookies exist on the REST server you're testing with. I already created this field on https://dspace7.4science.it/server/api.

On opening the application, a small dialog in the bottom right corner (or just at the bottom on mobile) shows, where the user can choose to accept/decline/customise their cookie consent preferences.
Clicking 'customise' should open a more detailed pop-up where you can see what cookies are used for DSpace and disable them. Some of the cookies are required for DSpace to work and can not be disabled.

When a user logs in, the preferences selected are copied to a cookie specifically used for this user and stored in the metadata field dspace.agreements.cookies of the user.

When the user already has preferences defined in thedspace.agreements.cookies field, these settings are used when the user logs in and copied to a cookie specifically used for the authenticated user.

When the authenticated user changes their consent preferences later, the metadata field value for the user is updated.

The cookie consent preferences can be changed by the user at any time clicking the 'Cookie settings' link in the footer.

I have already added a link for the "End user agreement" and "Privacy policy" in the footer, however these pages will be added by different PRs.

Checklist

  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes TSLint validation using yarn run lint
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • [x My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • If my PR includes new, third-party dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.

Atmire-Kristof and others added 12 commits August 26, 2020 14:20
@artlowel artlowel added this to the 7.0beta4 milestone Sep 4, 2020
@lgtm-com
Copy link

lgtm-com bot commented Sep 4, 2020

This pull request introduces 1 alert when merging 69704e6 into cd6c5b7 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

Atmire-Kristof and others added 15 commits September 7, 2020 10:22
@lgtm-com
Copy link

lgtm-com bot commented Sep 8, 2020

This pull request introduces 1 alert when merging d4027cc into dd03745 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

@Atmire-Kristof Atmire-Kristof mentioned this pull request Sep 8, 2020
Merged
5 tasks
LucaGiamminonni
LucaGiamminonni reviewed Sep 23, 2020
View reviewed changes
Copy link

@LucaGiamminonni LucaGiamminonni left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LotteHofstede I noticed that even if the user does not accept cookies clicking on deny, after he has logged in the dspace.agreements.cookies metadata is still set as if he had accepted only the mandatory ones. How should the application behave if the user does not accept the cookie conditions?

@artlowel
Copy link
Member

artlowel commented Sep 23, 2020

The user can't refuse the mandatory cookies, they're required for the site to function. So even if you click deny all, you can't help but accept the mandatory cookies. Their toggles are also disabled in the UI. That approach is GDPR compliant as long as our mandatory cookies are actually required for the site to function.

@LucaGiamminonni
Copy link

LucaGiamminonni commented Sep 23, 2020
edited
Loading

@artlowel Ok, thanks. So I think this PR can be integrated:

  • I have analyzed the changes made to the code and they seem ok to me
  • I have verified that when the application is opened the cookie box is shown at the bottom right
  • I have verified that clicking on 'customise' opens a detail in which the collected information is listed, divided between the mandatory (functional) and optional (statistical) ones
  • I verified that at the user's login the choice made by the user regarding cookies is correctly saved in the metadata dspace.agreements.cookies
  • I verified that the cookie consent preferences can be changed by the user clicking the 'Cookie settings' link in the footer. in this case the dspace.agreements.cookies metadata is also updated correctly.

tdonohue
tdonohue approved these changes Sep 23, 2020
View reviewed changes
Copy link
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Looks good to me. The code changes in this PR are less than they seem (as it looks to include all of the changes from #856). So, I reviewed the code via a diff of the branches.

I also tested it, and it works as described. Also made sure to test the scenario where you accept cookies prior to login, and I verified that the accepted cookies are then copied to your user account after you authenticate.

Overall, looks good to me. Thanks @LotteHofstede !

@tdonohue tdonohue merged commit aa84a56 into DSpace:main Sep 23, 2020
kosarko pushed a commit to ufal/dspace-angular that referenced this pull request May 20, 2025
@milanmajchrak
UFAL/Do not add dtoken into the URL if it is null (DSpace#860) (DSp…
3f67231 
…ace#861)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

@atarix83 atarix83 Awaiting requested review from atarix83

+1 more reviewer

@LucaGiamminonni LucaGiamminonni LucaGiamminonni approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@LotteHofstede LotteHofstede

Labels

high priority new feature

Projects

None yet

Milestone

7.0beta4

Development

Successfully merging this pull request may close these issues.

Cookie Preferences per account Split up Cookies

5 participants

@LotteHofstede @artlowel @LucaGiamminonni @tdonohue @Atmire-Kristof