A25 castecne: pridani moznosti odvolat souhlas se zpracovanim osobnich udaju
This commit is contained in:
Jarmil
parent
757b29dacd
commit
6dcbc67468
|
|
@ -61,7 +61,7 @@ class AppUserSsoForm(ModelForm):
|
|||
class Meta:
|
||||
model = models.AppUser
|
||||
fields = ['city', 'postcode', 'district', 'kind',
|
||||
'email', 'email_contact', 'email_contact_active', 'dc_stamp']
|
||||
'email', 'email_contact', 'email_contact_active', 'dc_stamp' ]
|
||||
|
||||
def clean_postcode(self):
|
||||
data = self.cleaned_data['postcode']
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
# Generated by Django 2.0.3 on 2019-11-13 16:33
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('nalodeni', '0057_auto_20191113_1114'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='appuser',
|
||||
name='dc_undo_stamp',
|
||||
field=models.DateTimeField(blank=True, default=None, null=True, verbose_name='Datum odvolání souhlasu se zprac.os.údajů'),
|
||||
),
|
||||
]
|
||||
|
|
@ -185,7 +185,11 @@ class AppUser(AbstractUser, DataAudited):
|
|||
ts_for_ldap_sync = DateTimeField(_('Timestamp pro LDAP synchronizaci'),
|
||||
default=datetime.datetime.now, blank=True, null=True)
|
||||
|
||||
# datum udeleni a odvolani souhlasu se zpracovanim osobnich udaju
|
||||
# logika: je-li dc_stamp=Null, souhlas neni udelen.
|
||||
# pole dc_undo_stamp ma pouze informacni vyznam, kdy k odvolani souhlasu doslo
|
||||
dc_stamp = DateTimeField(_('Data consent timestamp'), default=None, blank=True, null=True)
|
||||
dc_undo_stamp = DateTimeField(_('Datum odvolání souhlasu se zprac.os.údajů'), default=None, blank=True, null=True)
|
||||
|
||||
# dotaznik pro uzivatele
|
||||
userform = ForeignKey('UserForm', on_delete=CASCADE, verbose_name=_('dotazník'),
|
||||
|
|
|
|||
|
|
@ -69,7 +69,12 @@ $(document).ready(function(){
|
|||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan=12>{{p.admin_note}}</td>
|
||||
<td colspan=12>
|
||||
{% if p.dc_undo_stamp is not None %}
|
||||
<i class="red">Souhlas se zpracováním osobních údajů odvolán {{p.dc_undo_stamp}}</i><br>
|
||||
{% endif %}
|
||||
{{p.admin_note}}
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@
|
|||
<tr><td colspan="2"> </td></tr>
|
||||
<tr><th>Datum registrace</th><td>{{obj.createdStamp}}</td></tr>
|
||||
<tr><th>Datum souhlasu os. údajů</th><td>{{obj.dc_stamp|default_if_none:'-'}}</td></tr>
|
||||
<tr><th>Datum odvolání souhlasu oú</th><td class="red">{{obj.dc_undo_stamp|default_if_none:''}}</td></tr>
|
||||
<tr><th>Administrátorská poznámka</th><td>{{obj.admin_note}}</td></tr>
|
||||
</table>
|
||||
</section>
|
||||
|
|
|
|||
|
|
@ -375,7 +375,7 @@
|
|||
</li>
|
||||
<li class="c-contact-bar__item u-stacked-medium-down">
|
||||
<div class="c-contact-bar__section"> Aplikaci spravuje </div>
|
||||
<div class="c-contact-bar__description"> Martin Rejman </div>
|
||||
<div class="c-contact-bar__description"> Technický odbor Pirátů </div>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -59,7 +59,16 @@
|
|||
požadovaných funkcí a služeb. Detaily způsobu zpracování osobních údajů
|
||||
jsou k dispozici <a href="https://www.pirati.cz/o-nas/ochrana-osobnich-udaju/" target="_blank">online</a>.
|
||||
</div>
|
||||
<div class="medium-12 large-6 columns"><b>Datum souhlasu se zpracováním os. údajů: </b> <br/>{{form.dc_stamp}}</div>
|
||||
<div class="medium-12 large-6 columns">
|
||||
<b>Datum souhlasu se zpracováním os. údajů: </b> <br/>
|
||||
{{form.dc_stamp}}
|
||||
{% if request.user.dc_stamp is not None %}
|
||||
<a href="/ja-pirat/profil/?undoConsent" class="button">Odvolat souhlas se zpracováním osobních údajů</a>
|
||||
{% endif %}
|
||||
{% if request.user.dc_undo_stamp is not None %}
|
||||
(souhlas odvolán {{request.user.dc_undo_stamp}})
|
||||
{% endif %}
|
||||
</div>
|
||||
{%comment%}
|
||||
<div class="medium-6 large-6 columns">{{form.interestedIn.label}}<br/>{{form.interestedIn.errors}}{{form.interestedIn}}</div>
|
||||
{%endcomment%}
|
||||
|
|
|
|||
|
|
@ -488,18 +488,26 @@ def email_vizitka(request):
|
|||
@login_required(login_url="/prihlaseni")
|
||||
@transaction.atomic
|
||||
def profil(request):
|
||||
if request.user.ssoUid:
|
||||
_form = forms.AppUserSsoForm
|
||||
else:
|
||||
_form = forms.AppUserForm
|
||||
|
||||
_form = forms.AppUserSsoForm if request.user.ssoUid else forms.AppUserForm
|
||||
|
||||
def save_and_redirect(page):
|
||||
request.user.save()
|
||||
return HttpResponseRedirect(page)
|
||||
|
||||
# TODO :: check and enforce DB transaction to prevent race-condition attacks
|
||||
if request.method == "GET":
|
||||
|
||||
# udeleni souhlasu se zpracovanim osobnich udaju
|
||||
if request.GET.get('doConsent', None) is not None:
|
||||
request.user.dc_stamp = datetime.now()
|
||||
request.user.save()
|
||||
return save_and_redirect('/ja-pirat/profil/')
|
||||
|
||||
return HttpResponseRedirect('/ja-pirat/profil/')
|
||||
# odvolani souhlasu se zpracovanim osobnich udaju
|
||||
if request.GET.get('undoConsent', None) is not None:
|
||||
request.user.dc_stamp = None
|
||||
request.user.dc_undo_stamp = datetime.now()
|
||||
return save_and_redirect('/ja-pirat/profil/')
|
||||
|
||||
emailToken = request.GET.get('t', None)
|
||||
if emailToken:
|
||||
|
|
@ -535,7 +543,6 @@ def profil(request):
|
|||
request.user.save()
|
||||
return redirect('nalodeni:profil')
|
||||
|
||||
|
||||
# create edit form
|
||||
form = _form(instance=request.user)
|
||||
|
||||
|
|
@ -550,7 +557,6 @@ def profil(request):
|
|||
form.instance.email_contact_verified = False
|
||||
form.save()
|
||||
|
||||
|
||||
if (form.instance.email_contact != None
|
||||
and not form.instance.email_contact_verified):
|
||||
try:
|
||||
|
|
|
|||
Loading…
Reference in New Issue