britishcouncil · graber-1 · Mar 12, 2018 · Mar 22, 2018 · Mar 28, 2018 · Mar 29, 2018
diff --git a/README.txt b/README.txt
@@ -0,0 +1,88 @@
+TABLE OF CONTENTS
+-----------------
+
+ * Introduction
+ * Requirements
+ * Installation
+ * Configuration
+
+
+INTRODUCTION
+------------
+
+This module helps Drupal Commere sites comply with the EU GDPR directive by
+providing means to anonymize user and order data.
+Anonymized data can still be used for statistical purposes but will not allow
+to identify a person.
+The module adds UI for users to anonimize their data and means for the site
+administrators to setup automatic anonymization after a defined amount of time.
+
+
+REQUIREMENTS
+------------
+
+* Order module (commerce_order, included in the Drupal Commerce package
+  - https://www.drupal.org/project/commerce),
+* Chaos tool suite (ctools, also required by Drupal Commerce
+  - https://www.drupal.org/project/ctools).
+
+
+INSTALLATION
+------------
+
+ * Install as you would normally install a contributed Drupal module. See:
+   https://drupal.org/documentation/install/modules-themes/modules-7
+   for further information.
+
+
+CONFIGURATION
+-------------
+
+1. settings.php
+
+By default, the module uses md5 algorithm and the $drupal_hash_salt value
+for hashing user data. It is strongly advised to change at least the salt
+for improved security by including the following code in settings.php:
+
+<code>
+$conf['commerce_gdpr_salt'] = 'some_salt';
+$conf['commerce_gdpr_algo'] = 'some_algo';
+</code>
+
+For enhanced security, you may set this variable to a value using the
+contents of a file outside your docroot that is never saved together
+with any backups of your Drupal files and database.
+
+Example:
+<code>
+$conf['commerce_gdpr_salt'] = file_get_contents('/home/example/anonimyzation_salt.txt');
+</code>
+
+The salt needs to be at least 22 characters long and can be generated once using
+<code>hash('some_algorithm', mt_rand());</code>
+or just entered manually.
+
+For a list of supported hashing algorithms see
+http://php.net/manual/en/function.hash-hmac-algos.php.
+
+NOTE: Those config values must be entered only once when the module is
+installed and should not be changed after data has already been anonimized,
+otherwise comparing data from before and after the change will be impossible.
+
+
+2. Admin UI
+
+To setup the module, go to /admin/commerce/config/commerce-gdpr.
+
+If automatic anonymization is required, set Order data retention period to
+a positive integer value. Also check roles that shouldn't be automatically
+anonymized.
+
+By default, only entity properties are anonimized and automatic anonimization
+is switched off. To select entity felds that should also be anonimized and
+time after automatic anonymization should take place, go to the module
+configuration form ().
+
+3. Custom entity properties
+
+See commerce_gdpr.api.php.
diff --git a/commerce_gdpr.admin.inc b/commerce_gdpr.admin.inc
@@ -0,0 +1,155 @@
+<?php
+
+/**
+ * @file
+ * Contains admin forms for the module.
+ */
+
+/**
+ * Configuration form builder.
+ */
+function commerce_gdpr_admin_form($form, &$form_state) {
+
+  // Issue a warining if a site-specific hashing salt is not set.
+  if (!variable_get('commerce_gdpr_salt', FALSE) && empty($form_state['input'])) {
+    drupal_set_message(t('To ensure increased safety of anonymized data, please set a platform-specific hashing salt. More information can be found on the module !help.', array(
+      '!help' => l(t('help page'), 'admin/help/commerce_gdpr', array(
+        'attributes' => array('target' => '_blank'),
+      )),
+    )), 'warning');
+  }
+
+  $form['data_retention'] = array(
+    '#type' => 'textfield',
+    '#title' => t('Order data retention period'),
+    '#default_value' => variable_get('commerce_gdpr_data_retention', 0),
+    '#description' => t('Enter number of days after which inactive data will be anonymized, 0 - no automatic anonymization.'),
+  );
+
+  $roles = user_roles(TRUE);
+  if (!empty($roles)) {
+    $form['excluded_roles'] = array(
+      '#type' => 'checkboxes',
+      '#options' => user_roles(TRUE),
+      '#title' => t('Excluded roles'),
+      '#default_value' => variable_get('commerce_gdpr_excluded_roles', array()),
+      '#description' => t('Select which roles should not be anonymized automatically (If data retention period > 0).'),
+    );
+  }
+
+  $form['direct_processing'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Process items immediately'),
+    '#description' => t('Process items immediately on the user form and during the "People" page bulk operation rather then enqueing the operations. NOTE: may cause performance issues in case of users with many orders.'),
+    '#default_value' => variable_get('commerce_gdpr_direct_processing', 0),
+  );
+
+  $form['user_button_text'] = array(
+    '#type' => 'textfield',
+    '#title' => t('User account anonymization button text'),
+    '#default_value' => variable_get('commerce_gdpr_user_button_text', 'I want to be forgotten'),
+    '#required' => TRUE,
+  );
+
+  $form['anonymized_fields'] = array(
+    '#type' => 'fieldset',
+    '#title' => t('Fields subject to anonymization'),
+    '#tree' => TRUE,
+  );
+
+  $entity_info = entity_get_info();
+  $selected_fields = variable_get('commerce_gdpr_anonymized_fields', array());
+
+  foreach (array_keys(_commerce_gdpr_get_entity_property_info()) as $type) {
+    $entity_info = entity_get_info($type);
+    $form['anonymized_fields'][$type] = array(
+      '#type' => 'fieldset',
+      '#title' => $entity_info['label'],
+    );
+    foreach ($entity_info['bundles'] as $bundle => $bundle_info) {
+      if (count($entity_info['bundles']) > 1) {
+        $form['anonymized_fields'][$type][$bundle] = array(
+          '#type' => 'fieldset',
+          '#title' => $bundle_info['label'],
+        );
+      }
+      else {
+        $form['anonymized_fields'][$type]['#title'] = $bundle_info['label'];
+      }
+
+      $field_instances = field_info_instances($type, $bundle);
+      if (empty($field_instances)) {
+        $form['anonymized_fields'][$type][$bundle]['info'] = array(
+          '#markup' => t('No field instances available.'),
+        );
+      }
+      else {
+        foreach ($field_instances as $field_name => $instance_info) {
+
+          // Excluse customer profile type fields, those will be anonymized
+          // along with the order. Also exclude line items.
+          // TODO: Actually all entity reference field types should be
+          // handled differently, but it's not needed at the moment.
+          $excluded_fields = array(
+            'commerce_line_item_reference',
+            'commerce_customer_profile_reference',
+          );
+          $info = field_info_field($field_name);
+          if (in_array($info['type'], $excluded_fields)) {
+            continue;
+          }
+
+          $form['anonymized_fields'][$type][$bundle][$field_name] = array(
+            '#type' => 'checkbox',
+            '#title' => $instance_info['label'],
+            '#default_value' => !empty($selected_fields[$type][$bundle][$field_name]),
+          );
+        }
+      }
+    }
+  }
+
+  $form['submit'] = array(
+    '#type' => 'submit',
+    '#value' => t('Save settings'),
+  );
+
+  return $form;
+}
+
+/**
+ * Admin form validate handler.
+ */
+function commerce_gdpr_admin_form_validate($form, &$form_state) {
+  if (!ctype_digit($form_state['values']['data_retention'])) {
+    form_set_error('data_retention', t('Enter a valid data retention value in days.'));
+  }
+}
+
+/**
+ * Admin form submit handler.
+ */
+function commerce_gdpr_admin_form_submit($form, &$form_state) {
+  variable_set('commerce_gdpr_data_retention', intval($form_state['values']['data_retention']));
+  variable_set('commerce_gdpr_excluded_roles', array_filter($form_state['values']['excluded_roles']));
+  variable_set('commerce_gdpr_direct_processing', $form_state['values']['direct_processing']);
+  variable_set('commerce_gdpr_user_button_text', $form_state['values']['user_button_text']);
+
+  $selected_fields = array();
+  foreach ($form_state['values']['anonymized_fields'] as $type => $type_data) {
+    foreach ($type_data as $bundle => $bundle_data) {
+      foreach ($bundle_data as $field_name => $value) {
+        if ($value) {
+          $selected_fields[$type][$bundle][$field_name] = $field_name;
+        }
+      }
+    }
+  }
+  variable_set('commerce_gdpr_anonymized_fields', $selected_fields);
+
+  if (variable_get('commerce_gdpr_excluded_roles', array()) !== $form['excluded_roles']['#default_value']) {
+    _commerce_gdpr_update_last_access();
+  }
+
+  drupal_set_message(t('Settings saved.'));
+}
diff --git a/commerce_gdpr.api.php b/commerce_gdpr.api.php
@@ -0,0 +1,44 @@
+<?php
+
+/**
+ * @file
+ * Commerce GDPR API documentation.
+ *
+ * This file contains no working PHP code; it exists to provide additional
+ * documentation for doxygen as well as to document hooks in the standard
+ * Drupal manner.
+ */
+
+/**
+ * Allows altering information about anonymizable entity properties.
+ *
+ * NOTE: because of inability to save a customer profile that is bound
+ * to an order, it is not allowed to add properties for
+ * commerce_customer_profile entity type here.
+ *
+ * @param array $entity_property_info
+ *   Array containing information about anonymizable entity properties.
+ *
+ * @see _commerce_gdpr_get_entity_property_info
+ */
+function hook_commerce_gdpr_entity_property_info_alter(array &$entity_property_info) {
+  $entity_property_info['user']['mail']['type'] = 'clear';
+}
+
+/**
+ * Allows to act on an entity just before the anonymization takes place.
+ *
+ * @param string $type
+ *   Entity type.
+ * @param object $entity
+ *   Drupal entity.
+ * @param array $properties_data
+ *   Array of entity property anonymization data.
+ * @param array $field_data
+ *   Array of field anonymization data.
+ */
+function hook_commerce_gdpr_entity_anonymization($type, $entity, array $properties_data, array $field_data) {
+  if ($type === 'node') {
+    db_delete('some_custom_table')->condition('nid', $entity->nid)->execute();
+  }
+}
diff --git a/commerce_gdpr.info b/commerce_gdpr.info
@@ -0,0 +1,12 @@
+name = Commerce GDPR
+description = Allows user and order data anonymization for complience with the GDPR EU directive.
+core = 7.x
+package = Commerce (contrib)
+configure = admin/commerce/config/commerce-gdpr
+dependencies[] = commerce:commerce
+dependencies[] = commerce:commerce_order
+dependencies[] = ctools:ctools
+files[] = commerce_gdpr.test
+
+test_dependencies[] = views:views
+test_dependencies[] = addressfield:addressfield