搜索foothing / laravel-gdpr-consent
轻量级的gdpr同意记录包。
Requires
- foothing/laravel-repository: ^0.9.0
- illuminate/database: ~5.0
- illuminate/support: ~5.0
- webpatser/laravel-uuid: ^3.0
Requires (Dev)
- mockery/mockery: ^1.1
- orchestra/database: ^3.4
- orchestra/testbench: ~3.0
- phpunit/phpunit: ^5
This package is auto-updated.
Last update: 2024-09-23 04:10:42 UTC
README
轻量级Laravel 5包,用于用户的同意和数据处理记录。
安装
通过composer
composer require foothing/laravel-gdpr-consent
在config/app.php中添加服务提供者
'providers' => [ // omitted Foothing\Laravel\Consent\ConsentServiceProvider::class ]
如果想要使用外观,请在config/app.php中添加别名
'aliases' => [ // omitted 'Consent' => Foothing\Laravel\Consent\Facades\Consent::class ]
发布配置和迁移
php artisan vendor:publish --tag=config
php artisan vendor:publish --tag=migrations
根据需要配置,然后运行迁移php artisan migrate
设置处理表php artisan consent
快速入门
首先,您需要配置您的网站所需的哪些处理。您可以在config/consent.php中这样做,例如以下示例
'treatments' => [ [ // A logical name for your treatment. 'name' => 'gdpr.privacy', // You can specify which document // describes the treatment type // with a document version and url. // This part is optional. 'documentVersion' => '1.0', 'documentUrl' => env('PRIVACY_POLICY'), // Whether this treatment is active or not. // The reason why this flag is here is to // allow for progressive modifications, so you // can keep track of what the end user gave // consent to. So if you are upgrading or // changing the treatment the recommended // process is to deactivate the current one // then add a new record. 'active' => true, // Set if this treatment is mandatory or optional. 'required' => true, // A description text to be shown near a checkbox // or anywhere in your UI. 'description' => 'gdpr.privacy.text', // UI weight, use this to choose what should be // listed first. 'weight' => 0, ], [ 'name' => 'gdpr.marketing', 'documentVersion' => '1.0', 'documentUrl' => env('PRIVACY_POLICY'), 'active' => true, 'required' => false, 'description' => 'gdpr.marketing.text', 'weight' => 1, ], ]
配置完成后,您可以运行php artisan consent:setup来更新您的处理数据库。
然后,让您的User模型实现ConsentSubject契约,并使用HasConsents特质。
class User extends Model implements ConsentSubject { // This trait will implement the relation to the consent table. use HasConsents; /** * Returns the subject id. * * @return mixed */ public function getSubjectId() { return $this->id; } }
现在,您将能够使用包API来注册用户的同意和数据处理事件,如下例所示。
在注册页面上显示同意复选框
@foreach(Consent::treatments() as $treatment) <div class="checkbox"> <label> <input name="consent_{{ $treatment->id }}" type="checkbox"> {{ trans($treatment->description) }} </label> </div> @endforeach
请注意,您的
checkbox名称必须与consent_TREATMENTID匹配
在控制器中验证复选框
public function postRegister(Request $request) { if (! $treatments = Consent::validate($request->all()) { // User didn't accept all the mandatory checkboxes. throw new \Exception("Consent is mandatory in order to proceed."); } }
注册同意
public function postRegister(Request $request) { // omitted // This will register a record with the // user's consent along with an event log. Facade::grant($treatments, Auth::user()); }
在用户的设置页面上显示同意
<!-- Cycle through active treatments, just like the register page. --> @foreach(Consent::treatments() as $treatment) <div class="checkbox"> <label> <input {{ Consent::exists($user, $treatment) ? 'checked' : '' }} name="{{ $treatment->id }}" type="checkbox"> {{ trans($treatment->description) }} </label> </div> @endforeach
请注意,对于更新处理程序,复选框名称应该是处理ID。
保存用户同意的更改
public function postUpdateConsent(Request $request) { // You should pass only the checkboxes as the first argument. Consent::update($request->except('_token'), Auth::user()); // redirect as you like. }
请注意,这些都是仅用于展示同意API的示例,尽管我不建议在视图中使用外观,您可以在视图渲染之前在控制器中操作数据以实现相同的功能。
记录“删除权”
在您的删除用户控制器或服务中
public function deleteIndex(Request $request) { \DB::transaction(function() use($user) { // Delete the user first. // i.e. $user->delete(); // This will remove consents and log the erasure request. Consent::erase($user); }); }
事件
目前尚不清楚任何人将如何处理日志或数据处理记录,但这些记录应该被存储和维护。为了提供更好的灵活性,还添加了一个事件API。
事件API隐式用于唯一的硬编码操作(grant、revoke、erasure),但您可以根据需要使用它来跟踪有意义的数据处理记录。
$event = new Event([ // The subject id. 'subject_id' => $user->id, // A string describing what has been done with subject's data. 'action' => $action, // Optional, consent record id. 'consent_id' => $consentId, ]); Consent::log($event); // Retrieving subject's logs Consent::events($subject);
事件记录中的“假名化”
由于每个事件记录都存储了主题的IP和请求有效负载,因此这些字段使用双向算法进行加密。
请注意,Laravel使用config/app.php密钥进行加密和解密,因此如果您更改该密钥,则数据将无法解密。
项目状态
此包正在积极开发中,需要工作,但已经达到了我在目前所需的特性。
还需要什么
- API重构
- 测试覆盖率到100%
- 与每个5.x小版本进行测试
- Travis集成
- 样式修复
因此,如果您想贡献,请随时留言。
许可证
MIT