Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add GDPR-Export for user #2444

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Open

✨ Add GDPR-Export for user #2444

wants to merge 16 commits into from

Conversation

HerrLevin
Copy link
Member

@HerrLevin HerrLevin commented Mar 23, 2024
edited
Loading

  • Export all user data as zipped json-files
  • User-notification in notification-centre rather than email, showing both
  • UI for export
  • Configure Queue to not interfere with backup downtime Is this still needed?
  • Job to clean up profile archives
  • Adapt export to newly added data fields
  • Restrict GDPR-Export to once every 4 weeks
  • Restrict to limited users for beta-testing

jeyemwey
jeyemwey reviewed Mar 23, 2024
View reviewed changes
app/Models/User.php Outdated Show resolved Hide resolved
app/Http/Controllers/GdprExportController.php Outdated Show resolved Hide resolved
app/Enum/ExportableColumn.php Outdated Show resolved Hide resolved
MrKrisKrisu
MrKrisKrisu reviewed Mar 24, 2024
View reviewed changes
app/Models/OAuthClient.php Show resolved Hide resolved
app/Models/Status.php Show resolved Hide resolved
app/Models/User.php Show resolved Hide resolved
app/Models/User.php Outdated
Comment on lines 320 to 357
$personalDataSelection
->add('user.json', $user)
->add('statuses.json', $this->statuses()->with('tags')->get())
->add('notifications.json', $this->notifications()->get()->toJson())
->add('likes.json', $this->likes()->get()->toJson())
->add('social_profile.json', $this->socialProfile()->with('mastodonserver')->get())
->add('event_suggestions.json', EventSuggestion::where('user_id', $this->id)->get()->toJson())
->add('events.json', Event::where('approved_by', $this->id)->get()->toJson())
->add('webhooks.json', $webhooks)
->add(
'webhook_creation_requests.json',
WebhookCreationRequest::where('user_id', $this->id)->get()->toJson()
)
->add('tokens.json', TokenController::index($this)->toJson())
->add('ics_tokens.json', $this->icsTokens()->get()->toJson())
->add(
'password_resets.json',
DB::table('password_resets')->select(['email','created_at'])->where('email', $this->email)->get()
)
->add('apps.json', $this->oAuthClients()->get()->toJson())
->add('follows.json', DB::table('follows')->where('user_id', $this->id)->get())
->add('followings.json', DB::table('follows')->where('follow_id', $this->id)->get())
->add('blocks.json', DB::table('user_blocks')->where('user_id', $this->id)->get())
->add('blocked_by.json', DB::table('user_blocks')->where('blocked_id', $this->id)->get())
->add('mutes.json', DB::table('user_mutes')->where('user_id', $this->id)->get())
->add('muted_by.json', DB::table('user_mutes')->where('muted_id', $this->id)->get())
->add('follow_requests.json', DB::table('follow_requests')->where('user_id', $this->id)->get())
->add('follows_requests.json', DB::table('follow_requests')->where('follow_id', $this->id)->get())
->add('sessions.json', $this->sessions()->get()->toJson())
->add('home.json', $this->home()->get()->toJson())
->add('hafas_trips.json', DB::table('hafas_trips')->where('user_id', $this->id)->get())
->add('mentions.json', Mention::where('user_id', $this->id)->get()->toJson())
->add('roles.json', $this->roles()->get()->toJson())
->add(
'activity_log.json',
DB::table('activity_log')->where('causer_type', get_class($this))->where('causer_id', $this->id)->get()
)
->add('permissions.json', $this->permissions()->get()->toJson());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ich finde es langfristig gesehen etwas kritisch, wenn wir einfach DB Queries raw ausspucken. Später hinzugefügte Columns, die nicht exposed werden sollten (z.B. irgendwelche Keys o.ä.) werden hier sicher vergessen. Wäre es nicht sinnvoller das noch einmal durch die Resourcen zu jagen?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternativ einfach ein ->select([...]) mit den gewünschten Columns, damit nichts falsches exposed wird.

config/personal-data-export.php Show resolved Hide resolved
@HerrLevin HerrLevin marked this pull request as ready for review November 4, 2024 23:54
@HerrLevin HerrLevin mentioned this pull request Nov 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeyemwey jeyemwey jeyemwey left review comments

@MrKrisKrisu MrKrisKrisu Awaiting requested review from MrKrisKrisu

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@HerrLevin @jeyemwey @MrKrisKrisu