diff options
| author | 2018-07-27 17:10:19 +0100 | |
|---|---|---|
| committer | 2018-07-27 17:10:19 +0100 | |
| commit | 14be9e30deae5714a3bdcd7e0bfe3cddf8fd1844 (patch) | |
| tree | e0af864741644e1de0f03f3e83a836dbb1015cae | |
| parent | Merge branch 'momo/infractions-api-dangling' into 'master' (diff) | |
Don't remove basic user objects, add API for querying them
Also update privacy policy in accordance with this
| -rw-r--r-- | pysite/views/api/bot/user.py | 35 | ||||
| -rw-r--r-- | templates/main/about/privacy.html | 77 | 
2 files changed, 82 insertions, 30 deletions
| diff --git a/pysite/views/api/bot/user.py b/pysite/views/api/bot/user.py index 189dd1f8..c8d769d5 100644 --- a/pysite/views/api/bot/user.py +++ b/pysite/views/api/bot/user.py @@ -1,4 +1,5 @@  import logging +import rethinkdb  from flask import jsonify, request  from schema import Optional, Schema @@ -18,6 +19,12 @@ SCHEMA = Schema([      }  ]) +GET_SCHEMA = Schema([ +    { +        "user_id": str +    } +]) +  DELETE_SCHEMA = Schema([      {          "user_id": str, @@ -46,6 +53,24 @@ class UserView(APIView, DBMixin):      teams_table = "code_jam_teams"      @api_key +    @api_params(schema=GET_SCHEMA, validation_type=ValidationTypes.params) +    def get(self, data): +        logging.getLogger(__name__).debug(f"Size of request: {len(request.data)} bytes") + +        if not data: +            return self.error(ErrorCodes.bad_data_format, "No user IDs supplied") + +        data = [x["user_id"] for x in data] + +        result = self.db.run( +            self.db.query(self.table_name) +            .filter(lambda document: rethinkdb.expr(data).contains(document["user_id"])), +            coerce=list +        ) + +        return jsonify({"result": result})  # pragma: no cover + +    @api_key      @api_params(schema=SCHEMA, validation_type=ValidationTypes.json)      def post(self, data):          logging.getLogger(__name__).debug(f"Size of request: {len(request.data)} bytes") @@ -72,11 +97,11 @@ class UserView(APIView, DBMixin):      def delete(self, data):          user_ids = [user["user_id"] for user in data] -        changes = self.db.run( -            self.db.query(self.table_name) -            .get_all(*user_ids) -            .delete() -        ) +        # changes = self.db.run( +        #     self.db.query(self.table_name) +        #     .get_all(*user_ids) +        #     .delete() +        # )          oauth_deletions = self.db.run(              self.db.query(self.oauth_table_name) diff --git a/templates/main/about/privacy.html b/templates/main/about/privacy.html index b1d778c2..fa4e2aab 100644 --- a/templates/main/about/privacy.html +++ b/templates/main/about/privacy.html @@ -31,49 +31,62 @@                  <h3>Data collection</h3> +                <div class="uk-alert uk-alert-warning"> +                    <p> +                        Please note that data <span class="uk-text-primary">marked with blurple text below</span> is not +                        automatically removed. We need to hold onto this information in order to maintain infraction records +                        and ensure the smooth running of our community. +                    </p> +                    <p> +                        We do not store any data until you have verified yourself in <code>#checkpoint</code> on the server, +                        and certified that you agree to our rules and privacy policy. If you are leaving the server and would +                        like us to remove this data as well, please contact a member of staff directly. +                    </p> +                </div> +                  <table class="uk-table uk-table-divider uk-table-striped uk-table-small table-bordered" id="data-collection-table">                      <thead>                          <tr class="thick-bottom-border"> -                            <th>What we collect</th> -                            <th class="uk-table-shrink">When</th> -                            <th>What it's used for</th> -                            <th>Who can access it</th> +                            <th class="uk-width-1-4">What we collect</th> +                            <th class="uk-width-1-4">When it's collected</th> +                            <th class="uk-width-1-4">What it's used for</th> +                            <th class="uk-width-1-4">Who can access it</th>                          </tr>                      </thead>                      <tbody>                          <tr> -                            <td>Discord user ID</td> -                            <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td> +                            <td class="uk-text-primary">Discord user ID</td> +                            <td class="uk-table-shrink"><strong>!accept</strong> run on Discord</td>                              <td>Statistics, data association (infractions, code jam applications, etc)</td>                              <td>Administrative staff</td>                          </tr>                          <tr> -                            <td>Discord username and discriminator</td> -                            <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td> +                            <td class="uk-text-primary">Discord username and discriminator</td> +                            <td class="uk-table-shrink"><strong>!accept</strong> run on Discord</td>                              <td>Display purposes (alongside ID in staff areas, public profiles)</td> -                            <td>Public, for code jam team listings and winner info</td> +                            <td>Public (for code jam team listings and winner info) and staff areas</td>                          </tr>                          <tr> -                            <td>Discord avatar URLs</td> -                            <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td> -                            <td>Display purposes (public profiles)</td> -                            <td>Public, for code jam team listings and winner info</td> +                            <td class="uk-text-primary">Discord avatar URLs</td> +                            <td class="uk-table-shrink"><strong>!accept</strong> run on Discord</td> +                            <td>Display purposes (alongside ID in staff areas, public profiles)</td> +                            <td>Public (for code jam team listings and winner info) and staff areas</td>                          </tr>                          <tr> -                            <td>Assigned roles on Discord</td> -                            <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td> -                            <td>Access control for the site</td> +                            <td class="uk-text-primary">Assigned roles on Discord</td> +                            <td class="uk-table-shrink"><strong>!accept</strong> run on Discord</td> +                            <td>Access control for the site, infractions, role restoration after kicks</td>                              <td>Administrative staff</td>                          </tr>                          <tr class="thick-bottom-border"> -                            <td>Messages sent on Discord</td> -                            <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td> +                            <td class="uk-text-primary">Messages sent on Discord</td> +                            <td class="uk-table-shrink"><strong>!accept</strong> run on Discord</td>                              <td> -                                Stored in memory by the bot for processing temporarily, no message content reaches -                                the database unless you're using a bot command that interfaces with the site - May be -                                temporarily written to a log file for debugging purposes +                                Stored in memory by the bot for processing temporarily, may also end up in +                                staff-only logging channels for the purposes of accountability and infraction +                                management                              </td> -                            <td>N/A</td> +                            <td>Administrative staff</td>                          </tr>                          <tr class="thick-bottom-border"> @@ -136,7 +149,7 @@                  </p>                  <p>                      If you joined the community after the <strong>20th of May, 2018</strong>, you will have been greeted with the -                    <code>#checkpoint</code> channel. In this channel, you must run the <code>self.accept()</code> +                    <code>#checkpoint</code> channel. In this channel, you must run the <code>!accept</code>                      command to signify that you accept both our rules and this privacy policy. This will also have been                      detailed in a message in that channel.                  </p> @@ -161,7 +174,7 @@                  </p>                  <div class="uk-grid uk-grid-match" uk-grid> -                    <div class="uk-width-1-2@m"> +                    <div class="uk-width-3-5@m">                          <div class="uk-card uk-card-default uk-card-small">                              <div class="uk-card-header">                                  <h3 class="uk-card-title">Complete data removal</h3> @@ -174,6 +187,12 @@                                      our community, we are unable to offer you community membership with zero data collection.                                  </p>                                  <p> +                                    Please note that data <span class="uk-text-primary">marked with blurple text in the table above</span> +                                    is not automatically removed. We need to hold onto this information in order to maintain infraction records +                                    and ensure the smooth running of our community. If you are leaving the server and would like us to remove +                                    this data as well, please contact a member of staff directly. +                                </p> +                                <p>                                      Once you've left the Discord server, your data is removed automatically. Please note that                                      for the sake of data integrity and moderation purposes, we do not remove your Discord                                      user ID from our database - but we do anonymize your data as far as possible. @@ -186,7 +205,7 @@                              </div>                          </div>                      </div> -                    <div class="uk-width-1-2@m"> +                    <div class="uk-width-2-5@m">                          <div class="uk-card uk-card-default uk-card-small">                              <div class="uk-card-header">                                  <h3 class="uk-card-title">Code jam profile removal</h3> @@ -253,6 +272,14 @@                  <ul class="uk-list uk-list-divider">                      <li> +                        <h4>July 27th, 2018</h4> +                        <p> +                            As we're replacing Rowboat (the bot we use for moderation), we need to hold onto some of +                            your data - even after you've left the server. This is necessary to ensure the smooth +                            running and security of our community. +                        </p> +                    </li> +                    <li>                          <h4>July 3rd, 2018</h4>                          <p>                              While we don't collect your email addresses, they are visible on GitLab if you email an | 
