aboutsummaryrefslogtreecommitdiffstats
path: root/templates/main
diff options
context:
space:
mode:
authorGravatar Gareth Coles <[email protected]>2018-05-20 23:29:17 +0100
committerGravatar GitHub <[email protected]>2018-05-20 23:29:17 +0100
commit449d52caf4010ed112f1928bf6b5234bcfb9a339 (patch)
tree3ce59258a68fcb4174610b157f3a3ae9c50be02a /templates/main
parentTests directory (#73) (diff)
Privacy/Usability updates (#75)
* Use less intrusive oauth scopes, add login redirect method * Remove debugging prints, add missing __init__ * Work towards new privacy policy * Fix judging state icons on code jam management page * Jammer profile retraction and punishments based on jam status * Linting * [Jams] Deny profile saving for users < 13 years, and finish removal page * Fix tests * Clean up and address Volcyy's review * Add proper login redirection to require_roles decorator * Fix template is_staff() and add staff link to navigation * Address lemon's review * Linting * Privacy page formatting * Privacy page formatting
Diffstat (limited to 'templates/main')
-rw-r--r--templates/main/about/privacy.html253
-rw-r--r--templates/main/jams/profile.html41
-rw-r--r--templates/main/jams/retract.html61
-rw-r--r--templates/main/jams/retracted.html31
-rw-r--r--templates/main/navigation.html16
5 files changed, 323 insertions, 79 deletions
diff --git a/templates/main/about/privacy.html b/templates/main/about/privacy.html
index 870b75a8..92a5eb73 100644
--- a/templates/main/about/privacy.html
+++ b/templates/main/about/privacy.html
@@ -20,119 +20,216 @@
<p>
We take every step to ensure that your data is used ethically and that includes making sure that
you know exactly what data we collect, and what we do with it. That means that instead of a
- bunch of legal mumbo-jumbo, we've provided this information in an easy, human-readable form below.
+ bunch of legalese, we've provided this information in an easy, human-readable form below.
</p>
- <h1 class="uk-article-title hover-title" id="data-collected">
- What We Collect
+ <p>
+ Please note that we are a completely non-profit community. We have no interest in selling your
+ data, or shipping it off to third parties. Our community is entirely volunteer-run - it does
+ not have any form of monetary income whatsoever - and we believe that this is how it should be.
+ </p>
+
+ <h3>Data collection</h3>
+
+ <table class="uk-table uk-table-divider uk-table-striped uk-table-small table-bordered">
+ <thead>
+ <tr class="thick-bottom-border">
+ <th>What we collect</th>
+ <th class="uk-table-shrink">When</th>
+ <th style="max-width: 30rem;">What it's used for</th>
+ <th>Who can access it</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>Discord user ID</td>
+ <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td>
+ <td style="max-width: 30rem;">Statistics, data association (infractions, code jam applications, etc)</td>
+ <td>Administrative staff</td>
+ </tr>
+ <tr>
+ <td>Discord username and discriminator</td>
+ <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td>
+ <td style="max-width: 30rem;">Display purposes (alongside ID in staff areas, public profiles)</td>
+ <td>Public, for code jam team listings and winner info</td>
+ </tr>
+ <tr>
+ <td>Assigned roles on Discord</td>
+ <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td>
+ <td style="max-width: 30rem;">Access control for the site</td>
+ <td>Administrative staff</td>
+ </tr>
+ <tr class="thick-bottom-border">
+ <td>Messages sent on Discord</td>
+ <td class="uk-table-shrink"><strong>self.accept()</strong> run on Discord</td>
+ <td style="max-width: 30rem;">
+ Stored in memory by the bot for processing temporarily, no message content reaches
+ the database unless you're using a bot command that interfaces with the site - May be
+ temporarily written to a log file for debugging purposes
+ </td>
+ <td>N/A</td>
+ </tr>
+
+ <tr class="thick-bottom-border">
+ <td>OAuth access and refresh token</td>
+ <td class="uk-table-shrink">Discord login on site</td>
+ <td style="max-width: 30rem;">Used to find your Discord user ID when you log in</td>
+ <td>Administrative staff</td>
+ </tr>
+
+ <tr>
+ <td>Date of birth</td>
+ <td class="uk-table-shrink">Code jam profile </td>
+ <td style="max-width: 30rem;">Age verification and a factor in code jam team match-ups; only stored if you're over 13</td>
+ <td>Administrative staff</td>
+ </tr>
+ <tr>
+ <td>GitHub username</td>
+ <td class="uk-table-shrink">Code jam profile</td>
+ <td style="max-width: 30rem;">Used to identify you on GitHub as part of a code jam team</td>
+ <td>Public, for code jam team listings</td>
+ </tr>
+ <tr>
+ <td>Timezone</td>
+ <td class="uk-table-shrink">Code jam profile</td>
+ <td style="max-width: 30rem;">A factor in code jam team match-ups</td>
+ <td>Administrative staff</td>
+ </tr>
+ </tbody>
+ </table>
- <a href="#data-collected" class="uk-text-primary" title="Permanent link to this header">
+ <h1 class="uk-article-title hover-title" id="consent">
+ Collecting consent
+
+ <a href="#consent" class="uk-text-primary" title="Permanent link to this header">
<i class="fas fa-paragraph" data-fa-transform="shrink-8"></i>
</a>
</h1>
- <p class="uk-article-meta">
- Cherry-picking from the firehose of data
+
+ <p>
+ If you joined the community on or before the <strong>20th of May, 2018</strong>, you will have seen an announcement about our
+ privacy policy on the Discord server. You will have had the opportunity to leave the server if
+ you weren't happy with it. If you decided to stay, then we will consider you to have accepted
+ our use of your data, as detailed on this page.
</p>
<p>
- During your time on the discord server, we collect...
+ If you joined the community after the <strong>20th of May, 2018</strong>, you will have been greeted with the
+ <code>#checkpoint</code> channel. In this channel, you must run the <code>self.accept()</code>
+ command to signify that you accept both our rules and this privacy policy. This will also have been
+ detailed in a message in that channel.
</p>
-
- <ul>
- <li>Your Discord user ID</li>
- <li>Your Discord username and discriminator</li>
- <li>The list of roles you're assigned on Discord</li>
- <li>Any messages you send on the server</li>
- </ul>
-
<p>
- Should you click the login button on the site, we additionally collect...
+ Please note that your acceptance of this privacy policy is retroactive, and you agree that any
+ revisions to it will apply when they are published. We will attempt to keep everyone updated on
+ changes to this policy via the usual announcement channels - if at any point you are not happy with
+ a change to the privacy policy, please bring it up with a member of staff. If we're unable to
+ solve your issue in a satisfactory way, you may remove your data as detailed below.
</p>
- <ul>
- <li>Your email address, supplied by Discord</li>
- <li>An access token and refresh token</li>
- </ul>
+ <h1 class="uk-article-title hover-title" id="removal">
+ Data removal
+
+ <a href="#removal" class="uk-text-primary" title="Permanent link to this header">
+ <i class="fas fa-paragraph" data-fa-transform="shrink-8"></i>
+ </a>
+ </h1>
<p>
- Should you set up your code jam profile, we additionally collect...
+ If you'd like to remove your data from our servers, there are two options available to you.
</p>
- <ul>
- <li>Your date of birth</li>
- <li>Your GitHub username</li>
- <li>Your timezone</li>
- </ul>
+ <div class="uk-grid uk-grid-match" uk-grid>
+ <div class="uk-width-1-2@m">
+ <div class="uk-card uk-card-default uk-card-small">
+ <div class="uk-card-header">
+ <h3 class="uk-card-title">Complete data removal</h3>
+ </div>
+
+ <div class="uk-card-body">
+ <p>
+ If you'd like to remove all of your personal data from our servers, all you need to do
+ is leave the Discord server. As much of the data we collect is necessary for running
+ our community, we are unable to offer you community membership with zero data collection.
+ </p>
+ <p>
+ Once you've left the Discord server, your data is removed automatically. Please note that
+ for the sake of data integrity and moderation purposes, we do not remove your Discord
+ user ID from our database - but we do anonymize your data as far as possible.
+ </p>
+ <p>
+ As with deleting your code jam profile directly, you will be issued an automatic ban
+ from future code jams if you have applied for or are currently taking part in a
+ code jam.
+ </p>
+ </div>
+ </div>
+ </div>
+ <div class="uk-width-1-2@m">
+ <div class="uk-card uk-card-default uk-card-small">
+ <div class="uk-card-header">
+ <h3 class="uk-card-title">Code jam profile removal</h3>
+ </div>
- <h1 class="uk-article-title hover-title" id="usage">
- How We Use Your Data
+ <div class="uk-card-body">
+ <p>
+ If you've provided us with a code jam profile in the past and would like to remove
+ it, you may do so by heading to the
+ <a href="{{ url_for("main.jams.profile") }}">"My Profile" page</a>,
+ where you will find a button that will remove your profile.
+ </p>
+ <p>
+ Please note that this is a nuclear option. If you have applied for or are currently
+ taking part in a code jam, this will void your application and you will receive an
+ automatic ban from future code jams until you've contacted us about it.
+ </p>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <h1 class="uk-article-title hover-title" id="gdpr">
+ GDPR compliance
- <a href="#usage" class="uk-text-primary" title="Permanent link to this header">
+ <a href="#gdpr" class="uk-text-primary" title="Permanent link to this header">
<i class="fas fa-paragraph" data-fa-transform="shrink-8"></i>
</a>
</h1>
<p class="uk-article-meta">
- Keeping secrets
+ Keeping your data under your control
</p>
<p>
- We use your data for the daily maintainance of the server and website. In short: We only collect
- what we need. To explain this in more detail:
+ Under the terms specified above, we do aim to comply with GDPR. While we do not currently have
+ an automated way for users to export the data they've provided to us, we're happy to do this
+ manually or answer any other GDPR- or privacy-related queries you may have. Feel free to contact
+ our GDPR officer on Discord (<code>gdude#2002</code>), or any other member of the administrative
+ staff.
+ </p>
+ <p>
+ We are currently working on an automated way to get all of your data in both a human-readable
+ and machine-readable format. Keep your eye on the usual announcements channels for more information
+ on that, as it happens.
</p>
- <ul>
- <li>
- Your Discord account details are useful for statistics - However, the storage of your assigned
- roles in our database also allows our site to use a Discord account-based authorization system.
- That means that all we have to do is assign the correct roles to you on Discord to give you
- access to the relevant parts of the site.
- </li>
- <li>
- While we currently do not use your email address for anything, we do have projects in the works
- that will make use of it. Don't worry, your email address will never leave our network, and we
- won't send anything to you without your consent!
- </li>
- <li>
- Your messages are not stored in our database - they're stored temporarily in memory during
- processing, and may also be written to a logfile.
- </li>
- <li>
- We are a completely non-profit community. We have no interest in selling your data, or
- shipping it off to third parties. Our community is entirely volunteer-run and it does not have
- any form of monetary income whatsoever - and we believe that this is how it should be.
- </li>
- </ul>
- <h1 class="uk-article-title hover-title" id="gdpr">
- GDPR
+ <h1 class="uk-article-title hover-title" id="changelog">
+ Changelog
- <a href="#gdpr" class="uk-text-primary" title="Permanent link to this header">
+ <a href="#changelog" class="uk-text-primary" title="Permanent link to this header">
<i class="fas fa-paragraph" data-fa-transform="shrink-8"></i>
</a>
</h1>
<p class="uk-article-meta">
- Keeping your data under your control
+ Accountability, for the masses
</p>
- <p>
- The data we collect is required for the daily operation of this website, our bot and the Discord
- server. That said, we intend to fully comply with GDPR. Here's how we do this, and how you can
- contact us with any questions you have:
- </p>
- <ul>
- <li>
- When you join the server, we require that you accept our rules and terms by running a command
- in the <code>#checkpoint</code> channel. In doing so, you agree that you will abide by our rules -
- and you also agree to our data collection and usage policies (as detailed above).
- </li>
- <li>
- Should you change your mind at any point, we cannot selectively remove data and keep your
- membership on the server. If you'd like us to remove your data, there's only one thing you need
- to do: Leave the Discord server. In doing that, all of your data will automatically be removed
- from our systems. It's that simple!
- </li>
+ <ul class="uk-list uk-list-divider">
<li>
- If you'd like a copy of the data we have belonging to you or you have any other questions about
- our data and GDPR handling, feel free to send a message to our GDPR officer on Discord,
- <code>gdude#2002</code> - or any other admin if he's not around.
+ <h4>May 20th, 2018</h4>
+ <p>
+ Completed the first version of our privacy policy. We also updated our OAuth scopes for
+ Discord logins - we no longer collect your email, or get the access to join you to servers
+ automatically. All collected emails have also been removed from the database.
+ </p>
</li>
</ul>
</article>
diff --git a/templates/main/jams/profile.html b/templates/main/jams/profile.html
index efa0e274..cf2088c7 100644
--- a/templates/main/jams/profile.html
+++ b/templates/main/jams/profile.html
@@ -67,6 +67,17 @@
<button type="submit" class="uk-button uk-button-primary" id="submit">
<i class="uk-icon fa-fw far fa-check"></i> &nbsp;Save
</button>
+
+ {% if existing %}
+ <a class="uk-button uk-button-danger" href="{{ url_for("main.jams.retract") }}">
+ <i class="uk-icon fa-fw fas fa-bomb"></i> &nbsp;Delete
+ </a>
+ {% else %}
+ <a class="uk-button uk-button-default uk-text-muted uk-link-muted" style="cursor: default !important"
+ uk-tooltip="title: You can't delete your profile because you haven't submitted one yet!; pos: bottom">
+ <i class="uk-icon fa-fw fas fa-bomb"></i> &nbsp;Delete
+ </a>
+ {% endif %}
</div>
</form>
</div>
@@ -75,19 +86,47 @@
<script type="application/javascript">
- const date = flatpickr("#dob", {enableTime: false, altInput: true});
+ const date = flatpickr("#dob", {
+ enableTime: false, altInput: true, altInputClass: "date-picker",
+ onChange: function() {
+ let dob = moment(dob_input.value);
+
+ if (!dob.isBefore(earliest_dob)) {
+ UIkit.notification({
+ "message": "You must be aged 13 or older to participate in our code jams.",
+ "status": "danger",
+ "pos": "top-center",
+ "timeout": 5000,
+ });
+
+ dob_output.classList.add("uk-form-danger");
+ submit_button.disabled = true;
+ } else {
+ dob_output.classList.remove("uk-form-danger");
+ }
+ }
+ });
+
const tz = moment().format("Z");
const dob_input = document.getElementById("dob");
+ const dob_output = document.getElementsByClassName("date-picker")[0];
const github_input = document.getElementById("github_username");
const tz_input = document.getElementById("timezone");
const submit_button = document.getElementById("submit");
+ const earliest_dob = moment().subtract(13, "years");
function checkInputs() {
if (dob_input.value.length < 1)
return submit_button.disabled = true;
+ let dob = moment(dob_input.value);
+
+ if (!dob.isBefore(earliest_dob)) {
+ return submit_button.disabled = true;
+ }
+
if (github_input.value.length < 1)
return submit_button.disabled = true;
diff --git a/templates/main/jams/retract.html b/templates/main/jams/retract.html
new file mode 100644
index 00000000..bbe3bdae
--- /dev/null
+++ b/templates/main/jams/retract.html
@@ -0,0 +1,61 @@
+{% extends "main/base.html" %}
+{% block title %}Code Jams | Already applied{% endblock %}
+{% block og_title %}Code Jams | Already applied{% endblock %}
+
+{% block content %}
+<div class="uk-section">
+ <div class="uk-container uk-container-small">
+ <h1 class="uk-header uk-article-title">
+ Code Jams: Retract Profile
+ </h1>
+
+ {% if participant %}
+ <p>
+ Are you sure you'd like to retract your code jam profile?
+ </p>
+
+ {% if banned %}
+ <p>
+ Retracting your code jam profile will remove your date of birth, GitHub username and timezone from our
+ database. If you're entirely sure that you'd like to remove your profile, please click on the "Remove" button below.
+ </p>
+
+ <p>
+ As you are currently taking part in a code jam,
+ <strong class="uk-text-danger">this will void your application and you will receive an automatic ban from future code jams</strong>
+ until you've contacted us about it.
+ </p>
+ {% else %}
+ <p>
+ Retracting your code jam profile will remove your date of birth, GitHub username and timezone from our
+ database. If you're entirely sure that you'd like to remove your profile, please click on the "Remove" button below.
+ </p>
+
+ <p>
+ As you are not currently taking part in an ongoing code jam,
+ <strong class="uk-text-primary">you will not be banned from future code jams</strong>.
+ </p>
+ {% endif %}
+
+ <form action="{{ url_for("main.jams.retract") }}" method="post" class="uk-form uk-text-center" uk-form>
+ <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+
+ <a class="uk-button uk-button-primary" href="{{ url_for("main.jams.profile") }}">
+ <i class="uk-icon fa-fw far fa-arrow-left"></i> &nbsp;Cancel
+ </a>
+ <button class="uk-button uk-button-danger" type="submit">
+ <i class="uk-icon fa-fw fas fa-bomb"></i> &nbsp;Remove
+ </button>
+ </form>
+ {% else %}
+ <p class="uk-alert uk-alert-danger">
+ You can't delete your profile - you haven't submitted one to us yet!
+ </p>
+
+ <a class="uk-button uk-button-secondary uk-width-1-1" href="{{ url_for("main.jams.profile") }}">
+ <i class="uk-icon fa-fw far fa-arrow-left"></i> &nbsp;Back
+ </a>
+ {% endif %}
+ </div>
+</div>
+{% endblock %}
diff --git a/templates/main/jams/retracted.html b/templates/main/jams/retracted.html
new file mode 100644
index 00000000..b67b6497
--- /dev/null
+++ b/templates/main/jams/retracted.html
@@ -0,0 +1,31 @@
+{% extends "main/base.html" %}
+{% block title %}Code Jams | Already applied{% endblock %}
+{% block og_title %}Code Jams | Already applied{% endblock %}
+
+{% block content %}
+<div class="uk-section">
+ <div class="uk-container uk-container-small">
+ <h1 class="uk-header uk-article-title">
+ Code Jams: Profile Retracted
+ </h1>
+
+ {% if banned %}
+ <p>
+ Your code jam profile has been deleted. As you were participating in an ongoing code jam, you have
+ been issued with an automatic ban from future code jams. If you'd like to join a code jam in the
+ future, please contact us directly and we'll try to resolve the situation with you. Thanks for your
+ interest in our code jams regardless!
+ </p>
+ {% else %}
+ <p>
+ Your code jam profile has been deleted. you were not participating in an ongoing code jam, no further
+ action is required by you. Thanks for your interest in our code jams regardless!
+ </p>
+ {% endif %}
+
+ <a class="uk-button uk-button-secondary uk-width-1-1" href="{{ url_for("main.jams.index") }}">
+ <i class="uk-icon fa-fw far fa-arrow-left"></i> &nbsp;Back to code jams
+ </a>
+ </div>
+</div>
+{% endblock %}
diff --git a/templates/main/navigation.html b/templates/main/navigation.html
index 3130747b..ea5bac3e 100644
--- a/templates/main/navigation.html
+++ b/templates/main/navigation.html
@@ -26,6 +26,14 @@
{% endif %}
<li><a href="{{ url_for('main.invite') }}"><i class="uk-icon fab fa-discord fa-fw"></i> &nbsp;Discord</a></li>
+
+ {% if is_staff() %}
+ {% if current_page.startswith("staff.") %}
+ <li class="uk-active"><a href="{{ url_for('staff.index') }}"><i class="uk-icon fas fa-wrench fa-fw"></i> &nbsp;Staff</a></li>
+ {% else %}
+ <li class=""><a href="{{ url_for('staff.index') }}"><i class="uk-icon fas fa-wrench fa-fw"></i> &nbsp;Staff</a></li>
+ {% endif %}
+ {% endif %}
</ul>
<ul class="uk-navbar-nav">
<li>
@@ -47,6 +55,14 @@
{% endif %}
<li class="uk-nav-item uk-hidden@m"><a href="{{ url_for('main.invite') }}"><i class="uk-icon fab fa-discord fa-fw"></i> &nbsp;Discord</a></li>
+
+ {% if is_staff() %}
+ {% if current_page.startswith("staff.") %}
+ <li class="uk-nav-item uk-active uk-hidden@m"><a href="{{ url_for('staff.index') }}"><i class="uk-icon fas fa-wrench fa-fw"></i> &nbsp;Staff</a></li>
+ {% else %}
+ <li class="uk-nav-item uk-hidden@m"><a href="{{ url_for('staff.index') }}"><i class="uk-icon fas fa-wrench fa-fw"></i> &nbsp;Staff</a></li>
+ {% endif %}
+ {% endif %}
<li class="uk-nav-divider uk-hidden@m"></li>
{% if not debug %}