From 14be9e30deae5714a3bdcd7e0bfe3cddf8fd1844 Mon Sep 17 00:00:00 2001 From: Gareth Coles Date: Fri, 27 Jul 2018 17:10:19 +0100 Subject: Don't remove basic user objects, add API for querying them Also update privacy policy in accordance with this --- pysite/views/api/bot/user.py | 35 +++++++++++++++--- templates/main/about/privacy.html | 77 ++++++++++++++++++++++++++------------- 2 files changed, 82 insertions(+), 30 deletions(-) diff --git a/pysite/views/api/bot/user.py b/pysite/views/api/bot/user.py index 189dd1f8..c8d769d5 100644 --- a/pysite/views/api/bot/user.py +++ b/pysite/views/api/bot/user.py @@ -1,4 +1,5 @@ import logging +import rethinkdb from flask import jsonify, request from schema import Optional, Schema @@ -18,6 +19,12 @@ SCHEMA = Schema([ } ]) +GET_SCHEMA = Schema([ + { + "user_id": str + } +]) + DELETE_SCHEMA = Schema([ { "user_id": str, @@ -45,6 +52,24 @@ class UserView(APIView, DBMixin): table_name = "users" teams_table = "code_jam_teams" + @api_key + @api_params(schema=GET_SCHEMA, validation_type=ValidationTypes.params) + def get(self, data): + logging.getLogger(__name__).debug(f"Size of request: {len(request.data)} bytes") + + if not data: + return self.error(ErrorCodes.bad_data_format, "No user IDs supplied") + + data = [x["user_id"] for x in data] + + result = self.db.run( + self.db.query(self.table_name) + .filter(lambda document: rethinkdb.expr(data).contains(document["user_id"])), + coerce=list + ) + + return jsonify({"result": result}) # pragma: no cover + @api_key @api_params(schema=SCHEMA, validation_type=ValidationTypes.json) def post(self, data): @@ -72,11 +97,11 @@ class UserView(APIView, DBMixin): def delete(self, data): user_ids = [user["user_id"] for user in data] - changes = self.db.run( - self.db.query(self.table_name) - .get_all(*user_ids) - .delete() - ) + # changes = self.db.run( + # self.db.query(self.table_name) + # .get_all(*user_ids) + # .delete() + # ) oauth_deletions = self.db.run( self.db.query(self.oauth_table_name) diff --git a/templates/main/about/privacy.html b/templates/main/about/privacy.html index b1d778c2..fa4e2aab 100644 --- a/templates/main/about/privacy.html +++ b/templates/main/about/privacy.html @@ -31,49 +31,62 @@

Data collection

+
+

+ Please note that data marked with blurple text below is not + automatically removed. We need to hold onto this information in order to maintain infraction records + and ensure the smooth running of our community. +

+

+ We do not store any data until you have verified yourself in #checkpoint on the server, + and certified that you agree to our rules and privacy policy. If you are leaving the server and would + like us to remove this data as well, please contact a member of staff directly. +

+
+ - - - - + + + + - - + + - - + + - + - - - - + + + + - - - + + + - - + + - + @@ -136,7 +149,7 @@

If you joined the community after the 20th of May, 2018, you will have been greeted with the - #checkpoint channel. In this channel, you must run the self.accept() + #checkpoint channel. In this channel, you must run the !accept command to signify that you accept both our rules and this privacy policy. This will also have been detailed in a message in that channel.

@@ -161,7 +174,7 @@

-
+

Complete data removal

@@ -173,6 +186,12 @@ is leave the Discord server. As much of the data we collect is necessary for running our community, we are unable to offer you community membership with zero data collection.

+

+ Please note that data marked with blurple text in the table above + is not automatically removed. We need to hold onto this information in order to maintain infraction records + and ensure the smooth running of our community. If you are leaving the server and would like us to remove + this data as well, please contact a member of staff directly. +

Once you've left the Discord server, your data is removed automatically. Please note that for the sake of data integrity and moderation purposes, we do not remove your Discord @@ -186,7 +205,7 @@

-
+

Code jam profile removal

@@ -252,6 +271,14 @@

    +
  • +

    July 27th, 2018

    +

    + As we're replacing Rowboat (the bot we use for moderation), we need to hold onto some of + your data - even after you've left the server. This is necessary to ensure the smooth + running and security of our community. +

    +

  • July 3rd, 2018

    -- cgit v1.2.3

What we collectWhenWhat it's used forWho can access itWhat we collectWhen it's collectedWhat it's used forWho can access it
Discord user IDself.accept() run on DiscordDiscord user ID!accept run on Discord Statistics, data association (infractions, code jam applications, etc) Administrative staff
Discord username and discriminatorself.accept() run on DiscordDiscord username and discriminator!accept run on Discord Display purposes (alongside ID in staff areas, public profiles)Public, for code jam team listings and winner infoPublic (for code jam team listings and winner info) and staff areas
Discord avatar URLsself.accept() run on DiscordDisplay purposes (public profiles)Public, for code jam team listings and winner infoDiscord avatar URLs!accept run on DiscordDisplay purposes (alongside ID in staff areas, public profiles)Public (for code jam team listings and winner info) and staff areas
Assigned roles on Discordself.accept() run on DiscordAccess control for the siteAssigned roles on Discord!accept run on DiscordAccess control for the site, infractions, role restoration after kicks Administrative staff
Messages sent on Discordself.accept() run on DiscordMessages sent on Discord!accept run on Discord - Stored in memory by the bot for processing temporarily, no message content reaches - the database unless you're using a bot command that interfaces with the site - May be - temporarily written to a log file for debugging purposes + Stored in memory by the bot for processing temporarily, may also end up in + staff-only logging channels for the purposes of accountability and infraction + management N/AAdministrative staff