WordPress.org

Make WordPress Core

Opened 20 months ago

Closed 19 months ago

Last modified 18 months ago

#43637 closed enhancement (fixed)

Add filters and ajax support for personal data erasure

Reported by: allendav Owned by: allendav
Milestone: 4.9.6 Priority: normal
Severity: normal Version: 5.1
Component: Privacy Keywords: gdpr has-patch commit fixed-major
Focuses: Cc:
PR Number:

Description

Similar to #43438 but instead of for personal data export, this is for personal data erasure.

Like #43438, plugins (or core concerns) will need to be able to register callbacks which can erase (or at least anonymize) personal data (a "page" at a time) from where they've stored it. How much is processed by a plugin's exporter in the context of a page is up to the plugin but should target to finish in far less than PHP timeout on a typical host.

When a plugin no longer needs more "pages" it indicates it is done with erasure in the same manner as in #43438.

BTW - the rationale for ajax is to allow wp-admin to drive the process without timeouts that could occur on sites with lots of pages of objects to traverse. As with #43438, the ajax exporter-by-exporter, page-by-page approach will also lend itself to REST API endpoints down the road.

Attachments (5)

43637.diff (10.8 KB) - added by allendav 20 months ago.
Adds personal data eraser filtering and ajax supportr
43637.2.diff (7.0 KB) - added by allendav 20 months ago.
Updated to return the number of items removed, retained and any messages from the erasers
43637.3.diff (7.1 KB) - added by ericdaams 19 months ago.
Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter
43637.4.diff (6.0 KB) - added by desrosj 19 months ago.
43637.5.diff (5.1 KB) - added by desrosj 19 months ago.

Download all attachments as: .zip

Change History (29)

#1 @allendav
20 months ago

  • Keywords gdpr needs-patch added

@allendav
20 months ago

Adds personal data eraser filtering and ajax supportr

#2 @allendav
20 months ago

  • Keywords has-patch added; needs-patch removed

Requires #43442 to test. For testing instructions, see #43442.

#3 @Clorith
20 months ago

  • Owner set to allendav
  • Status changed from new to assigned

@allendav
20 months ago

Updated to return the number of items removed, retained and any messages from the erasers

#4 @allendav
20 months ago

Updated patch. Erasure ajax response now includes how many items were removed, how many were retained, and any messages personal data erasers wants to display to the administrator (e.g. "Personal data for this user was found in order 1324 but was not removed because the order has not yet shipped." )

Requires additional patches to test. Please standby for updated patches for #43442 and #43602 for testing.

cc @azaozz @mikejolley

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


20 months ago

@ericdaams
19 months ago

Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter

#6 @desrosj
19 months ago

  • Milestone changed from Awaiting Review to 4.9.6

Moving to the 4.9.6 milestone after consensus was reached in the most recent GDPR chat (https://wordpress.slack.com/archives/C9695RJBW/p1524063200000304).

#7 @azaozz
19 months ago

In 42986:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
See #43637, #43602.

#8 follow-up: @coreymckrill
19 months ago

Should wp_ajax_wp_privacy_erase_personal_data() have a capability check? Seems like it should be delete_users like in https://core.trac.wordpress.org/ticket/43602#comment:21

#9 in reply to: ↑ 8 @azaozz
19 months ago

Replying to coreymckrill:

Yep, the cap check is there but see https://core.trac.wordpress.org/ticket/43602#comment:26.

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


19 months ago

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


19 months ago

#12 @desrosj
19 months ago

  • Keywords commit fixed-major added

#13 @joemcgill
19 months ago

This depends on functionality from #43438, specifically [42889] to be backported, before this can be merged to the 4.9 branch. Additionally, @ocean90's concerns on the original ticket need to be addressed before this can be completed.

This ticket was mentioned in Slack in #gdpr-compliance by joemcgill. View the logs.


19 months ago

@desrosj
19 months ago

#15 follow-up: @desrosj
19 months ago

In 43637.4.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).
  • Add missing placeholder descriptions for translators.
Last edited 19 months ago by desrosj (previous) (diff)

#16 in reply to: ↑ 15 @SergeyBiryukov
19 months ago

Replying to desrosj:

Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).

$eraser_index is specifically cast to int though:

$eraser_index = (int) $_POST['eraser'];

Let's just add translator comments and leave the placeholders as is, I don't see a need for changing them.

@desrosj
19 months ago

#17 @desrosj
19 months ago

In 43637.5.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Add missing placeholder descriptions for translators.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


19 months ago

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


19 months ago

#20 @SergeyBiryukov
19 months ago

In 43075:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
Merges [42986] to the 4.9 branch.
See #43637, #43602.

#21 @SergeyBiryukov
19 months ago

In 43104:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

See #43637.

#22 @SergeyBiryukov
19 months ago

In 43106:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

Merges [43104] to the 4.9 branch.
See #43637.

#23 @SergeyBiryukov
19 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

Looks like the changes from 43637.5.diff are already committed in [43060] and backported in [43105].

#24 @desrosj
18 months ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.