WordPress.org

Make WordPress Core

Opened 10 months ago

Closed 9 months ago

Last modified 8 months ago

#43637 closed enhancement (fixed)

Add filters and ajax support for personal data erasure

Reported by: allendav Owned by: allendav
Milestone: 4.9.6 Priority: normal
Severity: normal Version: trunk
Component: Privacy Keywords: gdpr has-patch commit fixed-major
Focuses: Cc:

Description

Similar to #43438 but instead of for personal data export, this is for personal data erasure.

Like #43438, plugins (or core concerns) will need to be able to register callbacks which can erase (or at least anonymize) personal data (a "page" at a time) from where they've stored it. How much is processed by a plugin's exporter in the context of a page is up to the plugin but should target to finish in far less than PHP timeout on a typical host.

When a plugin no longer needs more "pages" it indicates it is done with erasure in the same manner as in #43438.

BTW - the rationale for ajax is to allow wp-admin to drive the process without timeouts that could occur on sites with lots of pages of objects to traverse. As with #43438, the ajax exporter-by-exporter, page-by-page approach will also lend itself to REST API endpoints down the road.

Attachments (5)

43637.diff (10.8 KB) - added by allendav 10 months ago.
Adds personal data eraser filtering and ajax supportr
43637.2.diff (7.0 KB) - added by allendav 9 months ago.
Updated to return the number of items removed, retained and any messages from the erasers
43637.3.diff (7.1 KB) - added by ericdaams 9 months ago.
Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter
43637.4.diff (6.0 KB) - added by desrosj 9 months ago.
43637.5.diff (5.1 KB) - added by desrosj 9 months ago.

Download all attachments as: .zip

Change History (29)

#1 @allendav
10 months ago

  • Keywords gdpr needs-patch added

@allendav
10 months ago

Adds personal data eraser filtering and ajax supportr

#2 @allendav
10 months ago

  • Keywords has-patch added; needs-patch removed

Requires #43442 to test. For testing instructions, see #43442.

#3 @Clorith
9 months ago

  • Owner set to allendav
  • Status changed from new to assigned

@allendav
9 months ago

Updated to return the number of items removed, retained and any messages from the erasers

#4 @allendav
9 months ago

Updated patch. Erasure ajax response now includes how many items were removed, how many were retained, and any messages personal data erasers wants to display to the administrator (e.g. "Personal data for this user was found in order 1324 but was not removed because the order has not yet shipped." )

Requires additional patches to test. Please standby for updated patches for #43442 and #43602 for testing.

cc @azaozz @mikejolley

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


9 months ago

@ericdaams
9 months ago

Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter

#6 @desrosj
9 months ago

  • Milestone changed from Awaiting Review to 4.9.6

Moving to the 4.9.6 milestone after consensus was reached in the most recent GDPR chat (https://wordpress.slack.com/archives/C9695RJBW/p1524063200000304).

#7 @azaozz
9 months ago

In 42986:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
See #43637, #43602.

#8 follow-up: @coreymckrill
9 months ago

Should wp_ajax_wp_privacy_erase_personal_data() have a capability check? Seems like it should be delete_users like in https://core.trac.wordpress.org/ticket/43602#comment:21

#9 in reply to: ↑ 8 @azaozz
9 months ago

Replying to coreymckrill:

Yep, the cap check is there but see https://core.trac.wordpress.org/ticket/43602#comment:26.

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


9 months ago

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


9 months ago

#12 @desrosj
9 months ago

  • Keywords commit fixed-major added

#13 @joemcgill
9 months ago

This depends on functionality from #43438, specifically [42889] to be backported, before this can be merged to the 4.9 branch. Additionally, @ocean90's concerns on the original ticket need to be addressed before this can be completed.

This ticket was mentioned in Slack in #gdpr-compliance by joemcgill. View the logs.


9 months ago

@desrosj
9 months ago

#15 follow-up: @desrosj
9 months ago

In 43637.4.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).
  • Add missing placeholder descriptions for translators.
Last edited 9 months ago by desrosj (previous) (diff)

#16 in reply to: ↑ 15 @SergeyBiryukov
9 months ago

Replying to desrosj:

Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).

$eraser_index is specifically cast to int though:

$eraser_index = (int) $_POST['eraser'];

Let's just add translator comments and leave the placeholders as is, I don't see a need for changing them.

@desrosj
9 months ago

#17 @desrosj
9 months ago

In 43637.5.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Add missing placeholder descriptions for translators.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


9 months ago

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


9 months ago

#20 @SergeyBiryukov
9 months ago

In 43075:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
Merges [42986] to the 4.9 branch.
See #43637, #43602.

#21 @SergeyBiryukov
9 months ago

In 43104:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

See #43637.

#22 @SergeyBiryukov
9 months ago

In 43106:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

Merges [43104] to the 4.9 branch.
See #43637.

#23 @SergeyBiryukov
9 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

Looks like the changes from 43637.5.diff are already committed in [43060] and backported in [43105].

#24 @desrosj
8 months ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.