Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#43637 closed enhancement (fixed)

Add filters and ajax support for personal data erasure

Reported by: allendav's profile allendav Owned by: allendav's profile allendav
Milestone: 4.9.6 Priority: normal
Severity: normal Version: 5.1
Component: Privacy Keywords: gdpr has-patch commit fixed-major
Focuses: Cc:

Description

Similar to #43438 but instead of for personal data export, this is for personal data erasure.

Like #43438, plugins (or core concerns) will need to be able to register callbacks which can erase (or at least anonymize) personal data (a "page" at a time) from where they've stored it. How much is processed by a plugin's exporter in the context of a page is up to the plugin but should target to finish in far less than PHP timeout on a typical host.

When a plugin no longer needs more "pages" it indicates it is done with erasure in the same manner as in #43438.

BTW - the rationale for ajax is to allow wp-admin to drive the process without timeouts that could occur on sites with lots of pages of objects to traverse. As with #43438, the ajax exporter-by-exporter, page-by-page approach will also lend itself to REST API endpoints down the road.

Attachments (5)

43637.diff (10.8 KB) - added by allendav 6 years ago.
Adds personal data eraser filtering and ajax supportr
43637.2.diff (7.0 KB) - added by allendav 6 years ago.
Updated to return the number of items removed, retained and any messages from the erasers
43637.3.diff (7.1 KB) - added by ericdaams 6 years ago.
Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter
43637.4.diff (6.0 KB) - added by desrosj 6 years ago.
43637.5.diff (5.1 KB) - added by desrosj 6 years ago.

Download all attachments as: .zip

Change History (29)

#1 @allendav
6 years ago

  • Keywords gdpr needs-patch added

@allendav
6 years ago

Adds personal data eraser filtering and ajax supportr

#2 @allendav
6 years ago

  • Keywords has-patch added; needs-patch removed

Requires #43442 to test. For testing instructions, see #43442.

#3 @Clorith
6 years ago

  • Owner set to allendav
  • Status changed from new to assigned

@allendav
6 years ago

Updated to return the number of items removed, retained and any messages from the erasers

#4 @allendav
6 years ago

Updated patch. Erasure ajax response now includes how many items were removed, how many were retained, and any messages personal data erasers wants to display to the administrator (e.g. "Personal data for this user was found in order 1324 but was not removed because the order has not yet shipped." )

Requires additional patches to test. Please standby for updated patches for #43442 and #43602 for testing.

cc @azaozz @mikejolley

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


6 years ago

@ericdaams
6 years ago

Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter

#6 @desrosj
6 years ago

  • Milestone changed from Awaiting Review to 4.9.6

Moving to the 4.9.6 milestone after consensus was reached in the most recent GDPR chat (https://wordpress.slack.com/archives/C9695RJBW/p1524063200000304).

#7 @azaozz
6 years ago

In 42986:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
See #43637, #43602.

#8 follow-up: @coreymckrill
6 years ago

Should wp_ajax_wp_privacy_erase_personal_data() have a capability check? Seems like it should be delete_users like in https://core.trac.wordpress.org/ticket/43602#comment:21

#9 in reply to: ↑ 8 @azaozz
6 years ago

Replying to coreymckrill:

Yep, the cap check is there but see https://core.trac.wordpress.org/ticket/43602#comment:26.

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


6 years ago

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


6 years ago

#12 @desrosj
6 years ago

  • Keywords commit fixed-major added

#13 @joemcgill
6 years ago

This depends on functionality from #43438, specifically [42889] to be backported, before this can be merged to the 4.9 branch. Additionally, @ocean90's concerns on the original ticket need to be addressed before this can be completed.

This ticket was mentioned in Slack in #gdpr-compliance by joemcgill. View the logs.


6 years ago

@desrosj
6 years ago

#15 follow-up: @desrosj
6 years ago

In 43637.4.diff:

  • Ensure docblock for the filter is properly formatted.
  • Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).
  • Add missing placeholder descriptions for translators.
Version 0, edited 6 years ago by desrosj (next)

#16 in reply to: ↑ 15 @SergeyBiryukov
6 years ago

Replying to desrosj:

Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).

$eraser_index is specifically cast to int though:

$eraser_index = (int) $_POST['eraser'];

Let's just add translator comments and leave the placeholders as is, I don't see a need for changing them.

@desrosj
6 years ago

#17 @desrosj
6 years ago

In 43637.5.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Add missing placeholder descriptions for translators.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


6 years ago

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


6 years ago

#20 @SergeyBiryukov
6 years ago

In 43075:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
Merges [42986] to the 4.9 branch.
See #43637, #43602.

#21 @SergeyBiryukov
6 years ago

In 43104:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

See #43637.

#22 @SergeyBiryukov
6 years ago

In 43106:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

Merges [43104] to the 4.9 branch.
See #43637.

#23 @SergeyBiryukov
6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

Looks like the changes from 43637.5.diff are already committed in [43060] and backported in [43105].

#24 @desrosj
6 years ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.