Opened 7 years ago
Last modified 7 years ago
#43880 assigned enhancement
Add functionality to add an anonymous user an get its ID for anonymization of data related to a WordPress user.
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Privacy | Keywords: | has-patch, needs-testing, needs-unit-tests, 2nd-opinion |
Focuses: | Cc: |
Description
When we need to anonymize data that is (or can be) associated with a WordPress user, we anonymize it by changing the user ID of that data to a user that represents anonymized content. But currently no such user exists, so we set the ID to 0.
In order to display an actual user name (at least for posts), we would need an actual user 'Anonymous' that we can re-assign the content to.
This might be created on WordPress install by default (maybe even with a User ID of 0
that we can then hardcode into the anonymized functions), or by calling a function like _wp_privacy_get_anonymous_user_id()
that creates the user if not already created and returns the user ID (that might be stored in a site_option).
Attachments (4)
Change History (17)
#1
@
7 years ago
- Keywords has-patch needs-testing needs-unit-tests 2nd-opinion added; needs-patch removed
- Adds a helper function
_wp_privacy_get_anonymous_user_id()
that generates an anonymous user if none exists and return its ID.- Returns 0 if no user could be created.
- Adds a type of
user_id
to the existingwp_privacy_anonymize_data()
helper function to allow easy anonymization of a user ID.
Questions: How can we prevent logins and wp_admin access by that user by all means? I've set the password to null
and the role to the non-existing role anonymous_user
, but I hope there's a more elegant way to achieve this.
#2
@
7 years ago
- Milestone changed from Awaiting Review to 4.9.6
- Owner set to tz-media
- Status changed from new to assigned
#3
@
7 years ago
Thinking of that... if we create a new user, because something went wrong with the old one (deleted by admin or whatever), should we reassign all posts/comments etc. to the newly created user automatically? And if so, should we do this inside the function itself, or schedule an event that reassigns them?
#4
@
7 years ago
Note: This extends #43545, so that patch needs to be backported before this can be back ported to 4.9.6.
This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.
7 years ago
#8
@
7 years ago
Cool idea. If we create a user automagically, we should carefully consider roles/capabilities for the user, whether they should ever be able to log in (probably not), etc.
Maybe .7 to allow time for us to think this through?
#10
@
7 years ago
- Milestone changed from 4.9.7 to Future Release
Moving gdpr
tickets that are not bugs to Future Release
until the next steps can be properly evaluated.
#12
@
7 years ago
Instead of moving data to a fake user "anonymous" - why not use the anonymizing functions on what ever user we anonymize, and instead change the ROLE of the user to anonymous.
So what IS new in the system, is a role that has no rights what so ever.
Doing it like this, you keep any data integrity between posts, and other data, since you don't move things arround.
Helper function to generate an anonymous user and get its ID.