WordPress.org

Make WordPress Core

Opened 4 weeks ago

Last modified 8 days ago

#43880 assigned enhancement

Add functionality to add an anonymous user an get its ID for anonymization of data related to a WordPress user.

Reported by: TZ Media Owned by: tz-media
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr has-patch needs-testing needs-unit-tests 2nd-opinion
Focuses: Cc:

Description

When we need to anonymize data that is (or can be) associated with a WordPress user, we anonymize it by changing the user ID of that data to a user that represents anonymized content. But currently no such user exists, so we set the ID to 0.

In order to display an actual user name (at least for posts), we would need an actual user 'Anonymous' that we can re-assign the content to.

This might be created on WordPress install by default (maybe even with a User ID of 0 that we can then hardcode into the anonymized functions), or by calling a function like _wp_privacy_get_anonymous_user_id() that creates the user if not already created and returns the user ID (that might be stored in a site_option).

Attachments (3)

43880.patch (1.9 KB) - added by TZ Media 4 weeks ago.
Helper function to generate an anonymous user and get its ID.
43880.1.patch (2.0 KB) - added by TZ Media 4 weeks ago.
Checks if cached user id actually exists instead of returning it blindly.
43880.2.diff (2.0 KB) - added by lbenicio 11 days ago.
added unit tests to path 43880

Download all attachments as: .zip

Change History (14)

@TZ Media
4 weeks ago

Helper function to generate an anonymous user and get its ID.

#1 @TZ Media
4 weeks ago

  • Keywords has-patch needs-testing needs-unit-tests 2nd-opinion added; needs-patch removed
  • Adds a helper function _wp_privacy_get_anonymous_user_id() that generates an anonymous user if none exists and return its ID.
    • Returns 0 if no user could be created.
  • Adds a type of user_id to the existing wp_privacy_anonymize_data() helper function to allow easy anonymization of a user ID.

Questions: How can we prevent logins and wp_admin access by that user by all means? I've set the password to null and the role to the non-existing role anonymous_user, but I hope there's a more elegant way to achieve this.

#2 @desrosj
4 weeks ago

  • Milestone changed from Awaiting Review to 4.9.6
  • Owner set to tz-media
  • Status changed from new to assigned

@TZ Media
4 weeks ago

Checks if cached user id actually exists instead of returning it blindly.

#3 @TZ Media
4 weeks ago

Thinking of that... if we create a new user, because something went wrong with the old one (deleted by admin or whatever), should we reassign all posts/comments etc. to the newly created user automatically? And if so, should we do this inside the function itself, or schedule an event that reassigns them?

#4 @TZ Media
3 weeks ago

Note: This extends #43545, so that patch needs to be backported before this can be back ported to 4.9.6.

#5 @desrosj
3 weeks ago

  • Milestone changed from 4.9.6 to 4.9.7

#6 @desrosj
3 weeks ago

  • Milestone changed from 4.9.7 to 4.9.6

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


3 weeks ago

#8 @allendav
3 weeks ago

Cool idea. If we create a user automagically, we should carefully consider roles/capabilities for the user, whether they should ever be able to log in (probably not), etc.

Maybe .7 to allow time for us to think this through?

#9 @desrosj
3 weeks ago

  • Milestone changed from 4.9.6 to 4.9.7

@lbenicio
11 days ago

added unit tests to path 43880

#10 @desrosj
9 days ago

  • Milestone changed from 4.9.7 to Future Release

Moving gdpr tickets that are not bugs to Future Release until the next steps can be properly evaluated.

#11 @desrosj
8 days ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.