<li>
[% END %]
<a href="/cgi-bin/koha/opac-memberentry.pl">your personal details</a></li>
+
+ [% IF Koha.Preference('GDPR_Policy') # remove when extending %]
+ [% IF consentview %]<li class="active">[% ELSE %]<li>[% END %]
+ <a href="/cgi-bin/koha/opac-patron-consent.pl">your consents</a>
+ </li>
+ [% END %]
+
[% IF Koha.Preference( 'TagsEnabled' ) == 1 %]
[% IF ( tagsview ) %]
<li class="active">
--- /dev/null
+[% USE Koha %]
+[% SET consentview = 1 %]
+[% INCLUDE 'doc-head-open.inc' %]
+<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog › Your consents</title>
+[% INCLUDE 'doc-head-close.inc' %]
+[% BLOCK cssinclude %][% END %]
+</head>
+[% INCLUDE 'bodytag.inc' bodyid='opac-patron-consent' %]
+[% INCLUDE 'masthead.inc' %]
+
+<div class="main">
+ <ul class="breadcrumb">
+ <li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">›</span></li>
+ <li><a href="/cgi-bin/koha/opac-user.pl">[% patron.firstname %] [% patron.surname %]</a> <span class="divider">›</span></li>
+ <li><a href="#">Your consents</a></li>
+ </ul>
+
+ <div class="container-fluid">
+ <div class="row-fluid">
+ <div class="span2">
+ <div id="navigation">
+ [% INCLUDE 'navigation.inc' IsPatronPage=1 %]
+ </div>
+ </div>
+ <div class="span10">
+ <div id="patronconsents">
+
+ [% IF Koha.Preference('GDPR_Policy') %]
+ <div class="alert">
+ <p>In order to keep you logged in, we need your consent to process personal data as specified in the EU General Data Protection Regulation of May 25, 2018.</p>
+ <p>Please save your consent below or log out. Thank you!</p>
+ </div>
+ [% END %]
+
+ <h3>Your consents</h3>
+
+ <form action="/cgi-bin/koha/opac-patron-consent.pl" method="post">
+ [% IF Koha.Preference('GDPR_Policy') %]
+ <h5>GDPR consents</h5>
+ <input type="hidden" name="op" value="gdpr_proc_save"/>
+ <input type="hidden" name="borrowernumber" value="[% patron.borrowernumber %]"/>
+ <fieldset>
+ <ul><li>
+ <p>I have read the <a target="_blank" href="[% Koha.Preference('PrivacyPolicyURL') %]">privacy policy</a> and agree with your processing of my personal data as outlined therein.</p>
+ <p><input type="radio" name="gdpr_processing" value="agreed"> Yes, I agree.<br>
+ <input type="radio" name="gdpr_processing" value="disagreed"> No, I do not agree. Please remove my account within a reasonable time.</p>
+ [% IF gdpr_proc_consent %]
+ <p>Your consent was registered on [% gdpr_proc_consent %].</p>
+ [% END %]
+ </li></ul>
+ </fieldset>
+ <fieldset class="action"><input id="saveconsent" type="submit" value="Save" class="btn" /></fieldset>
+ [% END %]
+
+ </form>
+
+ </div> <!-- / #userpasswd -->
+ </div> <!-- / .span10 -->
+ </div> <!-- / .row-fluid -->
+ </div> <!-- / .container-fluid -->
+</div> <!-- / .main -->
+
+[% INCLUDE 'opac-bottom.inc' %]
+[% BLOCK jsinclude %]
+<script type="text/javascript">
+ var consent = null;
+ $(document).ready(function() {
+ [% IF gdpr_proc_consent %]
+ consent=1;
+ $("input[type='radio'][value='agreed']").prop('checked',true);
+ $(".alert").hide();
+ [% ELSIF gdpr_proc_refusal %]
+ consent=0;
+ $("input[type='radio'][value='disagreed']").prop('checked',true);
+ [% ELSE %]
+ [% END %]
+ $("#saveconsent").prop('disabled', true);
+
+ $("input[type='radio']").click(function() {
+ var radio = $(this).val();
+ if(radio=='agreed' && (consent==null || consent==0)) $("#saveconsent").prop('disabled', false);
+ if(radio=='disagreed' && (consent==null || consent==1)) $("#saveconsent").prop('disabled', false);
+ if(radio=='agreed') $(".alert").hide();
+ if(radio=='disagreed') $(".alert").show();
+ });
+
+ });
+</script>
+[% END %]
--- /dev/null
+#!/usr/bin/perl
+
+# Copyright 2018 Rijksmuseum
+#
+# This file is part of Koha.
+#
+# Koha is free software; you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3 of the License, or (at your option) any later
+# version.
+#
+# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+use Modern::Perl;
+use CGI qw/-utf8/;
+
+use C4::Auth qw/get_template_and_user/;
+use C4::Output qw/output_html_with_http_headers/;
+use Koha::DateUtils qw/dt_from_string/;
+use Koha::Patron::Consents;
+use Koha::Patrons;
+
+use constant GDPR_PROCESSING => 'GDPR_PROCESSING';
+
+my $query = new CGI;
+my $op = $query->param('op') // q{};
+my $gdpr_check = $query->param('gdpr_processing') // q{};
+
+my ( $template, $borrowernumber, $cookie ) = get_template_and_user({
+ template_name => "opac-patron-consent.tt",
+ query => $query,
+ type => "opac",
+ authnotrequired => 0,
+});
+
+my $patron = Koha::Patrons->find($borrowernumber);
+my $gdpr_proc_consent;
+if( C4::Context->preference('GDPR_Policy') ) {
+ $gdpr_proc_consent = Koha::Patron::Consents->search({
+ borrowernumber => $borrowernumber,
+ type => GDPR_PROCESSING,
+ })->next;
+ $gdpr_proc_consent //= Koha::Patron::Consent->new({
+ borrowernumber => $borrowernumber,
+ type => GDPR_PROCESSING,
+ });
+}
+
+# Handle saves here
+if( $op eq 'gdpr_proc_save' && $gdpr_proc_consent ) {
+ if( $gdpr_check eq 'agreed' ) {
+ $gdpr_proc_consent->given_on( dt_from_string() );
+ $gdpr_proc_consent->refused_on( undef );
+ } elsif( $gdpr_check eq 'disagreed' ) {
+ $gdpr_proc_consent->given_on( undef );
+ $gdpr_proc_consent->refused_on( dt_from_string() );
+ }
+ $gdpr_proc_consent->store;
+}
+
+# If user refused GDPR consent and we enforce GDPR, logout (when saving)
+if( $op =~ /save/ && C4::Context->preference('GDPR_Policy') eq 'Enforced' && $gdpr_proc_consent->refused_on )
+{
+ print $query->redirect('/cgi-bin/koha/opac-main.pl?logout.x=1');
+ exit;
+}
+
+$template->param( patron => $patron );
+if( $gdpr_proc_consent ) {
+ $template->param(
+ gdpr_proc_consent => $gdpr_proc_consent->given_on // q{},
+ gdpr_proc_refusal => $gdpr_proc_consent->refused_on // q{},
+ );
+}
+
+output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };