From 3c659e863d036ba2c7862166eb15d7fee921fd19 Mon Sep 17 00:00:00 2001 From: Paul Poulain Date: Mon, 20 Apr 2009 19:09:33 +0200 Subject: [PATCH] user privacy managing and dealing with AnonymousPatron new syspref Add a new option in patron table that let the user decide how to deal with his reading history. 3 options are available : * never remove my reading list (keep it forever) * let the library decide (legally keep my reading list, the default value) * immediatly remove my reading history when I return a book (don't keep any reading history at all) the OpacPrivacy syspref let the library decide if this option is active or not. This patch also creates a new syspref, AnonymousPatron, that contains the borrowernumber of the Patron to attach anonymised issues. The existing AnonSuggestion is modified to become a YesNo. --- C4/Auth.pm | 1 + C4/Circulation.pm | 23 ++++-- C4/Members.pm | 26 +++++++ admin/systempreferences.pl | 2 + installer/data/mysql/updatedatabase.pl | 20 +++++ .../opac-tmpl/prog/en/includes/usermenu.inc | 3 + .../prog/en/modules/opac-privacy.tmpl | 74 +++++++++++++++++++ opac/opac-privacy.pl | 65 ++++++++++++++++ 8 files changed, 209 insertions(+), 5 deletions(-) create mode 100644 koha-tmpl/opac-tmpl/prog/en/modules/opac-privacy.tmpl create mode 100755 opac/opac-privacy.pl diff --git a/C4/Auth.pm b/C4/Auth.pm index 6df86b7353..b9ce7059e2 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -455,6 +455,7 @@ sub get_template_and_user { reviewson => C4::Context->preference("reviewson"), suggestion => "" . C4::Context->preference("suggestion"), virtualshelves => "" . C4::Context->preference("virtualshelves"), + OpacPrivacy => "" . C4::Context->preference("OpacPrivacy"), OPACSerialIssueDisplayCount => C4::Context->preference("OPACSerialIssueDisplayCount"), ); } diff --git a/C4/Circulation.pm b/C4/Circulation.pm index 467fb573a2..6bef5117ff 100644 --- a/C4/Circulation.pm +++ b/C4/Circulation.pm @@ -1496,7 +1496,7 @@ sub AddReturn { # FIXME - is this right ? are we sure that the holdingbranch is still the pickup branch? } } - MarkIssueReturned($borrower->{'borrowernumber'}, $iteminformation->{'itemnumber'},$circControlBranch); + MarkIssueReturned($borrower->{'borrowernumber'}, $iteminformation->{'itemnumber'},$circControlBranch, '', $borrower->{'privacy'}); $messages->{'WasReturned'} = 1; # FIXME is the "= 1" right? # continue to deal with returns cases, but not only if we have an issue @@ -1609,7 +1609,7 @@ sub AddReturn { =over 4 -MarkIssueReturned($borrowernumber, $itemnumber, $dropbox_branch, $returndate); +MarkIssueReturned($borrowernumber, $itemnumber, $dropbox_branch, $returndate, $privacy); =back @@ -1623,6 +1623,9 @@ it's safe to do this, i.e. last non-holiday > issuedate. if C<$returndate> is specified (in iso format), it is used as the date of the return. It is ignored when a dropbox_branch is passed in. +C<$privacy> contains the privacy parameter. If the patron has set his privacy to 2, +the old_issue is immediately anonymised + Ideally, this function would be internal to C, not exported, but it is currently needed by one routine in C. @@ -1630,7 +1633,7 @@ routine in C. =cut sub MarkIssueReturned { - my ( $borrowernumber, $itemnumber, $dropbox_branch, $returndate ) = @_; + my ( $borrowernumber, $itemnumber, $dropbox_branch, $returndate, $privacy ) = @_; my $dbh = C4::Context->dbh; my $query = "UPDATE issues SET returndate="; my @bind; @@ -1654,6 +1657,13 @@ sub MarkIssueReturned { WHERE borrowernumber = ? AND itemnumber = ?"); $sth_copy->execute($borrowernumber, $itemnumber); + # immediately anonymize if needed, by setting AnonymousPatron as 'issuer' + if ( $privacy == 2 ) { + my $sth_ano = $dbh->prepare("UPDATE old_issues SET borrowernumber=? + WHERE borrowernumber = ? + AND itemnumber = ?"); + $sth_ano->execute(C4::Context->preference('AnonymousPatron'), $borrowernumber, $itemnumber); + } my $sth_del = $dbh->prepare("DELETE FROM issues WHERE borrowernumber = ? AND itemnumber = ?"); @@ -2397,7 +2407,7 @@ sub DeleteTransfer { =head2 AnonymiseIssueHistory -$rows = AnonymiseIssueHistory($borrowernumber,$date) +$rows = AnonymiseIssueHistory($date,$borrowernumber) This function write NULL instead of C<$borrowernumber> given on input arg into the table issues. if C<$borrowernumber> is not set, it will delete the issue history for all borrower older than C<$date>. @@ -2410,11 +2420,14 @@ sub AnonymiseIssueHistory { my $date = shift; my $borrowernumber = shift; my $dbh = C4::Context->dbh; + # prepare query + # note that we don't anonymize patrons that have requested keeping their record forever (privacy=0) my $query = " UPDATE old_issues - SET borrowernumber = NULL + SET borrowernumber = ".C4::Context->preference('AnonymousPatron')." WHERE returndate < '".$date."' AND borrowernumber IS NOT NULL + AND (SELECT privacy FROM borrowers WHERE borrowers.borrowernumber=old_issues.borrowernumber)<>0 "; $query .= " AND borrowernumber = '".$borrowernumber."'" if defined $borrowernumber; my $rows_affected = $dbh->do($query); diff --git a/C4/Members.pm b/C4/Members.pm index 1d52bcaf63..29474a2748 100644 --- a/C4/Members.pm +++ b/C4/Members.pm @@ -82,6 +82,7 @@ BEGIN { push @EXPORT, qw( &ModMember &changepassword + &ModPrivacy ); #Delete data @@ -2076,6 +2077,31 @@ sub IsMemberBlocked { return 0 } +=head2 ModPrivacy + +=over 4 + +my $success = ModPrivacy( $borrowernumber, $privacy ); + +Update the privacy of a patron. + +return : +true on success, false on failure + +=back + +=cut + +sub ModPrivacy { + my $borrowernumber = shift; + my $privacy = shift; + return unless defined $borrowernumber; + return unless $borrowernumber =~ /^\d+$/; + + return ModMember( borrowernumber => $borrowernumber, + privacy => $privacy ); +} + END { } # module clean-up code here (global destructor) 1; diff --git a/admin/systempreferences.pl b/admin/systempreferences.pl index 483058a863..8ca0cbcad5 100755 --- a/admin/systempreferences.pl +++ b/admin/systempreferences.pl @@ -201,6 +201,7 @@ $tabsysprefs{AutoEmailOpacUser} = "Patrons"; $tabsysprefs{AutoEmailPrimaryAddress} = "Patrons"; $tabsysprefs{EnhancedMessagingPreferences} = "Patrons"; $tabsysprefs{'SMSSendDriver'} = 'Patrons'; +$tabsysprefs{AnonymousPatron} = "Patrons"; # I18N/L10N $tabsysprefs{dateformat} = "I18N/L10N"; @@ -330,6 +331,7 @@ $tabsysprefs{kohaspsuggest} = "OPAC"; $tabsysprefs{OpacRenewalAllowed} = "OPAC"; $tabsysprefs{OPACItemHolds} = "OPAC"; $tabsysprefs{OPACGroupResults} = "OPAC"; +$tabsysprefs{OpacPrivacy} = "OPAC"; $tabsysprefs{XSLTDetailsDisplay} = "OPAC"; $tabsysprefs{XSLTResultsDisplay} = "OPAC"; $tabsysprefs{OPACShowCheckoutName} = "OPAC"; diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl index ac0ee56adf..9482fc97ad 100755 --- a/installer/data/mysql/updatedatabase.pl +++ b/installer/data/mysql/updatedatabase.pl @@ -2135,6 +2135,26 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) { print "Upgrade to $DBversion done (Adding graceperiod column to subscription table)\n"; SetVersion ($DBversion); } +$DBversion = "3.01.00.035"; +if (C4::Context->preference("Version") < TransformToNum($DBversion)) { + $dbh->do("INSERT INTO systempreferences (variable,value,explanation,options,type) VALUES('OpacPrivacy', '0', 'if ON, allows patrons to define their privacy rules (reading history)',NULL,'YesNo')"); + # create a new syspref for the 'Mr anonymous' patron + $dbh->do("INSERT INTO systempreferences (variable,value,explanation,options,type) VALUES('AnonymousPatron', '0', \"Set the identifier (borrowernumber) of the 'Mister anonymous' patron. Used for Suggestion and reading history privacy\",NULL,'')"); + # fill AnonymousPatron with AnonymousSuggestion value (copy) + my $sth=$dbh->prepare("SELECT value FROM systempreferences WHERE variable='AnonSuggestions'"); + $sth->execute; + my ($value) = $sth->fetchrow(); + $dbh->do("UPDATE systempreferences SET value=$value WHERE variable='AnonymousPatron'"); + # set AnonymousSuggestion do YesNo + # 1st, set the value (1/True if it had a borrowernumber) + $dbh->do("UPDATE systempreferences SET value=1 WHERE variable='AnonSuggestions' AND value>0"); + # 2nd, change the type to Choice + $dbh->do("UPDATE systempreferences SET type='YesNo' WHERE variable='AnonSuggestions'"); + # borrower reading record privacy : 0 : forever, 1 : laws, 2 : don't keep at all + $dbh->do("ALTER TABLE `borrowers` ADD `privacy` INTEGER NOT NULL DEFAULT 1;"); + print "Upgrade to $DBversion done (add new syspref and column in borrowers)\n"; + SetVersion ($DBversion); +} $DBversion = '3.01.00.035'; if (C4::Context->preference("Version") < TransformToNum($DBversion)) { diff --git a/koha-tmpl/opac-tmpl/prog/en/includes/usermenu.inc b/koha-tmpl/opac-tmpl/prog/en/includes/usermenu.inc index 2efc1da3d8..8e8ee6a582 100644 --- a/koha-tmpl/opac-tmpl/prog/en/includes/usermenu.inc +++ b/koha-tmpl/opac-tmpl/prog/en/includes/usermenu.inc @@ -21,6 +21,9 @@
  • my messaging
    • + +
  • my privacy
    • +
  • my lists
    • diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-privacy.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-privacy.tmpl new file mode 100644 index 0000000000..c25f73a852 --- /dev/null +++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-privacy.tmpl @@ -0,0 +1,74 @@ +Koha Online Catalog › Privacy management for + + + +
    +
    + + +
    +
    +
    +

    's account l../../images/caret.gif" width="16" height="16" alt=">" border="0" /> Privacy policy

    + + +
    Your reading history has been deleted.
    + + +
    Your privacy rules have been updated
    + + +

    Privacy rule

    + +

    We take great care in protecting your privacy. On this screen, you can define how long we keep your reading history.

    +

    You have 3 possibilities :

    +

    + +
      +
    • Forever: keep my reading history without limit. This is the option for users who want to keep track of what they are reading.
      • +
    • Default: keep my reading history according to local laws. This is the default option : the library will keep your reading history for the duration permitted by local laws.
      • +
    • Maximum: Delete my reading history immediatly. This will delete all record of the item that was checked-out upon check-in.
      • +
    +

    Please note that information on any book still checked-out must be kept by the library no matter which privacy option you choose.

    +

    Please also note that the library staff can't update these values for you : it's your privacy !

    +

    + Please choose your privacy rule: + + +

    +

    Immediate deletion

    +
    + +

    Whatever your privacy rules, you can delete all your reading history immediatly by clicking here. BE CAREFUL. Once you've confirmed the deletion, no one can retrieve the list ! That's your privacy !

    +

    + +
    + +
    +
    +
    +
    +
    +
    + + +
    +
    +
    + diff --git a/opac/opac-privacy.pl b/opac/opac-privacy.pl new file mode 100755 index 0000000000..e2497d725c --- /dev/null +++ b/opac/opac-privacy.pl @@ -0,0 +1,65 @@ +#!/usr/bin/perl +# This script lets the users change their privacy rules +# +# copyright 2009, BibLibre, paul.poulain@biblibre.com +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, +# Suite 330, Boston, MA 02111-1307 USA + +use strict; +use CGI; + +use C4::Auth; # checkauth, getborrowernumber. +use C4::Context; +use C4::Circulation; +use C4::Members; +use C4::Output; + +my $query = new CGI; +my $dbh = C4::Context->dbh; + +my ( $template, $borrowernumber, $cookie ) = get_template_and_user( + { + template_name => "opac-privacy.tmpl", + query => $query, + type => "opac", + authnotrequired => 0, + flagsrequired => { borrow => 1 }, + debug => 1, + } +); + +my $op = $query->param("op"); + +# get borrower privacy .... +my ( $borr ) = GetMemberDetails( $borrowernumber ); +if ($op eq "update_privacy") +{ + ModPrivacy($borrowernumber,$query->param('privacy')); + $template->param('privacy_updated' => 1); +} +if ($op eq "delete_record") { + # delete all reading records. The hardcoded date should never be reached + # even if Koha is a long leaving project ;-) + AnonymiseIssueHistory('2999-31-12',$borrowernumber); + # confirm the user the deletion has been done + $template->param('deleted' => 1); +} +$template->param( 'Ask_data' => '1', + 'privacy'.$borr->{'privacy'} => 1, + 'firstname' => $borr->{'firstname'}, + 'surname' => $borr->{'surname'}, + 'privacyview' => 1, +); + +output_html_with_http_headers $query, $cookie, $template->output; \ No newline at end of file -- 2.20.1