implemented positive opt in for GDPR

2018-03-07 13:55:25 +01:00
parent 0808884c9c
commit ad71e8ff0d
6 changed files with 107 additions and 1 deletions
--- a/rowers/middleware.py
+++ b/rowers/middleware.py
@@ -71,5 +71,30 @@ class PowerTimeFitnessMetricMiddleWare(object):
            result = do_update(request.user,mode='rower')
            result = do_update(request.user,mode='water')
        
+from django.shortcuts import redirect


+allowed_paths = [
+    '/rowers/me/delete',
+    '/',
+    '/logout',
+    '/logout/',
+    '/rowers/me/gdpr-optin/',
+    '/rowers/me/gdpr-optin-confirm/',
+    '/rowers/me/gdpr-optin',
+    '/rowers/me/gdpr-optin-confirm'
+    '/rowers/exportallworkouts/',
+    '/rowers/exportallworkouts',
+]
+
+class GDPRMiddleWare(object):
+    def process_request(self, request):
+        if request.user.is_authenticated() and request.path not in allowed_paths:
+            r = getrower(request.user)
+            nexturl = request.path
+            if 'optin' in nexturl:
+                nexturl = '/rowers/list-workouts'
+            if not r.gdproptin:
+                return redirect(
+                    '/rowers/me/gdpr-optin/?next=%s' % nexturl
+                )