Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GDPR compliant part 1 #830

Merged
merged 11 commits into from
Jun 17, 2018
Merged

GDPR compliant part 1 #830

merged 11 commits into from
Jun 17, 2018

Conversation

SISheogorath
Copy link
Contributor

As GDPR kicked in today, we are pretty late on this.

It should provide some basic features that allow to run HackMD fine for GDPR. Not more, not less. Just enough for now.

When the next big re-factoring for user management comes, this should be redone.

@SISheogorath
Add privacy and ToS links
41a36e2 
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.

Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.

This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Use hard delete instead of soft delete
8aa5c03 
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Use cascaded deletes
408ab7a 
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Add delete function for authenticated users
4229084 
Allow users to delete themselbes. This is require to be GDPR compliant.

See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Fix requests for deleted users
e31d204 
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Add delete user UI
9fd09a8 
This provides the UI for the delete user feature introduced in
4229084

Placing of the user delete button is not perfect, but can be moved to an
own user tab later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath SISheogorath added feature Wants to add a new feature WIP Do not merge labels May 25, 2018
@SISheogorath SISheogorath added this to the 1.2.0-CE Release milestone May 25, 2018
@SISheogorath
Add token based security feature
70df297 
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.

We can add a GUI that shows it later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Add note export function
bcbb8c6 
This function is the first step to get out data following GDPR about the
transportability of data.

Details: https://gdpr-info.eu/art-20-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Add export data UI
75f28ca 
This adds the UI for the export feature introduced in
bcbb8c6

It allows to download all notes from the main page in the default user
submenu.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath
Fix missing dependency
6f8bd8f 
To export the notes we need the archiver package that takes care of
creating the zip files.

Looks like I forgot this one in the initial commit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@jackycute
Copy link
Member

@SISheogorath Here you might miss a sign-off in the last commit.

@SISheogorath
Add privacy policy example
fce735e 
As we use various services and integration we should provide an example
privacy policy.

It has to be adjust when using it to match your setup.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath SISheogorath changed the title WIP: GDPR compliant features GDPR compliant part 1 Jun 17, 2018
@SISheogorath SISheogorath merged commit 56d78a7 into hackmdio:master Jun 17, 2018
@SISheogorath SISheogorath removed the WIP Do not merge label Jun 24, 2018
@SISheogorath SISheogorath mentioned this pull request Jun 24, 2018
Open
@SISheogorath SISheogorath deleted the feature/GDPR branch June 24, 2018 18:33
@SISheogorath SISheogorath mentioned this pull request Jun 30, 2018
Open
edgarogh pushed a commit to WartaPoirier-corp/codimd that referenced this pull request Sep 21, 2021
@davidmehren
Merge pull request hackmdio#830 from hedgedoc/renovate/master-major-r…
7f5ceaa 
…emark-monorepo

Update remark monorepo (master) (major)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature Wants to add a new feature
Projects
None yet
Milestone
1.2.0 Release
Development

Successfully merging this pull request may close these issues.
2 participants
@SISheogorath @jackycute