Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anonymize patron data #6503

Merged
merged 9 commits into from
Jun 8, 2022
Merged

Anonymize patron data #6503

merged 9 commits into from
Jun 8, 2022

Conversation

jimchamp
Copy link
Collaborator

@jimchamp jimchamp commented Apr 30, 2022
edited by mekarpeles
Loading

Closes: #4875, #6455, #5014

Creates the means for an admin to anonymize a patron's account. This PR can be moved from draft when the following tasks are complete:

  • Add "Anonymize Account" button to /admin/people view
  • Create testable methods for updating and deleting by username
  • Delete or otherwise reset the patron's profile page
  • Remove patron from all usergroups
  • Reset patron's preferences to default
  • Create unit tests for new DB model methods
  • Disable test flag for anonymize function (no updates/deletions are committed while test is true)

Technical

The /admin/people/view.html template was producing invalid HTML. The initial commit of this PR solely addresses those issues.

Important Note: If the anonymization process throws an error before it completes we can re-run, but some operations may not be possible during the re-run. This may result in some lingering records.

Testing

Screenshot

admin_people_new_view
New button in /admin/people.

anon_success_flash_message
Flash message that is displayed on success

Stakeholders

@mekarpeles

jimchamp added 4 commits April 29, 2022 13:23
@jimchamp
Correct invalid HTML in /admin/people view
085ed90
@jimchamp
Add account anonymization support
9fd1e24 
- Adds "Anonymize Account" button to `/admin/people` view
- Adds CommonExtras update and delete by username functions
- Adds anonymize function to Account, which updates OL tables in test
mode
@jimchamp
Add unit tests for new DB methods
3fc1774
@jimchamp
Complete anonymization process
0bc982f 
- Remove patron from all usergroups
- Reset preferences to default
- Clear patron's User data
- Set type to `/type/delete`
@jimchamp jimchamp requested a review from mekarpeles May 6, 2022 23:20
@jimchamp jimchamp changed the title [WIP] Anonymize patron data Anonymize patron data May 6, 2022
@jimchamp
Copy link
Collaborator Author

jimchamp commented May 6, 2022
edited
Loading

Keeping this in draft, as it doesn't yet address some things:

  1. What happens if a new patron is assigned an anonymized patrons old username? Is this even possible?
  2. If it is possible for a new patron to get an old username, what do we do about the history table on the profile page?
  3. Admins can still log in as the anonymized patron and make edits etc. that will be linked to the old username. This shouldn't be an issue, but I wanted to call it out anyway.

@jimchamp
Copy link
Collaborator Author

jimchamp commented May 18, 2022
edited
Loading

Add dialog or something to confirm action. Also, maybe change the location of the button to avoid misclicks.

jimchamp added 2 commits May 27, 2022 13:21
@jimchamp
Delete account information from store
87e31db
@jimchamp
Force confirmation of anonymization
f00c205 
- Move anonymization button to admin history table
- Add confimation dialog for anonymization
@jimchamp
Copy link
Collaborator Author

anonymize function now removes account information from the store. Admin UI has the following updates:

  1. The anonymize button has been moved to the bottom of the account history table.
  2. Anonymization POST is blocked by a confirmation dialog.

Screenshot from 2022-05-27 13-48-02

Running into issues anonymizing keys, which is how we planned on anonymizing lists and edit history. If it turns out that changes keys is not possible, maybe it would be best to change ownership of lists and history to a dummy account the represents anonymized patrons? Either way, suggest adding this functionality in a PR to be opened in the near future.

jimchamp
jimchamp commented May 27, 2022
View reviewed changes
openlibrary/templates/admin/people/view.html Outdated
Comment on lines 227 to 233
<script>
function confirmAnonymize(event) {
if(!confirm('Really anonymize this patron? This will delete the patron\'s profile page and booknotes, and anonymize the patron\'s reading log, reviews, and star ratings.')) {
event.preventDefault()
}
}
</script>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're happy with the confirmation dialog approach, I can move this inline JS to a .js file.

@mekarpeles
Copy link
Member

Addresses #6510 + #6509

@mekarpeles mekarpeles self-assigned this May 31, 2022
@mekarpeles mekarpeles added the Priority: 1 Do this week, receiving emails, time sensitive, . [managed] label May 31, 2022
jimchamp added 3 commits June 2, 2022 15:08
@jimchamp
Expose dry run option
4a960a1 
- Adds "Dry run" checkbox next to anonymize button
- When "Dry run" is checked, changes to the account are not persisted
- Adds patron's display name to confirmation dialog
@jimchamp
Prevent errors when viewing anonymized reading log
230356d 
- Preferences now updated correctly
- Patrons redirected to deleted profile page when viewing anonymized
reading log page
@jimchamp
Fix linting error
6047fee
@jimchamp
Copy link
Collaborator Author

jimchamp commented Jun 2, 2022

Today's changes:

  1. Moved inline JS to dedicated JS file.
  2. Display patron's name in the confirm dialog.
  3. Add "Dry run" checkbox, which allows anonymize to be executed in test mode.
  4. Update reading log visibility to private, which will redirect folks to the deleted profile page when any reading log page is visited.
  5. Avoid fetching reading log counts for anonymized patrons.

@jimchamp jimchamp added the On testing.openlibrary.org This PR has been deployed to testing.openlibrary.org for testing label Jun 2, 2022
@mekarpeles mekarpeles marked this pull request as ready for review June 8, 2022 17:21
mekarpeles
mekarpeles reviewed Jun 8, 2022
View reviewed changes
openlibrary/templates/admin/people/view.html
<form method="POST" id="anonymize-form" action="?debug=true">
<input type="checkbox" id="dry-run-checkbox" name="dry_run">
<label for="dry-run-checkbox">Dry Run</label>
<button type="submit" name="action" value="anonymize_account" style="float: right;" class="account-anonymization-button" data-display-name="$person.username">$_("Anonymize Account")</button>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

inline styles?

@mekarpeles mekarpeles merged commit 31cc10c into internetarchive:master Jun 8, 2022
@jimchamp jimchamp deleted the anonymize-patron-data branch July 15, 2022 23:05
@jimchamp jimchamp removed the On testing.openlibrary.org This PR has been deployed to testing.openlibrary.org for testing label Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mekarpeles mekarpeles mekarpeles left review comments

Assignees

@mekarpeles mekarpeles

Labels
Priority: 1 Do this week, receiving emails, time sensitive, . [managed]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

De-identifying patrons upon request
2 participants
@jimchamp @mekarpeles