User Admin: add and implement a privacyOptionVisibility setting (#1764)

CHANGEDB.php

@@ -788,4 +788,7 @@
 INSERT INTO `gibbonNotificationEvent` (`event`, `moduleName`, `actionName`, `type`, `scopes`, `active`) VALUES ('Activity Enrolment Removed', 'Activities', 'View Activities', 'Core', 'All', 'Y');end
 INSERT INTO `gibbonNotificationEvent` (`event`, `moduleName`, `actionName`, `type`, `scopes`, `active`) VALUES ('Activity Status Changed', 'Activities', 'View Activities', 'Core', 'All', 'Y');end
 ALTER TABLE `gibbonActivityStudent` CHANGE `status` `status` ENUM('Accepted','Pending','Waiting List','Not Accepted','Left') NOT NULL DEFAULT 'Pending';end
+INSERT INTO `gibbonSetting` (`scope`, `name`, `nameDisplay`, `description`, `value`) VALUES ('User Admin', 'privacyOptionVisibility', 'Display privacy options?', 'If enabled, privacy options can be selected by users through the Data Updater and Application Form. If not enabled, privacy options can only be changed by staff through Manage Users.', 'Y');end
+UPDATE `gibbonSetting` SET description='Comma-separated list of choices to make available if privacy options are turned on.' WHERE scope='User Admin' AND name='privacyOptions';end
+
 ";

CHANGELOG.txt

@@ -31,6 +31,7 @@ v27.0.00
         Activities: added notification events for activity enrolment changes
         Activities: added a Left status to activity enrolment
         Activities: added bulk actions to the activity enrolment page
+        User Admin: added an option to disable the display of privacy options, so they can be managed internally
 
     Bug Fixes
 

gibbon.sql

@@ -5296,7 +5296,7 @@ INSERT INTO `gibbonSetting` (`gibbonSettingID`, `scope`, `name`, `nameDisplay`,
 (00108, 'Finance', 'reminder3Text', 'Reminder 3 Text', 'Text to appear in third level reminder level, above invoice details and fees.', ''),
 (00109, 'Finance', 'email', 'Email', 'Email address to send finance emails from.', ''),
 (00110, 'Application Form', 'notificationParentsDefault', 'Parents Notification Default', 'Should parent acceptance email be turned on or off by default.', 'On'),
-(00111, 'User Admin', 'privacyOptions', 'Privacy Options', 'Comma-separated list of choices to make available if privacy options are turned on. If blank, privacy fields will not be displayed.', ''),
+(00111, 'User Admin', 'privacyOptions', 'Privacy Options', 'Comma-separated list of choices to make available if privacy options are turned on.', ''),
 (00112, 'Planner', 'sharingDefaultParents', 'Sharing Default: Parents', 'When adding lessons and deploying units, should sharing default for parents be Y or N?', 'Y'),
 (00113, 'Planner', 'sharingDefaultStudents', 'Sharing Default: Students', 'When adding lessons and deploying units, should sharing default for students be Y or N?', 'Y'),
 (00116, 'Application Form', 'notificationParentsMessage', 'Parents Notification Message', 'A custom message to add to the standard email to parents on acceptance.', ''),

modules/Data Updater/data_personal.php

@@ -571,17 +571,22 @@
                         $privacySetting = $settingGateway->getSettingByScope('User Admin', 'privacy');
                         $privacyBlurb = $settingGateway->getSettingByScope('User Admin', 'privacyBlurb');
                         $privacyOptions = $settingGateway->getSettingByScope('User Admin', 'privacyOptions');
+                        $privacyOptionVisibility = $settingGateway->getSettingByScope('User Admin', 'privacyOptionVisibility');
 
                         if ($privacySetting == 'Y' && !empty($privacyOptions)) {
 
-                            $form->addRow()->addSubheading(__('Privacy'))->append($privacyBlurb);
+                            if (!empty($privacyBlurb) || $privacyOptionVisibility == 'Y') {
+                                $form->addRow()->addSubheading(__('Privacy'))->append($privacyBlurb);
+                            }
 
-                            $options = array_map(function($item) { return trim($item); }, explode(',', $privacyOptions));
-                            $values['privacyOptions'] = $values['privacy'];
+                            if ($privacyOptionVisibility == 'Y') {
+                                $options = array_map(function($item) { return trim($item); }, explode(',', $privacyOptions));
+                                $values['privacyOptions'] = $values['privacy'];
 
-                            $row = $form->addRow();
-                                $row->addLabel('privacyOptions[]', __('Privacy Options'));
-                                $row->addCheckbox('privacyOptions[]')->fromArray($options)->loadFromCSV($values)->addClass('md:max-w-lg');
+                                $row = $form->addRow();
+                                    $row->addLabel('privacyOptions[]', __('Privacy Options'));
+                                    $row->addCheckbox('privacyOptions[]')->fromArray($options)->loadFromCSV($values)->addClass('md:max-w-lg');
+                            }
                         }
                     }
 

modules/Data Updater/data_personalProcess.php

@@ -26,6 +26,7 @@
 use Gibbon\Domain\User\PersonalDocumentGateway;
 use Gibbon\Data\Validator;
 use Gibbon\Domain\User\RoleGateway;
+use Gibbon\Domain\System\SettingGateway;
 
 require_once '../../gibbon.php';
 
@@ -59,6 +60,8 @@
             $checkCount = 0;
             $self = false;
 
+            $settingGateway = $container->get(SettingGateway::class);
+
             if ($highestAction == 'Update Personal Data_any') {
                 $URLSuccess = $session->get('absoluteURL').'/index.php?q=/modules/Data Updater/data_personal.php&gibbonPersonID='.$gibbonPersonID;
 
@@ -207,9 +210,14 @@
                     }
 
                     // Student privacy settings
-                    $data['privacy'] = !empty($_POST['privacyOptions']) && is_array($_POST['privacyOptions'])
-                        ? implode(',', $_POST['privacyOptions'])
-                        : '';
+                    $privacyOptionVisibility = $settingGateway->getSettingByScope('User Admin', 'privacyOptionVisibility');
+                    if ($privacyOptionVisibility == 'Y') {
+                        $data['privacy'] = !empty($_POST['privacyOptions']) && is_array($_POST['privacyOptions'])
+                            ? implode(',', $_POST['privacyOptions'])
+                            : '';
+                    } else {
+                        $data['privacy'] = $values['privacy'];
+                    }
 
                     // COMPARE VALUES: Has the data changed?
                     $dataChanged = $matchAddressCount > 0 ? true : false;

modules/Students/applicationForm.php

@@ -879,16 +879,20 @@
     $privacySetting = $settingGateway->getSettingByScope('User Admin', 'privacy');
     $privacyBlurb = $settingGateway->getSettingByScope('User Admin', 'privacyBlurb');
     $privacyOptions = $settingGateway->getSettingByScope('User Admin', 'privacyOptions');
+    $privacyOptionVisibility = $settingGateway->getSettingByScope('User Admin', 'privacyOptionVisibility');
 
     if ($privacySetting == 'Y' && !empty($privacyOptions)) {
 
-        $form->addRow()->addSubheading(__('Privacy'))->append($privacyBlurb);
-
-        $options = array_map(function($item) { return trim($item); }, explode(',', $privacyOptions));
+        if (!empty($privacyBlurb) || $privacyOptionVisibility == 'Y') {
+            $form->addRow()->addSubheading(__('Privacy'))->append($privacyBlurb);
+        }
 
-        $row = $form->addRow();
-            $row->addLabel('privacyOptions[]', __('Privacy Options'));
-            $row->addCheckbox('privacyOptions[]')->fromArray($options)->addClass('md:max-w-lg');
+        if ($privacyOptionVisibility == 'Y') {
+            $options = array_map(function($item) { return trim($item); }, explode(',', $privacyOptions));
+            $row = $form->addRow();
+                $row->addLabel('privacyOptions[]', __('Privacy Options'));
+                $row->addCheckbox('privacyOptions[]')->fromArray($options)->addClass('md:max-w-lg');
+        }
     }
 
     // Honey pot field

modules/Students/applicationFormProcess.php

@@ -229,7 +229,13 @@
         $howDidYouHearMore = $_POST['howDidYouHearMore'] ?? null;
 
         $agreement = isset($_POST['agreement']) ? ($_POST['agreement'] == 'on' ? 'Y' : 'N') : null;
-        $privacy = isset($_POST['privacyOptions']) ? implode(',', $_POST['privacyOptions']) : null;
+
+        $privacyOptionVisibility = $settingGateway->getSettingByScope('User Admin', 'privacyOptionVisibility');
+        if ($privacyOptionVisibility == 'Y') {
+            $privacy = isset($_POST['privacyOptions']) && is_array($_POST['privacyOptions']) ? implode(',', $_POST['privacyOptions']) : null;
+        } else {
+            $privacy = null;
+        }
 
         //VALIDATE INPUTS
         $familyFail = false;

modules/User Admin/userSettings.php

@@ -100,22 +100,27 @@
 
     $form->toggleVisibilityByClass('privacy')->onSelect($setting['name'])->when('Y');
 
-    $setting = $settingGateway->getSettingByScope('User Admin', 'privacyBlurb', true);
+    $setting = $settingGateway->getSettingByScope('User Admin', 'privacyOptions', true);
     $row = $form->addRow()->addClass('privacy');
         $row->addLabel($setting['name'], __($setting['nameDisplay']))->description(__($setting['description']));
         $row->addTextArea($setting['name'])->setValue($setting['value']);
 
-    $setting = $settingGateway->getSettingByScope('User Admin', 'privacyOptions', true);
+    $setting = $settingGateway->getSettingByScope('User Admin', 'privacyOptionVisibility', true);
     $row = $form->addRow()->addClass('privacy');
         $row->addLabel($setting['name'], __($setting['nameDisplay']))->description(__($setting['description']));
-        $row->addTextArea($setting['name'])->setValue($setting['value']);
+        $row->addYesNo($setting['name'])->selected($setting['value'])->required();
+
+    $setting = $settingGateway->getSettingByScope('User Admin', 'privacyBlurb', true);
+    $col = $form->addRow()->addClass('privacy')->addColumn();
+        $col->addLabel($setting['name'], __($setting['nameDisplay']))->description(__($setting['description']));
+        $col->addEditor($setting['name'], $guid)->setRows(6)->showMedia(false)->setValue($setting['value']);
 
     $row = $form->addRow()->addHeading('User Data Options', __('User Data Options'));
 
     $setting = $settingGateway->getSettingByScope('User Admin', 'uniqueEmailAddress', true);
     $row = $form->addRow();
         $row->addLabel($setting['name'], __($setting['nameDisplay']))->description(__($setting['description']));
-        $row->addYesNo($setting['name'])->selected($setting['value']);
+        $row->addYesNo($setting['name'])->selected($setting['value'])->required();
 
     $row = $form->addRow()->addHeading('User Interface Options', __('User Interface Options'));
 

modules/User Admin/userSettingsProcess.php

@@ -18,11 +18,13 @@
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
+
 use Gibbon\Data\Validator;
+use Gibbon\Domain\System\SettingGateway;
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['privacyBlurb' => 'HTML']);
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/userSettings.php';
 
@@ -31,107 +33,48 @@
     header("Location: {$URL}");
 } else {
     //Proceed!
-    $ethnicity = $_POST['ethnicity'] ?? '';
-    $religions = $_POST['religions'] ?? '';
-    $nationality = $_POST['nationality'] ?? '';
-    $departureReasons = $_POST['departureReasons'] ?? '';
-    $privacy = $_POST['privacy'] ?? '';
-    $privacyBlurb = $_POST['privacyBlurb'] ?? null;
-    $privacyOptions = $_POST['privacyOptions'] ?? null;
-    $uniqueEmailAddress = $_POST['uniqueEmailAddress'] ?? 'N';
-    $personalBackground = $_POST['personalBackground'] ?? '';
-
-    //Write to database
-    $fail = false;
-
-    try {
-        $data = array('value' => $ethnicity);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='ethnicity'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $religions);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='religions'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $nationality);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='nationality'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $departureReasons);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='departureReasons'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $privacy);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='privacy'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
+    $partialFail = false;
+    $settingGateway = $container->get(SettingGateway::class);
+
+    $settingsToUpdate = [
+        'User Admin' => [
+            'ethnicity'               => 'comma-separated',
+            'religions'               => 'comma-separated',
+            'nationality'             => 'comma-separated',
+            'departureReasons'        => 'comma-separated',
+            'privacy'                 => 'required',
+            'privacyBlurb'            => '',
+            'privacyOptions'          => 'comma-separated',
+            'privacyOptionVisibility' => '',
+            'uniqueEmailAddress'      => 'required',
+            'personalBackground'      => 'required',
+        ],
+    ];
+
+    // Update fields
+    foreach ($settingsToUpdate as $scope => $settings) {
+        foreach ($settings as $name => $property) {
+            $value = $_POST[$name] ?? '';
+
+            if ($property == 'required' && empty($value)) {
+                $partialFail = true;
+                continue;
+            }
+
+            if ($property == 'skip-empty' && empty($value)) {
+                continue;
+            }
+
+            if ($property == 'comma-separated') {
+                $value = implode(',', array_map('trim', explode(',', $value)));
+            }
+
+            $updated = $settingGateway->updateSettingByScope($scope, $name, $value);
+        }
     }
 
-    try {
-        $data = array('value' => $privacyBlurb);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='privacyBlurb'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $privacyOptions);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='privacyOptions'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $uniqueEmailAddress);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='uniqueEmailAddress'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    try {
-        $data = array('value' => $personalBackground);
-        $sql = "UPDATE gibbonSetting SET value=:value WHERE scope='User Admin' AND name='personalBackground'";
-        $result = $connection2->prepare($sql);
-        $result->execute($data);
-    } catch (PDOException $e) {
-        $fail = true;
-    }
-
-    if ($fail == true) {
-        $URL .= '&return=error2';
-        header("Location: {$URL}");
-    } else {
-        //Success 0
-        getSystemSettings($guid, $connection2);
-        $URL .= '&return=success0';
-        header("Location: {$URL}");
-    }
+    $URL .= $partialFail
+        ? '&return=warning1'
+        : '&return=success0';
+    header("Location: {$URL}");
 }

tests/acceptance/Data Updater/UpdatePersonalDataCept.php

@@ -8,12 +8,13 @@
 $originalUserSettings = $I->grabAllFormValues();
 
 $newUserSettings = array_replace($originalUserSettings, array(
-    'nationality'     => 'Nationality 1, Nationality 2, Nationality 3',
-    'ethnicity'       => 'Ethnicity 1, Ethnicity 2, Ethnicity 3',
-    'religions'       => 'Religion 1, Religion 2, Religion 3',
+    'nationality'     => 'Nationality 1,Nationality 2,Nationality 3',
+    'ethnicity'       => 'Ethnicity 1,Ethnicity 2,Ethnicity 3',
+    'religions'       => 'Religion 1,Religion 2,Religion 3',
     'privacy'         => 'Y',
     'privacyBlurb'    => 'Privacy Blurb Test',
-    'privacyOptions'  => 'Privacy 1, Privacy 2, Privacy 3',
+    'privacyOptions'  => 'Privacy 1,Privacy 2,Privacy 3',
+    'privacyOptionVisibility' => 'Y',
 ));
 
 $I->submitForm('#content form', $newUserSettings, 'Submit');

tests/acceptance/Students/ApplicationFormByParentCept.php

@@ -31,10 +31,11 @@
 $originalUserSettings = $I->grabAllFormValues();
 
 $newUserSettings = array_replace($originalUserSettings, array(
-    'nationality'        => 'Nationality 1, Nationality 2, Nationality 3',
+    'nationality'        => 'Nationality 1,Nationality 2,Nationality 3',
     'privacy'            => 'Y',
     'privacyBlurb'       => 'Privacy Blurb Test',
-    'privacyOptions'     => 'Privacy 1, Privacy 2, Privacy 3',
+    'privacyOptions'     => 'Privacy 1,Privacy 2,Privacy 3',
+    'privacyOptionVisibility' => 'Y',
 ));
 
 $I->submitForm('#content form', $newUserSettings, 'Submit');

tests/acceptance/Students/ApplicationFormByUserCept.php

@@ -31,10 +31,11 @@
 $originalUserSettings = $I->grabAllFormValues();
 
 $newUserSettings = array_replace($originalUserSettings, array(
-    'nationality'        => 'Nationality 1, Nationality 2, Nationality 3',
+    'nationality'        => 'Nationality 1,Nationality 2,Nationality 3',
     'privacy'            => 'Y',
     'privacyBlurb'       => 'Privacy Blurb Test',
-    'privacyOptions'     => 'Privacy 1, Privacy 2, Privacy 3',
+    'privacyOptions'     => 'Privacy 1,Privacy 2,Privacy 3',
+    'privacyOptionVisibility' => 'Y',
 ));
 
 $I->submitForm('#content form', $newUserSettings, 'Submit');

tests/acceptance/Students/ApplicationFormCept.php

@@ -31,10 +31,11 @@
 $originalUserSettings = $I->grabAllFormValues();
 
 $newUserSettings = array_replace($originalUserSettings, array(
-    'nationality'        => 'Nationality 1, Nationality 2, Nationality 3',
+    'nationality'        => 'Nationality 1,Nationality 2,Nationality 3',
     'privacy'            => 'Y',
     'privacyBlurb'       => 'Privacy Blurb Test',
-    'privacyOptions'     => 'Privacy 1, Privacy 2, Privacy 3',
+    'privacyOptions'     => 'Privacy 1,Privacy 2,Privacy 3',
+    'privacyOptionVisibility' => 'Y',
 ));
 
 $I->submitForm('#content form', $newUserSettings, 'Submit');

tests/acceptance/User Admin/UserSettingsCept.php

@@ -19,6 +19,7 @@
     'privacy'            => 'Y',
     'privacyBlurb'       => 'Privacy Blurb Test',
     'privacyOptions'     => 'Privacy 1,Privacy 2,Privacy 3',
+    'privacyOptionVisibility' => 'Y',
     'personalBackground' => 'Y',
 );