[openstreetmap/openstreetmap-website] GDPR related sign-up changes (#1854)

[Andy Allan]

OK, so as I currently understand it:

* We need to show everyone the new privacy policy one-time on signin, but with no agreement tickbox
* We therefore need to store if they've seen the privacy policy, so we don't show it on every login
* We need to show everyone the new ToU on signin, with an agreement tickbox
* We therefore need to store if they've agreed to the ToU
* We need to block API access, both read and write, until both documents have been viewed/agreed
* We need to amend the signup form, so that it shows the new privacy policy, and we store that they have seen it (so they aren't affected by the implementation of the first task in this list)
* We need to amend the signup form, so that they agree to the ToU (with a tickbox, again stored).
* For the above agreements, storing a boolean is fine. If we need to get a fresh agreement in future, we can null out the columns for all users and that will re-trigger the blocks/signin displays

I think we should start by implementing the signup flow changes, and then we can phase in the rest (e.g. showing things on signin to the website, then eventually adding the api block unless already seen/agreed at signup or signin).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1854#issuecomment-389102714
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20180515/6f563649/attachment-0001.html>