flarum/gdpr

Features for GDPR, PII management

Maintainers

Details

github.com/flarum/gdpr

Source

Issues

Fund package maintenance!
flarum
Open Collective

Installs: 867

Dependents: 10

Suggesters: 0

Security: 0

Stars: 11

Watchers: 10

Forks: 4

Open Issues: 3

Type:flarum-extension

1.0.0-beta.2 2024-11-03 21:54 UTC

README

This extension allows users increasing control over their data.

Requirements

  • flarum/core - v1.8.6 or higher
  • PHP - 8.0 or higher

Installation or update

Install manually with composer:

composer require flarum/gdpr:@beta

Use

All forum users now have a Personal Data section within their account settings page:

image

From here, users may self-service export their data from the forum, or start an erasure request. Erasure requests are queued up for admins/moderators to process. Any unprocessed requests that are still pending after 30 days will be processed automatically using the configured default method (Deletion or Anonymization).

Specifying which queue to use

If your forum runs multiple queues, ie low and high, you may specify which queue jobs for this extension are run on in your skeleton's extend.php file:

Flarum\Gdpr\Jobs\GdprJob::$onQueue = 'low';

return [
    ... your current extenders,
];

For developers

You can easily register a new Data type, remove an existing Data type, or exclude specific columns from the user table during export by leveraging the Flarum\Gdpr\Extend\UserData extender. Ensure that you wrap the GDPR extender in a conditional extend, so that forum owners can choose if they want to enable GDPR functionality or not. This functionality requires flarum/core v1.8.6 or higher, so that should be set as your extension's minimum requirement.

Registering a new Data Type:

Your data type class should implement the Flarum\Gdpr\Contracts\DataType:

<?php

use Flarum\Gdpr\Extend\UserData;
use Flarum\Extend;

return [
    (new Extend\Conditional())
        ->whenExtensionEnabled('flarum-gdpr', fn () => [
            (new UserData())
                ->addType(Your\Own\DataType::class),

            ... other conditional extenders as required ...
        ]),
];

The implementation you create needs a export method, it will receive a ZipArchive resource. You can use that to add any strings or actual files to the archive. Make sure to properly name the file and always prefix it with your extension slug (flarum-something-filename).

Removing a Data Type:

If for any reason you want to exclude a certain DataType from the export:

use Flarum\Gdpr\Extend\UserData;
use Flarum\Extend;

return [
    (new Extend\Conditional())
        ->whenExtensionEnabled('flarum-gdpr', fn () => [
            (new UserData())
                ->removeType(Your\Own\DataType::class),

            ... other conditional extenders as required ...
        ]),
];

Exclude specific columns from the user table during export:

use Flarum\Gdpr\Extend\UserData;

return [
    (new Extend\Conditional())
        ->whenExtensionEnabled('flarum-gdpr', fn () => [
            (new UserData())
                ->removeUserColumn('column_name') // For a single column
                ->removeUserColumns(['column1', 'column2']), // For multiple columns

            ... other conditional extenders as required ...
        ]),
];

Flarum extensions

These are the known extensions which offer GDPR data integration with this extension. Don't see a required extension listed? Contact the author to request it

FAQ & Recommendations

  • Generating the zip archive can be pushed to queue functionality. This is exceptionally important on larger communities and with more extensions that work with the gdpr extension to allow data exports.