Basic GDPR Compliance use cases:

  • Form checkboxes
  • Pop-up alert
  • Policy Page

Project link

https://www.drupal.org/project/gdpr_compliance

Git instructions

git clone --branch 8.x-1.x https://git.drupalcode.org/project/gdpr_compliance.git

PAReview checklist

https://pareview.sh/pareview/https-git.drupal.org-project-gdpr_compliance

Comments

APolitsin created an issue. See original summary.

ivnish’s picture

ivnish CreditAttribution: ivnish commented

Please fix pareview warnings first

APolitsin’s picture

APolitsin CreditAttribution: APolitsin commented
Status: Active » Needs review

Fix codestyle problems in css and js files.
Cannot fix `Error - Use the function form of 'use strict'. ` couse i need this staff.

apaderno’s picture

apaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
CreditAttribution: apaderno as a volunteer commented
Issue summary: View changes

Thank you for applying! I added the Git instructions for non-maintainer users. Reviewers will check the project and post comments to list what should be changed.

vuil’s picture

vuil
Location Bulgaria 🇧🇬 🇪🇺 🌍
CreditAttribution: vuil at Bulpros Consulting commented
Status: Needs review » Needs work
Issue tags: +PAreview: security

Thank you for the contribution!

I have found many security related issues (errors/warnings/notices), please fix all of them.

(1.)
Please fix the following issues related to ESLint, there are some issues within the code (please check the JavaScript coding standards):

/var/vhosts/c214000000/site1101/web/vendor/drupal/pareviewsh/pareview_temp/assets/gulpfile.js: line 6, col 1, Error - Use the function form of 'use strict'. (strict)
/var/vhosts/c214000000/site1101/web/vendor/drupal/pareviewsh/pareview_temp/assets/gulpfile.js: line 13, col 19, Error - Use the function form of 'use strict'. (strict)
/var/vhosts/c214000000/site1101/web/vendor/drupal/pareviewsh/pareview_temp/assets/gulpfile.js: line 23, col 20, Error - Use the function form of 'use strict'. (strict)
/var/vhosts/c214000000/site1101/web/vendor/drupal/pareviewsh/pareview_temp/assets/js/popup.js: line 6, col 2, Error - Use the function form of 'use strict'. (strict)
/var/vhosts/c214000000/site1101/web/vendor/drupal/pareviewsh/pareview_temp/assets/js/popup.js: line 30, col 7, Error - The body of a for-in should be wrapped in an if statement to filter unwanted properties from the prototype. (guard-for-in)

(2.)
Please don't use dynamically created properties like $this->lang in PagePolicy class.
Just declare them at first (into the Class), then initialize them in __construct(), and use them after that.
It is important your code to be as much as possible clear and mindful.

 ------ ----------------------------------------------------------------------------
  Line   src\Controller\PagePolicy.php
 ------ ----------------------------------------------------------------------------
  63     Access to an undefined property Drupal\gdpr_compliance\Controller\PagePolicy::$lang.
  80     Access to an undefined property Drupal\gdpr_compliance\Controller\PagePolicy::$lang.
  88     Access to an undefined property Drupal\gdpr_compliance\Controller\PagePolicy::$lang.
 ------ ----------------------------------------------------------------------------

(3.)
Please replace the usage of \Drupal::request() with the Dependency Injection (DI) and $container->get('request_stack').

(4.)
Replace the wrong and deprecated usage of entityManager() with entityTypeManager() (all uses) in your Dependency Injection (DI) and SettingsFormWarning class.

(5.)
Always keep attention on your configuration forms input secure and Sanitizing Output, read more https://www.drupal.org/docs/8/security

Update texts to use the more secure:
Url::fromRoute('Some text @param', ['param' => $param_url])->toString();
instead of plain text:
/user/register and /user/login.

An example: Url::fromRoute('entity.node.canonical', ['node' => $next['nid']])->toString();

KuldeepM’s picture

KuldeepM CreditAttribution: KuldeepM commented
Status: Needs work » Needs review
Issue tags: -PAreview: security

Fix Error - Use the function form of 'use strict'. (strict) issue.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi at jobiqo - job board technology commented
Status: Needs review » Reviewed & tested by the community

Thanks for your contribution!

  1. "'custom' => 'Custom bundles',": all user facing text must run through t() for translation.
  2. SettingsFormWarning::getBundles(): doc block is wrong, this is not a submit handler.
  3. gdpr_compliance.permissions.yml: why is the permission "administer gdpr compliance" marked for restricted access? Can admins elevate their permissions with the module settings somehow? I don't see how, so I think this can be removed. Otherwise please add a comment in the permission yml file.

Looks good to me, did not see a security issue.

apaderno’s picture

apaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
CreditAttribution: apaderno as a volunteer commented
Assigned: Unassigned » apaderno
Status: Reviewed & tested by the community » Fixed

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.