diff --git a/modules/login/jsx/requestAccount.js b/modules/login/jsx/requestAccount.js
index 501d5c4e6c0..c07f172227e 100644
--- a/modules/login/jsx/requestAccount.js
+++ b/modules/login/jsx/requestAccount.js
@@ -11,6 +11,7 @@ import {
CheckboxElement,
ButtonElement,
} from 'jsx/Form';
+import PolicyButton from 'jsx/PolicyButton';
/**
* Request account form.
@@ -45,8 +46,10 @@ class RequestAccount extends Component {
? this.props.data.captcha
: '',
error: '',
+ viewedPolicy: false,
},
request: false,
+ policy: this.props.data.policy || null,
};
this.setForm = this.setForm.bind(this);
this.handleSubmit = this.handleSubmit.bind(this);
@@ -75,7 +78,16 @@ class RequestAccount extends Component {
*/
handleSubmit(e) {
e.preventDefault();
-
+ if (this.props.data.policy && !this.state.form.viewedPolicy) {
+ let title = this.props.data.policy.SwalTitle;
+ swal.fire({
+ title: title + ' not accepted',
+ text: 'You must accept the ' + title + ' before requesting an account.',
+ icon: 'error',
+ });
+ e.stopPropagation();
+ return;
+ }
const state = JSON.parse(JSON.stringify(this.state));
fetch(
window.location.origin + '/login/Signup', {
@@ -156,6 +168,23 @@ class RequestAccount extends Component {
) : null;
+ const policy = this.state.policy ? (
+ {
+ this.setState({
+ form: {
+ ...this.state.form,
+ viewedPolicy: true,
+ },
+ });
+ }}
+ />
+ ) : null;
const request = !this.state.request ? (
+ {policy}
{captcha}
getAttribute("loris");
+ $requestAccountData['policy'] = $this->getHeaderPolicy($loris);
+ $values['requestAccount'] = $requestAccountData;
if ($this->loris->hasModule('oidc')) {
$DB = $this->loris->getDatabaseConnection();
diff --git a/modules/login/test/Request_Account_test_plan.md b/modules/login/test/Request_Account_test_plan.md
index 34226150693..b06270ab2e1 100644
--- a/modules/login/test/Request_Account_test_plan.md
+++ b/modules/login/test/Request_Account_test_plan.md
@@ -6,6 +6,7 @@
3. Verify that verification code is enforced (if and only if re-captcha has been activated by the project)
4. Verify that clicking "Submit" button with valid form data will load page acknowledging receipt (Thank you page)
5. Verify "Return to Loris login page" link on Thank you page works
+6. Verify that if a policy is added to the project for module `login`, the policy is displayed on the Request Account form page, and it is required that the policy has been viewed to request an account.
### Approving new User Account Request:
6. Log in as another user who has permission: `user_accounts` (User Management) and does not have permission: `user_accounts_multisite` (Across all sites create and edit users). Verify that new account request notification is counted in Dashboard (count has incremented).
diff --git a/modules/policy_tracker/help/policy_tracker.md b/modules/policy_tracker/help/policy_tracker.md
new file mode 100644
index 00000000000..244b85992b2
--- /dev/null
+++ b/modules/policy_tracker/help/policy_tracker.md
@@ -0,0 +1,6 @@
+# Policy Tracker
+
+This module provides an endpoint for other pages to manage policy acceptance.
+
+### Future work:
+A Filterable Data Table to display the policies that have been accepted by users.
\ No newline at end of file
diff --git a/modules/policy_tracker/php/module.class.inc b/modules/policy_tracker/php/module.class.inc
new file mode 100644
index 00000000000..79cbcd140e3
--- /dev/null
+++ b/modules/policy_tracker/php/module.class.inc
@@ -0,0 +1,77 @@
+
+ * @license http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link https://www.github.com/aces/Loris/
+ */
+namespace LORIS\policy_tracker;
+use \Psr\Http\Message\ServerRequestInterface;
+use \Psr\Http\Message\ResponseInterface;
+
+/**
+ * Class module implements the basic LORIS module functionality
+ *
+ * @category Core
+ * @package Main
+ * @subpackage Login
+ * @author Saagar Arya
+ * @license http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link https://www.github.com/aces/Loris/
+ */
+class Module extends \Module
+{
+ /**
+ * Implements the PSR15 RequestHandler interface for this module. The API
+ * module does some preliminary verification of the request, converts the
+ * version from the URL to a request attribute, and then falls back on the
+ * default LORIS page handler.
+ *
+ * @param ServerRequestInterface $request The incoming PSR7 request
+ *
+ * @return ResponseInterface The outgoing PSR7 response
+ */
+ public function handle(ServerRequestInterface $request) : ResponseInterface
+ {
+ $body = json_decode($request->getBody()->getContents(), true);
+ switch ($request->getMethod()) {
+ case 'POST':
+ $module = $this->loris->getModule($body['ModuleName'] ?? '');
+ $page = new \NDB_Page(
+ $this->loris,
+ $module,
+ '',
+ '',
+ '',
+ );
+ $page->saveUserPolicyDecision(
+ $this->loris,
+ $body['PolicyName'] ?? '',
+ $body['decision'] ?? ''
+ );
+ return new \LORIS\Http\Response\JSON\OK(
+ ['message' => 'Policy decision saved successfully']
+ );
+ default:
+ return new \LORIS\Http\Response\JSON\MethodNotAllowed(['POST']);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return string The human readable name for this module
+ */
+ public function getLongName() : string
+ {
+ return dgettext("policy_tracker", "Policy Tracker");
+ }
+}
diff --git a/php/libraries/NDB_Page.class.inc b/php/libraries/NDB_Page.class.inc
index 7622e9a433c..52af7425c5e 100644
--- a/php/libraries/NDB_Page.class.inc
+++ b/php/libraries/NDB_Page.class.inc
@@ -861,6 +861,7 @@ class NDB_Page extends \LORIS\Http\Endpoint implements RequestHandlerInterface
$baseurl . '/js/jquery.fileupload.js',
$baseurl . '/bootstrap/js/bootstrap.min.js',
$baseurl . '/js/components/Breadcrumbs.js',
+ $baseurl . '/js/components/PolicyButton.js',
$baseurl . "/js/util/queryString.js",
$baseurl . '/js/components/Help.js',
];
@@ -936,6 +937,171 @@ class NDB_Page extends \LORIS\Http\Endpoint implements RequestHandlerInterface
);
}
+ /**
+ * Get latest Policy for this module with an optional Policy Name
+ *
+ * @param \LORIS\LorisInstance $loris The LORIS instance
+ * @param string $policyName The policy name
+ * @param bool $headerButton If true, only return policies that
+ * have HeaderButton = 'Y'
+ *
+ * @return array The policy details
+ * @throws \DatabaseException
+ */
+ function getPolicy(
+ \LORIS\LorisInstance $loris,
+ string $policyName ='',
+ bool $headerButton = false
+ ) {
+ $moduleName = $this->Module->getName();
+ $DB = $loris->getDatabaseConnection();
+ // If no policy name is given, we return the latest policy for the module
+ if (!empty($policyName)) {
+ $policyName = 'AND p.Name = '. $DB->quote($policyName);
+ }
+ // If we want just a policy that goes in the header,
+ // then we need HeaderButton = 'Y'
+ if ($headerButton == true) {
+ $headerWhere = "('Y')";
+ } else {
+ $headerWhere = "('Y', 'N')";
+ }
+ return iterator_to_array(
+ $DB->pselect(
+ "SELECT
+ p.Name as PolicyName,
+ Version,
+ Content,
+ SwalTitle,
+ HeaderButtonText,
+ AcceptButtonText,
+ DeclineButtonText,
+ m.Name as ModuleName,
+ PolicyID,
+ PolicyRenewalTime,
+ PolicyRenewalTimeUnit
+ FROM policies p
+ JOIN modules m ON m.ID = p.ModuleID
+ WHERE m.Name = :moduleName
+ $policyName
+ AND p.Active = 'Y'
+ AND p.HeaderButton IN $headerWhere
+ ORDER BY p.Version DESC
+ LIMIT 1
+ ",
+ [
+ 'moduleName' => $moduleName
+ ]
+ )
+ )[0] ?? [];
+ }
+
+ /**
+ * Returns the latest Policy for this page with a HeaderButton
+ *
+ * @param \LORIS\LorisInstance $loris The LORIS instance
+ *
+ * @return array
+ */
+ public function getHeaderPolicy(
+ \LORIS\LorisInstance $loris
+ ): array {
+ return $this->getPolicy(
+ $loris,
+ '',
+ true
+ ) ?? [];
+ }
+
+ /**
+ * Get a User's latest policy decision, and whether or not they need to renew.
+ *
+ * @param \LORIS\LorisInstance $loris The LORIS instance
+ * @param string $policyName The policy name
+ * @param int|null $userID The user ID, or current user if null
+ *
+ * @return array The decision details
+ * @throws \DatabaseException
+ * @access public
+ */
+ public function getLatestPolicyDecision(
+ \LORIS\LorisInstance $loris,
+ string $policyName,
+ int|null $userID
+ ) {
+ $userID = $userID ?? User::singleton()->getID();
+ $DB = $loris->getDatabaseConnection();
+
+ $policyInfo = $this->getPolicy($loris, $policyName, false) ?? [];
+ if (empty($policyInfo)) {
+ return [];
+ }
+ $decision = iterator_to_array(
+ $DB->pselect(
+ "SELECT Decision, DecisionDate
+ FROM user_policy_decision
+ WHERE
+ UserID = :uid
+ AND PolicyID=:policyID
+ ORDER BY DecisionDate DESC
+ LIMIT 1
+ ",
+ [
+ 'uid' => $userID,
+ 'policyID' => $policyInfo['PolicyID']
+ ]
+ )
+ )[0] ?? [];
+ $needsRenewal = true;
+ if ($decision
+ && $decision['Decision'] == 'Accepted'
+ && $policyInfo['PolicyRenewalTime'] > 0
+ ) {
+ $decisionDate = new \DateTime($decision['DecisionDate']);
+ $interval = new \DateInterval(
+ "P{$policyInfo['PolicyRenewalTime']}".
+ "{$policyInfo['PolicyRenewalTimeUnit']}"
+ );
+ $renewalDate = $decisionDate->add($interval);
+ if ($renewalDate > new \DateTime()) {
+ $needsRenewal = false;
+ }
+ }
+ return [
+ ...$policyInfo,
+ 'needsRenewal' => $needsRenewal,
+ ];
+ }
+
+ /**
+ * Save a User's Policy decision
+ *
+ * @param \LORIS\LorisInstance $loris The LORIS instance
+ * @param string $PolicyName The Policy Name
+ * @param string $decision The decision made by the current user
+ *
+ * @return void
+ * @throws \DatabaseException
+ */
+ function saveUserPolicyDecision(
+ \LORIS\LorisInstance $loris,
+ string $PolicyName,
+ string $decision
+ ) {
+ $user = User::singleton();
+ $DB = $this->loris->getDatabaseConnection();
+
+ $policy = $this->getPolicy($loris, $PolicyName, false);
+ $DB->insert(
+ 'user_policy_decision',
+ [
+ 'UserID' => $user->getId(),
+ 'PolicyID' => $policy['PolicyID'],
+ 'Decision' => $decision,
+ ]
+ );
+ }
+
/**
* Converts the results of this form to a JSON format to be retrieved
* with ?format=json
diff --git a/raisinbread/RB_files/RB_modules.sql b/raisinbread/RB_files/RB_modules.sql
index 8d3b64376b6..02c66566447 100644
--- a/raisinbread/RB_files/RB_modules.sql
+++ b/raisinbread/RB_files/RB_modules.sql
@@ -50,5 +50,6 @@ INSERT INTO `modules` (`ID`, `Name`, `Active`) VALUES (47,'electrophysiology_upl
INSERT INTO `modules` (`ID`, `Name`, `Active`) VALUES (48,'schedule_module','Y');
INSERT INTO `modules` (`ID`, `Name`, `Active`) VALUES (49,'dataquery','Y');
INSERT INTO `modules` (`ID`, `Name`, `Active`) VALUES (50,'oidc','N');
+INSERT INTO `modules` (`ID`, `Name`, `Active`) VALUES (51,'policy_tracker','Y');
UNLOCK TABLES;
SET FOREIGN_KEY_CHECKS=1;
diff --git a/raisinbread/RB_files/RB_policies.sql b/raisinbread/RB_files/RB_policies.sql
new file mode 100644
index 00000000000..03ed0ae1f71
--- /dev/null
+++ b/raisinbread/RB_files/RB_policies.sql
@@ -0,0 +1,7 @@
+SET FOREIGN_KEY_CHECKS=0;
+TRUNCATE TABLE `policies`;
+LOCK TABLES `policies` WRITE;
+INSERT INTO `policies` (`PolicyID`, `Name`, `Version`, `ModuleID`, `PolicyRenewalTime`, `PolicyRenewalTimeUnit`, `Content`, `SwalTitle`, `HeaderButton`, `HeaderButtonText`, `Active`, `AcceptButtonText`, `DeclineButtonText`, `CreatedAt`, `UpdatedAt`) VALUES (1,'dataquery_example',1,49,7,'D','By using this Data Query Tool, you acknowledge that you know it is in beta and may not work as expected. You also agree to use it responsibly and not to misuse the data.','Terms of Use','Y','Terms of Use','Y','Yes, I accept','Decline','2025-05-28 10:54:21','2025-05-28 10:54:21');
+INSERT INTO `policies` (`PolicyID`, `Name`, `Version`, `ModuleID`, `PolicyRenewalTime`, `PolicyRenewalTimeUnit`, `Content`, `SwalTitle`, `HeaderButton`, `HeaderButtonText`, `Active`, `AcceptButtonText`, `DeclineButtonText`, `CreatedAt`, `UpdatedAt`) VALUES (2,'login_example',1,28,7,'D','By using this LORIS instance you acknowledge that you know it is filled with test data, and not real user data.','Terms of Use','Y','Terms of Use','Y','Accept','','2025-05-28 10:54:23','2025-05-28 10:54:23');
+UNLOCK TABLES;
+SET FOREIGN_KEY_CHECKS=1;
diff --git a/raisinbread/RB_files/RB_user_policy_decision.sql b/raisinbread/RB_files/RB_user_policy_decision.sql
new file mode 100644
index 00000000000..1eb9aa14838
--- /dev/null
+++ b/raisinbread/RB_files/RB_user_policy_decision.sql
@@ -0,0 +1,5 @@
+SET FOREIGN_KEY_CHECKS=0;
+TRUNCATE TABLE `user_policy_decision`;
+LOCK TABLES `user_policy_decision` WRITE;
+UNLOCK TABLES;
+SET FOREIGN_KEY_CHECKS=1;
diff --git a/smarty/templates/main.tpl b/smarty/templates/main.tpl
index 78f8bc32174..97c7b31303b 100644
--- a/smarty/templates/main.tpl
+++ b/smarty/templates/main.tpl
@@ -73,6 +73,16 @@
toggleIcon.classList.add('glyphicon-chevron-down');
}
});
+
+ headerPolicyRoot = ReactDOM.createRoot(
+ document.getElementById("headerPolicyButton")
+ );
+ headerPolicyRoot.render(
+ React.createElement(PolicyButton, {
+ onClickPolicy: {$header_policy|json_encode},
+ popUpPolicy: {$pop_up_policy|json_encode},
+ })
+ );
});
@@ -143,6 +153,9 @@
{/if}
+ {if $header_policy}
+
+ {/if}
diff --git a/src/Middleware/UserPageDecorationMiddleware.php b/src/Middleware/UserPageDecorationMiddleware.php
index 9f73001ed34..0f232a583fd 100644
--- a/src/Middleware/UserPageDecorationMiddleware.php
+++ b/src/Middleware/UserPageDecorationMiddleware.php
@@ -271,9 +271,10 @@ function ($a, $b) {
$tpl_data['FormAction'] = $page->FormAction ?? '';
if ($page instanceof \NDB_Page) {
- $tpl_data['breadcrumbs'] = $page->getBreadcrumbs();
+ $tpl_data['breadcrumbs'] = $page->getBreadcrumbs();
+ $tpl_data['header_policy'] = $page->getHeaderPolicy($loris);
+ $tpl_data['pop_up_policy'] = $page->getLatestPolicyDecision($loris, '', $user->getId());
}
-
// Assign the console template variable as the very, very last thing.
$tpl_data['console'] = htmlspecialchars(
ob_get_contents(),
diff --git a/test/unittests/NDB_PageTest.php b/test/unittests/NDB_PageTest.php
index de823fbf69a..bcb73684db7 100644
--- a/test/unittests/NDB_PageTest.php
+++ b/test/unittests/NDB_PageTest.php
@@ -816,6 +816,7 @@ public function testGetJSDependencies()
'/js/jquery.fileupload.js',
'/bootstrap/js/bootstrap.min.js',
'/js/components/Breadcrumbs.js',
+ '/js/components/PolicyButton.js',
'/js/util/queryString.js',
'/js/components/Help.js',
],
diff --git a/webpack.config.ts b/webpack.config.ts
index 7dbaa0e968b..508d45dd383 100644
--- a/webpack.config.ts
+++ b/webpack.config.ts
@@ -348,6 +348,7 @@ configs.push({
StaticDataTable: './jsx/StaticDataTable.js',
MultiSelectDropdown: './jsx/MultiSelectDropdown.js',
Breadcrumbs: './jsx/Breadcrumbs.js',
+ PolicyButton: './jsx/PolicyButton.js',
CSSGrid: './jsx/CSSGrid.js',
Help: './jsx/Help.js',
...getModulesEntries(),