Download the PHP package dialect/laravel-gdpr-compliance without Composer
On this page you can find all versions of the php package dialect/laravel-gdpr-compliance. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download dialect/laravel-gdpr-compliance
More information about dialect/laravel-gdpr-compliance
Files in dialect/laravel-gdpr-compliance
Package laravel-gdpr-compliance
Short Description GDPR compliant data portability and anonymization
License MIT
Homepage https://github.com/dialect-katrineholm/laravel-gdpr-compliance
Informations about the package laravel-gdpr-compliance
GDPR compliant data handling with ease
This package helps you get compliant with GDPR;
Article 7: Conditions for consent
Article 17: Right to be forgotten
Article 20: Right to data portability
Table of contents
- Table of contents
- Dependencies
- Installation
- Configuration
- Consent
- Portability
- Anonymizability
- Automatic anonymization
- Configuring Anonymizable Data
- Recursive Anonymization
- Configuring Portable Data
- Lazy Eager Loading Relationships
- Hiding Attributes
- Usage
- Encryption
- Anonymization
- Tests
- Security Vulnerabilities
- Credit
- License
Dependencies
- PHP >= 7.0.0
- Laravel >= 5.5
Installation
First, install the package via the Composer package manager:
After installing the package, you should publish the configuration file:
Configuration
GDPR Consent
The package includes a way for users to sign a GDPR-agreement. This will redirect the user to the agreement on the specified routes until the user has agreed to the new terms.
To add the agreement functionality:
- Publish the middleware:
php artisan vendor:publish --provider="Dialect\Gdpr\GdprServiceProvider"
-
Add
'gdpr.terms' => \App\Http\Middleware\RedirectIfUnansweredTerms::class
to the$routeMiddleware
middlewaregroup inapp/Http/Kernel
like so: -
Add the middleware to the routes that you want to check (normally the routes where auth is used):
-
Add the fields to
$fillable
in the User model: - Change the Agreement text to your particular needs in
resources/views/gdpr/message.blade.php
Portability
Add the Portable
trait to the model model you want to be able to port:
Anonymizability
Add the Anonymizable
trait to the model you want to be able to anonymize:
Automatic Anonymization of inactive users
The package adds a scheduled job intended to anonymize the User
model automatically when the user has been inactive for a specific time.
To specify the time, edit the ttl
setting in the published config.
To activate this feature:
-
Add the command to the schedule function in
app/Console/Kernel.php
like so: - Add the class to the
$commands
array in the same file like so:
Configuring Anonymizable Data
On the model, set gdprAnonymizableFields
by adding the fields you want to anonymize on the model,
you can also set up attribute-like functions on your model to supply replacement data.
If you have a unique-constraint on your model, you should use this.
If no value is supplied,
a default string from settings will be used.
Recursive Anonymization
If the model has related models with fields that needs to be anonymized at the same time,
add the related models to $gdprWith
. On the related models. add the Anonymizable
trait and specify the fields with $gdprAnonymizableFields
like so:
Calling $customer->anonymize();
will also change the buyer
-field on the related orders.
Configuring Portable Data
By default, the entire toArray
form of the App\User
model will be made available for download. If you would like to customize the downloadable data, you may override the toPortableArray()
method on the model:
Lazy Eager Loading Relationships
You may need to include a relationship in the data that will be made available for download. To do so, add a $gdprWith
property to your App\User
model:
Hiding Attributes
You may wish to limit the attributes, such as passwords, that are included in the downloadable data. To do so, add a $gdprHidden
property to your App\User
model:
Alternatively, you may use the $gdprVisible
property to define a white-list of attributes that should be included in the data that will be made available for download. All other attributes will be hidden when the model is converted:
Usage
This package exposes an endpoint at /gdpr/download
. Only authenticated users should be able to access the routes. Your application should make a POST call, containing the currently authenticated user's password, to this endpoint. The re-authentication is needed to prevent information leakage.
Encryption
Before using encryption, you must set a
key
option in yourconfig/app.php
configuration file. If this value is not properly set, all encrypted values will be insecure.
You may encrypt/decrypt attributes on the fly using the EncryptsAttributes
trait on any model.
The trait expects the $encrypted
property to be filled with attribute keys:
If all fields are encrypted, the model can be returned in decrypted state as an array or collection:
Anonymization
To anonymize a model you call anonymize()
on it:
Tests
After installation you can run the package tests from your laravel-root folder with phpunit vendor/Dialect/gdpr
Security Vulnerabilities
If you discover a security vulnerability within this project, please send an e-mail to Dialect via [email protected]. All security vulnerabilities will be promptly addressed.
Credit
sander3: Author of the original package used as a startingpoint
License
This package is open-source software licensed under the MIT license.