Download the PHP package skyraptor/laravel-gdpr without Composer
On this page you can find all versions of the php package skyraptor/laravel-gdpr. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download skyraptor/laravel-gdpr
More information about skyraptor/laravel-gdpr
Files in skyraptor/laravel-gdpr
Informations about the package laravel-gdpr
GDPR compliance with ease
This package exposes an endpoint where authenticated users can download their data as required by GDPR article 20. This package also provides you with a trait to easily clean up inactive users as required by GDPR article 5e.
Requirements
- PHP >= 7.0.0
- Laravel >= 5.5 or 6.0
Installation
First, install the package via the Composer package manager:
After installing the package, you should publish the configuration file:
Finally, add the Soved\Laravel\Gdpr\Portable trait to the App\User model and implement the Soved\Laravel\Gdpr\Contracts\Portable contract:
Configuration
Configuring Portable Data
By default, the entire toArray form of the App\User model will be made available for download. If you would like to customize the downloadable data, you may override the toPortableArray() method on the model:
Lazy Eager Loading Relationships
You may need to include a relationship in the data that will be made available for download. To do so, add a $gdprWith property to your App\User model:
Hiding Attributes
You may wish to limit the attributes, such as passwords, that are included in the downloadable data. To do so, add a $gdprHidden property to your App\User model:
Alternatively, you may use the $gdprVisible property to define a white-list of attributes that should be included in the data that will be made available for download. All other attributes will be hidden when the model is converted:
Usage
This package exposes an endpoint at /gdpr/download. Only authenticated users should be able to access the routes. Your application should make a POST call, containing the currently authenticated user's password, to this endpoint. The re-authentication is needed to prevent information leakage.
You may listen for the Soved\Laravel\Gdpr\Events\GdprDownloaded event, which will be dispatched upon successful re-authentication and data conversion.
Encryption
Before using encryption, you must set a
keyoption in yourconfig/app.phpconfiguration file. If this value is not properly set, all encrypted values will be insecure.
You may encrypt/decrypt attributes on the fly using the Soved\Laravel\Gdpr\EncryptsAttributes trait on any model. The trait expects the $encrypted property to be filled with attribute keys:
Data Retention
You may clean up inactive users using the gdpr:cleanup command. Schedule the command to run every day at midnight, or run it yourself. In order for this to work, add the Soved\Laravel\Gdpr\Retentionable trait to the App\User model:
You may listen for the Soved\Laravel\Gdpr\Events\GdprInactiveUser event to notify your users about their inactivity, which will be dispatched two weeks before deletion. The Soved\Laravel\Gdpr\Events\GdprInactiveUserDeleted event will be dispatched upon deletion.
Feel free to customize what happens to inactive users by creating your own cleanup strategy.
Roadmap
- Tests
Security Vulnerabilities
If you discover a security vulnerability within this project, please send an e-mail to Sander de Vos via [email protected]. All security vulnerabilities will be promptly addressed.
License
This package is open-source software licensed under the MIT license.
