[4.7.11] Usergroup setting removes options to request pii data and account deletion

[MMXII]

This seems to be a bug or at least unwanted behavior: The new options to request pii data and account deletion do not show up in the frontend, if the usergroup setting the "Can login anonymously?" is set to "Disallowed". Then the menu entry "Security and Privacy" does not show up at all.

[Stuart Silvester]

This is a bug that we've fixed, we're preparing a patch for some common issues we're seeing in the PII/Cookie Consent feature. The patch will include this fix.

[MMXII]

10 hours ago, Stuart Silvester said:

we're preparing a patch

Once the patch has been released, if I download 4.7.11 from the client area again, will the patch be included in the download package too, or do I have to wait until 4.7.12 until the files available from the client area will be updated?

[Stuart Silvester]

2 hours ago, MMXII said:

Once the patch has been released, if I download 4.7.11 from the client area again, will the patch be included in the download package too?

Yes, anytime we release a patch it is included in new downloads.

[SUBRTX]

19 hours ago, Stuart Silvester said:

Yes, anytime we release a patch it is included in new downloads.

is there an option to disable request pii data and account deletion? Thanks.

[Stuart Silvester]

10 hours ago, SUBRTX said:

is there an option to disable request pii data and account deletion? Thanks.

At this time, it's available to all members.

[CodeWizard]

4 hours ago, Stuart Silvester said:

At this time, it's available to all members.

This is something I just cannot understand. All the bugs aside these two features introduce a whole new workflow of having to deal with requests, approvals and rejections. Who thought it's a good idea to release this without an option to opt-out? Not every community needs this and not everybody is ready. Communities that aren't ready to handle this are basically forced to stay on an older version and miss out on all other improvements. Both of those features should be configurable.

I looked into disabling it via code hooks and things get even worse. While hooking \IPS\Member::canUseAccountDeletion does the trick for account deletion (proper backend checks + removes it from UI), same route just doesn't work for PII.

\IPS\Member\PrivacyAction::canRequestPiiData/canDownloadPiiData can be hooked but UI elements will stay because of settingsPrivacy template. Buttons will be gone but whole div, header and description will stay.

For account deletion whole div is wrapped properly:

{{if \IPS\Member::loggedIn()->canUseAccountDeletion() }}
...
{{endif}}

Why same thing wasn't done for PII? This would do the trick:

{{if \IPS\Member\PrivacyAction::canRequestPiiData() }}
...
{{endif}}

Now it's impossible to remove this without excessive trickery. Theme hooks won't really do the job as there is no way to select that specific div as it doesn't have a unique identifier (it's a generic div.ipsPadding). Documentation states that "you can use any of the selectors supported by jQuery" and that's simply wrong, actually not even a tiny fraction of selectors used by jQuery are supported. Only the most basic CSS selectors can be used and those don't allow to select e.g. parent elements.

I didn't expect that a monthly update will turn into such a headache that a simple ACP option could easily fix.

tl;dr Please make those features optional.

[MMXII]

1 hour ago, CodeWizard said:

Please make those features optional.

Yes, please! I second that (hence my feedback here and here). Ideally the permissions should be group-based (at the same place where anonymous logins can be allowed/disallowed).