[wp-trac] [WordPress Trac] #43738: Make the personal data Export/Delete functionality available in network-wide for super admins

WordPress Trac noreply at wordpress.org
Thu Apr 2 19:27:08 UTC 2020 

#43738: Make the personal data Export/Delete functionality available in network-
wide for super admins
---------------------------------------+------------------------
 Reporter:  TZ Media                   |       Owner:  (none)
     Type:  enhancement                |      Status:  new
 Priority:  normal                     |   Milestone:  5.5
Component:  Privacy                    |     Version:
 Severity:  normal                     |  Resolution:
 Keywords:  privacy-roadmap has-patch  |     Focuses:  multisite
---------------------------------------+------------------------
Changes (by pbiron):

 * keywords:  needs-patch privacy-roadmap => privacy-roadmap has-patch


Comment:

 [https://core.trac.wordpress.org/attachment/ticket/43738/43738.diff
 43738.diff] is **VERY** preliminary!!!

 It does **NOT** actually do network-level exports/erasures.  It, does
 however, do 2 things:

 1. adds the network-level UI for exports/erasures, by:
    a. adding a `Network Admin > Tools` menu
    b. adding `Export Personal Data` and `Erase Personal Data` menu items
 to that menu
    c. adding a `Network Admin > Tools` admin bar node
 2. sets up the request posts and `WP_User_Requests` objects so that they
 can distinguish between requests submitted at the network- or site-level,
 by:
    a. modifying `wp_create_user_request()` to add a
 `_wp_user_request_blog_id` post meta to the request post.  When the
 request is submitted at the network-level, the meta value will be 0
    b. adds `_wp_user_request_blog_id` property to `WP_User_Request` so
 that the object returned by `wp_get_user_request()` "knows" what level it
 was submitted to
    c. modifies `WP_Privacy_Requests_Table::prepare_items()` to query for
 the post meta, so that list table on the `Network Admin > Tools > Export
 Personal Data` screen will only show requests submitted at the network-
 level, and on `Tools > Export Personal Data` will only display requests
 submitted at the site-level
 A few more points:

 1. I've tested this on:
    a. a "regular" multisite (i.e., with a single network)
    b. a multi-network (i.e., built with the WP Multi Network plugin)
    c. a single site
    d. all of the above with existing requests submitted before the patch
 was applied
    e. all of the above in the back-end and with
 [https://wordpress.org/plugins/gdpr-data-request-form/ GDPR Data Request
 Form] on the front-end
 2. I'm sure there are ways other than post meta to distinguish requests
 initiated at the network- vs site-level, but that seemed like a natural
 choice to me.  Other suggestions more than welcome
 3. There may be some place other a `Network Admin > Tools` menu for the
 export/erase UI to live, but again, that seemed a natural choice to me.
 Plus, having that menu would open nice possibilities for multisite-aware
 plugins.
 4. I'm not sure what cap should be checked to display the `Network Admin >
 Tools` menu (the `Export/Erase Personal Data` menu items use the same cap
 they use for the regular `Tools` menu items).  The patch uses `edit_posts`
 just like the regular `Tools` menu.  Suggestions welcome.
 5. I'm not 100% sure about the new `$blog_id` param to
 `wp_create_user_request()`.  Initially, I just had a `is_network_admin()`
 check (like in `WP_Privacy_Requests_Table::prepare_items()`).  However, I
 then realized that such a test would not work for plugins like
 [https://wordpress.org/plugins/gdpr-data-request-form/ GDPR Data Request
 Form] that allow requests to be submitted on the front-end.  Again,
 suggestions welcome for other ways to handle that.

 To test:

 1. ensure there are existing incomplete requests at the site-level before
 applying the patch
 2. verify that the existing site-level requests do <strong>NOT</strong>
 display at the network-level
 3. submit various requests at both the site- and network-levels and ensure
 that the right thing happens
    a. the site-level requests only display at the site-level
    b. the network-level requests only display at the network-level
    c. you get (or don't get) the appropriate admin notices depending on
 whether incomplete requests exist (or don't exist) at the appropriate
 level
 4. submit requests on the front-end (with a plugin such as
 [https://wordpress.org/plugins/gdpr-data-request-form/ GDPR Data Request
 Form]) and verify that the request displays on the appropriate site-level
 screen on the back-end (and does <strong>NOT</strong> display at the
 network-level on the back-end

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43738#comment:32>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list