prey / gdpr_rails

Rails Engine for the GDPR compliance
https://preyproject.com
MIT License
626 stars 62 forks source link

Checkboxes with blocking validation not working as expected #21

Closed mrsweaters closed 6 years ago

mrsweaters commented 6 years ago

I swear I had this working. It could very well be something on my end. It seems that even though I am passing in the following to the Devise registration controller: "policy_rule_privacy"=>"0", "policy_rule_terms_of_service"=>"0"

The registration goes through with these policy configurations:

  c.add_rule(
    name: 'privacy',
    validates_on: [:create, :update],
    blocking: true,
    if: ->(o){ !o.prevalidation && !ENV['SKIP_POLICY'] }
  )
  c.add_rule(
    name: 'terms_of_service',
    validates_on: [:create, :update],
    blocking: true,
    if: ->(o){ !o.prevalidation && !ENV['SKIP_POLICY'] }
  )

It works as intended if I check the checkboxes, but if I leave them unchecked the validation still passes.

    <label>
      <%= f.check_box :policy_rule_privacy %>
      You have read and agree to the terms outlined in our <a href="#">Privacy Policy</a>
    </label>
    <label>
      <%= f.check_box :policy_rule_terms_of_service %>
      You have read and agree to the terms outlined in our <a href="#">Terms of Service</a>
    </label>

Any ideas what may be causing this?

michelson commented 6 years ago

Hi @mrsweaters , thanks for report this. I think this could be the !o.prevalidation && !ENV['SKIP_POLICY'] part that is probably bypassing the validation. I would suggest that you put a binding.pry inside the block in order to debug if the if check is returning true indeed

let us know how it goes

michelson commented 6 years ago

when you pass the "0" values are the user_terms being persisted on your database ??

mrsweaters commented 6 years ago

Thanks for the quick reply. Yes, the user_terms are being persisted as accepted when "0" is passed.

  PolicyManager::UserTerm Create (0.3ms)  INSERT INTO `policy_manager_user_terms` (`user_id`, `term_id`, `state`, `created_at`, `updated_at`) VALUES (70, 1, 'accepted', '2018-05-23 17:24:29', '2018-05-23 17:24:29') /*application:Enroll,controller:registrations,action:create*/ [sql_query]
  PolicyManager::UserTerm Create (0.3ms)  INSERT INTO `policy_manager_user_terms` (`user_id`, `term_id`, `state`, `created_at`, `updated_at`) VALUES (70, 2, 'accepted', '2018-05-23 17:24:29', '2018-05-23 17:24:29') /*application:Enroll,controller:registrations,action:create*/ [sql_query]

I also checked the if block as per your recommendation, but the values are set correctly from what I can tell.

michelson commented 6 years ago

this line may be the culprit https://github.com/prey/gdpr_rails/blob/master/app/models/policy_manager/concerns/user_behavior.rb#L34

it seems that the engine does not cast the 0/1 values and only expects a true/false values. I see that your are using simple_form, right ? . it seems that simple_form defaults to 1/0 values for check boxes. We are going to fix this in order to accept 1/0 or t/f or true/false values, but for now I would suggest that for now you implement a block for your input in order to set up true/false values for your checkboxes.

f.input :my_boolean, as: :boolean do
  f.check_box :my_boolean, {}, "true", "false"
end

let us know how it goes

mrsweaters commented 6 years ago

I'm not using simple_form, just Rails built-in form helpers. I changed the inputs to the following but still experience the same issue.

    <label>
      <%= f.check_box :policy_rule_privacy, {}, "true", "false" %>
      You have read and agree to the terms outlined in our <a href="#">Privacy Policy</a>
    </label>
    <label>
      <%= f.check_box :policy_rule_terms_of_service, {}, "true", "false" %>
      You have read and agree to the terms outlined in our <a href="#">Terms of Service</a>
    </label>
michelson commented 6 years ago

Im not in computer right now . But check that the params are received by controller as true/false and not as "true"/"false"

El mié., 23 de may. de 2018 14:24, Jordan Humphreys < notifications@github.com> escribió:

I'm not using simple_form, just rails built-in form helpers. I changed the inputs to the following but still experience the same issue.

<label>
  <%= f.check_box :policy_rule_privacy, {}, "true", "false" %>
  You have read and agree to the terms outlined in our <a href="https://enrollapp.com/privacy">Privacy Policy</a>
</label>
<label>
  <%= f.check_box :policy_rule_terms_of_service, {}, "true", "false" %>
  You have read and agree to the terms outlined in our <a href="https://enrollapp.com/terms">Terms of Service</a>
</label>

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/prey/gdpr_rails/issues/21#issuecomment-391449564, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAuyIGK4qX3gODnG5JhmYiUIwmkzSG3ks5t1alDgaJpZM4UK2nS .

mrsweaters commented 6 years ago

That did it!

    <label>
      <%= f.check_box :policy_rule_privacy, {}, true, false %>
      You have read and agree to the terms outlined in our <a href="#">Privacy Policy</a>
    </label>
    <label>
      <%= f.check_box :policy_rule_terms_of_service, {}, true, false %>
      You have read and agree to the terms outlined in our <a href="#">Terms of Service</a>
    </label>
michelson commented 6 years ago

great that it works. I will keep this open until we fix this.

thanks for report this issue @mrsweaters