Contrib.social

Replace Legal module with ECA

Open on Drupal.org →
Created on 10 May 2023, over 1 year ago
Updated 3 August 2023, over 1 year ago

Problem/Motivation

Hi,

Currently the Legal module causes some problems, at least on my configuration.
I was thinking could that functionality be replaced with ECA? I am not yet so familiar with ECA but it looks promising after creating couple of rules.

"Legal module displays Terms & Conditions to users who want to register, and requires that they accept the T&C before their registration is accepted."
" If T&Cs are changed users with an existing account will be asked to accept the new version, and will not be able to log in until they have."
https://www.drupal.org/project/legal

So with ECA a node of "terms and conditions" -text should be displayed to a user, and user should accept it before able to
register or log-in.
I think the terms could be just a node, and maybe the "accept terms" -button could be a "flag".

User scenario 1 - existing user, when there is a new version of "terms"
Terms page is showed to a user when he next time logs in, before accessing any other page.
On that page under the term there should be button/flag "accept terms" and by continuing user should be then able to continue. If terms are not accepted, user should be logged out.

User scenario 2 - new user registers
Terms -text is shown to a user during registration (on a registration form).
If terms are not accepted by the user, registration should not be possible.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Feature request
Status

Closed: outdated

Version

1.1

Component

Documentation

Created by

🇫🇮Finland Youcanlearnit

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Youcanlearnit
  • Comment over 1 year ago
    🇩🇪Germany jurgenhaas Gottmadingen

    Thanks for your proposal @Youcanlearnit, I can certainly hear you about the issues with the legal module. We're facing such issues with that module as well, but with some patches, we got it working in D9, not on D10 yet, though.

    Replacing it with ECA is tempting. On the other hand, I wouldn't underestimate the complexity. Not only is an audit required, such that the site owner can prove at any time, who accepted which version of the terms when and from which IP. What's more difficult, is the session handling and making sure that a user has no access to internal content and/or functionality before they haven't accepted the terms. The main problem is that we can only act when a user has logged in. At that point, they have a valid session and nothing prevents them from navigating to any of the places on the site that they have access to, and ignoring the form that requests their acceptance of the terms.

    To prevent that from happening, ECA would have to check for each page request, whether the user has accepted the latest terms and if not, continue to redirect them to the same form over and over again. That verification would have to happen for every page request for every user forever. That may cause performance issues on top of all the other concerns.

    As much as I'd like to use ECA for that, is it the best tool for that task?

  • Status changed to Postponed: needs info over 1 year ago
  • Comment over 1 year ago
    🇩🇪Germany jurgenhaas Gottmadingen
  • Status changed to Closed: outdated over 1 year ago
  • Comment over 1 year ago
    🇩🇪Germany jurgenhaas Gottmadingen
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024