[Feature] Frontend Information Request Processing (#33)

* Remove ACL check, this will be done in controllers

* Add frontend form for confirming information requests

* Handle confirming an information request

* Use renderField

* Add view for submitting info requests for authenticated frontend users

* Add menu items for the component frontend views

administrator/components/com_privacy/models/request.php

@@ -115,8 +115,6 @@ public function notifyUserAdminCreatedRequest($id)
 			return false;
 		}
 
-		$app = JFactory::getApplication();
-
 		/*
 		 * If there is an associated user account, we will attempt to send this email in the user's preferred language.
 		 * Because of this, it is expected that Language::_() is directly called and that the Text class is NOT used
@@ -171,12 +169,15 @@ public function notifyUserAdminCreatedRequest($id)
 		// The mailer can be set to either throw Exceptions or return boolean false, account for both
 		try
 		{
-			// TODO - These URLs should be JRoute'd once the cross-app routing PR is available to this branch
+			$app = JFactory::getApplication();
+
+			$linkMode = $app->get('force_ssl', 0) == 2 ? 1 : -1;
+
 			$substitutions = array(
 				'[SITENAME]' => $app->get('sitename'),
 				'[URL]'      => JUri::root(),
-				'[TOKENURL]' => 'TODO',
-				'[FORMURL]'  => 'TODO',
+				'[TOKENURL]' => JRoute::link('site', 'index.php?option=com_privacy&view=confirm&confirm_token=' . $token, false, $linkMode),
+				'[FORMURL]'  => JRoute::link('site', 'index.php?option=com_privacy&view=confirm', false, $linkMode),
 				'[TOKEN]'    => $token,
 				'\\n'        => "\n",
 			);

administrator/components/com_privacy/privacy.xml

@@ -9,6 +9,17 @@
 	<authorUrl>www.joomla.org</authorUrl>
 	<version>3.0.0</version>
 	<description>COM_PRIVACY_XML_DESCRIPTION</description>
+	<files folder="site">
+		<filename>controller.php</filename>
+		<filename>privacy.php</filename>
+		<filename>router.php</filename>
+		<folder>controllers</folder>
+		<folder>models</folder>
+		<folder>views</folder>
+	</files>
+	<languages folder="site">
+		<language tag="en-GB">language/en-GB.com_privacy.ini</language>
+	</languages>
 	<administration>
 		<files folder="admin">
 			<filename>config.xml</filename>

administrator/language/en-GB/en-GB.com_privacy.ini

@@ -7,12 +7,12 @@ COM_PRIVACY="Privacy"
 COM_PRIVACY_ACTION_VIEW="View Request"
 COM_PRIVACY_CONFIGURATION="Privacy: Options"
 ; You can use the following merge codes for all COM_PRIVACY_EMAIL strings:
-; [SITENAME]		Site name, as set in Global Configuration.
-; [URL]				URL of the site's frontend page.
-; [TOKENURL]        URL the user visits to confirm the request.
-; [FORMURL]         URL of the confirm page where the user can paste their token.
-; [TOKEN]           The confirmation token.
-; \n				Newline character. Use it to start a new line in the email.
+; [SITENAME]  Site name, as set in Global Configuration.
+; [URL]       URL of the site's frontend page.
+; [TOKENURL]  URL of the confirm page with the token prefilled.
+; [FORMURL]   URL of the confirm page where the user can paste their token.
+; [TOKEN]     The confirmation token.
+; \n          Newline character. Use it to start a new line in the email.
 COM_PRIVACY_EMAIL_ADMIN_REQUEST_BODY_EXPORT_REQUEST="An administrator for [URL] has created a request to export personal information related to this email address. As a security measure, you must confirm that this is a valid request for your personal information from this website.\n\nIn order to confirm this request, you can complete one of the following tasks:\n\n1. Visit the following URL: [TOKENURL]\n\n2. Copy your token from this email, visit the referenced URL, and paste your token into the form.\nURL: [FORMURL]\nToken: [TOKEN]\n\nPlease note that this token is only valid for 24 hours from the time this email was sent."
 COM_PRIVACY_EMAIL_ADMIN_REQUEST_BODY_REMOVE_REQUEST="An administrator for [URL] has created a request to remove all personal information related to this email address. As a security measure, you must confirm that this is a valid request for your personal information to be removed from this website.\n\nIn order to confirm this request, you can complete one of the following tasks:\n\n1. Visit the following URL: [TOKENURL]\n\n2. Copy your token from this email, visit the referenced URL, and paste your token into the form.\nURL: [FORMURL]\nToken: [TOKEN]\n\nPlease note that this token is only valid for 24 hours from the time this email was sent."
 COM_PRIVACY_EMAIL_ADMIN_REQUEST_SUBJECT="Information Request Created at [SITENAME]"

administrator/language/en-GB/en-GB.com_privacy.sys.ini

@@ -4,6 +4,12 @@
 ; Note : All ini files need to be saved as UTF-8
 
 COM_PRIVACY="Privacy"
+COM_PRIVACY_CONFIRM_VIEW_DEFAULT_DESC="Displays a form to confirm an information request."
+COM_PRIVACY_CONFIRM_VIEW_DEFAULT_OPTION="Default"
+COM_PRIVACY_CONFIRM_VIEW_DEFAULT_TITLE="Confirm Request"
+COM_PRIVACY_REQUEST_VIEW_DEFAULT_DESC="Displays a form to submit an information request."
+COM_PRIVACY_REQUEST_VIEW_DEFAULT_OPTION="Default"
+COM_PRIVACY_REQUEST_VIEW_DEFAULT_TITLE="Create Request"
 COM_PRIVACY_REQUESTS_VIEW_DEFAULT_DESC="Shows a list of user information requests"
 COM_PRIVACY_REQUESTS_VIEW_DEFAULT_TITLE="Privacy: Information Requests"
 COM_PRIVACY_XML_DESCRIPTION="Component for managing privacy related actions."

components/com_privacy/controller.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * @package     Joomla.Administrator
+ * @package     Joomla.Site
  * @subpackage  com_privacy
  *
  * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
@@ -16,4 +16,28 @@
  */
 class PrivacyController extends JControllerLegacy
 {
+	/**
+	 * Method to display a view.
+	 *
+	 * @param   boolean  $cachable   If true, the view output will be cached
+	 * @param   array    $urlparams  An array of safe URL parameters and their variable types, for valid values see {@link JFilterInput::clean()}.
+	 *
+	 * @return  $this
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function display($cachable = false, $urlparams = array())
+	{
+		$view = $this->input->get('view', $this->default_view);
+
+		// Submitting information requests through the frontend is restricted to authenticated users at this time
+		if ($view === 'request' && JFactory::getUser()->guest)
+		{
+			$this->setRedirect(JRoute::_('index.php?option=com_users&view=login', false));
+
+			return $this;
+		}
+
+		return parent::display($cachable, $urlparams);
+	}
 }

components/com_privacy/controllers/request.php

@@ -0,0 +1,126 @@
+<?php
+/**
+ * @package     Joomla.Site
+ * @subpackage  com_privacy
+ *
+ * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Request action controller class.
+ *
+ * @since  __DEPLOY_VERSION__
+ */
+class PrivacyControllerRequest extends JControllerLegacy
+{
+	/**
+	 * Method to confirm the information request.
+	 *
+	 * @return  boolean
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function confirm()
+	{
+		// Check the request token.
+		$this->checkToken('post');
+
+		/** @var PrivacyModelConfirm $model */
+		$model = $this->getModel('Confirm', 'PrivacyModel');
+		$data  = $this->input->post->get('jform', array(), 'array');
+
+		$return	= $model->confirmRequest($data);
+
+		// Check for a hard error.
+		if ($return instanceof Exception)
+		{
+			// Get the error message to display.
+			if (JFactory::getApplication()->get('error_reporting'))
+			{
+				$message = $return->getMessage();
+			}
+			else
+			{
+				$message = JText::_('COM_PRIVACY_ERROR_CONFIRMING_REQUEST');
+			}
+
+			// Go back to the confirm form.
+			$this->setRedirect(JRoute::_('index.php?option=com_privacy&view=confirm', false), $message, 'error');
+
+			return false;
+		}
+		elseif ($return === false)
+		{
+			// Confirm failed.
+			// Go back to the confirm form.
+			$message = JText::sprintf('COM_PRIVACY_ERROR_CONFIRMING_REQUEST_FAILED', $model->getError());
+			$this->setRedirect(JRoute::_('index.php?option=com_privacy&view=confirm', false), $message, 'notice');
+
+			return false;
+		}
+		else
+		{
+			// Confirm succeeded.
+			$this->setRedirect(JRoute::_(JUri::root()), JText::_('COM_PRIVACY_CONFIRM_REQUEST_SUCCEEDED'), 'info');
+
+			return true;
+		}
+	}
+
+	/**
+	 * Method to submit an information request.
+	 *
+	 * @return  boolean
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function submit()
+	{
+		// Check the request token.
+		$this->checkToken('post');
+
+		/** @var PrivacyModelRequest $model */
+		$model = $this->getModel('Request', 'PrivacyModel');
+		$data  = $this->input->post->get('jform', array(), 'array');
+
+		$return	= $model->createRequest($data);
+
+		// Check for a hard error.
+		if ($return instanceof Exception)
+		{
+			// Get the error message to display.
+			if (JFactory::getApplication()->get('error_reporting'))
+			{
+				$message = $return->getMessage();
+			}
+			else
+			{
+				$message = JText::_('COM_PRIVACY_ERROR_CREATING_REQUEST');
+			}
+
+			// Go back to the confirm form.
+			$this->setRedirect(JRoute::_('index.php?option=com_privacy&view=request', false), $message, 'error');
+
+			return false;
+		}
+		elseif ($return === false)
+		{
+			// Confirm failed.
+			// Go back to the confirm form.
+			$message = JText::sprintf('COM_PRIVACY_ERROR_CREATING_REQUEST_FAILED', $model->getError());
+			$this->setRedirect(JRoute::_('index.php?option=com_privacy&view=request', false), $message, 'notice');
+
+			return false;
+		}
+		else
+		{
+			// Confirm succeeded.
+			$this->setRedirect(JRoute::_(JUri::root()), JText::_('COM_PRIVACY_CREATE_REQUEST_SUCCEEDED'), 'info');
+
+			return true;
+		}
+	}
+}