Text datenschutz (#142)

* fix /issues/133 and /issues/134 * Texte Datenschutz entschärft * avoid unnecessary call to children
hitobito · Sep 16, 2024 · 7c47296 · 7c47296
1 parent bab48c0
commit 7c47296
Show file tree

Hide file tree

Showing 10 changed files with 37 additions and 2 deletions.
diff --git a/app/models/group/dachverband.rb b/app/models/group/dachverband.rb
@@ -20,6 +20,7 @@ class Group::Dachverband < Group
 
   class Administrator < ::Role
     self.permissions = [:admin, :layer_and_below_full, :impersonation]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Administrator

diff --git a/app/models/group/dachverband_geschaeftsstelle.rb b/app/models/group/dachverband_geschaeftsstelle.rb
@@ -8,14 +8,17 @@ class Group::DachverbandGeschaeftsstelle < Group::Geschaeftsstelle
 
   class Geschaeftsleiter < ::Role
     self.permissions = [:layer_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Angestellter < ::Role
     self.permissions = [:layer_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_full, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Geschaeftsleiter,

diff --git a/app/models/group/dachverband_gremium.rb b/app/models/group/dachverband_gremium.rb
@@ -4,27 +4,31 @@
 #  https://github.com/hitobito/hitobito_cevi.
 
 class Group::DachverbandGremium < Group::Gremium
-  children Group::DachverbandGremium
+  children Group::DachverbandGremium, Group::DachverbandExterne
 
   ### ROLES
 
   class Leitung < ::Role
     self.permissions = [:layer_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   # get the group_and_below_full permission as they should also be able to create events
   class Mitglied < ::Role
     self.permissions = [:layer_read, :group_and_below_full]
+    self.two_factor_authentication_enforced = true
   end
 
   # get the group_and_below_full permission as they should also be able to create events
   class AktiverKursleiter < ::Role
     self.permissions = [:layer_read, :group_and_below_full]
+    self.two_factor_authentication_enforced = true
   end
 
   # get the group_and_below_full permission as they should also be able to create events
   class Kassier < ::Role
     self.permissions = [:layer_read, :group_and_below_full, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Leitung,

diff --git a/app/models/group/dachverband_vorstand.rb b/app/models/group/dachverband_vorstand.rb
@@ -8,14 +8,17 @@ class Group::DachverbandVorstand < Group::Vorstand
 
   class Praesidium < ::Role
     self.permissions = [:layer_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_read, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Mitglied < ::Role
     self.permissions = [:layer_read, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Praesidium,

diff --git a/app/models/group/mitgliederorganisation.rb b/app/models/group/mitgliederorganisation.rb
@@ -23,6 +23,7 @@ class Group::Mitgliederorganisation < Group
 
   class Administrator < ::Role
     self.permissions = [:layer_and_below_full]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Administrator

diff --git a/app/models/group/mitgliederorganisation_geschaeftsstelle.rb b/app/models/group/mitgliederorganisation_geschaeftsstelle.rb
@@ -8,18 +8,22 @@ class Group::MitgliederorganisationGeschaeftsstelle < Group::Geschaeftsstelle
 
   class Geschaeftsleiter < ::Role
     self.permissions = [:layer_and_below_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Angestellter < ::Role
     self.permissions = [:layer_and_below_full, :contact_data, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_and_below_full, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class AdminOrtsgruppen < ::Role
     self.permissions = [:layer_and_below_full, :see_invisible_from_above, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Geschaeftsleiter,

diff --git a/app/models/group/mitgliederorganisation_gremium.rb b/app/models/group/mitgliederorganisation_gremium.rb
@@ -4,28 +4,33 @@
 #  https://github.com/hitobito/hitobito_cevi.
 
 class Group::MitgliederorganisationGremium < Group::Gremium
-  children Group::MitgliederorganisationGremium
+  children Group::MitgliederorganisationGremium, Group::MitgliederorganisationExterne
 
   ### ROLES
 
   class Leitung < ::Role
     self.permissions = [:layer_and_below_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Mitglied < ::Role
     self.permissions = [:layer_and_below_read]
+    self.two_factor_authentication_enforced = true
   end
 
   class AktiverKursleiter < ::Role
     self.permissions = [:layer_and_below_read]
+    self.two_factor_authentication_enforced = true
   end
 
   class Ausbildungsmitglied < ::Role
     self.permissions = [:layer_and_below_read]
+    self.two_factor_authentication_enforced = true
   end
 
   class Kassier < ::Role
     self.permissions = [:layer_and_below_read, :finance]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Leitung,

diff --git a/app/models/group/mitgliederorganisation_vorstand.rb b/app/models/group/mitgliederorganisation_vorstand.rb
@@ -8,14 +8,17 @@ class Group::MitgliederorganisationVorstand < Group::Vorstand
 
   class Praesidium < ::Role
     self.permissions = [:layer_and_below_read, :group_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Finanzverantwortlicher < ::Role
     self.permissions = [:layer_and_below_read, :finance, :financials, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   class Mitglied < ::Role
     self.permissions = [:layer_and_below_read, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Praesidium,

diff --git a/app/models/group/sektion.rb b/app/models/group/sektion.rb
@@ -12,6 +12,7 @@ class Group::Sektion < Group
 
   class Administrator < ::Role
     self.permissions = [:layer_and_below_full, :contact_data]
+    self.two_factor_authentication_enforced = true
   end
 
   roles Administrator

diff --git a/config/locales/views.cevi.de.yml b/config/locales/views.cevi.de.yml
@@ -10,6 +10,12 @@ de:
     tabs:
       population: Bestand
       statistic: Statistik
+    self_registration:
+      form:
+        privacy_policy_caption: 'Ich nehme die folgenden Datenschutzerklärungen zur Kenntnis:'
+      create:
+        flash:
+          privacy_policy_not_accepted: Um die Registrierung abzuschliessen, muss die Datenschutzerklärung zur Kenntnis genommen werden.
 
   censuses:
     form:
@@ -71,6 +77,10 @@ de:
         placeholder: z.B. CH
     log:
       no_changes: Es wurden keine Änderung in den letzten 3 Monaten aufgezeichnet.
+    privacy_policy_acceptance_field:
+      acceptance_caption:
+        for_self: 'Ich nehme die folgenden Datenschutzerklärungen zur Kenntnis:'
+        for_someone_else: 'Ich bestätige, dass diese Person oder ihre Erziehungsberechtigten über die Datenschutzerklärungen informiert wurde.'
 
   population:
     index: