From 0e18e2945c2ca528b84cb64fb29c970186dd175a Mon Sep 17 00:00:00 2001
From: Ian Morland <ian@morland.me>
Date: Tue, 31 Oct 2023 09:17:27 +0000
Subject: [PATCH] feat: support gdpr export, anonymize and deletion

---
 composer.json             |  8 ++++---
 extend.php                |  7 ++++++
 resources/locale/en.yml   |  6 ++++++
 src/Data/BannedIPData.php | 45 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 3 deletions(-)
 create mode 100644 src/Data/BannedIPData.php

diff --git a/composer.json b/composer.json
index 4ca9288..aa3f4dc 100644
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,7 @@
         }
     ],
     "require": {
-        "flarum/core": "^1.2.0"
+        "flarum/core": "^1.8.3"
     },
     "authors": [
         {
@@ -51,7 +51,8 @@
                 "flarum/suspend",
                 "flarum/flags",
                 "flarum/tags",
-                "flarum/approval"
+                "flarum/approval",
+                "blomstra/gdpr"
             ]
         },
         "flagrow": {
@@ -89,6 +90,7 @@
     },
     "require-dev": {
         "flarum/testing": "^1.0.0",
-        "flarum/phpstan": "*"
+        "flarum/phpstan": "*",
+        "blomstra/gdpr": "@beta"
     }
 }
diff --git a/extend.php b/extend.php
index 0c0ff56..cb983fa 100644
--- a/extend.php
+++ b/extend.php
@@ -11,6 +11,7 @@
 
 namespace FoF\BanIPs;
 
+use Blomstra\Gdpr\Extend\UserData;
 use Flarum\Api\Controller;
 use Flarum\Api\Serializer;
 use Flarum\Api\Serializer\AbstractSerializer;
@@ -108,4 +109,10 @@
 
     (new Extend\Filter(Search\BannedIPFilterer::class))
         ->addFilter(Search\NxGambit::class),
+
+    (new Extend\Conditional())
+        ->whenExtensionEnabled('blomstra-gdpr', fn () => [
+            (new UserData())
+                ->addType(Data\BannedIPData::class),
+        ]),
 ];
diff --git a/resources/locale/en.yml b/resources/locale/en.yml
index 82e3686..873163c 100644
--- a/resources/locale/en.yml
+++ b/resources/locale/en.yml
@@ -75,3 +75,9 @@ fof-ban-ips:
     address_label: IP Address
     reason_label: Reason
 
+blomstra-gdpr:
+  lib:
+    data:
+      bannedipdata:
+        export_description: "If an IP ban record is associated with a user (i.e. the user was banned by IP), the user's IP address will be included in the export, along with the reason for the ban and the creation date."
+        anonymize_description: "Any IP addresses linked to the user are decoupled, but the IP itself will remain banned, along with the reason. Ensure no PII data is stored in the 'reason' field."
diff --git a/src/Data/BannedIPData.php b/src/Data/BannedIPData.php
new file mode 100644
index 0000000..b536921
--- /dev/null
+++ b/src/Data/BannedIPData.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace FoF\BanIPs\Data;
+
+use Blomstra\Gdpr\Data\Type;
+use FoF\BanIPs\BannedIP;
+use Illuminate\Support\Arr;
+
+class BannedIPData extends Type
+{
+    public function export(): ?array
+    {
+        $exportData = [];
+
+        BannedIP::query()
+            ->where('user_id', $this->user->id)
+            ->each(function (BannedIP $bannedIp) use (&$exportData) {
+                $exportData[] = ["bannedIP/{$bannedIp->id}.json" => $this->sanitize($bannedIp)];
+            });
+
+        return $exportData;
+    }
+
+    public function sanitize(BannedIP $bannedIP): array
+    {
+        return Arr::except($bannedIP, ['id', 'creator_id', 'user_id']);
+    }
+
+    public function anonymize(): void
+    {
+        BannedIP::query()
+            ->where('user_id', $this->user->id)
+            ->update(['user_id' => null]);
+    }
+
+    public static function deleteDescription(): string
+    {
+        return self::anonymizeDescription();
+    }
+
+    public function delete(): void
+    {
+        $this->anonymize();
+    }
+}