From 0817139032ad0a93d4618fa6bcc78e474a4212bb Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Wed, 22 Mar 2023 21:01:29 -0300
Subject: [PATCH] =?UTF-8?q?feat:=20agregar=20pol=C3=ADtica=20de=20privacid?=
 =?UTF-8?q?ad?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/models/privacy_policy.rb                  |  14 +++
 app/services/site_service.rb                  |  26 +++-
 config/initializers/inflections.rb            |   4 +
 .../20230322231344_add_privacy_policy.rb      |  22 ++++
 db/seeds/privacy_policies.yml                 | 113 ++++++++++++++++++
 5 files changed, 178 insertions(+), 1 deletion(-)
 create mode 100644 app/models/privacy_policy.rb
 create mode 100644 db/migrate/20230322231344_add_privacy_policy.rb
 create mode 100644 db/seeds/privacy_policies.yml

diff --git a/app/models/privacy_policy.rb b/app/models/privacy_policy.rb
new file mode 100644
index 00000000..8805daa9
--- /dev/null
+++ b/app/models/privacy_policy.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Políticas de privacidad
+class PrivacyPolicy < ApplicationRecord
+  extend Mobility
+
+  translates :title, type: :string, locale_accessors: true
+  translates :description, type: :text, locale_accessors: true
+  translates :content, type: :text, locale_accessors: true
+
+  validates :title, presence: true, uniqueness: true
+  validates :description, presence: true
+  validates :content, presence: true
+end
diff --git a/app/services/site_service.rb b/app/services/site_service.rb
index 449db16a..64b25297 100644
--- a/app/services/site_service.rb
+++ b/app/services/site_service.rb
@@ -16,7 +16,8 @@ SiteService = Struct.new(:site, :usuarie, :params, keyword_init: true) do
         site.config.write &&
         commit_config(action: :create) &&
         add_licencias &&
-        add_code_of_conduct
+        add_code_of_conduct &&
+        add_privacy_policy
     end
 
     site
@@ -172,6 +173,29 @@ SiteService = Struct.new(:site, :usuarie, :params, keyword_init: true) do
     end.compact.map(&:valid?).all?
   end
 
+  # Agrega política de privacidad
+  #
+  # @return [Boolean]
+  def add_privacy_policy
+    return true unless site.layout?(:privacy_policy) || site.layout?(:page)
+
+    pp = PrivacyPolicy.first
+
+    with_all_locales do |locale|
+      params = ActionController::Parameters.new(
+        post: {
+          layout: site.layout?(:privacy_policy) ? 'privacy_policy' : 'page',
+          lang: locale.to_s,
+          title: pp.title,
+          description: pp.description,
+          content: CommonMarker.render_html(pp.content)
+        }
+      )
+
+      PostService.new(site: site, usuarie: usuarie, params: params).create
+    end.compact.map(&:valid?).all?
+  end
+
   # Crea los deploys necesarios para sincronizar a otros nodos de Sutty
   def sync_nodes
     Rails.application.nodes.each do |node|
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index 46cb9d78..6002ee65 100644
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -15,6 +15,8 @@ ActiveSupport::Inflector.inflections(:en) do |inflect|
   inflect.singular 'rollups', 'rollup'
   inflect.plural 'code_of_conduct', 'codes_of_conduct'
   inflect.singular 'codes_of_conduct', 'code_of_conduct'
+  inflect.plural 'privacy_policy', 'privacy_policies'
+  inflect.singular 'privacy_policies', 'privacy_policy'
 end
 
 ActiveSupport::Inflector.inflections(:es) do |inflect|
@@ -32,4 +34,6 @@ ActiveSupport::Inflector.inflections(:es) do |inflect|
   inflect.singular 'rollups', 'rollup'
   inflect.plural 'code_of_conduct', 'codes_of_conduct'
   inflect.singular 'codes_of_conduct', 'code_of_conduct'
+  inflect.plural 'privacy_policy', 'privacy_policies'
+  inflect.singular 'privacy_policies', 'privacy_policy'
 end
diff --git a/db/migrate/20230322231344_add_privacy_policy.rb b/db/migrate/20230322231344_add_privacy_policy.rb
new file mode 100644
index 00000000..e0d7ae59
--- /dev/null
+++ b/db/migrate/20230322231344_add_privacy_policy.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# Agrega políticas de privacidad
+class AddPrivacyPolicy < ActiveRecord::Migration[6.1]
+  def up
+    create_table :privacy_policies do |t|
+      t.timestamps
+      t.string :title
+      t.text :description
+      t.text :content
+    end
+
+    # XXX: En lugar de ponerlo en las seeds
+    YAML.safe_load(File.read('db/seeds/privacy_policies.yml')).each do |pp|
+      PrivacyPolicy.new(**pp).save!
+    end
+  end
+
+  def down
+    drop_table :privacy_policies
+  end
+end
diff --git a/db/seeds/privacy_policies.yml b/db/seeds/privacy_policies.yml
new file mode 100644
index 00000000..98ce8379
--- /dev/null
+++ b/db/seeds/privacy_policies.yml
@@ -0,0 +1,113 @@
+---
+- title_en: "Privacy Policy"
+  title_es: "Políticas de privacidad"
+  description_en: "With what care does this site handles personal data of its users and visitors?"
+  description_es: "¿Cuáles son los cuidados de este sitio con respecto a sus usuaries y visitantes?"
+  content_en: |
+    > We use "them" as neutral pronoun to refer to people regardless of
+    > gender identity.
+
+    This document details Sutty's privacy policy, including web site,
+    platform, other infrastructure (support channels, etc.) and web sites
+    generated by users.
+
+    ## This is too long!
+
+    * Sutty doesn't collect any kind of personal data.
+
+    * Sutty may only collect statistical data that doesn't identify
+      individuals.
+
+    ## Analytic data
+
+    Sutty may only collect data for analytics (number of visits, duration,
+    etc.), not associated to personal data.
+
+    Analytical data collected for every web site can only be used internally
+    by Sutty.  Sutty doesn't share any data privately with any third
+    parties.  Selected analytical data could be used publicly.
+
+    Sutty doesn't recommend personal data collection in any way, but it
+    doesn't monitor if its users use third party services with their own
+    privacy policies.  We recommend users and visitors to inform themselves
+    before using third parties analytics services.
+
+    ## No personal data collection
+
+    Sutty doesn't collect IP addresses from users nor visitors in any way.
+
+    Sutty doesn't ask for personal data for registering user accounts in its
+    platform.
+
+    Sutty only uses session "cookies" to identify users during their use of
+    the platform.  It doesn't use "cookies" to identify visitors of web
+    sites hosted by Sutty.
+
+    The only exception where Sutty could collect personal data is during
+    service payment.  Digital safety measures will be taken to keep this
+    information and to discard it if possible after needed.
+
+    Users will be notified when their personal data is removed.
+
+    If users decide to host their web sites with third parties, they must
+    inform themselves about the corresponding privacy policies.  Sutty only
+    recommends third parties with privacy policies compatible with these.
+  content_es: |
+    > Utilizamos la e como pronombre neutro para referirnos a personas
+    > independientemente de su identidad de género, por ejemplo “usuarie”.
+
+    Este documento detalla la política de privacidad de Sutty, incluyendo
+    sitio web, plataforma de edición, infraestructura relacionada (salas de
+    chat, etc.) y sitios creados por sus usuaries a través de la plataforma,
+    en adelante "Sutty".
+
+    ## ¡Esto es demasiado largo!
+
+    Un resumen:
+
+    * Sutty no recolecta datos personales de ningún tipo
+
+    * Sutty solo recolectaría datos analíticos que no identifican a
+      personas
+
+    ## Datos analíticos
+
+    La única recolección de datos realizada por Sutty es con fines
+    analíticos (cantidad de visitas, duración, etc.), no asociados a datos
+    personales.
+
+    Los datos analíticos recolectados por cada sitio podrán ser utilizados
+    internamente por Sutty.  Sutty no comparte datos analíticos con
+    terceros en forma privada.  Datos analíticos seleccionados podrán ser
+    utilizados públicamente.
+
+    Sutty no recomienda la recolección de datos personales de ninguna forma,
+    pero no monitorea que les usuaries utilicen servicios de terceros con
+    sus propias políticas de privacidad.  Recomendamos a les usuaries y
+    visitantes informarse antes de utilizar servicios de estadísticas de
+    terceros.
+
+    ## No registro de datos personales
+
+    Sutty no registra direcciones IP de usuaries ni de visitantes de ninguna
+    forma.
+
+    Sutty no solicita datos personales para el registro de cuentas de
+    usuarie en su plataforma.
+
+    Sutty solo utiliza “cookies” de sesión para identificar usuaries
+    mientras utilicen la plataforma.  No se utilizan “cookies” para
+    identificar visitantes a los sitios alojados por Sutty.
+
+    El único caso en el que Sutty podría solicitar datos personales es
+    durante el pago de servicios.  Se tomarán medidas de seguridad digital
+    para salvaguardar esta información y descartar lo que sea posible una
+    vez que ya no sea necesaria.
+
+    Se notificará a les usuaries cuando su información personal sea
+    eliminada.
+
+    Si les usuaries deciden alojar sus sitios con terceros, deberán
+    informarse de las políticas de privacidad correspondientes.  Sutty
+    recomienda servicios de terceros con políticas de privacidad coherentes
+    con estas.