From 8538fc705faa4f8e9b9c3e83e9ed0e01ce1ac2bb Mon Sep 17 00:00:00 2001
From: Inga Kirschnick <inga.kirschnick@uni-bielefeld.de>
Date: Thu, 13 Apr 2023 16:08:07 +0200
Subject: [PATCH] Terms of use confirmation

---
 app/auth/forms.py                         |   4 +
 app/auth/routes.py                        |   3 +-
 app/models.py                             |   1 +
 app/static/js/Requests/users/settings.js  |  10 +-
 app/templates/_scripts.html.j2            |  18 ++++
 app/templates/_terms_of_use_modal.html.j2 | 115 ++++++++++++++++++++++
 app/templates/auth/register.html.j2       |   4 +
 app/templates/base.html.j2                |   1 +
 app/users/json_routes.py                  |  12 +++
 migrations/versions/b15b639288d4_.py      |  32 ++++++
 10 files changed, 198 insertions(+), 2 deletions(-)
 create mode 100644 app/templates/_terms_of_use_modal.html.j2
 create mode 100644 migrations/versions/b15b639288d4_.py

diff --git a/app/auth/forms.py b/app/auth/forms.py
index d8ca5770..a6ce0017 100644
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -43,6 +43,10 @@ class RegistrationForm(FlaskForm):
             EqualTo('password', message='Passwords must match')
         ]
     )
+    terms_of_use_accepted = BooleanField(
+        'I have read and accept the terms of use',
+        validators=[InputRequired()]
+    )
     submit = SubmitField()
 
     def __init__(self, *args, **kwargs):
diff --git a/app/auth/routes.py b/app/auth/routes.py
index dc6140f2..54337d69 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -40,7 +40,8 @@ def register():
             user = User.create(
                 email=form.email.data.lower(),
                 password=form.password.data,
-                username=form.username.data
+                username=form.username.data,
+                terms_of_use_accepted=form.terms_of_use_accepted.data
             )
         except OSError:
             flash('Internal Server Error', category='error')
diff --git a/app/models.py b/app/models.py
index 07d648ad..34173d0f 100644
--- a/app/models.py
+++ b/app/models.py
@@ -522,6 +522,7 @@ class User(HashidMixin, UserMixin, db.Model):
     username_pattern = re.compile(r'^[A-Za-zÄÖÜäöüß0-9_.]*$')
     password_hash = db.Column(db.String(128))
     confirmed = db.Column(db.Boolean, default=False)
+    terms_of_use_accepted = db.Column(db.Boolean, default=False)
     member_since = db.Column(db.DateTime(), default=datetime.utcnow)
     setting_job_status_mail_notification_level = db.Column(
         IntEnumColumn(UserSettingJobStatusMailNotificationLevel),
diff --git a/app/static/js/Requests/users/settings.js b/app/static/js/Requests/users/settings.js
index 0a92a09c..7584e9bb 100644
--- a/app/static/js/Requests/users/settings.js
+++ b/app/static/js/Requests/users/settings.js
@@ -13,4 +13,12 @@ Requests.users.entity.settings.profilePrivacy.update = (userId, profilePrivacySe
     body: JSON.stringify(enabled)
   };
   return Requests.JSONfetch(input, init);
-}
+};
+
+Requests.users.entity.settings.acceptTermsOfUse = () => {
+  let input = `/users/accept-terms-of-use`;
+  let init = {
+    method: 'POST'
+  };
+  return Requests.JSONfetch(input, init);
+};
diff --git a/app/templates/_scripts.html.j2 b/app/templates/_scripts.html.j2
index 9dd81933..5749d86b 100644
--- a/app/templates/_scripts.html.j2
+++ b/app/templates/_scripts.html.j2
@@ -107,4 +107,22 @@
   for (let [category, message] of {{ get_flashed_messages(with_categories=True)|tojson }}) {
     app.flash(message, message);
   }
+
+  // Initialize terms of use modal
+  const termsOfUseModal = document.getElementById('terms-of-use-modal');
+  M.Modal.init(
+    termsOfUseModal, 
+    {
+      dismissible: false, 
+      onCloseEnd: () => {
+        Requests.users.entity.settings.acceptTermsOfUse();
+      }
+    }
+  );
+  {% if current_user.is_authenticated %}
+    {% if not current_user.terms_of_use_accepted %}
+      termsOfUseModal.M_Modal.open();
+    {% endif %}
+  {% endif %}
+
 </script>
diff --git a/app/templates/_terms_of_use_modal.html.j2 b/app/templates/_terms_of_use_modal.html.j2
new file mode 100644
index 00000000..ddd8985b
--- /dev/null
+++ b/app/templates/_terms_of_use_modal.html.j2
@@ -0,0 +1,115 @@
+<div id="terms-of-use-modal" class="modal modal-fixed-footer">
+  <div class="modal-content">
+    <div class="container">
+      <div class="row">
+        <div class="col s12">
+          <h1 id="title">Terms of use</h1>
+        </div>
+
+        <div class="col s12">
+          <p>With the usage of the nopaque platform you declare your acceptance of the General Terms of Use and that you have taken note of the legal framework and the data protection declaration.</p>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 1 Scope</span>
+              <p>The General Terms of Use for the nopaque platform apply to everyone who uses the system as an authorised user in the sense of <b>§ 2</b> (1) of the General Terms of Use. By using the system and with your consent you accept these terms of use.</p>
+            </div>
+          </div>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 2 Right of use</span>
+              <p>(1) The nopaque platform is available to users exclusively for the purposes of teaching and research. Any other use, especially for business, commercial is not permitted. The following groups shall be entitled to use the nopaque platform:</p>
+              <ul class="browser-default">
+                <li>students, teaching staff and employees at Bielefeld University</li>
+                <li>external researchers from outside the University Bielefeld</li>
+              </ul>
+              <p>&nbsp;</p>
+              <p>(2) The use of the system is free of charge.</p>
+              <p>&nbsp;</p>
+              <p>(3) The duration of the right of use ends with the deletion of the user account by the user (see <b>§ 7</b>)</p>
+            </div>
+          </div>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 3 Purpose of the Services</span>
+              <p>nopaque custom-built web application which serves as a platform for preprocessing and analysing digital copies of various text based research data (books, letters, etc.) in different files and formats. nopaque converts image data – like photos or scans – into text data through OCR making it machine readable. This step enables to proceed with further computational analysis of the documents. By means of computational linguistic data processing (tokenization, lemmatization, part-of-speech tagging and named-entity recognition) nopaque extracts additional information from texts.</p>
+              <p>&nbsp;</p>
+              <p>(1) Change of service</p>
+              <p>The provider of the nopaque platform is entitled to change and supplement the scope of functions of nopaque without prior notice. This could result from a thematic and scientific reorientation of the project.</p>
+              <p>&nbsp;</p>
+              <p>(2) Support</p>
+              <p>On nopaque, a contact form is available. As far as possible the SFB 1288 INF staff will try to provide user support.</p>
+            </div>
+          </div>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 4 Obligations of the User</span>
+              <p>(1) The system is suitable for normal security requirements. Data with a high need for protection (e.g. health data) may not be stored or processed in the nopaque platform.</p>
+              <p>&nbsp;</p>
+              <p>(2) Users of nopaque are responsible for their own entered contents. The uploading of illegal content, especially content that violates criminal, personal, data protection or copyright regulations (including § 60a) is not permitted.</p>
+              <p>&nbsp;</p>
+              <p>(3) Users undertake to indemnify Bielefeld University from all claims by third parties based on the data they use and to reimburse Bielefeld University for any costs incurred by the latter due to possible infringements of rights. This also includes the costs incurred by Bielefeld University in defending itself against such claims in and out of court.</p>
+              <p>&nbsp;</p>
+              <p>(4) Exclusion from use</p>
+              <p>Bielefeld University is entitled to immediately block access to the service if there are reasonable grounds to suspect that the stored data is unlawful (e.g upload harmful files via file upload) and/or violates the rights of third parties. Other infringements of the provisions of these Terms of Use, in particular the obligations under §6 also entitle Bielefeld University to block the user. Bielefeld University shall immediately notify the user of the block and the reason for the block. The block must be lifted as soon as the suspicion is invalidated.</p>
+              <p>&nbsp;</p>
+              <p>(5) Usage of Data</p>
+              <p>The data stored by the user on the storage space intended for him may be legally protected, the responsibility for the processing of the data from these points of view lies solely with the user. By using nopaque, the user grants Bielefeld the right to process the data with the corresponding tools. At all times during processing in nopaque, data remains in the user's private storage location and will not passed on to third parties.</p>
+              <p>&nbsp;</p>
+              <p>(6) Release of Bielefeld University from Third-Party Claims</p>
+              <p>The user is responsible for the data stored by him/her in nopaque. Furthermore he/she is responsible for entering and maintaining the data and information required to use nopaque.</p>
+              <p>&nbsp;</p>
+              <p>The user is obliged to indemnify Bielefeld University against all claims by third parties based on the data stored by him/her and to reimburse Bielefeld University for any costs incurred as a result of possible legal infringements. This also includes the costs incurred by Bielefeld University for extrajudicial and judicial defense against these claims.</p>
+            </div>
+          </div>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 5 Liability of Bielefeld University</span>
+              <p>Claims for damages against Bielefeld University are excluded irrespective of the legal grounds. Bielefeld University shall not be liable for loss of data and information or other „indirect“ damages, e.g. loss of profit, loss of production, or other indirect damages. Bielefeld University shall not be liable for the loss of data to the extent that the damage is due to the fact that the user has failed to back up the data and thereby ensure that lost data can be restored with justifiable effort.</p>
+              <p>&nbsp;</p>
+              <p>nopaque is available in accordance with normal operational care based on the "Best Effort" practice. No liability is assumed for the consequences of failures or errors of the nopaque platform. Bielefeld University does not guarantee that the systems will run error-free and without interruption at all times. Bielefeld University accepts no responsibility for technical quality. Nor is it liable for the content, in particular for the accuracy, completeness, and timeliness of information to which it merely provides access for use.</p>
+            </div>
+          </div>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 6 Data Protection</span>
+              <p>Information on the handling of personal data during the operation of the service can be found in the separate data protection policy.</p>
+            </div>
+          </div>
+        </div>
+
+        <div class="col s12">
+          <div class="card">
+            <div class="card-content">
+              <span class="card-title">§ 7 Duration and Termination</span>
+              <p>The user may terminate the use nopaque by deleting his/her account at any time without giving reasons. After deletion of the account, all users‘ data will be automatically deleted and access to the service blocked. This does not affect the user's right to delete data under data protection law.</p>
+              <p>&nbsp;</p>
+              <p>Bielefeld University may exclude the user from using the service without notice for an important reason. Important reasons include, in particular, repeated violations of the provisions of these Terms of Use or of applicable laws.</p>
+            </div>
+          </div>
+        </div>
+
+      </div>
+    </div>
+  </div>
+  <div class="modal-footer">
+    <a href="#!" class="modal-close waves-effect waves-green btn-flat">Accept</a>
+  </div>
+</div>
diff --git a/app/templates/auth/register.html.j2 b/app/templates/auth/register.html.j2
index d8e023a7..adfbc0af 100644
--- a/app/templates/auth/register.html.j2
+++ b/app/templates/auth/register.html.j2
@@ -23,6 +23,10 @@
           {{ wtf.render_field(form.password, material_icon='vpn_key') }}
           {{ wtf.render_field(form.password_2, material_icon='vpn_key') }}
           {{ wtf.render_field(form.email, class_='validate', material_icon='email', type='email') }}
+          <br>
+          {{ wtf.render_field(form.terms_of_use_accepted, type='checkbox')}}
+          <p></p>
+          <br>
           {{ wtf.render_field(form.submit, class_='width-100', material_icon='send') }}
         </div>
       </form>
diff --git a/app/templates/base.html.j2 b/app/templates/base.html.j2
index 82132828..22ba16e1 100644
--- a/app/templates/base.html.j2
+++ b/app/templates/base.html.j2
@@ -38,6 +38,7 @@
   {# {% if current_user.is_authenticated %}
   {% include "_roadmap.html.j2" %}
   {% endif %} #}
+  {% include "_terms_of_use_modal.html.j2" %}
   {% endblock modals %}
 </div>
 {% endblock main %}
diff --git a/app/users/json_routes.py b/app/users/json_routes.py
index b9cbb3e3..0e1503d6 100644
--- a/app/users/json_routes.py
+++ b/app/users/json_routes.py
@@ -55,3 +55,15 @@ def delete_user_avatar(user_id):
         'message': f'Avatar marked for deletion'
     }
     return response_data, 202
+
+@bp.route('/accept-terms-of-use', methods=['POST'])
+@content_negotiation(produces='application/json')
+def accept_terms_of_use():
+    if not (current_user.is_authenticated or current_user.confirmed):
+        abort(403)
+    current_user.terms_of_use_accepted = True
+    db.session.commit()
+    response_data = {
+        'message': 'You accepted the terms of use',
+    }
+    return response_data, 202
diff --git a/migrations/versions/b15b639288d4_.py b/migrations/versions/b15b639288d4_.py
new file mode 100644
index 00000000..32e4d611
--- /dev/null
+++ b/migrations/versions/b15b639288d4_.py
@@ -0,0 +1,32 @@
+"""Add terms_of_use_accepted column to users table
+
+Revision ID: b15b639288d4
+Revises: 1f77ce4346c6
+Create Date: 2023-04-13 10:19:38.662996
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'b15b639288d4'
+down_revision = '1f77ce4346c6'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('users', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('terms_of_use_accepted', sa.Boolean(), nullable=True))
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('users', schema=None) as batch_op:
+        batch_op.drop_column('terms_of_use_accepted')
+
+    # ### end Alembic commands ###