README

Laravel Legal Consent

Easily integrate legal documents (like privacy policies, terms of use, etc.) to your application.

Installation

You can install the package via composer:

composer require dedecube/laravel-legal-consent

You can publish and run the migrations with:

php artisan vendor:publish --tag="legal-consent-migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --tag="legal-consent-config"

See config file

Usage

Basic

To use the package, add the Dedecube\LegalConsent\HasLegalConsent trait to the all Authenticatable models you want to handle.

Here's an example including the HasLegalConsent trait to User :

<?php

namespace App\Models;

use Illuminate\Foundation\Auth\User as Authenticatable;
use Dedecube\LegalConsent\HasLegalConsent;

class User extends Authenticatable
{
    use HasLegalConsent;

    // 
}

Once done, you must define the list of allowed document types by adding them in the allowed_document_types list from config/legal-consent.php.

'allowed_document_types' => [
    'privacy-policy',
    'terms-of-use',
],

You can then create one or multiple documents from the DB or, if you wish, you could handle the creation with a CMS.

Here are the fields who should be filled:

• type: the document type name
• body: the content of the document
• noted: additional notes to show for the document
• published_at: the date of publication for the given document

Let's say we create a privacy policy document with the publication on 2021-01-01: here's the model entity we would have:

$legalDocument = [
    "id" => 1,
    "type" => "privacy-policy",
    "body" => "The privacy policy's very long text",
    "notes" => "",
    "published_at" => "2021-01-01",
    "updated_at" => "2021-01-01",
    "created_at" => "2021-01-01",
];

You can now call the custom API to retrieve and accept the current document, which can be customized in config/legal-consent.php:

GET - /legal/documents/privacy-policy

This endpoint retrieves the current legal document using the given criteria:

• the document type must be privacy-policy
• the published_at date must be earlier than now()

The document entries are then ordered by their published_at date in order to pick the latest one published.

The response contains the document id (used for the POST route) along with all its information useful for rendering. Here is a sample response body:

{
    "data": {
        "id": 1,
        "type": "privacy-policy",
        "body": "The privacy policy's very long text",
        "notes": "",
        "published_at": "2021-01-01"
    }
}

POST - /legal/documents/{id}

This endpoint stores the consent for the given document from the currently authenticated user.

Legal Document Listener

You can eventually accept all active legal documents using our listener.

This can be useful, for example, when your application handles the registration of users, and they must accept all legal documents through a checkbox before proceeding.

In this case, all you should do is add the listener to the Registered event in EventServiceProvider:

use Dedecube\LegalConsent\Listeners\AcceptLegalDocumentListener;

/**
 * The event listener mappings for the application.
 *
 * @var array
 */
protected $listen = [
    Registered::class => [
        AcceptLegalDocumentListener::class, // all currently active legal documents will be accepted
        SendEmailVerificationNotification::class,
    ],
];

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

• Daniele Tulone
• Enrico De Lazzari
• All Contributors

License

The MIT License (MIT). Please see License File for more information.