Fixed Logged in users can't access important pages unless they have accepted new privacy policy or terms of service

[Kirby]

Affected version

2.0,6 Beta 1

When terms of service or privacy policy are changed and the users are request to re-accept them, they are not able to access our imprint page (this is done as a XenForo page) or contact us.

I think it is pretty important for users to be able to contact the board owner in case they do not want to accept and rather have their account deleted.

Furthermore, it's also a legal requirement in Germany to have an imprint page and the new accept-features causes this page to stop working if the user has not accepted.

Ideally I think it should be possible to whitelist URLs that must always be accessible, not matter if the user has accepted privacy statement/terms of service or not.

 

[S Thomas]

Can guests access your page? If so, then there's no need for a change.

 

[Chris D]

Page nodes aren’t blocked in the current release but we also already unblocked the contact form and conversations from the next release. A whitelist shouldn’t be necessary.

 

[Kirby]

@yoloswaggerino
They can, but it is not obvious for the user that he could access those pages if he logs out.
Furthermore, if they access the contact us form without being logged in, there is no proof that it is really the user requesting to delete an account - it could be anyone who just happens to know their E-Mail-Address.

@Chris D
I don't think unblocking conversations is a good idea, wouldn't that allow users to continue communicating with other members without accepting new terms?
Also page nodes could do all kinds of data processing, especially when using PHP callbacks.
I therefore don't think they should be generally allowed.

 

[Nirjonadda]

Yes please do not unblocking conversations, only can access contact form.

 

[Chris D]

I'll re-block conversations, that's all we need to do for now.