class-wc-privacy-erasers.php — WooCommerce 3.6.5

woocommerce / includes / class-wc-privacy-erasers.php

woocommerce / includes Last commit date

class-wc-privacy-erasers.php

398 lines

1	<?php
2	/**
3	* Personal data erasers.
4	*
5	* @since 3.4.0
6	* @package WooCommerce\Classes
7	*/
8
9	defined( 'ABSPATH' ) \|\| exit;
10
11	/**
12	* WC_Privacy_Erasers Class.
13	*/
14	class WC_Privacy_Erasers {
15	/**
16	* Finds and erases customer data by email address.
17	*
18	* @since 3.4.0
19	* @param string $email_address The user email address.
20	* @param int $page Page.
21	* @return array An array of personal data in name value pairs
22	*/
23	public static function customer_data_eraser( $email_address, $page ) {
24	$response = array(
25	'items_removed' => false,
26	'items_retained' => false,
27	'messages' => array(),
28	'done' => true,
29	);
30
31	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
32
33	if ( ! $user instanceof WP_User ) {
34	return $response;
35	}
36
37	$customer = new WC_Customer( $user->ID );
38
39	if ( ! $customer ) {
40	return $response;
41	}
42
43	$props_to_erase = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_props', array(
44	'billing_first_name' => __( 'Billing First Name', 'woocommerce' ),
45	'billing_last_name' => __( 'Billing Last Name', 'woocommerce' ),
46	'billing_company' => __( 'Billing Company', 'woocommerce' ),
47	'billing_address_1' => __( 'Billing Address 1', 'woocommerce' ),
48	'billing_address_2' => __( 'Billing Address 2', 'woocommerce' ),
49	'billing_city' => __( 'Billing City', 'woocommerce' ),
50	'billing_postcode' => __( 'Billing Postal/Zip Code', 'woocommerce' ),
51	'billing_state' => __( 'Billing State', 'woocommerce' ),
52	'billing_country' => __( 'Billing Country', 'woocommerce' ),
53	'billing_phone' => __( 'Phone Number', 'woocommerce' ),
54	'billing_email' => __( 'Email Address', 'woocommerce' ),
55	'shipping_first_name' => __( 'Shipping First Name', 'woocommerce' ),
56	'shipping_last_name' => __( 'Shipping Last Name', 'woocommerce' ),
57	'shipping_company' => __( 'Shipping Company', 'woocommerce' ),
58	'shipping_address_1' => __( 'Shipping Address 1', 'woocommerce' ),
59	'shipping_address_2' => __( 'Shipping Address 2', 'woocommerce' ),
60	'shipping_city' => __( 'Shipping City', 'woocommerce' ),
61	'shipping_postcode' => __( 'Shipping Postal/Zip Code', 'woocommerce' ),
62	'shipping_state' => __( 'Shipping State', 'woocommerce' ),
63	'shipping_country' => __( 'Shipping Country', 'woocommerce' ),
64	), $customer );
65
66	foreach ( $props_to_erase as $prop => $label ) {
67	$erased = false;
68
69	if ( is_callable( array( $customer, 'get_' . $prop ) ) && is_callable( array( $customer, 'set_' . $prop ) ) ) {
70	$value = $customer->{"get_$prop"}( 'edit' );
71
72	if ( $value ) {
73	$customer->{"set_$prop"}( '' );
74	$erased = true;
75	}
76	}
77
78	$erased = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_prop', $erased, $prop, $customer );
79
80	if ( $erased ) {
81	/* Translators: %s Prop name. */
82	$response['messages'][] = sprintf( __( 'Removed customer "%s"', 'woocommerce' ), $label );
83	$response['items_removed'] = true;
84	}
85	}
86
87	$customer->save();
88
89	/**
90	* Allow extensions to remove data for this customer and adjust the response.
91	*
92	* @since 3.4.0
93	* @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done.
94	* @param WC_Order $order A customer object.
95	*/
96	return apply_filters( 'woocommerce_privacy_erase_personal_data_customer', $response, $customer );
97	}
98
99	/**
100	* Finds and erases data which could be used to identify a person from WooCommerce data assocated with an email address.
101	*
102	* Orders are erased in blocks of 10 to avoid timeouts.
103	*
104	* @since 3.4.0
105	* @param string $email_address The user email address.
106	* @param int $page Page.
107	* @return array An array of personal data in name value pairs
108	*/
109	public static function order_data_eraser( $email_address, $page ) {
110	$page = (int) $page;
111	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
112	$erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_order_data', 'no' ) );
113	$response = array(
114	'items_removed' => false,
115	'items_retained' => false,
116	'messages' => array(),
117	'done' => true,
118	);
119
120	$order_query = array(
121	'limit' => 10,
122	'page' => $page,
123	'customer' => array( $email_address ),
124	);
125
126	if ( $user instanceof WP_User ) {
127	$order_query['customer'][] = (int) $user->ID;
128	}
129
130	$orders = wc_get_orders( $order_query );
131
132	if ( 0 < count( $orders ) ) {
133	foreach ( $orders as $order ) {
134	if ( apply_filters( 'woocommerce_privacy_erase_order_personal_data', $erasure_enabled, $order ) ) {
135	self::remove_order_personal_data( $order );
136
137	/* Translators: %s Order number. */
138	$response['messages'][] = sprintf( __( 'Removed personal data from order %s.', 'woocommerce' ), $order->get_order_number() );
139	$response['items_removed'] = true;
140	} else {
141	/* Translators: %s Order number. */
142	$response['messages'][] = sprintf( __( 'Personal data within order %s has been retained.', 'woocommerce' ), $order->get_order_number() );
143	$response['items_retained'] = true;
144	}
145	}
146	$response['done'] = 10 > count( $orders );
147	} else {
148	$response['done'] = true;
149	}
150
151	return $response;
152	}
153
154	/**
155	* Finds and removes customer download logs by email address.
156	*
157	* @since 3.4.0
158	* @param string $email_address The user email address.
159	* @param int $page Page.
160	* @return array An array of personal data in name value pairs
161	*/
162	public static function download_data_eraser( $email_address, $page ) {
163	$page = (int) $page;
164	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
165	$erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_download_data', 'no' ) );
166	$response = array(
167	'items_removed' => false,
168	'items_retained' => false,
169	'messages' => array(),
170	'done' => true,
171	);
172
173	$downloads_query = array(
174	'limit' => -1,
175	'page' => $page,
176	'return' => 'ids',
177	);
178
179	if ( $user instanceof WP_User ) {
180	$downloads_query['user_id'] = (int) $user->ID;
181	} else {
182	$downloads_query['user_email'] = $email_address;
183	}
184
185	$customer_download_data_store = WC_Data_Store::load( 'customer-download' );
186
187	// Revoke download permissions.
188	if ( apply_filters( 'woocommerce_privacy_erase_download_personal_data', $erasure_enabled, $email_address ) ) {
189	if ( $user instanceof WP_User ) {
190	$result = $customer_download_data_store->delete_by_user_id( (int) $user->ID );
191	} else {
192	$result = $customer_download_data_store->delete_by_user_email( $email_address );
193	}
194	if ( $result ) {
195	$response['messages'][] = __( 'Removed access to downloadable files.', 'woocommerce' );
196	$response['items_removed'] = true;
197	}
198	} else {
199	$response['messages'][] = __( 'Customer download permissions have been retained.', 'woocommerce' );
200	$response['items_retained'] = true;
201	}
202
203	return $response;
204	}
205
206	/**
207	* Remove personal data specific to WooCommerce from an order object.
208	*
209	* Note; this will hinder order processing for obvious reasons!
210	*
211	* @param WC_Order $order Order object.
212	*/
213	public static function remove_order_personal_data( $order ) {
214	$anonymized_data = array();
215
216	/**
217	* Allow extensions to remove their own personal data for this order first, so order data is still available.
218	*
219	* @since 3.4.0
220	* @param WC_Order $order A customer object.
221	*/
222	do_action( 'woocommerce_privacy_before_remove_order_personal_data', $order );
223
224	/**
225	* Expose props and data types we'll be anonymizing.
226	*
227	* @since 3.4.0
228	* @param array $props Keys are the prop names, values are the data type we'll be passing to wp_privacy_anonymize_data().
229	* @param WC_Order $order A customer object.
230	*/
231	$props_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_props', array(
232	'customer_ip_address' => 'ip',
233	'customer_user_agent' => 'text',
234	'billing_first_name' => 'text',
235	'billing_last_name' => 'text',
236	'billing_company' => 'text',
237	'billing_address_1' => 'text',
238	'billing_address_2' => 'text',
239	'billing_city' => 'text',
240	'billing_postcode' => 'text',
241	'billing_state' => 'address_state',
242	'billing_country' => 'address_country',
243	'billing_phone' => 'phone',
244	'billing_email' => 'email',
245	'shipping_first_name' => 'text',
246	'shipping_last_name' => 'text',
247	'shipping_company' => 'text',
248	'shipping_address_1' => 'text',
249	'shipping_address_2' => 'text',
250	'shipping_city' => 'text',
251	'shipping_postcode' => 'text',
252	'shipping_state' => 'address_state',
253	'shipping_country' => 'address_country',
254	'customer_id' => 'numeric_id',
255	'transaction_id' => 'numeric_id',
256	), $order );
257
258	if ( ! empty( $props_to_remove ) && is_array( $props_to_remove ) ) {
259	foreach ( $props_to_remove as $prop => $data_type ) {
260	// Get the current value in edit context.
261	$value = $order->{"get_$prop"}( 'edit' );
262
263	// If the value is empty, it does not need to be anonymized.
264	if ( empty( $value ) \|\| empty( $data_type ) ) {
265	continue;
266	}
267
268	$anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : '';
269
270	/**
271	* Expose a way to control the anonymized value of a prop via 3rd party code.
272	*
273	* @since 3.4.0
274	* @param string $anon_value Value of this prop after anonymization.
275	* @param string $prop Name of the prop being removed.
276	* @param string $value Current value of the data.
277	* @param string $data_type Type of data.
278	* @param WC_Order $order An order object.
279	*/
280	$anonymized_data[ $prop ] = apply_filters( 'woocommerce_privacy_remove_order_personal_data_prop_value', $anon_value, $prop, $value, $data_type, $order );
281	}
282	}
283
284	// Set all new props and persist the new data to the database.
285	$order->set_props( $anonymized_data );
286
287	// Remove meta data.
288	$meta_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta', array(
289	'Payer first name' => 'text',
290	'Payer last name' => 'text',
291	'Payer PayPal address' => 'email',
292	'Transaction ID' => 'numeric_id',
293	) );
294
295	if ( ! empty( $meta_to_remove ) && is_array( $meta_to_remove ) ) {
296	foreach ( $meta_to_remove as $meta_key => $data_type ) {
297	$value = $order->get_meta( $meta_key );
298
299	// If the value is empty, it does not need to be anonymized.
300	if ( empty( $value ) \|\| empty( $data_type ) ) {
301	continue;
302	}
303
304	$anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : '';
305
306	/**
307	* Expose a way to control the anonymized value of a value via 3rd party code.
308	*
309	* @since 3.4.0
310	* @param string $anon_value Value of this data after anonymization.
311	* @param string $prop meta_key key being removed.
312	* @param string $value Current value of the data.
313	* @param string $data_type Type of data.
314	* @param WC_Order $order An order object.
315	*/
316	$anon_value = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta_value', $anon_value, $meta_key, $value, $data_type, $order );
317
318	if ( $anon_value ) {
319	$order->update_meta_data( $meta_key, $anon_value );
320	} else {
321	$order->delete_meta_data( $meta_key );
322	}
323	}
324	}
325
326	$order->update_meta_data( '_anonymized', 'yes' );
327	$order->save();
328
329	// Delete order notes which can contain PII.
330	$notes = wc_get_order_notes( array(
331	'order_id' => $order->get_id(),
332	) );
333
334	foreach ( $notes as $note ) {
335	wc_delete_order_note( $note->id );
336	}
337
338	// Add note that this event occured.
339	$order->add_order_note( __( 'Personal data removed.', 'woocommerce' ) );
340
341	/**
342	* Allow extensions to remove their own personal data for this order.
343	*
344	* @since 3.4.0
345	* @param WC_Order $order A customer object.
346	*/
347	do_action( 'woocommerce_privacy_remove_order_personal_data', $order );
348	}
349
350	/**
351	* Finds and erases customer tokens by email address.
352	*
353	* @since 3.4.0
354	* @param string $email_address The user email address.
355	* @param int $page Page.
356	* @return array An array of personal data in name value pairs
357	*/
358	public static function customer_tokens_eraser( $email_address, $page ) {
359	$response = array(
360	'items_removed' => false,
361	'items_retained' => false,
362	'messages' => array(),
363	'done' => true,
364	);
365
366	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
367
368	if ( ! $user instanceof WP_User ) {
369	return $response;
370	}
371
372	$tokens = WC_Payment_Tokens::get_tokens( array(
373	'user_id' => $user->ID,
374	) );
375
376	if ( empty( $tokens ) ) {
377	return $response;
378	}
379
380	foreach ( $tokens as $token ) {
381	WC_Payment_Tokens::delete( $token->get_id() );
382
383	/* Translators: %s Prop name. */
384	$response['messages'][] = sprintf( __( 'Removed payment token "%d"', 'woocommerce' ), $token->get_id() );
385	$response['items_removed'] = true;
386	}
387
388	/**
389	* Allow extensions to remove data for tokens and adjust the response.
390	*
391	* @since 3.4.0
392	* @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done.
393	* @param array $tokens Array of tokens.
394	*/
395	return apply_filters( 'woocommerce_privacy_erase_personal_data_tokens', $response, $tokens );
396	}
397	}
398