class-wc-privacy-erasers.php — WooCommerce 4.8.0

woocommerce / includes / class-wc-privacy-erasers.php

woocommerce / includes Last commit date

class-wc-privacy-erasers.php

413 lines

1	<?php
2	/**
3	* Personal data erasers.
4	*
5	* @since 3.4.0
6	* @package WooCommerce\Classes
7	*/
8
9	defined( 'ABSPATH' ) \|\| exit;
10
11	/**
12	* WC_Privacy_Erasers Class.
13	*/
14	class WC_Privacy_Erasers {
15	/**
16	* Finds and erases customer data by email address.
17	*
18	* @since 3.4.0
19	* @param string $email_address The user email address.
20	* @param int $page Page.
21	* @return array An array of personal data in name value pairs
22	*/
23	public static function customer_data_eraser( $email_address, $page ) {
24	$response = array(
25	'items_removed' => false,
26	'items_retained' => false,
27	'messages' => array(),
28	'done' => true,
29	);
30
31	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
32
33	if ( ! $user instanceof WP_User ) {
34	return $response;
35	}
36
37	$customer = new WC_Customer( $user->ID );
38
39	if ( ! $customer ) {
40	return $response;
41	}
42
43	$props_to_erase = apply_filters(
44	'woocommerce_privacy_erase_customer_personal_data_props',
45	array(
46	'billing_first_name' => __( 'Billing First Name', 'woocommerce' ),
47	'billing_last_name' => __( 'Billing Last Name', 'woocommerce' ),
48	'billing_company' => __( 'Billing Company', 'woocommerce' ),
49	'billing_address_1' => __( 'Billing Address 1', 'woocommerce' ),
50	'billing_address_2' => __( 'Billing Address 2', 'woocommerce' ),
51	'billing_city' => __( 'Billing City', 'woocommerce' ),
52	'billing_postcode' => __( 'Billing Postal/Zip Code', 'woocommerce' ),
53	'billing_state' => __( 'Billing State', 'woocommerce' ),
54	'billing_country' => __( 'Billing Country / Region', 'woocommerce' ),
55	'billing_phone' => __( 'Phone Number', 'woocommerce' ),
56	'billing_email' => __( 'Email Address', 'woocommerce' ),
57	'shipping_first_name' => __( 'Shipping First Name', 'woocommerce' ),
58	'shipping_last_name' => __( 'Shipping Last Name', 'woocommerce' ),
59	'shipping_company' => __( 'Shipping Company', 'woocommerce' ),
60	'shipping_address_1' => __( 'Shipping Address 1', 'woocommerce' ),
61	'shipping_address_2' => __( 'Shipping Address 2', 'woocommerce' ),
62	'shipping_city' => __( 'Shipping City', 'woocommerce' ),
63	'shipping_postcode' => __( 'Shipping Postal/Zip Code', 'woocommerce' ),
64	'shipping_state' => __( 'Shipping State', 'woocommerce' ),
65	'shipping_country' => __( 'Shipping Country / Region', 'woocommerce' ),
66	),
67	$customer
68	);
69
70	foreach ( $props_to_erase as $prop => $label ) {
71	$erased = false;
72
73	if ( is_callable( array( $customer, 'get_' . $prop ) ) && is_callable( array( $customer, 'set_' . $prop ) ) ) {
74	$value = $customer->{"get_$prop"}( 'edit' );
75
76	if ( $value ) {
77	$customer->{"set_$prop"}( '' );
78	$erased = true;
79	}
80	}
81
82	$erased = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_prop', $erased, $prop, $customer );
83
84	if ( $erased ) {
85	/* Translators: %s Prop name. */
86	$response['messages'][] = sprintf( __( 'Removed customer "%s"', 'woocommerce' ), $label );
87	$response['items_removed'] = true;
88	}
89	}
90
91	$customer->save();
92
93	/**
94	* Allow extensions to remove data for this customer and adjust the response.
95	*
96	* @since 3.4.0
97	* @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done.
98	* @param WC_Order $order A customer object.
99	*/
100	return apply_filters( 'woocommerce_privacy_erase_personal_data_customer', $response, $customer );
101	}
102
103	/**
104	* Finds and erases data which could be used to identify a person from WooCommerce data assocated with an email address.
105	*
106	* Orders are erased in blocks of 10 to avoid timeouts.
107	*
108	* @since 3.4.0
109	* @param string $email_address The user email address.
110	* @param int $page Page.
111	* @return array An array of personal data in name value pairs
112	*/
113	public static function order_data_eraser( $email_address, $page ) {
114	$page = (int) $page;
115	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
116	$erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_order_data', 'no' ) );
117	$response = array(
118	'items_removed' => false,
119	'items_retained' => false,
120	'messages' => array(),
121	'done' => true,
122	);
123
124	$order_query = array(
125	'limit' => 10,
126	'page' => $page,
127	'customer' => array( $email_address ),
128	);
129
130	if ( $user instanceof WP_User ) {
131	$order_query['customer'][] = (int) $user->ID;
132	}
133
134	$orders = wc_get_orders( $order_query );
135
136	if ( 0 < count( $orders ) ) {
137	foreach ( $orders as $order ) {
138	if ( apply_filters( 'woocommerce_privacy_erase_order_personal_data', $erasure_enabled, $order ) ) {
139	self::remove_order_personal_data( $order );
140
141	/* Translators: %s Order number. */
142	$response['messages'][] = sprintf( __( 'Removed personal data from order %s.', 'woocommerce' ), $order->get_order_number() );
143	$response['items_removed'] = true;
144	} else {
145	/* Translators: %s Order number. */
146	$response['messages'][] = sprintf( __( 'Personal data within order %s has been retained.', 'woocommerce' ), $order->get_order_number() );
147	$response['items_retained'] = true;
148	}
149	}
150	$response['done'] = 10 > count( $orders );
151	} else {
152	$response['done'] = true;
153	}
154
155	return $response;
156	}
157
158	/**
159	* Finds and removes customer download logs by email address.
160	*
161	* @since 3.4.0
162	* @param string $email_address The user email address.
163	* @param int $page Page.
164	* @return array An array of personal data in name value pairs
165	*/
166	public static function download_data_eraser( $email_address, $page ) {
167	$page = (int) $page;
168	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
169	$erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_download_data', 'no' ) );
170	$response = array(
171	'items_removed' => false,
172	'items_retained' => false,
173	'messages' => array(),
174	'done' => true,
175	);
176
177	$downloads_query = array(
178	'limit' => -1,
179	'page' => $page,
180	'return' => 'ids',
181	);
182
183	if ( $user instanceof WP_User ) {
184	$downloads_query['user_id'] = (int) $user->ID;
185	} else {
186	$downloads_query['user_email'] = $email_address;
187	}
188
189	$customer_download_data_store = WC_Data_Store::load( 'customer-download' );
190
191	// Revoke download permissions.
192	if ( apply_filters( 'woocommerce_privacy_erase_download_personal_data', $erasure_enabled, $email_address ) ) {
193	if ( $user instanceof WP_User ) {
194	$result = $customer_download_data_store->delete_by_user_id( (int) $user->ID );
195	} else {
196	$result = $customer_download_data_store->delete_by_user_email( $email_address );
197	}
198	if ( $result ) {
199	$response['messages'][] = __( 'Removed access to downloadable files.', 'woocommerce' );
200	$response['items_removed'] = true;
201	}
202	} else {
203	$response['messages'][] = __( 'Customer download permissions have been retained.', 'woocommerce' );
204	$response['items_retained'] = true;
205	}
206
207	return $response;
208	}
209
210	/**
211	* Remove personal data specific to WooCommerce from an order object.
212	*
213	* Note; this will hinder order processing for obvious reasons!
214	*
215	* @param WC_Order $order Order object.
216	*/
217	public static function remove_order_personal_data( $order ) {
218	$anonymized_data = array();
219
220	/**
221	* Allow extensions to remove their own personal data for this order first, so order data is still available.
222	*
223	* @since 3.4.0
224	* @param WC_Order $order A customer object.
225	*/
226	do_action( 'woocommerce_privacy_before_remove_order_personal_data', $order );
227
228	/**
229	* Expose props and data types we'll be anonymizing.
230	*
231	* @since 3.4.0
232	* @param array $props Keys are the prop names, values are the data type we'll be passing to wp_privacy_anonymize_data().
233	* @param WC_Order $order A customer object.
234	*/
235	$props_to_remove = apply_filters(
236	'woocommerce_privacy_remove_order_personal_data_props',
237	array(
238	'customer_ip_address' => 'ip',
239	'customer_user_agent' => 'text',
240	'billing_first_name' => 'text',
241	'billing_last_name' => 'text',
242	'billing_company' => 'text',
243	'billing_address_1' => 'text',
244	'billing_address_2' => 'text',
245	'billing_city' => 'text',
246	'billing_postcode' => 'text',
247	'billing_state' => 'address_state',
248	'billing_country' => 'address_country',
249	'billing_phone' => 'phone',
250	'billing_email' => 'email',
251	'shipping_first_name' => 'text',
252	'shipping_last_name' => 'text',
253	'shipping_company' => 'text',
254	'shipping_address_1' => 'text',
255	'shipping_address_2' => 'text',
256	'shipping_city' => 'text',
257	'shipping_postcode' => 'text',
258	'shipping_state' => 'address_state',
259	'shipping_country' => 'address_country',
260	'customer_id' => 'numeric_id',
261	'transaction_id' => 'numeric_id',
262	),
263	$order
264	);
265
266	if ( ! empty( $props_to_remove ) && is_array( $props_to_remove ) ) {
267	foreach ( $props_to_remove as $prop => $data_type ) {
268	// Get the current value in edit context.
269	$value = $order->{"get_$prop"}( 'edit' );
270
271	// If the value is empty, it does not need to be anonymized.
272	if ( empty( $value ) \|\| empty( $data_type ) ) {
273	continue;
274	}
275
276	$anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : '';
277
278	/**
279	* Expose a way to control the anonymized value of a prop via 3rd party code.
280	*
281	* @since 3.4.0
282	* @param string $anon_value Value of this prop after anonymization.
283	* @param string $prop Name of the prop being removed.
284	* @param string $value Current value of the data.
285	* @param string $data_type Type of data.
286	* @param WC_Order $order An order object.
287	*/
288	$anonymized_data[ $prop ] = apply_filters( 'woocommerce_privacy_remove_order_personal_data_prop_value', $anon_value, $prop, $value, $data_type, $order );
289	}
290	}
291
292	// Set all new props and persist the new data to the database.
293	$order->set_props( $anonymized_data );
294
295	// Remove meta data.
296	$meta_to_remove = apply_filters(
297	'woocommerce_privacy_remove_order_personal_data_meta',
298	array(
299	'Payer first name' => 'text',
300	'Payer last name' => 'text',
301	'Payer PayPal address' => 'email',
302	'Transaction ID' => 'numeric_id',
303	)
304	);
305
306	if ( ! empty( $meta_to_remove ) && is_array( $meta_to_remove ) ) {
307	foreach ( $meta_to_remove as $meta_key => $data_type ) {
308	$value = $order->get_meta( $meta_key );
309
310	// If the value is empty, it does not need to be anonymized.
311	if ( empty( $value ) \|\| empty( $data_type ) ) {
312	continue;
313	}
314
315	$anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : '';
316
317	/**
318	* Expose a way to control the anonymized value of a value via 3rd party code.
319	*
320	* @since 3.4.0
321	* @param string $anon_value Value of this data after anonymization.
322	* @param string $prop meta_key key being removed.
323	* @param string $value Current value of the data.
324	* @param string $data_type Type of data.
325	* @param WC_Order $order An order object.
326	*/
327	$anon_value = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta_value', $anon_value, $meta_key, $value, $data_type, $order );
328
329	if ( $anon_value ) {
330	$order->update_meta_data( $meta_key, $anon_value );
331	} else {
332	$order->delete_meta_data( $meta_key );
333	}
334	}
335	}
336
337	$order->update_meta_data( '_anonymized', 'yes' );
338	$order->save();
339
340	// Delete order notes which can contain PII.
341	$notes = wc_get_order_notes(
342	array(
343	'order_id' => $order->get_id(),
344	)
345	);
346
347	foreach ( $notes as $note ) {
348	wc_delete_order_note( $note->id );
349	}
350
351	// Add note that this event occured.
352	$order->add_order_note( __( 'Personal data removed.', 'woocommerce' ) );
353
354	/**
355	* Allow extensions to remove their own personal data for this order.
356	*
357	* @since 3.4.0
358	* @param WC_Order $order A customer object.
359	*/
360	do_action( 'woocommerce_privacy_remove_order_personal_data', $order );
361	}
362
363	/**
364	* Finds and erases customer tokens by email address.
365	*
366	* @since 3.4.0
367	* @param string $email_address The user email address.
368	* @param int $page Page.
369	* @return array An array of personal data in name value pairs
370	*/
371	public static function customer_tokens_eraser( $email_address, $page ) {
372	$response = array(
373	'items_removed' => false,
374	'items_retained' => false,
375	'messages' => array(),
376	'done' => true,
377	);
378
379	$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
380
381	if ( ! $user instanceof WP_User ) {
382	return $response;
383	}
384
385	$tokens = WC_Payment_Tokens::get_tokens(
386	array(
387	'user_id' => $user->ID,
388	)
389	);
390
391	if ( empty( $tokens ) ) {
392	return $response;
393	}
394
395	foreach ( $tokens as $token ) {
396	WC_Payment_Tokens::delete( $token->get_id() );
397
398	/* Translators: %s Prop name. */
399	$response['messages'][] = sprintf( __( 'Removed payment token "%d"', 'woocommerce' ), $token->get_id() );
400	$response['items_removed'] = true;
401	}
402
403	/**
404	* Allow extensions to remove data for tokens and adjust the response.
405	*
406	* @since 3.4.0
407	* @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done.
408	* @param array $tokens Array of tokens.
409	*/
410	return apply_filters( 'woocommerce_privacy_erase_personal_data_tokens', $response, $tokens );
411	}
412	}
413