update

2025-11-26 22:32:20 +02:00
commit ed94dd22dd
150 changed files with 14058 additions and 0 deletions
--- a/legal/views.py
+++ b/legal/views.py
@@ -0,0 +1,111 @@
+"""
+Views for legal app.
+"""
+from django.shortcuts import render
+from django.views.generic import TemplateView, CreateView, DetailView
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.urls import reverse_lazy
+from django.http import JsonResponse
+from django.views.decorators.http import require_http_methods
+from .models import DataRequest, ConsentRecord
+from .forms import DataRequestForm
+
+
+class PrivacyPolicyView(TemplateView):
+    """Privacy policy page."""
+    template_name = 'legal/privacy_policy.html'
+
+
+class TermsOfServiceView(TemplateView):
+    """Terms of service page."""
+    template_name = 'legal/terms_of_service.html'
+
+
+class DataRequestView(LoginRequiredMixin, CreateView):
+    """GDPR data request form."""
+    model = DataRequest
+    form_class = DataRequestForm
+    template_name = 'legal/data_request.html'
+    success_url = reverse_lazy('legal:data_request_detail')
+    
+    def form_valid(self, form):
+        form.instance.user = self.request.user
+        return super().form_valid(form)
+    
+    def get_success_url(self):
+        return reverse_lazy('legal:data_request_detail', kwargs={'pk': self.object.pk})
+
+
+class DataRequestDetailView(LoginRequiredMixin, DetailView):
+    """View data request status."""
+    model = DataRequest
+    template_name = 'legal/data_request_detail.html'
+    context_object_name = 'data_request'
+    
+    def get_queryset(self):
+        return DataRequest.objects.filter(user=self.request.user)
+
+
+@require_http_methods(["POST"])
+def cookie_consent_view(request):
+    """
+    Handle cookie consent submission.
+    Stores consent in database and sets a cookie.
+    """
+    import json
+    from django.utils import timezone
+    
+    try:
+        data = json.loads(request.body)
+        consent_given = data.get('consent', False)
+        
+        # Get client IP
+        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+        if x_forwarded_for:
+            ip_address = x_forwarded_for.split(',')[0]
+        else:
+            ip_address = request.META.get('REMOTE_ADDR')
+        
+        # Create consent record
+        ConsentRecord.objects.create(
+            user=request.user if request.user.is_authenticated else None,
+            consent_type='cookies',
+            consent_given=consent_given,
+            ip_address=ip_address,
+            user_agent=request.META.get('HTTP_USER_AGENT', ''),
+            version='1.0'
+        )
+        
+        # Create response
+        response = JsonResponse({
+            'success': True,
+            'message': 'Cookie consent recorded successfully'
+        })
+        
+        # Set cookie (expires in 1 year)
+        if consent_given:
+            response.set_cookie(
+                'cookie_consent',
+                'accepted',
+                max_age=31536000,  # 1 year in seconds
+                httponly=False,
+                samesite='Lax',
+                secure=request.is_secure()
+            )
+        else:
+            response.set_cookie(
+                'cookie_consent',
+                'declined',
+                max_age=31536000,
+                httponly=False,
+                samesite='Lax',
+                secure=request.is_secure()
+            )
+        
+        return response
+    
+    except Exception as e:
+        return JsonResponse({
+            'success': False,
+            'message': str(e)
+        }, status=400)