Added MISAGO_ENABLE_EXPORT_OWN_DATA setting

misago/conf/defaults.py

@@ -35,6 +35,13 @@ MISAGO_ACL_EXTENSIONS = [
 MISAGO_ANONYMOUS_USERNAME = "Ghost"
 
 
+# Allow users to export their own data?
+# This may take some pressure from site administrators handling data export or access requests made
+# by users exerting rights granted to them by GDPR.
+
+MISAGO_ENABLE_EXPORT_OWN_DATA = False
+
+
 # Allow users to delete their own accounts?
 # Providing such feature is required by EU law from entities that process europeans personal data.
 

misago/project_template/project_name/settings.py

@@ -156,6 +156,13 @@ EMAIL_HOST_PASSWORD = ''
 DEFAULT_FROM_EMAIL = 'Forums <%s>' % EMAIL_HOST_USER
 
 
+# Allow users to export their own data?
+# This may take some pressure from site administrators handling data export or access requests made
+# by users exerting rights granted to them by GDPR.
+
+MISAGO_ENABLE_EXPORT_OWN_DATA = True
+
+
 # Allow users to delete their own accounts?
 # Providing such feature is required by EU law from entities that process europeans personal data.
 

misago/users/api/users.py

@@ -13,6 +13,7 @@ from django.utils.translation import ugettext as _
 
 from misago.acl import add_acl
 from misago.categories.models import Category
+from misago.conf import settings
 from misago.core.rest_permissions import IsAuthenticatedOrReadOnly
 from misago.core.shortcuts import get_int_or_404
 from misago.threads.moderation import hide_post, hide_thread
@@ -222,6 +223,9 @@ class UserViewSet(viewsets.GenericViewSet):
         get_int_or_404(pk)
         allow_self_only(request.user, pk, _("You can't request data export for other users."))
 
+        if not settings.MISAGO_ENABLE_EXPORT_OWN_DATA:
+            raise PermissionDenied(_("You can't export your own data."))
+
         if is_user_data_export_in_progress(request.user):
             raise PermissionDenied(_("You already have an data export in progress."))
             

misago/users/tests/test_user_dataexport_api.py

@@ -1,3 +1,5 @@
+from django.test.utils import override_settings
+
 from misago.users.dataexport import start_data_export_for_user
 from misago.users.testutils import AuthenticatedUserTestCase
 
@@ -28,6 +30,15 @@ class UserStartDataExportApiTests(AuthenticatedUserTestCase):
             'detail': "You can\'t request data export for other users.",
         })
 
+    @override_settings(MISAGO_ENABLE_EXPORT_OWN_DATA=False)
+    def test_start_export_disabled(self):
+        """request to api fails if own data exports are disabled"""
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.json(), {
+            'detail': "You can't export your own data.",
+        })
+
     def test_start_export_in_progress(self):
         """request to api fails if user already has export in progress"""
         start_data_export_for_user(self.user)