false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. if ( ! $user instanceof WP_User ) { return $response; } $customer = new WC_Customer( $user->ID ); if ( ! $customer ) { return $response; } $props_to_erase = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_props', array( 'billing_first_name' => __( 'Billing First Name', 'woocommerce' ), 'billing_last_name' => __( 'Billing Last Name', 'woocommerce' ), 'billing_company' => __( 'Billing Company', 'woocommerce' ), 'billing_address_1' => __( 'Billing Address 1', 'woocommerce' ), 'billing_address_2' => __( 'Billing Address 2', 'woocommerce' ), 'billing_city' => __( 'Billing City', 'woocommerce' ), 'billing_postcode' => __( 'Billing Postal/Zip Code', 'woocommerce' ), 'billing_state' => __( 'Billing State', 'woocommerce' ), 'billing_country' => __( 'Billing Country / Region', 'woocommerce' ), 'billing_phone' => __( 'Billing Phone Number', 'woocommerce' ), 'billing_email' => __( 'Email Address', 'woocommerce' ), 'shipping_first_name' => __( 'Shipping First Name', 'woocommerce' ), 'shipping_last_name' => __( 'Shipping Last Name', 'woocommerce' ), 'shipping_company' => __( 'Shipping Company', 'woocommerce' ), 'shipping_address_1' => __( 'Shipping Address 1', 'woocommerce' ), 'shipping_address_2' => __( 'Shipping Address 2', 'woocommerce' ), 'shipping_city' => __( 'Shipping City', 'woocommerce' ), 'shipping_postcode' => __( 'Shipping Postal/Zip Code', 'woocommerce' ), 'shipping_state' => __( 'Shipping State', 'woocommerce' ), 'shipping_country' => __( 'Shipping Country / Region', 'woocommerce' ), 'shipping_phone' => __( 'Shipping Phone Number', 'woocommerce' ), ), $customer ); foreach ( $props_to_erase as $prop => $label ) { $erased = false; if ( is_callable( array( $customer, 'get_' . $prop ) ) && is_callable( array( $customer, 'set_' . $prop ) ) ) { $value = $customer->{"get_$prop"}( 'edit' ); if ( $value ) { $customer->{"set_$prop"}( '' ); $erased = true; } } $erased = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_prop', $erased, $prop, $customer ); if ( $erased ) { /* Translators: %s Prop name. */ $response['messages'][] = sprintf( __( 'Removed customer "%s"', 'woocommerce' ), $label ); $response['items_removed'] = true; } } $customer->save(); /** * Allow extensions to remove data for this customer and adjust the response. * * @since 3.4.0 * @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done. * @param WC_Order $order A customer object. */ return apply_filters( 'woocommerce_privacy_erase_personal_data_customer', $response, $customer ); } /** * Finds and erases data which could be used to identify a person from WooCommerce data assocated with an email address. * * Orders are erased in blocks of 10 to avoid timeouts. * * @since 3.4.0 * @param string $email_address The user email address. * @param int $page Page. * @return array An array of personal data in name value pairs */ public static function order_data_eraser( $email_address, $page ) { $page = (int) $page; $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. $erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_order_data', 'no' ) ); $response = array( 'items_removed' => false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); $order_query = array( 'limit' => 10, 'page' => $page, 'customer' => array( $email_address ), ); if ( $user instanceof WP_User ) { $order_query['customer'][] = (int) $user->ID; } $orders = wc_get_orders( $order_query ); if ( 0 < count( $orders ) ) { foreach ( $orders as $order ) { if ( apply_filters( 'woocommerce_privacy_erase_order_personal_data', $erasure_enabled, $order ) ) { self::remove_order_personal_data( $order ); /* Translators: %s Order number. */ $response['messages'][] = sprintf( __( 'Removed personal data from order %s.', 'woocommerce' ), $order->get_order_number() ); $response['items_removed'] = true; } else { /* Translators: %s Order number. */ $response['messages'][] = sprintf( __( 'Personal data within order %s has been retained.', 'woocommerce' ), $order->get_order_number() ); $response['items_retained'] = true; } } $response['done'] = 10 > count( $orders ); } else { $response['done'] = true; } return $response; } /** * Finds and removes customer download logs by email address. * * @since 3.4.0 * @param string $email_address The user email address. * @param int $page Page. * @return array An array of personal data in name value pairs */ public static function download_data_eraser( $email_address, $page ) { $page = (int) $page; $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. $erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_download_data', 'no' ) ); $response = array( 'items_removed' => false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); $downloads_query = array( 'limit' => -1, 'page' => $page, 'return' => 'ids', ); if ( $user instanceof WP_User ) { $downloads_query['user_id'] = (int) $user->ID; } else { $downloads_query['user_email'] = $email_address; } $customer_download_data_store = WC_Data_Store::load( 'customer-download' ); // Revoke download permissions. if ( apply_filters( 'woocommerce_privacy_erase_download_personal_data', $erasure_enabled, $email_address ) ) { if ( $user instanceof WP_User ) { $result = $customer_download_data_store->delete_by_user_id( (int) $user->ID ); } else { $result = $customer_download_data_store->delete_by_user_email( $email_address ); } if ( $result ) { $response['messages'][] = __( 'Removed access to downloadable files.', 'woocommerce' ); $response['items_removed'] = true; } } else { $response['messages'][] = __( 'Customer download permissions have been retained.', 'woocommerce' ); $response['items_retained'] = true; } return $response; } /** * Remove personal data specific to WooCommerce from an order object. * * Note; this will hinder order processing for obvious reasons! * * @param WC_Order $order Order object. */ public static function remove_order_personal_data( $order ) { $anonymized_data = array(); /** * Allow extensions to remove their own personal data for this order first, so order data is still available. * * @since 3.4.0 * @param WC_Order $order A customer object. */ do_action( 'woocommerce_privacy_before_remove_order_personal_data', $order ); /** * Expose props and data types we'll be anonymizing. * * @since 3.4.0 * @param array $props Keys are the prop names, values are the data type we'll be passing to wp_privacy_anonymize_data(). * @param WC_Order $order A customer object. */ $props_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_props', array( 'customer_ip_address' => 'ip', 'customer_user_agent' => 'text', 'billing_first_name' => 'text', 'billing_last_name' => 'text', 'billing_company' => 'text', 'billing_address_1' => 'text', 'billing_address_2' => 'text', 'billing_city' => 'text', 'billing_postcode' => 'text', 'billing_state' => 'address_state', 'billing_country' => 'address_country', 'billing_phone' => 'phone', 'billing_email' => 'email', 'shipping_first_name' => 'text', 'shipping_last_name' => 'text', 'shipping_company' => 'text', 'shipping_address_1' => 'text', 'shipping_address_2' => 'text', 'shipping_city' => 'text', 'shipping_postcode' => 'text', 'shipping_state' => 'address_state', 'shipping_country' => 'address_country', 'shipping_phone' => 'phone', 'customer_id' => 'numeric_id', 'transaction_id' => 'numeric_id', ), $order ); if ( ! empty( $props_to_remove ) && is_array( $props_to_remove ) ) { foreach ( $props_to_remove as $prop => $data_type ) { // Get the current value in edit context. $value = $order->{"get_$prop"}( 'edit' ); // If the value is empty, it does not need to be anonymized. if ( empty( $value ) || empty( $data_type ) ) { continue; } $anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : ''; /** * Expose a way to control the anonymized value of a prop via 3rd party code. * * @since 3.4.0 * @param string $anon_value Value of this prop after anonymization. * @param string $prop Name of the prop being removed. * @param string $value Current value of the data. * @param string $data_type Type of data. * @param WC_Order $order An order object. */ $anonymized_data[ $prop ] = apply_filters( 'woocommerce_privacy_remove_order_personal_data_prop_value', $anon_value, $prop, $value, $data_type, $order ); } } // Set all new props and persist the new data to the database. $order->set_props( $anonymized_data ); // Remove meta data. $meta_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta', array( 'Payer first name' => 'text', 'Payer last name' => 'text', 'Payer PayPal address' => 'email', 'Transaction ID' => 'numeric_id', ) ); if ( ! empty( $meta_to_remove ) && is_array( $meta_to_remove ) ) { foreach ( $meta_to_remove as $meta_key => $data_type ) { $value = $order->get_meta( $meta_key ); // If the value is empty, it does not need to be anonymized. if ( empty( $value ) || empty( $data_type ) ) { continue; } $anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : ''; /** * Expose a way to control the anonymized value of a value via 3rd party code. * * @since 3.4.0 * @param string $anon_value Value of this data after anonymization. * @param string $prop meta_key key being removed. * @param string $value Current value of the data. * @param string $data_type Type of data. * @param WC_Order $order An order object. */ $anon_value = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta_value', $anon_value, $meta_key, $value, $data_type, $order ); if ( $anon_value ) { $order->update_meta_data( $meta_key, $anon_value ); } else { $order->delete_meta_data( $meta_key ); } } } $order->update_meta_data( '_anonymized', 'yes' ); $order->save(); // Delete order notes which can contain PII. $notes = wc_get_order_notes( array( 'order_id' => $order->get_id(), ) ); foreach ( $notes as $note ) { wc_delete_order_note( $note->id ); } // Add note that this event occured. $order->add_order_note( __( 'Personal data removed.', 'woocommerce' ) ); /** * Allow extensions to remove their own personal data for this order. * * @since 3.4.0 * @param WC_Order $order A customer object. */ do_action( 'woocommerce_privacy_remove_order_personal_data', $order ); } /** * Finds and erases customer tokens by email address. * * @since 3.4.0 * @param string $email_address The user email address. * @param int $page Page. * @return array An array of personal data in name value pairs */ public static function customer_tokens_eraser( $email_address, $page ) { $response = array( 'items_removed' => false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. if ( ! $user instanceof WP_User ) { return $response; } $tokens = WC_Payment_Tokens::get_tokens( array( 'user_id' => $user->ID, ) ); if ( empty( $tokens ) ) { return $response; } foreach ( $tokens as $token ) { WC_Payment_Tokens::delete( $token->get_id() ); /* Translators: %s Prop name. */ $response['messages'][] = sprintf( __( 'Removed payment token "%d"', 'woocommerce' ), $token->get_id() ); $response['items_removed'] = true; } /** * Allow extensions to remove data for tokens and adjust the response. * * @since 3.4.0 * @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done. * @param array $tokens Array of tokens. */ return apply_filters( 'woocommerce_privacy_erase_personal_data_tokens', $response, $tokens ); } }