Piwik

# open source web analytics

http://piwik.org/

Les articles publiés sur le site

  • How to write unit tests for your plugin – Introducing the Piwik Platform

    17 novembre 2014, par Thomas SteurDevelopment

    This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to verify user permissions). This time you’ll learn how to write unit tests in Piwik. For this tutorial you will need to have basic knowledge of PHP, PHPUnit and the Piwik platform.

    When is a test a unit test?

    There are many different opinions on this and it can be sometimes hard to decide. At Piwik we consider a test as a unit test if only a single method or class is being tested and if a test does not have a dependency to the filesystem, web, config, database or to any other plugin.

    If a test is slow it can be an indicator that it is not a unit test. “Slow” is of course a bit vague. We will cover how to write other type of tests, such as integration tests, in one of our next blog posts.

    Getting started

    In this post, we assume that you have already installed Piwik 2.9.0 or later via git, set up your development environment and created a plugin. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik and other Guides that help you to develop a plugin.

    Let’s create a unit test

    We start by using the Piwik Console to create a new unit test:

    ./console generate:test --testtype unit

    The command will ask you to enter the name of the plugin the created test should belong to. I will use the plugin name “Insights”. Next it will ask you for the name of the test. Here you usually enter the name of the class you want to test. I will use “Widgets” in this example. There should now be a file plugins/Insights/tests/Unit/WidgetsTest.php which contains already an example to get you started easily:

    /**
 * @group Insights
 * @group WidgetsTest
 * @group Plugins
 */
class WidgetsTest extends \PHPUnit_Framework_TestCase
{

    public function testSimpleAddition()
    {
        $this->assertEquals(2, 1+1);
    }

}

    We don’t want to cover how you should write your unit test. This is totally up to you. If you have no experience in writing unit tests yet, we recommend to read articles on the topic, or a book, or to watch videos or anything else that will help you learn best.

    Running a test

    To run a test we will use the command tests:run which allows you to execute a test suite, a specific file or a group of tests.

    To verify whether the created test works we will run it as follows: 

    ./console tests:run WidgetsTest

    This will run all tests having the group WidgetsTest. As other tests can use the same group you might want to pass the path to your test file instead:

    ./console tests:run plugins/Insights/tests/Unit/Widgets.php

    If you want to run all tests within your plugin pass the name of your plugin as an argument: 

    ./console tests:run insights

    Of course you can also define multiple arguments:

    ./console tests:run insights WidgetsTest

    This will execute all tests within the insights plugin having the group WidgetsTest. If you only want to run unit tests within your plugin you can do the following:

    ./console tests:run insights unit

    Advanced features

    Isn’t it easy to create a unit test? We never even created a file! You can accomplish even more if you want: You can generate other type of tests, you can run tests on Amazon’s AWS and more. Unfortunately, not everything is documented yet so we recommend to discover more features by executing the commands ./console list tests and ./console help tests:run.

    If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.

  • How to verify user permissions – Introducing the Piwik Platform

    9 novembre 2014, par Thomas SteurDevelopment

    This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to make your plugin multilingual). This time you’ll learn how to verify user permissions. For this tutorial you will need to have basic knowledge of PHP and the Piwik platform.

    When should a plugin verify permissions?

    Usually you want to do this before executing any action – such as deleting or fetching data – and before rendering any sensitive information that should not be accessible by everyone. For instance in an API method or Controller action. You sometimes also need to verify permissions before registering menu items or widgets.

    How does Piwik’s user management work?

    It is quite simple as it only differentiates between a few roles: View permission, Admin permission and Super User permission. If you manage multiple websites with Piwik a user can be assigned to different roles as a user might have no permission for some websites but view or admin permission for another set of websites.

    Worth mentioning is that roles inherit from each other. This means the role admin automatically includes the role view and a super user automatically covers the view and admin role.

    Getting started

    In this post, we assume that you have already set up your development environment and created a plugin. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik and other Guides that help you to develop a plugin.

    Verifying user permissions

    To protect your data the platform offers many convenient methods in the \Piwik\Piwik class. There you will find methods that either start with check, is or has. While methods that start with check throw an exception in case a condition is not met, the other methods return a boolean true or false.

    Use methods that throw an exception if you want to stop any further execution in case a user does not have an appropriate role. The platform will catch the exception and display an error message or ask the user to log in.

    public function deleteAllMessages()
{
    // delete messages only if user has super user access, otherwise show an error message
    Piwik::checkUserSuperUserAccess();

    $this->getModel()->deleteAllMessages();
}

    Use methods that return a boolean for instance when registering menu items or widgets.

    public function configureAdminMenu(MenuAdmin $menu)
{
    if (Piwik::hasUserSuperUserAccess()) {
        $menu->addPlatformItem('Plugins', $this->urlForDefaultAction());
    }
}

    It is important to be aware that just because the menu item won’t be displayed in the UI a user can still open the registered URL manually. Therefore you have to check for permissions in the actual controller action as well.

    View permission

    A user having a view permission should be only able to view reports but not make any changes apart from his personal settings. The methods that end with UserHasSomeViewAccess make sure a user has at least view permission for one website whereas the methods *UserHasViewAccess($idSites = array(1,2,3)) check whether a user has view access for all of the given websites.

    Piwik::checkUserHasSomeViewAccess();

Piwik::checkUserHasViewAccess($idSites = array(1,2,3));

    As a plugin developer you would usually use the latter example to verify the permissions for specific websites. Use the first example in case you develop something like an “All Websites Dashboard” where you only want to make sure the user has a view permission for at least one website.

    Admin permission

    A user having an admin permission cannot only view reports but also change website related settings. The methods to check for this role are similar to the ones before, just swap the term View with Admin.

    Piwik::checkUserHasSomeAdminAccess();

Piwik::checkUserHasAdminAccess($idSites = array(1,2,3));

    Super user permission

    A user having the super user permission is allowed to access all of the data stored in Piwik and change any settings. To check if a user has this role use one of the methods that end with UserSuperUserAccess. 

    Piwik::checkUserHasSuperUserAccess();

    As a plugin developer you would check for this permission for instance in places where your plugin shows an activity log over all users or where it offers the possibility to change any system wide settings.

    Getting information about the currently logged in user

    Sometimes you might want to know which user is currently logged in. This can be useful if you want to persist user related information in the database or if you want to send an email to the currently logged in user. You can easily get this information by calling the following methods:

    $login = Piwik::getCurrentUserLogin()
$email = Piwik::getCurrentUserEmail()

    Advanced features

    Of course there is more that you can do. For instance you can verify whether a user is an anonymous user or whether a user has a specific role. You can also perform any operation in the context of a super user even if the current user does not have this role. Would you like to know more about those features? Check out the Piwik class reference, the Security guide and the Manage Users user guide.

    If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.

  • How to verify user permissions – Introducing the Piwik Platform

    9 novembre 2014, par Thomas SteurDevelopment

    This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to make your plugin multilingual). This time you’ll learn how to verify user permissions. For this tutorial you will need to have basic knowledge of PHP and the Piwik platform.

    When should a plugin verify permissions?

    Usually you want to do this before executing any action – such as deleting or fetching data – and before rendering any sensitive information that should not be accessible by everyone. For instance in an API method or Controller action. You sometimes also need to verify permissions before registering menu items or widgets.

    How does Piwik’s user management work?

    It is quite simple as it only differentiates between a few roles: View permission, Admin permission and Super User permission. If you manage multiple websites with Piwik a user can be assigned to different roles as a user might have no permission for some websites but view or admin permission for another set of websites.

    Worth mentioning is that roles inherit from each other. This means the role admin automatically includes the role view and a super user automatically covers the view and admin role.

    Getting started

    In this post, we assume that you have already set up your development environment and created a plugin. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik and other Guides that help you to develop a plugin.

    Verifying user permissions

    To protect your data the platform offers many convenient methods in the \Piwik\Piwik class. There you will find methods that either start with check, is or has. While methods that start with check throw an exception in case a condition is not met, the other methods return a boolean true or false.

    Use methods that throw an exception if you want to stop any further execution in case a user does not have an appropriate role. The platform will catch the exception and display an error message or ask the user to log in.

    public function deleteAllMessages()
{
    // delete messages only if user has super user access, otherwise show an error message
    Piwik::checkUserSuperUserAccess();

    $this->getModel()->deleteAllMessages();
}

    Use methods that return a boolean for instance when registering menu items or widgets.

    public function configureAdminMenu(MenuAdmin $menu)
{
    if (Piwik::hasUserSuperUserAccess()) {
        $menu->addPlatformItem('Plugins', $this->urlForDefaultAction());
    }
}

    It is important to be aware that just because the menu item won’t be displayed in the UI a user can still open the registered URL manually. Therefore you have to check for permissions in the actual controller action as well.

    View permission

    A user having a view permission should be only able to view reports but not make any changes apart from his personal settings. The methods that end with UserHasSomeViewAccess make sure a user has at least view permission for one website whereas the methods *UserHasViewAccess($idSites = array(1,2,3)) check whether a user has view access for all of the given websites.

    Piwik::checkUserHasSomeViewAccess();

Piwik::checkUserHasViewAccess($idSites = array(1,2,3));

    As a plugin developer you would usually use the latter example to verify the permissions for specific websites. Use the first example in case you develop something like an “All Websites Dashboard” where you only want to make sure the user has a view permission for at least one website.

    Admin permission

    A user having an admin permission cannot only view reports but also change website related settings. The methods to check for this role are similar to the ones before, just swap the term View with Admin.

    Piwik::checkUserHasSomeAdminAccess();

Piwik::checkUserHasAdminAccess($idSites = array(1,2,3));

    Super user permission

    A user having the super user permission is allowed to access all of the data stored in Piwik and change any settings. To check if a user has this role use one of the methods that end with UserSuperUserAccess. 

    Piwik::checkUserHasSuperUserAccess();

    As a plugin developer you would check for this permission for instance in places where your plugin shows an activity log over all users or where it offers the possibility to change any system wide settings.

    Getting information about the currently logged in user

    Sometimes you might want to know which user is currently logged in. This can be useful if you want to persist user related information in the database or if you want to send an email to the currently logged in user. You can easily get this information by calling the following methods:

    $login = Piwik::getCurrentUserLogin()
$email = Piwik::getCurrentUserEmail()

    Advanced features

    Of course there is more that you can do. For instance you can verify whether a user is an anonymous user or whether a user has a specific role. You can also perform any operation in the context of a super user even if the current user does not have this role. Would you like to know more about those features? Check out the Piwik class reference, the Security guide and the Manage Users user guide.

    If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.

  • French CNIL recommends Piwik : the only analytics tool that does not require Cookie Consent

    29 octobre 2014, par Matthieu AubryPress Releases

    There has been recent and important changes in France regarding data privacy and the use of cookies. This blog post will introduce you to these changes and explain how you make your website compliant.

    Cookie Consent in the data freedom law

    Since the adoption of the EU Directive 2009/136/EC “Telecom Package”, Internet users must be informed and provide their prior consent to the storage of cookies on their computer. The use of cookies for advertising, analytics and social share buttons require the user’s consent:

    It is necessary to inform users of the presence, purpose and duration of the cookies placed in their browsers, and the means at their disposal to oppose it.

    What is a cookie?

    Cookies are tracers placed on Internet users’ hard drives by the web hosts of the visited website. They allow the website to identify a single user across multiple visits with a unique identifier. Cookies may be used for various purposes: building up a shopping cart, storing a website’s language settings, or targeting advertising by monitoring the user’s web-browsing.

    Which cookies are exempt from the Cookie Consent rule?

    France has exempted certain cookies from the cookie consent rule: for those cookies that are strictly necessary to offer the service sought after by the user you do not need to ask consent to user. Examples of such cookies are:

    • the shopping cart cookie,
    • authentication cookies,
    • short lived session cookies,
    • load balancer cookies,
    • certain first party analytics (such as Piwik cookies),
    • persistent cookies for interface personalisation.

    Asking users for consent for Analytics (tracking) Cookies

    For all cookies that are not exempted from the Cookie Consent then you will need to:

    • obtain consent from web users before placing or reading cookies and similar technologies,
    • clearly inform web users of the different purposes for which the cookies and similar technologies will be used,
    • propose a real choice to web users between accepting or refusing cookies and similar technologies.

    You don’t need Cookie Consent with Piwik

    The excellent news is that there is a way to bypass the Cookie Consent banner on your website:

    If you are using another analytics solution other than Piwik then you will need to ask users for consent. If you do not want to ask for consent then download and install Piwik or signup to Piwik Cloud to get started.

    If you are already using Piwik you need to do two simple things: (1) anonymise visitor IP addresses (at least two bytes) and (2) include the opt-out iframe solution in your website (learn more).

    Note that these recommendations currently only apply in France, but because the law is European we can expect similar findings in other European countries.

    CNIL recommends Piwik

    We are proud that the CNIL has identified Piwik as the only tool that respects all privacy requirements set by the European Telecom law.

    About the CNIL

    The CNIL is an independent administrative body that operates in accordance with the French data protection legislation. The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them.

    The role and responsabilities of the CNIL are:

    • to protect citizens and their data
    • to regulate and control processing of personal data
    • to inspect the security of data processing systems and applications, and impose penalties

    Piwik and Privacy

    At Piwik we love Privacy – our open analytics platform comes with built-in Privacy.

    Future of Privacy at Piwik

    Piwik is already the leader when it comes to respecting user privacy but we plan to continue improving privacy within the open analytics platform. For more information and specific ideas see Privacy enhancing issues in our issue tracker.

    References

    Learn more in these articles in French [fr] or English:

    Contact

    To learn more about Piwik, please visit piwik.org,

    Get in touch with the Piwik team: Contact information,

    For professional support contact Piwik PRO.

  • French CNIL recommends Piwik : the only analytics tool that does not require Cookie Consent

    29 octobre 2014, par Matthieu AubryPress Releases

    There has been recent and important changes in France regarding data privacy and the use of cookies. This blog post will introduce you to these changes and explain how you make your website compliant.

    Cookie Consent in the data freedom law

    Since the adoption of the EU Directive 2009/136/EC “Telecom Package”, Internet users must be informed and provide their prior consent to the storage of cookies on their computer. The use of cookies for advertising, analytics and social share buttons require the user’s consent:

    It is necessary to inform users of the presence, purpose and duration of the cookies placed in their browsers, and the means at their disposal to oppose it.

    What is a cookie?

    Cookies are tracers placed on Internet users’ hard drives by the web hosts of the visited website. They allow the website to identify a single user across multiple visits with a unique identifier. Cookies may be used for various purposes: building up a shopping cart, storing a website’s language settings, or targeting advertising by monitoring the user’s web-browsing.

    Which cookies are exempt from the Cookie Consent rule?

    France has exempted certain cookies from the cookie consent rule: for those cookies that are strictly necessary to offer the service sought after by the user you do not need to ask consent to user. Examples of such cookies are:

    • the shopping cart cookie,
    • authentication cookies,
    • short lived session cookies,
    • load balancer cookies,
    • certain first party analytics (such as Piwik cookies),
    • persistent cookies for interface personalisation.

    Asking users for consent for Analytics (tracking) Cookies

    For all cookies that are not exempted from the Cookie Consent then you will need to:

    • obtain consent from web users before placing or reading cookies and similar technologies,
    • clearly inform web users of the different purposes for which the cookies and similar technologies will be used,
    • propose a real choice to web users between accepting or refusing cookies and similar technologies.

    You don’t need Cookie Consent with Piwik

    The excellent news is that there is a way to bypass the Cookie Consent banner on your website:

    If you are using another analytics solution other than Piwik then you will need to ask users for consent. If you do not want to ask for consent then download and install Piwik or signup to Piwik Cloud to get started.

    If you are already using Piwik you need to do two simple things: (1) anonymise visitor IP addresses (at least two bytes) and (2) include the opt-out iframe solution in your website (learn more).

    Note that these recommendations currently only apply in France, but because the law is European we can expect similar findings in other European countries.

    CNIL recommends Piwik

    We are proud that the CNIL has identified Piwik as the only tool that respects all privacy requirements set by the European Telecom law.

    About the CNIL

    The CNIL is an independent administrative body that operates in accordance with the French data protection legislation. The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them.

    The role and responsabilities of the CNIL are:

    • to protect citizens and their data
    • to regulate and control processing of personal data
    • to inspect the security of data processing systems and applications, and impose penalties

    Piwik and Privacy

    At Piwik we love Privacy – our open analytics platform comes with built-in Privacy.

    Future of Privacy at Piwik

    Piwik is already the leader when it comes to respecting user privacy but we plan to continue improving privacy within the open analytics platform. For more information and specific ideas see Privacy enhancing issues in our issue tracker.

    References

    Learn more in these articles in French [fr] or English:

    Contact

    To learn more about Piwik, please visit piwik.org,

    Get in touch with the Piwik team: Contact information,

    For professional support contact Piwik PRO.

Navigation

Sites Web