gdpr_admin 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 805cbc1723602328c1f50a94bc0ce0ec9bf3e06aa68bfc8ea4ed4b209cd16bca
+  data.tar.gz: b14d9f47e9f06d9ef5480dd42ab9fa3c287e9c2c1a1241c997ba75f6a5e18e17
+SHA512:
+  metadata.gz: d3ae19c166459e40ea1d7428883935de10eaae4450d36de7a55e5ad8fd357d0cd8af736423d0823bc08e89645a67c370b660908fd93bb5d29c93bf6a0140ed8e
+  data.tar.gz: 95e6688226094762e6a25915075d2e26addf4d8f82ec5d799c89d097bdc752c1df1944ea4971eca2dc21f856d527e31f3d308e3b5cafd361e13a5b4d95af7373

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2023 Colex
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,60 @@
+# GDPR Admin
+Rails engine for processing GDPR processes. GDPR Admin offers a simple interface for defining strategies for automating the process of data access and data removal as required by data privacy regulations like GDPR.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "gdpr_admin"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install gdpr_admin
+```
+
+## Usage
+
+Create your data policies file within `app/gdpr` _(configurable)_ and inherit from `GdprAdmin::ApplicationDataPolicy`.
+Implement the methods `#scope`, `#export` and `#erase` for the new data policy. Within the data policy, you will be
+able to access the `GdprAdmin::Request` object in any method by calling the method `request` - you can, therefore, have
+different scopes and different removal behaviors depending on the request.
+
+```ruby
+class UserDataPolicy < GdprAdmin::ApplicationDataPolicy
+  def scope
+    User.with_deleted.where(updated_at: ...request.data_older_than)
+  end
+
+  def erase(user)
+    user.update_columns(
+      first_name: 'Anonymous',
+      last_name: "User #{user.id}",
+      email: "anonymous.user#{user.id}@company.co",
+      anonymized_at: Time.zone.now,
+    )
+  end
+end
+```
+
+Once you have all your data policies defined, create a `GdprAdmin::Request` to process a new request:
+
+```ruby
+GdprAdmin::Request.create!(
+  tenant: current_tenant,
+  requester: current_admin_user,
+  request_type: 'erase_all',
+  data_older_than: 1.month.ago, # Optional: by default, it will be todays date
+)
+```
+
+Creating a request will automatically enqueue the request to be processed in 4 hours - this gives time to cancel an accidental request. You can configure this grace period as desired.
+
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'bundler/setup'
+
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'

data/app/jobs/gdpr_admin/application_job.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/jobs/gdpr_admin/request_processor_job.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class RequestProcessorJob < ApplicationJob
+    def perform(task)
+      task.process!
+    end
+  end
+end

data/app/models/gdpr_admin/application_record.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/gdpr_admin/request.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class Request < ApplicationRecord
+    belongs_to :tenant, class_name: GdprAdmin.config.tenant_class
+    belongs_to :requester, class_name: GdprAdmin.config.requester_class
+
+    enum status: {
+      pending: 'pending',
+      processing: 'processing',
+      completed: 'completed',
+      failed: 'failed',
+    }
+
+    enum request_type: {
+      subject_export: 'subject_export',
+      erase_all: 'erase_all',
+      erase_subject: 'erase_subject',
+      erase_timeframe: 'erase_timeframe',
+    }
+
+    before_validation :set_default_data_older_than!
+    after_create_commit :schedule_processing
+
+    def process!
+      GdprAdmin.load_data_policies
+      with_lock { processing! }
+      with_lock do
+        GdprAdmin.config.tenant_adapter.with_tenant(tenant) { process_policies }
+        completed!
+      end
+    rescue StandardError
+      failed!
+      raise
+    end
+
+    def erase?
+      erase_all? || erase_subject? || erase_timeframe?
+    end
+
+    def export?
+      subject_export?
+    end
+
+    def schedule_processing
+      RequestProcessorJob.set(wait: 4.hours).perform_later(self)
+    end
+
+    private
+
+    def process_policies
+      ApplicationDataPolicy.descendants.each do |policy_class|
+        policy = policy_class.new(self)
+        policy.scope.find_each do |record|
+          policy.export(record) if export?
+          policy.erase(record) if erase?
+        end
+      rescue SkipDataPolicyError
+        next
+      end
+    end
+
+    def set_default_data_older_than!
+      self.data_older_than ||= Time.zone.now
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+GdprAdmin::Engine.routes.draw do
+  # Routes for GdprAdmin
+end

data/db/migrate/20230212185817_create_gdpr_admin_requests.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class CreateGdprAdminRequests < ActiveRecord::Migration[7.0]
+  def change
+    create_table :gdpr_admin_requests do |t|
+      t.references :tenant, null: false, foreign_key: { to_table: :organizations }
+      t.references :requester, null: false, foreign_key: { to_table: :admin_users }
+      t.string :request_type, null: false
+      t.string :status, default: 'pending', null: false
+      t.datetime :data_older_than, null: false
+
+      t.timestamps
+    end
+  end
+end

data/lib/gdpr_admin/anonymizers/contact_anonymizer.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module Anonymizers
+    module ContactAnonymizer
+      def anonymize_phone_number
+        Faker::PhoneNumber.phone_number
+      end
+    end
+  end
+end

data/lib/gdpr_admin/anonymizers/internet_anonymizer.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module Anonymizers
+    module InternetAnonymizer
+      def anonymize_email
+        Faker::Internet.email
+      end
+
+      def anonymize_password(record)
+        record.send(:password_digest, SecureRandom.hex(32))
+      end
+    end
+  end
+end

data/lib/gdpr_admin/anonymizers/name_anonymizer.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module Anonymizers
+    module NameAnonymizer
+      def anonymize_name
+        Faker::Name.name
+      end
+
+      def anonymize_first_name
+        Faker::Name.first_name
+      end
+
+      def anonymize_last_name
+        Faker::Name.last_name
+      end
+    end
+  end
+end

data/lib/gdpr_admin/application_data_policy.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class ApplicationDataPolicy
+    include Helpers::EraseHelper
+
+    def initialize(request)
+      @request = request
+    end
+
+    def scope
+      raise SkipDataPolicyError
+    end
+
+    def export(_record)
+      raise NotImplementedError
+    end
+
+    def erase(_record)
+      raise NotImplementedError
+    end
+
+    protected
+
+    attr_reader :request
+  end
+end

data/lib/gdpr_admin/configuration.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class Configuration
+    attr_accessor :tenant_class, :requester_class, :data_policies_path
+    attr_writer :tenant_adapter
+
+    def initialize
+      @tenant_class = 'Organization'
+      @requester_class = 'AdminUser'
+      @tenant_adapter = TenantAdapters::ActsAsTenantAdapter.new
+      @data_policies_path = Rails.root.join('app', 'gdpr')
+    end
+
+    def tenant_adapter
+      return @tenant_adapter unless @tenant_adapter.is_a?(Symbol)
+
+      GdprAdmin::TenantAdapters.const_get("#{@tenant_adapter}_adapter".classify).new
+    end
+  end
+end

data/lib/gdpr_admin/engine.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class Engine < ::Rails::Engine
+    isolate_namespace GdprAdmin
+  end
+end

data/lib/gdpr_admin/helpers/erase_helper.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require_relative '../anonymizers/name_anonymizer'
+require_relative '../anonymizers/contact_anonymizer'
+require_relative '../anonymizers/internet_anonymizer'
+
+module GdprAdmin
+  module Helpers
+    module EraseHelper
+      include Anonymizers::NameAnonymizer
+      include Anonymizers::ContactAnonymizer
+      include Anonymizers::InternetAnonymizer
+
+      ##
+      # Erases the given fields on the given record using the method given.
+      # Fields should be an array of hashes formatted as follows:
+      #
+      # ```ruby
+      #   [
+      #     { field: :first_name, method: :anonymize, seed: :id },
+      #     { field: :last_name, method: :anonymize },
+      #     { field: :job_title, method: -> { 'Anonymized Title' } },
+      #     { field: :email, method: :anonymize_email },
+      #     { field: :password_digest, method: :anonymize_password },
+      #     { field: :phone_number, method: ->(record) { record.phone_number.split('').shuffle.join } },
+      #     { field: :address, method: :nillify },
+      #   ]
+      # ```
+      #
+      # By default, the seed for the anonymize method is the value of the field being anonymized.
+      # If you want to use a different field as the seed, you can specify it using the `seed` key.
+      #
+      # If you want to use a method that is not defined in the anonymizer, you can pass a lambda.
+      # The lambda will be called with the record as the first argument and the seed as the second.
+      #
+      # The third argument of the `erase_fields` method is an optional base fields hash that will be used to
+      # update the record. This is useful if you want to `erase_fields` to update other fields that
+      # are not part of the erasure process. For example:
+      #
+      # ```ruby
+      #   erase_fields(record, fields, { anonymized_at: Time.zone.now })
+      # ```
+      #
+      # This method uses the `update_columns` method to update the record, so it will skip validations.
+      #
+      # @param record [ActiveRecord::Base] The record to erase
+      # @param fields [Array<Hash>] The fields to erase
+      # @param base_fields [Hash] The fields to update on the record together with the erased fields
+      def erase_fields(record, fields, base_fields = {})
+        new_data = fields.inject(base_fields) do |res, curr|
+          next res if record[curr[:field]].nil?
+
+          res.merge(
+            curr[:field] => call_method(curr[:method], record, record[curr[:seed] || curr[:field]]),
+          )
+        end
+        record.update_columns(new_data)
+      end
+
+      def nillify
+        nil
+      end
+
+      def with_seed(seed)
+        Faker::Config.random = Random.new(seed.to_s.chars.sum(&:ord)) if defined?(Faker)
+        yield
+      end
+
+      private
+
+      def call_method(erase_method, record, seed)
+        return if erase_method.nil?
+
+        erase_method = method(erase_method) if erase_method.is_a?(Symbol)
+
+        arity = erase_method.arity
+        with_seed(seed) do
+          erase_method.call(*[record, seed].take(arity))
+        end
+      end
+    end
+  end
+end

data/lib/gdpr_admin/skip_data_policy_error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class SkipDataPolicyError < StandardError; end
+end

data/lib/gdpr_admin/tenant_adapters/acts_as_tenant_adapter.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module TenantAdapters
+    class ActsAsTenantAdapter
+      def with_tenant(tenant, &block)
+        ActsAsTenant.with_tenant(tenant, &block)
+      end
+    end
+  end
+end

data/lib/gdpr_admin/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  VERSION = '1.1.0'
+end

data/lib/gdpr_admin.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'gdpr_admin/version'
+require 'gdpr_admin/engine'
+require 'gdpr_admin/configuration'
+require 'gdpr_admin/skip_data_policy_error'
+require 'gdpr_admin/helpers/erase_helper'
+require 'gdpr_admin/application_data_policy'
+require 'gdpr_admin/tenant_adapters/acts_as_tenant_adapter'
+
+begin
+  require 'faker'
+rescue LoadError; end # rubocop:disable Lint/SuppressedException
+
+module GdprAdmin
+  def self.configure
+    yield config
+  end
+
+  def self.config
+    @config ||= Configuration.new
+  end
+
+  def self.load_data_policies(force: false)
+    return if Rails.application.config.eager_load && !force
+
+    Dir.glob(Pathname.new(config.data_policies_path).join('**', '*.rb')).each do |file|
+      require_dependency file
+    end
+  end
+end

data/lib/tasks/gdpr_admin_tasks.rake

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# desc "Explaining what the task does"
+# task :gdpr_admin do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,180 @@
+--- !ruby/object:Gem::Specification
+name: gdpr_admin
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- Colex
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-02-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.7
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.45.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.45.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.11.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.11.5
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.4
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+description: Engine for managing GDPR processes.
+email:
+- alex.santos@reachdesk.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/jobs/gdpr_admin/application_job.rb
+- app/jobs/gdpr_admin/request_processor_job.rb
+- app/models/gdpr_admin/application_record.rb
+- app/models/gdpr_admin/request.rb
+- config/routes.rb
+- db/migrate/20230212185817_create_gdpr_admin_requests.rb
+- lib/gdpr_admin.rb
+- lib/gdpr_admin/anonymizers/contact_anonymizer.rb
+- lib/gdpr_admin/anonymizers/internet_anonymizer.rb
+- lib/gdpr_admin/anonymizers/name_anonymizer.rb
+- lib/gdpr_admin/application_data_policy.rb
+- lib/gdpr_admin/configuration.rb
+- lib/gdpr_admin/engine.rb
+- lib/gdpr_admin/helpers/erase_helper.rb
+- lib/gdpr_admin/skip_data_policy_error.rb
+- lib/gdpr_admin/tenant_adapters/acts_as_tenant_adapter.rb
+- lib/gdpr_admin/version.rb
+- lib/tasks/gdpr_admin_tasks.rake
+homepage: https://github.com/Colex/gdpr_admin
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/Colex/gdpr_admin
+  source_code_uri: https://github.com/Colex/gdpr_admin
+  changelog_uri: https://github.com/Colex/gdpr_admin
+  rubygems_mfa_required: 'true'
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.4
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.26
+signing_key: 
+specification_version: 4
+summary: Engine for managing GDPR processes.
+test_files: []