gdpr_admin 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 805cbc1723602328c1f50a94bc0ce0ec9bf3e06aa68bfc8ea4ed4b209cd16bca
-  data.tar.gz: b14d9f47e9f06d9ef5480dd42ab9fa3c287e9c2c1a1241c997ba75f6a5e18e17
+  metadata.gz: b019a3a76e13bb0a29a264a2f14aa9979c8a4cf2ef3163014f72f727856d07ca
+  data.tar.gz: 735b7ac163d0b9a7579f0bb9c26bde48ca2dc5e00996175a31aaa597dae94597
 SHA512:
-  metadata.gz: d3ae19c166459e40ea1d7428883935de10eaae4450d36de7a55e5ad8fd357d0cd8af736423d0823bc08e89645a67c370b660908fd93bb5d29c93bf6a0140ed8e
-  data.tar.gz: 95e6688226094762e6a25915075d2e26addf4d8f82ec5d799c89d097bdc752c1df1944ea4971eca2dc21f856d527e31f3d308e3b5cafd361e13a5b4d95af7373
+  metadata.gz: 14e0c4a02403085c3c1fd5f7b29625f0b8194ab41a374e0f58213aa59f27e5b7e8a4d9477cbb53975fcd331af9d20516cfd3a37ffa6cc6007579ddd72bbba5a7
+  data.tar.gz: 63d3e8710805b8f339da69a4e93deb501d6bc7734eb21f542c3ca15683114e6c8b57e73d762a2e77294c9b3522e3eb35e5aa79d960a9bf5d6c6ce68081124c4e

data/README.md

@@ -1,6 +1,18 @@
+<p align="center">
+  <a href="http://github.com/Colex/gdpr_admin" target="blank"><img src="https://i.ibb.co/mJwpsFY/logo.png" width="120" alt="GDPR and Ruby logo" /></a>
+</p>
+
 # GDPR Admin
+
+[![Build Status](https://github.com/Colex/gdpr_admin/actions/workflows/build.yml/badge.svg)](https://github.com/Colex/gdpr_admin/actions/workflows/build.yml)
+[![Code Climate](https://codeclimate.com/github/Colex/gdpr_admin.svg)](https://codeclimate.com/github/Colex/gdpr_admin)
+[![Gem Version](https://badge.fury.io/rb/gdpr_admin.svg)](http://badge.fury.io/rb/gdpr_admin)
+
 Rails engine for processing GDPR processes. GDPR Admin offers a simple interface for defining strategies for automating the process of data access and data removal as required by data privacy regulations like GDPR.
 
+GDPR Admin uses simple Ruby classes, so you're free to code your Data Policies as you see fit. A swiss knife of
+helper methods are available to make the processes even simpler.
+
 ## Installation
 Add this line to your application's Gemfile:
 
@@ -48,13 +60,290 @@ Once you have all your data policies defined, create a `GdprAdmin::Request` to p
 GdprAdmin::Request.create!(
   tenant: current_tenant,
   requester: current_admin_user,
-  request_type: 'erase_all',
+  request_type: 'erase_data',
   data_older_than: 1.month.ago, # Optional: by default, it will be todays date
 )
 ```
 
 Creating a request will automatically enqueue the request to be processed in 4 hours - this gives time to cancel an accidental request. You can configure this grace period as desired.
 
+### Anonymization Helpers
+A set of helper methods are available to make the anonymization even simpler. These are not mandatory, but can help you
+keep your code cleaner and, better, write less code.
+
+#### `erase_fields`
+
+```ruby
+erase_fields(record, fields, base_changes = {})
+```
+
+The method `erase_fields` is available in the Data Policy class. It expects an array of field anonymization options.
+It will automatically process those fields and update the record in the database using `update_columns` (so validations
+are skipped). The last optional argument (`base_changes`) is a hash of attributes that should be updated when the record
+is updated. See the example below:
+
+```ruby
+class ContactDataPolicy < GdprAdmin::ApplicationDataPolicy
+  def fields
+    [
+      { field: :first_name, method: :anonymize_first_name },
+      { field: :last_name, method: :anonymize_last_name },
+      { field: :gender, method: :skip },
+      {
+        field: :email,
+        method: lambda { |contact|
+          domain = contact.email[/@.*/]
+          "anonymous.contact#{contact.id}#{domain}"
+        },
+      },
+      { field: :street_address, method: :nilify },
+      { field: :city, method: :anonymize_city, seed: :id },
+    ]
+  end
+
+  def erase(contact)
+    erase_fields(contact, fields, { anonymized_at: Time.zone.now })
+  end
+end
+```
+
+The anonymizers used above (e.g. `anonymize_first_name`), by default, will use the value of the field being updated as
+the seed. That means that, when anonymization with the same anonymizer function, equal values will **always** yield the
+same anonymized value. _(note: different values may also yield the same value)_
+
+To use the built-in anonymizer functions, you need to install the gem `faker`.
+
+## GDPR Request
+A GDPR Request (`GdprAdmin::Request`) represents a request to remove a subject's data, tenant's data, or export subject data.
+
+### Model `GdprAdmin::Request`
+
+```ruby
+GdprAdmin::Request.create!(
+  tenant: current_tenant,
+  requester: current_admin_user,
+  request_type: 'erase_data',
+  data_older_than: 30.days.ago,
+)
+```
+
+#### `#tenant`
+Defines which tenant is this request attributed to. All requests must be assigned to a Tenant.
+
+#### `#request_type`
+Represents what type of request is being performed. Must be one of:
+- `erase_data`: erase a tenant's data;
+- `erase_subject`: erase a single subject's data in a tenant;
+- `export_subject`: export data about a subject within a tenant;
+
+#### `#data_older_than`
+The request should only affect any data created before than date defined here (e.g. erase anything older than 30 days ago).
+
+#### `#process!`
+This method executes the request. This is automatically called by the `GdprAdmin::RequestProcessorJob`.
+
+## Data Retention Policies
+Some tenants may have different data retention policies (e.g. some hold Personally identifiable information for 3 months,
+others for 1 month).
+
+### Setup Job
+Run the job `GdprAdmin::DataRetentionPoliciesRunnerJob` periodically to execute your data retention policy (it is recommended
+to run it, at least, once a day).
+
+#### Sidekiq
+You can define a repeating job with `sidekiq-cron`:
+
+```ruby
+Sidekiq::Cron::Job.create(
+  class: SyncOrganizationsContactsJob.to_s,
+  cron: '0 2 * * *',
+  name: 'Sync Organization Contacts',
+  queue: 'cron',
+  active_job: true,
+)
+```
+
+#### DelayedJobs
+```ruby
+GdprAdmin::DataRetentionPoliciesRunnerJob.set(cron: '0 2 * * *', queue: :cron).perform_later
+```
+
+### Model `GdprAdmin::DataRetentionPolicy`
+
+This model allows you to create a custom data policy for each tenant and automatically run the policy periodically.
+
+```ruby
+GdprAdmin::DataRetentionPolicy.create!(
+  tenant: acme_inc,
+  period_in_days: 30,
+)
+```
+
+If you want to have a custom logic for running the data retention policy (e.g. do not run if the organization is deleted),
+then you can add the logic to the method `#should_process?`:
+
+```ruby
+module GdprAdmin
+  class DataRetentionPolicy < GdprAdmin::ApplicationRecord
+    include GdprAdmin::DataRetentionPolicyConcern
+
+    def should_process?
+      tenant.deleted_at.nil?
+    end
+  end
+end
+```
+
+
+## PaperTrail
+GDPR Admin provides a set of tools to keep your PaperTrail GDPR Compliant.
+
+### PaperTrail Data Privacy
+By default, PaperTrail versions will not be anonymized. You may extend the default `PaperTrail::VersionDataPrivacy`
+with your own scope. If you track custom fields with your versions (e.g. `ip`), then you can also define an anonymizer
+for those here:
+
+```ruby
+# app/gdpr/paper_trail/version_data_privacy.rb
+
+module PaperTrail
+  class VersionDataPolicy < GdprAdmin::PaperTrail::VersionDataPolicy
+    def fields
+      [
+        { field: 'ip', method: :anonymize_ip },
+      ]
+    end
+
+    def scope
+      return PaperTrail::Version.where(updated_at: ...request.data_older_than) if request.erase_data?
+
+      PaperTrail::Version.none
+    end
+  end
+end
+```
+
+#### `PaperTrail::VersionDataPolicy#erase`
+**NOTE:** this method only support JSON format for `object` and, optionally, `object_changes`. If you need a different
+format, you will need to re-implement this method as desired.
+
+`erase(version, item_fields = nil)`
+
+The `erase` method will, by default, anonymize the data within `object` and `object_changes` (and whichever fields are
+defined in the `#fields` method). It will choose which fields to anonymize the `object` and `object_changes` and which
+anonymization methods by finding the `item`'s data policy and loading the fields from its `fields` method. Unless
+`item_fields` is defined, in which case it will be used instead.
+
+For example, if you have a `item_type` set to `User`, it will try to find the `UserDataPrivacy`. If you want to use a
+different class for a `item_type`, you must define a `data_policy_class` in the model.
+
+```ruby
+class User < ApplicationRecord
+  def data_policy_class
+    PersonDataPolicy
+  end
+end
+```
+
+If you'd like to just namespace all policies, then you can define `data_policy_prefix` in the `ApplicationRecord`:
+
+```ruby
+class ApplicationRecord < ActiveRecord::Base
+  def data_policy_prefix
+    'Gdpr::'
+  end
+end
+
+# Now, user should be defined in `Gdpr::UserDataPolicy`
+```
+
+### PaperTrail Helpers
+When using the method `erase_fields`, no PaperTrail versions will be created in the database. GDPR Admin offer other
+helper methods to deal with PaperTrail. (If you are not using `paper_trail`, this section may not be relevant)
+
+#### `without_paper_trail`
+
+Given a block, this method will execute it in a context where PaperTrail is disabled, so no versions are created:
+```ruby
+def erase(contact)
+  without_paper_trail do
+    contact.update!(first_name: 'John', last_name: 'Doe')
+  end
+end
+```
+
+As mentioned above, this is **not** required when using `erase_fields` as it is the default behavior.
+
+## Configuration
+Configure GDPR Admin in a initializer file `config/initializers/gdpr_admin.rb`. The configuration should be done within
+the block of `GdprAdmin.configure(&block)`:
+
+```ruby
+# config/initializers/gdpr_admin/rb
+GdprAdmin.configure do |config|
+  # GDPR Admin configuration here...
+end
+```
+
+### Multi-Tenancy
+GDPR Admin is built maily for B2B SaaS services and it assumes that the service may have multiple tenants. The
+`GDPR::Request` object always expects a `tenant` to be provided. When processing the request, data will be automatically
+segregated using the tenant adapter.
+
+#### Tenant Class
+By default, GDPR Admin will assume that the tenant class is `Organization`. You can change that by setting the
+`tenant_class` in the config.
+
+```ruby
+GdprAdmin.configure do |config|
+  config.tenant_class = 'Tenant'
+end
+```
+
+#### ActsAsTenant Adapter
+You can segregated the process to a tenant using `ActsAsTenant` gem:
+
+```ruby
+GdprAdmin.configure do |config|
+  config.tenant_adapter = :acts_as_tenant
+end
+```
+
+### Jobs
+Requests are processed asynchronously using ActiveJob.
+
+#### Custom Queue
+You can set which queue should be used to schedule the job for processing the request using the config `default_job_queue`:
+
+```ruby
+GdprAdmin.configure do |config|
+  config.default_job_queue = :gdpr_tasks
+end
+```
+
+#### Grace Periods
+To allow for cancelling any accidental erasure request, the jobs are scheduled with a configurable grace period.
+By default, erasure requests will wait 4 hours before being executed, while export requests will be executed immediately.
+
+```ruby
+GdprAdmin.configure do |config|
+  config.erasure_grace_period = 1.day
+  config.export_grace_period = 2.minutes
+end
+```
+
+### Other Configurations
+
+#### Data Policies Directory
+By default, GDPR Admin will assume that your data policies are defined in `app/gdpr`. If you wish to have them
+in a different place, you can change the option `data_policies_path`:
+
+```ruby
+GdprAdmin.configure do |config|
+  # Change data policies path to be within the models directory (app/models/gdpr)
+  config.data_policies_path = Rails.root.join('app', 'models', 'gdpr')
+end
+```
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/jobs/gdpr_admin/data_retention_policies_runner_job.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class DataRetentionPoliciesRunnerJob < ApplicationJob
+    queue_as GdprAdmin.config.default_job_queue
+
+    def perform
+      GdprAdmin::DataRetentionPolicy.active.find_each(&:process!)
+    end
+  end
+end

data/app/jobs/gdpr_admin/request_processor_job.rb

@@ -2,6 +2,8 @@
 
 module GdprAdmin
   class RequestProcessorJob < ApplicationJob
+    queue_as GdprAdmin.config.default_job_queue
+
     def perform(task)
       task.process!
     end

data/app/models/concerns/gdpr_admin/data_retention_policy_concern.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module DataRetentionPolicyConcern
+    extend ActiveSupport::Concern
+
+    included do
+      belongs_to :tenant, class_name: GdprAdmin.config.tenant_class
+
+      scope :active, -> { where(active: true) }
+
+      validates :active, inclusion: { in: [true, false] }
+      validates :period_in_days, numericality: { only_integer: true, greater_than: 0 }
+    end
+
+    def process!
+      with_lock do
+        raise InvalidStatusError unless active?
+        return unless should_process?
+
+        Request.create!(
+          tenant: tenant,
+          requester: nil,
+          request_type: :erase_data,
+          data_older_than: period_in_days.days.ago,
+        )
+        update!(last_run_at: Time.now.utc)
+      end
+    end
+
+    def should_process?
+      true
+    end
+  end
+end

data/app/models/gdpr_admin/data_retention_policy.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class DataRetentionPolicy < ApplicationRecord
+    include GdprAdmin::DataRetentionPolicyConcern
+  end
+end

data/app/models/gdpr_admin/request.rb

@@ -3,7 +3,14 @@
 module GdprAdmin
   class Request < ApplicationRecord
     belongs_to :tenant, class_name: GdprAdmin.config.tenant_class
-    belongs_to :requester, class_name: GdprAdmin.config.requester_class
+    belongs_to :requester, class_name: GdprAdmin.config.requester_class, optional: true
+
+    VALID_STATUS_TRANSITIONS = {
+      pending: %i[processing],
+      processing: %i[completed failed],
+      completed: [],
+      failed: %i[pending],
+    }.freeze
 
     enum status: {
       pending: 'pending',
@@ -13,15 +20,17 @@ module GdprAdmin
     }
 
     enum request_type: {
-      subject_export: 'subject_export',
-      erase_all: 'erase_all',
+      export_subject: 'export_subject',
+      erase_data: 'erase_data',
       erase_subject: 'erase_subject',
-      erase_timeframe: 'erase_timeframe',
     }
 
     before_validation :set_default_data_older_than!
     after_create_commit :schedule_processing
 
+    validates :status, presence: true
+    validate :valid_status_transition?
+
     def process!
       GdprAdmin.load_data_policies
       with_lock { processing! }
@@ -30,24 +39,28 @@ module GdprAdmin
         completed!
       end
     rescue StandardError
-      failed!
+      with_lock { failed! }
       raise
     end
 
     def erase?
-      erase_all? || erase_subject? || erase_timeframe?
+      erase_data? || erase_subject?
     end
 
     def export?
-      subject_export?
+      export_subject?
     end
 
     def schedule_processing
-      RequestProcessorJob.set(wait: 4.hours).perform_later(self)
+      RequestProcessorJob.set(wait: grace_period).perform_later(self)
     end
 
     private
 
+    def grace_period
+      export? ? GdprAdmin.config.export_grace_period : GdprAdmin.config.erasure_grace_period
+    end
+
     def process_policies
       ApplicationDataPolicy.descendants.each do |policy_class|
         policy = policy_class.new(self)
@@ -63,5 +76,13 @@ module GdprAdmin
     def set_default_data_older_than!
       self.data_older_than ||= Time.zone.now
     end
+
+    def valid_status_transition?
+      return true if status_was.nil? || status.nil? || status_was == status
+      return true if VALID_STATUS_TRANSITIONS[status_was.to_sym].include?(status.to_sym)
+
+      errors.add(:status, :invalid_transition)
+      false
+    end
   end
 end

data/db/migrate/20230212185817_create_gdpr_admin_requests.rb

@@ -4,7 +4,7 @@ class CreateGdprAdminRequests < ActiveRecord::Migration[7.0]
   def change
     create_table :gdpr_admin_requests do |t|
       t.references :tenant, null: false, foreign_key: { to_table: :organizations }
-      t.references :requester, null: false, foreign_key: { to_table: :admin_users }
+      t.references :requester, null: true, foreign_key: { to_table: :admin_users }
       t.string :request_type, null: false
       t.string :status, default: 'pending', null: false
       t.datetime :data_older_than, null: false

data/db/migrate/20230216171202_create_gdpr_admin_data_retention_policies.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class CreateGdprAdminDataRetentionPolicies < ActiveRecord::Migration[7.0]
+  def change
+    create_table :gdpr_admin_data_retention_policies do |t|
+      t.references :tenant, null: false, foreign_key: { to_table: :organizations }, index: { unique: true }
+      t.integer :period_in_days, null: false
+      t.boolean :active, null: false, default: false
+      t.datetime :last_run_at
+
+      t.timestamps
+    end
+  end
+end

data/lib/gdpr_admin/anonymizers/company_anonymizer.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module Anonymizers
+    module CompanyAnonymizer
+      def anonymize_company
+        Faker::Company.name
+      end
+    end
+  end
+end

data/lib/gdpr_admin/anonymizers/contact_anonymizer.rb

@@ -6,6 +6,34 @@ module GdprAdmin
       def anonymize_phone_number
         Faker::PhoneNumber.phone_number
       end
+
+      def anonymize_street_address
+        Faker::Address.street_address
+      end
+
+      def anonymize_city
+        Faker::Address.city
+      end
+
+      def anonymize_state
+        Faker::Address.state
+      end
+
+      def anonymize_zip
+        Faker::Address.zip
+      end
+
+      def anonymize_country
+        Faker::Address.country
+      end
+
+      def anonymize_country_code2
+        Faker::Address.country_code
+      end
+
+      def anonymize_country_code3
+        Faker::Address.country_code_long
+      end
     end
   end
 end

data/lib/gdpr_admin/anonymizers/internet_anonymizer.rb

@@ -10,6 +10,10 @@ module GdprAdmin
       def anonymize_password(record)
         record.send(:password_digest, SecureRandom.hex(32))
       end
+
+      def anonymize_ip
+        Faker::Internet.ip_v4_address
+      end
     end
   end
 end

data/lib/gdpr_admin/configuration.rb

@@ -2,7 +2,8 @@
 
 module GdprAdmin
   class Configuration
-    attr_accessor :tenant_class, :requester_class, :data_policies_path
+    attr_accessor :tenant_class, :requester_class, :data_policies_path, :default_job_queue,
+                  :erasure_grace_period, :export_grace_period
     attr_writer :tenant_adapter
 
     def initialize
@@ -10,6 +11,9 @@ module GdprAdmin
       @requester_class = 'AdminUser'
       @tenant_adapter = TenantAdapters::ActsAsTenantAdapter.new
       @data_policies_path = Rails.root.join('app', 'gdpr')
+      @default_job_queue = :default
+      @erasure_grace_period = 4.hours
+      @export_grace_period = nil
     end
 
     def tenant_adapter

data/lib/gdpr_admin/error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class Error < StandardError; end
+end

data/lib/gdpr_admin/helpers/erase_helper.rb

@@ -1,15 +1,13 @@
 # frozen_string_literal: true
 
-require_relative '../anonymizers/name_anonymizer'
-require_relative '../anonymizers/contact_anonymizer'
-require_relative '../anonymizers/internet_anonymizer'
+require_relative './paper_trail_helper'
+require_relative './field_anonymizer_helper'
 
 module GdprAdmin
   module Helpers
     module EraseHelper
-      include Anonymizers::NameAnonymizer
-      include Anonymizers::ContactAnonymizer
-      include Anonymizers::InternetAnonymizer
+      include FieldAnonymizerHelper
+      include PaperTrailHelper
 
       ##
       # Erases the given fields on the given record using the method given.
@@ -23,7 +21,7 @@ module GdprAdmin
       #     { field: :email, method: :anonymize_email },
       #     { field: :password_digest, method: :anonymize_password },
       #     { field: :phone_number, method: ->(record) { record.phone_number.split('').shuffle.join } },
-      #     { field: :address, method: :nillify },
+      #     { field: :address, method: :nilify },
       #   ]
       # ```
       #
@@ -47,35 +45,11 @@ module GdprAdmin
       # @param fields [Array<Hash>] The fields to erase
       # @param base_fields [Hash] The fields to update on the record together with the erased fields
       def erase_fields(record, fields, base_fields = {})
-        new_data = fields.inject(base_fields) do |res, curr|
-          next res if record[curr[:field]].nil?
-
-          res.merge(
-            curr[:field] => call_method(curr[:method], record, record[curr[:seed] || curr[:field]]),
-          )
+        new_data = fields.inject(base_fields) do |changes, curr|
+          changes.merge(curr[:field] => anonymize_field(record, curr))
         end
-        record.update_columns(new_data)
-      end
-
-      def nillify
-        nil
-      end
-
-      def with_seed(seed)
-        Faker::Config.random = Random.new(seed.to_s.chars.sum(&:ord)) if defined?(Faker)
-        yield
-      end
-
-      private
-
-      def call_method(erase_method, record, seed)
-        return if erase_method.nil?
-
-        erase_method = method(erase_method) if erase_method.is_a?(Symbol)
-
-        arity = erase_method.arity
-        with_seed(seed) do
-          erase_method.call(*[record, seed].take(arity))
+        without_paper_trail do
+          record.update_columns(new_data)
         end
       end
     end

data/lib/gdpr_admin/helpers/field_anonymizer_helper.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require_relative '../anonymizers/name_anonymizer'
+require_relative '../anonymizers/company_anonymizer'
+require_relative '../anonymizers/contact_anonymizer'
+require_relative '../anonymizers/internet_anonymizer'
+
+module GdprAdmin
+  module Helpers
+    module FieldAnonymizerHelper
+      include Anonymizers::NameAnonymizer
+      include Anonymizers::CompanyAnonymizer
+      include Anonymizers::ContactAnonymizer
+      include Anonymizers::InternetAnonymizer
+
+      def anonymize_field(record, field)
+        field_name = field[:field]
+        value = record[field_name]
+        return value if value.nil?
+
+        seed = record[field[:seed] || field_name]
+        anonymize_field_value(record, field.merge(seed: seed))
+      end
+
+      def nilify
+        nil
+      end
+
+      def nullify
+        nil
+      end
+
+      def with_seed(seed)
+        Faker::Config.random = Random.new(seed.to_s.chars.sum(&:ord)) if defined?(Faker)
+        yield
+      end
+
+      private
+
+      def anonymize_field_value(record, field)
+        return field[:seed] if field[:seed].blank?
+
+        call_method(field[:method], record, field[:field], field[:seed])
+      end
+
+      def call_method(erase_method, record, field, seed)
+        raise ArgumentError, "Erase method is not defined for #{field}" if erase_method.nil?
+        return seed if erase_method == :skip
+
+        erase_method = method(erase_method) if erase_method.is_a?(Symbol)
+
+        arity = erase_method.arity
+        with_seed(seed) do
+          erase_method.call(*[record, field, seed].take(arity))
+        end
+      end
+    end
+  end
+end

data/lib/gdpr_admin/helpers/paper_trail_helper.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require_relative './field_anonymizer_helper'
+
+module GdprAdmin
+  module Helpers
+    module PaperTrailHelper
+      include FieldAnonymizerHelper
+
+      def without_paper_trail
+        return yield unless defined?(::PaperTrail)
+
+        begin
+          current_status = ::PaperTrail.enabled?
+          ::PaperTrail.enabled = false
+          yield
+        ensure
+          ::PaperTrail.enabled = current_status
+        end
+      end
+
+      def anonymize_version_object(version, fields)
+        object = version.object.deep_dup
+        return object if object.blank?
+        return {} if object.is_a?(Array)
+
+        fields.each do |field|
+          field_name = field[:field].to_s
+          field_value = object[field_name]
+          next if field_value.nil?
+
+          new_value = anonymize_field(version.item, field)
+          object.merge!(field_name => new_value)
+        end
+        object
+      end
+
+      def anonymize_version_object_changes(version, fields)
+        return unless version.respond_to?(:object_changes)
+
+        object_changes = version.object_changes.deep_dup
+        return object_changes if object_changes.blank?
+        return {} if object_changes.is_a?(Array)
+
+        fields.each do |field|
+          field_name = field[:field].to_s
+          changes = object_changes[field_name]
+          next if changes.nil?
+
+          new_value = anonymize_object_changes_array(version, changes, field)
+          object_changes.merge!(field_name => new_value)
+        end
+        object_changes
+      end
+
+      private
+
+      def anonymize_object_changes_array(version, changes, field)
+        changes.map do |value|
+          anonymize_field_value(version.item, field.merge(seed: value))
+        end
+      end
+    end
+  end
+end

data/lib/gdpr_admin/invalid_status_error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class InvalidStatusError < Error; end
+end

data/lib/gdpr_admin/paper_trail/version_data_policy.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module PaperTrail
+    class VersionDataPolicy < GdprAdmin::ApplicationDataPolicy
+      def scope
+        ::PaperTrail::Version.none
+      end
+
+      def erase(version, item_fields = nil)
+        item_fields ||= infer_item_fields(version)
+        return if item_fields.nil?
+
+        base_changes = {
+          object: anonymize_version_object(version, item_fields),
+          object_changes: anonymize_version_object_changes(version, item_fields),
+        }.compact
+        erase_fields(version, fields, base_changes)
+      end
+
+      def fields
+        []
+      end
+
+      private
+
+      def infer_item_fields(version)
+        infer_data_policy_class(version)&.new(request)&.try(:fields)
+      end
+
+      def infer_data_policy_class(version)
+        model = version.item_type.constantize.new
+        return model.data_policy_class if model.respond_to?(:data_policy_class)
+
+        prefix = model.data_policy_prefix if model.respond_to?(:data_policy_prefix)
+        "#{prefix}#{version.item_type}DataPolicy".constantize
+      rescue NameError
+        nil
+      end
+    end
+  end
+end

data/lib/gdpr_admin/version.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :nocov:
 module GdprAdmin
-  VERSION = '1.1.0'
+  VERSION = '1.2.0'
 end
+# :nocov:

data/lib/gdpr_admin.rb

@@ -3,9 +3,12 @@
 require 'gdpr_admin/version'
 require 'gdpr_admin/engine'
 require 'gdpr_admin/configuration'
+require 'gdpr_admin/error'
+require 'gdpr_admin/invalid_status_error'
 require 'gdpr_admin/skip_data_policy_error'
 require 'gdpr_admin/helpers/erase_helper'
 require 'gdpr_admin/application_data_policy'
+require 'gdpr_admin/paper_trail/version_data_policy'
 require 'gdpr_admin/tenant_adapters/acts_as_tenant_adapter'
 
 begin

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gdpr_admin
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Colex
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-14 00:00:00.000000000 Z
+date: 2023-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 6.1.7
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.1
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -133,19 +147,29 @@ files:
 - README.md
 - Rakefile
 - app/jobs/gdpr_admin/application_job.rb
+- app/jobs/gdpr_admin/data_retention_policies_runner_job.rb
 - app/jobs/gdpr_admin/request_processor_job.rb
+- app/models/concerns/gdpr_admin/data_retention_policy_concern.rb
 - app/models/gdpr_admin/application_record.rb
+- app/models/gdpr_admin/data_retention_policy.rb
 - app/models/gdpr_admin/request.rb
 - config/routes.rb
 - db/migrate/20230212185817_create_gdpr_admin_requests.rb
+- db/migrate/20230216171202_create_gdpr_admin_data_retention_policies.rb
 - lib/gdpr_admin.rb
+- lib/gdpr_admin/anonymizers/company_anonymizer.rb
 - lib/gdpr_admin/anonymizers/contact_anonymizer.rb
 - lib/gdpr_admin/anonymizers/internet_anonymizer.rb
 - lib/gdpr_admin/anonymizers/name_anonymizer.rb
 - lib/gdpr_admin/application_data_policy.rb
 - lib/gdpr_admin/configuration.rb
 - lib/gdpr_admin/engine.rb
+- lib/gdpr_admin/error.rb
 - lib/gdpr_admin/helpers/erase_helper.rb
+- lib/gdpr_admin/helpers/field_anonymizer_helper.rb
+- lib/gdpr_admin/helpers/paper_trail_helper.rb
+- lib/gdpr_admin/invalid_status_error.rb
+- lib/gdpr_admin/paper_trail/version_data_policy.rb
 - lib/gdpr_admin/skip_data_policy_error.rb
 - lib/gdpr_admin/tenant_adapters/acts_as_tenant_adapter.rb
 - lib/gdpr_admin/version.rb