gdpr_admin 1.2.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b019a3a76e13bb0a29a264a2f14aa9979c8a4cf2ef3163014f72f727856d07ca
-  data.tar.gz: 735b7ac163d0b9a7579f0bb9c26bde48ca2dc5e00996175a31aaa597dae94597
+  metadata.gz: 9b1d58ff60fa19dc3b0a1fb067ae2ed0dfc96e8798257989534a39e8600ef878
+  data.tar.gz: b199dc1a90a1fab64a6b98bcde51dc656a8943f12381dcdbc275e51147997c92
 SHA512:
-  metadata.gz: 14e0c4a02403085c3c1fd5f7b29625f0b8194ab41a374e0f58213aa59f27e5b7e8a4d9477cbb53975fcd331af9d20516cfd3a37ffa6cc6007579ddd72bbba5a7
-  data.tar.gz: 63d3e8710805b8f339da69a4e93deb501d6bc7734eb21f542c3ca15683114e6c8b57e73d762a2e77294c9b3522e3eb35e5aa79d960a9bf5d6c6ce68081124c4e
+  metadata.gz: b7813fc861f53e6d280369e403e9ece16484dfc433e2005b6c6eac739f91694d06169fcf0b60a3b1d1e32f65dcc45a44a8dee5446e89a35b90391070a42c0c96
+  data.tar.gz: 02a363b0a84f217aceeb3e19e2d0f53b09d7f5030e3dbf16abae8c92a8dc52cca9138c3fca55b6ce1014f639a915914e910c45e7538d5f24ecf79c005a3abb14

data/README.md

@@ -6,12 +6,17 @@
 
 [![Build Status](https://github.com/Colex/gdpr_admin/actions/workflows/build.yml/badge.svg)](https://github.com/Colex/gdpr_admin/actions/workflows/build.yml)
 [![Code Climate](https://codeclimate.com/github/Colex/gdpr_admin.svg)](https://codeclimate.com/github/Colex/gdpr_admin)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/00740133ef1f97181ed6/test_coverage)](https://codeclimate.com/github/Colex/gdpr_admin/test_coverage)
 [![Gem Version](https://badge.fury.io/rb/gdpr_admin.svg)](http://badge.fury.io/rb/gdpr_admin)
 
 Rails engine for processing GDPR processes. GDPR Admin offers a simple interface for defining strategies for automating the process of data access and data removal as required by data privacy regulations like GDPR.
 
 GDPR Admin uses simple Ruby classes, so you're free to code your Data Policies as you see fit. A swiss knife of
-helper methods are available to make the processes even simpler.
+helper methods are available to make the processes even simpler. The focus of the gem is to easily implement:
+
+- [Right of access](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/): export a subject's data on request;
+- [Right to erasure](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/): remove a subject's personal data on request;
+- [Storage limitation](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/storage-limitation/): hold data for as long as required (data retention policies and offboarding tenants);
 
 ## Installation
 Add this line to your application's Gemfile:
@@ -30,6 +35,11 @@ Or install it yourself as:
 $ gem install gdpr_admin
 ```
 
+Then install the migrations:
+```bash
+$ rails gdpr_admin:install:migrations
+```
+
 ## Usage
 
 Create your data policies file within `app/gdpr` _(configurable)_ and inherit from `GdprAdmin::ApplicationDataPolicy`.
@@ -67,6 +77,26 @@ GdprAdmin::Request.create!(
 
 Creating a request will automatically enqueue the request to be processed in 4 hours - this gives time to cancel an accidental request. You can configure this grace period as desired.
 
+### Scope Helpers
+Helpers to be used within the `#scope` method.
+
+#### `scope_by_date`
+
+```ruby
+scope_by_date(scope, field = :updated_at)
+```
+
+Automatically scopes the data using the `updated_at` column to match the GDPR Request. You can use a different column by providing
+a second argument.
+
+```ruby
+class ContactDataPolicy < GdprAdmin::ApplicationDataPolicy
+  def scope
+    scope_by_date(Contact)
+  end
+end
+```
+
 ### Anonymization Helpers
 A set of helper methods are available to make the anonymization even simpler. These are not mandatory, but can help you
 keep your code cleaner and, better, write less code.
@@ -113,6 +143,41 @@ same anonymized value. _(note: different values may also yield the same value)_
 
 To use the built-in anonymizer functions, you need to install the gem `faker`.
 
+## Data Policy Hooks
+For advanced use cases, you may install hooks that are run at different stages of the data policy process.
+
+### `before_process`
+Will be run before the policy is executed. Calling `skip_data_policy!` will raise `GdprAdmin::SkipDataPolicyError` and
+stop the execution of the data policy.
+
+```ruby
+class ContactDataPolicy < GdprAdmin::ApplicationDataPolicy
+  before_process :skip_internal_contacts!
+
+  private
+
+  def skip_internal_contacts!
+    skip_data_policy! if contact.email =~ /.*@company\.com/
+  end
+end
+```
+
+### `before_process_record`
+Called before processing a record (either erasing or exporting). Calling `skip_record!` will raise `GdprAdmin::SkipRecordError` and
+skip processing that particular record.
+
+```ruby
+class UserDataPolicy < GdprAdmin::ApplicationDataPolicy
+  before_process :skip_super_admins!
+
+  private
+
+  def skip_super_admins!(user)
+    skip_record! if user.role == 'super_admin'
+  end
+end
+```
+
 ## GDPR Request
 A GDPR Request (`GdprAdmin::Request`) represents a request to remove a subject's data, tenant's data, or export subject data.
 
@@ -155,9 +220,9 @@ You can define a repeating job with `sidekiq-cron`:
 
 ```ruby
 Sidekiq::Cron::Job.create(
-  class: SyncOrganizationsContactsJob.to_s,
+  class: 'GdprAdmin::DataRetentionPoliciesRunnerJob',
   cron: '0 2 * * *',
-  name: 'Sync Organization Contacts',
+  name: 'Run Data Retention Policies',
   queue: 'cron',
   active_job: true,
 )

data/app/models/gdpr_admin/request.rb

@@ -35,7 +35,7 @@ module GdprAdmin
       GdprAdmin.load_data_policies
       with_lock { processing! }
       with_lock do
-        GdprAdmin.config.tenant_adapter.with_tenant(tenant) { process_policies }
+        process_policies
         completed!
       end
     rescue StandardError
@@ -63,13 +63,7 @@ module GdprAdmin
 
     def process_policies
       ApplicationDataPolicy.descendants.each do |policy_class|
-        policy = policy_class.new(self)
-        policy.scope.find_each do |record|
-          policy.export(record) if export?
-          policy.erase(record) if erase?
-        end
-      rescue SkipDataPolicyError
-        next
+        policy_class.process(self)
       end
     end
 

data/lib/gdpr_admin/application_data_policy.rb

@@ -2,14 +2,34 @@
 
 module GdprAdmin
   class ApplicationDataPolicy
+    include Helpers::DataPolicyHelper
     include Helpers::EraseHelper
+    include Helpers::ScopeHelper
+
+    class << self
+      attr_reader :before_process_hooks, :before_process_record_hooks
+
+      def before_process(method)
+        @before_process_hooks ||= []
+        @before_process_hooks << method
+      end
+
+      def before_process_record(method)
+        @before_process_record_hooks ||= []
+        @before_process_record_hooks << method
+      end
+
+      def process(request)
+        new(request).process
+      end
+    end
 
     def initialize(request)
       @request = request
     end
 
     def scope
-      raise SkipDataPolicyError
+      skip_data_policy!
     end
 
     def export(_record)
@@ -20,8 +40,49 @@ module GdprAdmin
       raise NotImplementedError
     end
 
+    def process
+      GdprAdmin.config.tenant_adapter.with_tenant(request.tenant) do
+        run_preprocessors
+        scope.find_each do |record|
+          process_record(record)
+        end
+      rescue SkipDataPolicyError
+        nil
+      end
+    end
+
     protected
 
     attr_reader :request
+
+    def process_record(record)
+      run_record_preprocessors(record)
+      export(record) if request.export?
+      erase(record) if request.erase?
+    rescue SkipRecordError
+      nil
+    end
+
+    def run_preprocessors
+      before_process_hooks = self.class.before_process_hooks || []
+      before_process_hooks.each do |hook|
+        call_hook(hook)
+      end
+    end
+
+    def run_record_preprocessors(record)
+      before_process_record_hooks = self.class.before_process_record_hooks || []
+      before_process_record_hooks.each do |hook|
+        call_hook(hook, record)
+      end
+    end
+
+    def call_hook(hook, value = nil)
+      hook = method(hook) unless hook.respond_to?(:call)
+
+      arity = hook.arity
+      args = [value].take(arity).reverse
+      instance_exec(*args, &hook)
+    end
   end
 end

data/lib/gdpr_admin/helpers/data_policy_helper.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module Helpers
+    module DataPolicyHelper
+      def skip_data_policy!
+        raise SkipDataPolicyError
+      end
+
+      def skip_record!
+        raise SkipRecordError
+      end
+    end
+  end
+end

data/lib/gdpr_admin/helpers/scope_helper.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  module Helpers
+    module ScopeHelper
+      def scope_by_date(scope, field = :updated_at)
+        scope.where(field => ...request.data_older_than)
+      end
+    end
+  end
+end

data/lib/gdpr_admin/paper_trail/version_data_policy.rb

@@ -9,13 +9,7 @@ module GdprAdmin
 
       def erase(version, item_fields = nil)
         item_fields ||= infer_item_fields(version)
-        return if item_fields.nil?
-
-        base_changes = {
-          object: anonymize_version_object(version, item_fields),
-          object_changes: anonymize_version_object_changes(version, item_fields),
-        }.compact
-        erase_fields(version, fields, base_changes)
+        erase_fields(version, fields, base_changes(version, item_fields))
       end
 
       def fields
@@ -24,6 +18,15 @@ module GdprAdmin
 
       private
 
+      def base_changes(version, item_fields)
+        return {} if item_fields.blank?
+
+        {
+          object: anonymize_version_object(version, item_fields),
+          object_changes: anonymize_version_object_changes(version, item_fields),
+        }.compact
+      end
+
       def infer_item_fields(version)
         infer_data_policy_class(version)&.new(request)&.try(:fields)
       end

data/lib/gdpr_admin/skip_record_error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GdprAdmin
+  class SkipRecordError < StandardError; end
+end

data/lib/gdpr_admin/version.rb

@@ -2,6 +2,6 @@
 
 # :nocov:
 module GdprAdmin
-  VERSION = '1.2.0'
+  VERSION = '1.4.0'
 end
 # :nocov:

data/lib/gdpr_admin.rb

@@ -6,7 +6,10 @@ require 'gdpr_admin/configuration'
 require 'gdpr_admin/error'
 require 'gdpr_admin/invalid_status_error'
 require 'gdpr_admin/skip_data_policy_error'
+require 'gdpr_admin/skip_record_error'
+require 'gdpr_admin/helpers/data_policy_helper'
 require 'gdpr_admin/helpers/erase_helper'
+require 'gdpr_admin/helpers/scope_helper'
 require 'gdpr_admin/application_data_policy'
 require 'gdpr_admin/paper_trail/version_data_policy'
 require 'gdpr_admin/tenant_adapters/acts_as_tenant_adapter'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gdpr_admin
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Colex
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-16 00:00:00.000000000 Z
+date: 2023-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -165,12 +165,15 @@ files:
 - lib/gdpr_admin/configuration.rb
 - lib/gdpr_admin/engine.rb
 - lib/gdpr_admin/error.rb
+- lib/gdpr_admin/helpers/data_policy_helper.rb
 - lib/gdpr_admin/helpers/erase_helper.rb
 - lib/gdpr_admin/helpers/field_anonymizer_helper.rb
 - lib/gdpr_admin/helpers/paper_trail_helper.rb
+- lib/gdpr_admin/helpers/scope_helper.rb
 - lib/gdpr_admin/invalid_status_error.rb
 - lib/gdpr_admin/paper_trail/version_data_policy.rb
 - lib/gdpr_admin/skip_data_policy_error.rb
+- lib/gdpr_admin/skip_record_error.rb
 - lib/gdpr_admin/tenant_adapters/acts_as_tenant_adapter.rb
 - lib/gdpr_admin/version.rb
 - lib/tasks/gdpr_admin_tasks.rake