Add anonymizing of user applications feature#4702
Conversation
wes-otf
force-pushed
the
feature/clean_user_pii
branch
3 times, most recently
from
b389175 to
0bc0caf
Compare
wes-otf
force-pushed
the
feature/clean_user_pii
branch
2 times, most recently
from
9ae8d11 to
30b37bd
Compare
|
@frjo I'm going to add a unit test for the results view, some docs & do a final look over but it should be ready for review if you wanted to take a look before that |
| SubmissionSkeletonFilter.declared_filters | ||
| ) | ||
| if not set(self.request.GET) & set(non_skeleton_fields): | ||
| skeleton_qs = SubmissionSkeletonFilter( |
There was a problem hiding this comment.
somewhat of a hacky solution to managing 2 models with one FilterView but seems to work?
There was a problem hiding this comment.
seems like the # of SQL queries shoots up though so might need some optimizing
wes-otf
changed the title
frjo
added
Type: Feature
frjo
force-pushed
the
feature/clean_user_pii
branch
from
30b37bd to
a5e160a
Compare
|
@wes-otf I rebased this with main to solve a small merge conflict. |
|
@wes-otf When I was testing this I realised we have some existing issues with deleted/archive. When I started with fixing that more things followed as you can see in the PR now 😄.
My changes:
|
|
The batch functions on submission/all only have a simple js alert while the same functions for a single submission has a nice modal. That is not logical. Will fix that in a separate PR. |
frjo
left a comment
frjo
left a comment
There was a problem hiding this comment.
This works very well in my testing, the backend seems solid. The anonymised submission has very little information left since all form_data is deleted. The feature talk about removing PII info, some might be surprised that almost nothing besides the value remain.
Maybe this can be communicated better?
frjo
changed the title
…th wagtail & submission views
…ail form if enabled
…e actions section.
frjo
force-pushed
the
feature/clean_user_pii
branch
from
b858e27 to
7b7d9a0
Compare
| * `round` - round (if any) the original submission was in | ||
| * `submit_time` - time the original submission was submitted | ||
| * `screening_status` - screening status of the original submission | ||
| * `category` - the categories of the original submission |
There was a problem hiding this comment.
Are categories always preserved? Will try to test this for bulk_anonymize_submissions, submission_cleanup and on user delete.
There was a problem hiding this comment.
yes they should be as of the latest push, needed to add form_fields to the values(...) call for them to be parsed
| timestamp = models.DateTimeField() | ||
| type = models.CharField(choices=ACTIVITY_TYPES.items(), max_length=30) | ||
| user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.PROTECT) | ||
| user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE) |
There was a problem hiding this comment.
This needs to be documented I think. Deleting a user will now delete the audit trail.
Would it not be better to anonymise the user account instead of deleting it? Or do the activities contain sensitive info?
There was a problem hiding this comment.
I'm thinking that would likely be another PR/feature if we wanted to go that route. As it stands I'm the only one at OTF that can delete a user when a GDPR request comes in for deletion because all staff member gets in wagtail is an error saying the user is used elsewhere but never pointed to which specific activity that is. This is definitely more of a nuclear option but definitely GDPR compliant as activities can contain a host of data especially when it's a comment - open to your thoughts on this though!
| """ | ||
| return reverse("wagtailusers_users:edit", args=[self.id]) | ||
|
|
||
| def delete( |
There was a problem hiding this comment.
Is this needed, does not the wagtail_hook handle this?
There was a problem hiding this comment.
I added it for any manual .delete()s that could come of the user model (as we continue w retention tooling I could see it being used in accounts_cleanup)
| user=self.request.user, | ||
| request=self.request, | ||
| source=submission, | ||
| ) |
There was a problem hiding this comment.
This records an event but no adapter (slack/mail etc.) is configured. Is the submission not deleted at this stage so "submission" is empty?
There was a problem hiding this comment.
Fixed by both adding a slack adapter and pushing the super call down past the messaging call
…ation notifications for slack, pulled `form_fields` from values for categories
|
@frjo thanks for the feedback! I appreciate the attention to detail in the review, especially the stuff around messaging I'm not sure if I wouldn't quite caught that |
|
Fat fingering got me again - gonna deploy to test and make sure all looks good over there. Thanks again @frjo! |
|
Seems to work good on test - I think theres some general issues with the category filtering (for applications both normal and anonymized) that I need to look at when in the results view but I think that might be out of scope here |
2 participants
Would close #3441. Adds a new AnonymizedSubmission model that only contains minimal, non-PII datapoints. Also adds UI features for staff to select whether a user's application(s) should be deleted or converted to skeletoned/anonymized application.
The todos:
Test Steps