Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HJ-138 - Added a security setting that must be set to true to enable the access request download feature #5451

Merged
merged 5 commits into from
Nov 4, 2024
Merged

HJ-138 - Added a security setting that must be set to true to enable the access request download feature #5451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
aaa73b6
HJ-138 - Add an environment variable that must be true to enable the …
andres-torres-marroquin Nov 4, 2024
db494f5
HJ-138 - Add an environment variable that must be true to enable the …
andres-torres-marroquin Nov 4, 2024
3feb3c1
Merge branch 'main' into andres/HJ-138
andres-torres-marroquin Nov 4, 2024
37004e7
HJ-138 - Add an environment variable that must be true to enable the …
andres-torres-marroquin Nov 4, 2024
a590590
Apply suggestions from code review
andres-torres-marroquin Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ The types of changes are:
- Added DataHub integration config [#5401](https://github.com/ethyca/fides/pull/5401)
- Added keepalive settings to the Redshift integration [#5433](https://github.com/ethyca/fides/pull/5433)

### Changed
- Added a security setting that must be set to true to enable the access request download feature [#5451](https://github.com/ethyca/fides/pull/5451)

andres-torres-marroquin marked this conversation as resolved.
Show resolved Hide resolved
### Developer Experience
- Added Carbon Icons to FidesUI [#5416](https://github.com/ethyca/fides/pull/5416)

Expand Down
5 changes: 5 additions & 0 deletions src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2592,6 +2592,11 @@ def get_access_results_urls(
"""
Endpoint for retrieving access results URLs for a privacy request.
"""
if not CONFIG.security.subject_request_download_ui_enabled:
andres-torres-marroquin marked this conversation as resolved.
Show resolved Hide resolved
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
detail="Access results download is disabled.",
)
privacy_request: PrivacyRequest = get_privacy_request_or_error(
db, privacy_request_id
)
Expand Down
4 changes: 4 additions & 0 deletions src/fides/config/security_settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,10 @@ class SecuritySettings(FidesSettings):
default=None,
description="If set, this can be used in conjunction with root_password to log in without first creating a user in the database.",
)
subject_request_download_ui_enabled: bool = Field(
default=False,
description="If set to True, the user interface will display a download button for subject requests.",
)
subject_request_download_link_ttl_seconds: int = Field(
default=432000,
description="The number of seconds that a pre-signed download URL when using S3 storage will be valid. The default is equal to 5 days.",
Expand Down
8 changes: 8 additions & 0 deletions tests/fixtures/application_fixtures.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3264,6 +3264,14 @@ def allow_custom_privacy_request_fields_in_request_execution_disabled():
)


@pytest.fixture(scope="function")
def subject_request_download_ui_enabled():
original_value = CONFIG.security.subject_request_download_ui_enabled
CONFIG.security.subject_request_download_ui_enabled = True
yield
CONFIG.security.subject_request_download_ui_enabled = original_value


@pytest.fixture(scope="function")
def system_with_no_uses(db: Session) -> Generator[System, None, None]:
system = System.create(
Expand Down
42 changes: 24 additions & 18 deletions tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@
get_should_refresh_automaton,
manually_reset_automaton,
remove_refresh_automaton_signal,
set_automaton_cache_signal,
)
from fides.common.api.scope_registry import (
DATASET_CREATE_OR_UPDATE,
Expand All @@ -72,7 +71,6 @@
PRIVACY_REQUEST_NOTIFICATIONS_CREATE_OR_UPDATE,
PRIVACY_REQUEST_NOTIFICATIONS_READ,
PRIVACY_REQUEST_READ,
PRIVACY_REQUEST_READ_ACCESS_RESULTS,
PRIVACY_REQUEST_REVIEW,
PRIVACY_REQUEST_TRANSFER,
PRIVACY_REQUEST_UPLOAD_DATA,
Expand Down Expand Up @@ -107,7 +105,7 @@
V1_URL_PREFIX,
)
from fides.config import CONFIG
from tests.conftest import generate_auth_header_for_user, generate_role_header_for_user
from tests.conftest import generate_role_header_for_user

page_size = Params().size

Expand Down Expand Up @@ -8134,21 +8132,6 @@ def test_get_access_results_approver(
response = api_client.get(url, headers=auth_header)
assert response.status_code == 403

def test_get_access_results_approver(
galvana marked this conversation as resolved.
Show resolved Hide resolved
self,
api_client: TestClient,
privacy_request: PrivacyRequest,
approver_user,
):
url = V1_URL_PREFIX + PRIVACY_REQUEST_ACCESS_RESULTS.format(
privacy_request_id=privacy_request.id
)
auth_header = generate_role_header_for_user(
approver_user, roles=approver_user.permissions.roles
)
response = api_client.get(url, headers=auth_header)
assert response.status_code == 403

def test_get_access_results_viewer(
self,
api_client: TestClient,
Expand Down Expand Up @@ -8179,6 +8162,7 @@ def test_get_access_results_viewer_and_approver(
response = api_client.get(url, headers=auth_header)
assert response.status_code == 403

@pytest.mark.usefixtures("subject_request_download_ui_enabled")
def test_get_access_results_request_not_complete(
self,
privacy_request: PrivacyRequest,
Expand All @@ -8201,6 +8185,7 @@ def test_get_access_results_request_not_complete(
"detail": f"Access results for privacy request '{privacy_request.id}' are not available because the request is not complete."
}

@pytest.mark.usefixtures("subject_request_download_ui_enabled")
def test_get_access_results_no_data(
self,
privacy_request: PrivacyRequest,
Expand All @@ -8223,6 +8208,7 @@ def test_get_access_results_no_data(
"access_result_urls": [],
}

@pytest.mark.usefixtures("subject_request_download_ui_enabled")
def test_get_access_results_owner(
self,
privacy_request: PrivacyRequest,
Expand Down Expand Up @@ -8254,6 +8240,7 @@ def test_get_access_results_owner(
]
}

@pytest.mark.usefixtures("subject_request_download_ui_enabled")
def test_get_access_results_contributor(
self,
privacy_request: PrivacyRequest,
Expand All @@ -8272,3 +8259,22 @@ def test_get_access_results_contributor(
)
response = api_client.get(url, headers=auth_header)
assert response.status_code == 200

def test_get_access_results_contributor_but_disabled(
self,
privacy_request: PrivacyRequest,
api_client: TestClient,
contributor_user,
db,
):
privacy_request.status = PrivacyRequestStatus.complete
privacy_request.save(db)

url = V1_URL_PREFIX + PRIVACY_REQUEST_ACCESS_RESULTS.format(
privacy_request_id=privacy_request.id
)
auth_header = generate_role_header_for_user(
contributor_user, roles=contributor_user.permissions.roles
)
response = api_client.get(url, headers=auth_header)
assert response.status_code == 403