Source code

001/*
002 *  Copyright 2025 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.core.userpref;
017
018import java.time.Period;
019import java.time.ZonedDateTime;
020import java.util.Map;
021
022import org.apache.avalon.framework.service.ServiceException;
023import org.apache.avalon.framework.service.ServiceManager;
024import org.apache.avalon.framework.service.Serviceable;
025
026import org.ametys.core.trace.ForensicLogger;
027import org.ametys.core.user.population.UserPopulationDAO;
028import org.ametys.core.user.status.PersonalDataPolicy;
029import org.ametys.core.user.status.PersonalDataProcessingException;
030import org.ametys.core.user.status.UserStatusInfo;
031import org.ametys.runtime.config.Config;
032
033/**
034 * Data policy handling the personal data stored in user preferences.
035 * The handling consist in a removal of all user preferences referencing the identity
036 */
037public class UserPreferenceDataPolicy implements PersonalDataPolicy, Serviceable
038{
039    /** the service manager */
040    protected ServiceManager _serviceManager;
041    /** the user preference extension point */
042    protected UserPreferencesManager _userPrefManager;
043    private Period _retentionPeriod;
044
045    public void service(ServiceManager manager) throws ServiceException
046    {
047        _serviceManager = manager;
048        _userPrefManager = (UserPreferencesManager) manager.lookup(UserPreferencesManager.ROLE);
049        Long config = Config.getInstance().<Long>getValue("runtime.data.policy.userpref.retention", false, null);
050        // disable the processing if config is blank
051        _retentionPeriod = config != null && config >= 0 ? Period.ofMonths(config.intValue()) : null;
052    }
053    
054    public AnonymizationResult process(UserStatusInfo userStatus) throws PersonalDataProcessingException
055    {
056        if (_retentionPeriod == null)
057        {
058            return AnonymizationResult.TOO_EARLY;
059        }
060        else if (userStatus.getMissingSinceDate().isBefore(ZonedDateTime.now().minus(_retentionPeriod)))
061        {
062            try
063            {
064                _userPrefManager.removeAllUserPreferences(userStatus.getUserIdentity(), null, Map.of());
065                ForensicLogger.info("data.policy.gdpr.remove.user.preferences", Map.of("identity", userStatus.getUserIdentity()), UserPopulationDAO.SYSTEM_USER_IDENTITY);
066                return AnonymizationResult.PROCESSED;
067            }
068            catch (UserPreferencesException e)
069            {
070                throw new PersonalDataProcessingException("An error prevented the processing of the preference for user '" + userStatus.getUserIdentity() + "'.", e);
071            }
072        }
073        else
074        {
075            return AnonymizationResult.TOO_EARLY;
076        }
077    }
078}