add auditlog entry on gdpr-api user deletion

City-of-Helsinki · Nov 21, 2024 · 3359d3e · 3359d3e
1 parent 9e11ae0
commit 3359d3e
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/gdpr/tests/test_gdpr_views.py b/gdpr/tests/test_gdpr_views.py
@@ -1,4 +1,5 @@
 import pytest
+from auditlog.models import LogEntry
 from helusers.authz import UserAuthorization
 from rest_framework import status
 from rest_framework.test import APIRequestFactory, force_authenticate
@@ -112,6 +113,7 @@ def test_api_delete_user_data(
     }
 
     user = user_factory(first_name="Etunimi", last_name="Sukunimi")
+    user_id = user.id
     areasearch = area_search_factory(user=user, description_area="Test")
     apirequest_factory = APIRequestFactory()
     request = apirequest_factory.delete(f"/v1/pub/gdpr-api/v1/profiles/{user.uuid}")
@@ -126,9 +128,18 @@ def test_api_delete_user_data(
 
     response = MvjGDPRAPIView.as_view()(request, uuid=user.uuid)
 
-    # Expect deletion to be successful
+    # Expect deletion request to be successful.
     assert response.status_code == status.HTTP_204_NO_CONTENT
 
+    # Ensure that auditlog entry has been created.
+    assert (
+        LogEntry.objects.get_for_model(user._meta.model)
+        .filter(object_id=user_id, changes="GDPR API: User data deleted.")
+        .exists()
+        is True
+    )
+
+    # Check that user instance is deleted.
     with pytest.raises(user.DoesNotExist):
         user.refresh_from_db()
 
@@ -171,3 +182,11 @@ def test_api_delete_user_data_not_possible(
     # Deletion of the user object is therefore not possible.
     assert response.status_code == status.HTTP_403_FORBIDDEN
     assert information_check.preparer == user
+
+    # Ensure that auditlog entry has _not_ been created.
+    assert (
+        LogEntry.objects.get_for_object(user)
+        .filter(changes="GDPR API: User data deleted.")
+        .exists()
+        is False
+    )
diff --git a/gdpr/utils.py b/gdpr/utils.py
@@ -1,3 +1,5 @@
+from auditlog.models import LogEntry
+from django.contrib.contenttypes.models import ContentType
 from helsinki_gdpr.views import DryRunException
 
 from users.models import User
@@ -19,4 +21,18 @@ def delete_user_data(user: User, dry_run: bool) -> None:
     if dry_run:
         raise DryRunException("Dry run. Rollback delete transaction.")
     else:
+        user_id = user.id
         user.delete()
+        content_type = ContentType.objects.get_for_model(User)
+        # Create Augitlog entry for deletion of user instance. Store only
+        # the object id, ensuring we do not store the personal data that was deleted.
+        LogEntry.objects.create(
+            content_type=content_type,
+            object_pk=str(user_id),
+            object_id=user_id,
+            object_repr=str(user_id),
+            action=LogEntry.Action.DELETE,
+            actor=None,
+            changes="GDPR API: User data deleted.",
+            remote_addr=None,
+        )