Certificate: implement privacy deletion #1903
Conversation
📝 WalkthroughWalkthroughThe certificate service adds student-scoped deletion of certificate download records, wires it into the privacy module, registers the deletion endpoint, and advertises privacy deletion support. ChangesCertificate privacy deletion
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant PrivacyEndpoint
participant PrivacyDataDeletionHandler
participant Queries
participant certificate_download
PrivacyEndpoint->>PrivacyDataDeletionHandler: submit student privacy deletion
PrivacyDataDeletionHandler->>Queries: DeleteCertificateDownloadsByStudentID(studentID)
Queries->>certificate_download: delete rows by student_id
certificate_download-->>Queries: return error or nil
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
servers/certificate/main.go (1)
114-121: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick winRegister privacy endpoints on the required course-phase route.
InitPrivacyModulereceivesapiinstead ofcoursePhaseApi, so the newly advertised deletion endpoint is registered outside/api/course_phase/:coursePhaseID. Pass the required router group, or update the route contract and authentication wiring before enabling this capability.Suggested fix
- privacy.InitPrivacyModule(api, *query, conn) + privacy.InitPrivacyModule(coursePhaseApi, *query, conn)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@servers/certificate/main.go` around lines 114 - 121, Update the InitPrivacyModule call to receive coursePhaseApi so privacy deletion and export endpoints are registered under /api/course_phase/:coursePhaseID with the existing authentication wiring. Keep the advertised privacy capabilities unchanged, and only alter the route contract if the required course-phase routing and authentication are preserved.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@servers/certificate/main.go`:
- Around line 114-121: Update the InitPrivacyModule call to receive
coursePhaseApi so privacy deletion and export endpoints are registered under
/api/course_phase/:coursePhaseID with the existing authentication wiring. Keep
the advertised privacy capabilities unchanged, and only alter the route contract
if the required course-phase routing and authentication are preserved.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 8982fb2c-83b1-4f0c-9e8e-f305c7b4889a
📒 Files selected for processing (5)
servers/certificate/db/query/certificate.sqlservers/certificate/db/sqlc/certificate.sql.goservers/certificate/main.goservers/certificate/privacy/main.goservers/certificate/privacy/service.go
|
optimally merge #1747 first |
There was a problem hiding this comment.
Correct and cleanly scoped, nice. 👍
Since we are currently integrating E2E tests into prompt, I think it would make sense to do this here as you go already, so we do not have to add them in a follow-up later on. @JGStyle
|
I tried to add end to end tests for the privacy features but wihtout the basic setup (from #1850) it's a little difficult to do all at once. |
✨ What is the change?
This PR implements the privacy deletion feature for the Certificate CPM
It registers the deletion handler using the sdk functinality.
Upon the deletion, the certificate_deletion record related to the requesting subject is deleted
📌 Reason for the change / Link to issue
As part of the bigger effort described in https://github.com/orgs/prompt-edu/discussions/683
🧪 How to Test
As a user with certificate data, request deletion.
As admin, ensure that the data from the certificat cpm was deleted
🖼️ Screenshots (if UI changes are included)
working deletion flow (ignore the deletion status page table, that's from an earlier test)
2026-07-14.at.21.37.34.mp4
✅ PR Checklist
Summary by CodeRabbit