Skip to content

Certificate: implement privacy deletion #1903

Open
JGStyle wants to merge 1 commit into
mainfrom
feat/gdpr-data-deletion-certificate
Open

Certificate: implement privacy deletion #1903
JGStyle wants to merge 1 commit into
mainfrom
feat/gdpr-data-deletion-certificate

Conversation

@JGStyle

@JGStyle JGStyle commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

✨ What is the change?

This PR implements the privacy deletion feature for the Certificate CPM

It registers the deletion handler using the sdk functinality.

Upon the deletion, the certificate_deletion record related to the requesting subject is deleted

📌 Reason for the change / Link to issue

As part of the bigger effort described in https://github.com/orgs/prompt-edu/discussions/683

🧪 How to Test

As a user with certificate data, request deletion.

As admin, ensure that the data from the certificat cpm was deleted

🖼️ Screenshots (if UI changes are included)

working deletion flow (ignore the deletion status page table, that's from an earlier test)

2026-07-14.at.21.37.34.mp4

✅ PR Checklist

  • Tested locally or on the dev environment
  • Code is clean, readable, and documented
  • Tests added or updated (if needed)
  • Screenshots attached for UI changes (if any)
  • Documentation updated (if relevant)

Summary by CodeRabbit

  • New Features
    • Added support for privacy data deletion in the certificate service.
    • Certificate download records can now be deleted for a specified student.
    • Enabled the service to advertise privacy deletion support.
    • Certificate download results are now ordered by first download time.

@JGStyle JGStyle self-assigned this Jul 12, 2026
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The certificate service adds student-scoped deletion of certificate download records, wires it into the privacy module, registers the deletion endpoint, and advertises privacy deletion support.

Changes

Certificate privacy deletion

Layer / File(s) Summary
Certificate download deletion storage
servers/certificate/db/query/certificate.sql, servers/certificate/db/sqlc/certificate.sql.go
Adds the SQL and generated Queries method for deleting certificate_download rows by student_id, while explicitly terminating the preceding query.
Privacy deletion wiring
servers/certificate/privacy/main.go, servers/certificate/privacy/service.go, servers/certificate/main.go
Registers privacy deletion after singleton initialization, adds the handler with a nil-student guard, and enables the privacy deletion capability.

Estimated code review effort: 2 (Simple) | ~10 minutes

Sequence Diagram(s)

sequenceDiagram
  participant PrivacyEndpoint
  participant PrivacyDataDeletionHandler
  participant Queries
  participant certificate_download
  PrivacyEndpoint->>PrivacyDataDeletionHandler: submit student privacy deletion
  PrivacyDataDeletionHandler->>Queries: DeleteCertificateDownloadsByStudentID(studentID)
  Queries->>certificate_download: delete rows by student_id
  certificate_download-->>Queries: return error or nil
Loading

Possibly related PRs

Suggested reviewers: mathildeshagl, rappm

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title is concise and accurately summarizes the main change: privacy deletion support for Certificate.
Description check ✅ Passed The description follows the template well, covering the change, reason, testing, screenshots, and checklist.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/gdpr-data-deletion-certificate

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@JGStyle JGStyle marked this pull request as ready for review July 12, 2026 08:36
@JGStyle JGStyle requested a review from a team July 12, 2026 08:36

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
servers/certificate/main.go (1)

114-121: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Register privacy endpoints on the required course-phase route.

InitPrivacyModule receives api instead of coursePhaseApi, so the newly advertised deletion endpoint is registered outside /api/course_phase/:coursePhaseID. Pass the required router group, or update the route contract and authentication wiring before enabling this capability.

Suggested fix
- privacy.InitPrivacyModule(api, *query, conn)
+ privacy.InitPrivacyModule(coursePhaseApi, *query, conn)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@servers/certificate/main.go` around lines 114 - 121, Update the
InitPrivacyModule call to receive coursePhaseApi so privacy deletion and export
endpoints are registered under /api/course_phase/:coursePhaseID with the
existing authentication wiring. Keep the advertised privacy capabilities
unchanged, and only alter the route contract if the required course-phase
routing and authentication are preserved.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@servers/certificate/main.go`:
- Around line 114-121: Update the InitPrivacyModule call to receive
coursePhaseApi so privacy deletion and export endpoints are registered under
/api/course_phase/:coursePhaseID with the existing authentication wiring. Keep
the advertised privacy capabilities unchanged, and only alter the route contract
if the required course-phase routing and authentication are preserved.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8982fb2c-83b1-4f0c-9e8e-f305c7b4889a

📥 Commits

Reviewing files that changed from the base of the PR and between 9178d5f and 0c54cdc.

📒 Files selected for processing (5)
  • servers/certificate/db/query/certificate.sql
  • servers/certificate/db/sqlc/certificate.sql.go
  • servers/certificate/main.go
  • servers/certificate/privacy/main.go
  • servers/certificate/privacy/service.go

@JGStyle

JGStyle commented Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

optimally merge #1747 first

@JGStyle JGStyle added the schau mi o Translation: Ready to review label Jul 14, 2026

@mathildeshagl mathildeshagl left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct and cleanly scoped, nice. 👍

Since we are currently integrating E2E tests into prompt, I think it would make sense to do this here as you go already, so we do not have to add them in a follow-up later on. @JGStyle

@JGStyle

JGStyle commented Jul 15, 2026

Copy link
Copy Markdown
Contributor Author

I tried to add end to end tests for the privacy features but wihtout the basic setup (from #1850) it's a little difficult to do all at once.
Maybe we actually can postpone to this to a separate PR :) ? → I would first add the setup from #1850 and then make sure all microservices implementing this are reached
@mathildeshagl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Component: Certificate schau mi o Translation: Ready to review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants