Fix #678 -- Data shredders for personally identifiable information (#817)

* Add data shredders for PII * First working shredder * Add more shredders * Add new shredders and download confirmation * tmp * PayPal, Stripe, banktransfer * Add icon to logs * Untested payment log shredders * Add waiting list shredder * First tests * Add tests for shredders * Improve templats, link to shredder * Test payment info shredders * More tests * Documentation * Fix enabled flag in payment provider overview * Fix minor issues
2026-05-05 15:14:04 +00:00 · 2018-05-02 15:59:59 +02:00
parent 335838f2b2
commit 7bccd62a4f
41 changed files with 1728 additions and 21 deletions
--- a/src/pretix/plugins/paypal/payment.py
+++ b/src/pretix/plugins/paypal/payment.py
@@ -398,3 +398,23 @@ class Paypal(BasePaymentProvider):
        })
        request.session['payment_paypal_order'] = order.pk
        return self._create_payment(request, payment)
+
+    def shred_payment_info(self, order: Order):
+        d = json.loads(order.payment_info)
+        new = {
+            'id': d.get('id'),
+            'payer': {
+                'payer_info': {
+                    'email': '█'
+                }
+            },
+            'update_time': d.get('update_time'),
+            'transactions': [
+                {
+                    'amount': t.get('amount')
+                } for t in d.get('transactions', [])
+            ],
+            '_shredded': True
+        }
+        order.payment_info = json.dumps(new)
+        order.save(update_fields=['payment_info'])
--- a/src/pretix/plugins/paypal/signals.py
+++ b/src/pretix/plugins/paypal/signals.py
@@ -4,8 +4,10 @@ from django.dispatch import receiver
 from django.template.loader import get_template
 from django.utils.translation import ugettext_lazy as _

+from pretix.base.shredder import BaseDataShredder
 from pretix.base.signals import (
-    logentry_display, register_payment_providers, requiredaction_display,
+    logentry_display, register_data_shredders, register_payment_providers,
+    requiredaction_display,
 )


@@ -53,3 +55,32 @@ def pretixcontrol_action_display(sender, action, request, **kwargs):

    ctx = {'data': data, 'event': sender, 'action': action}
    return template.render(ctx, request)
+
+
+class PaymentLogsShredder(BaseDataShredder):
+    verbose_name = _('PayPal payment history')
+    identifier = 'paypal_logs'
+    description = _('This will remove payment-related history information. No download will be offered.')
+
+    def generate_files(self):
+        pass
+
+    def shred_data(self):
+        for le in self.event.logentry_set.filter(action_type="pretix.plugins.paypal.event").exclude(data=""):
+            d = le.parsed_data
+            if 'resource' in d:
+                d['resource'] = {
+                    'id': d['resource'].get('id'),
+                    'sale_id': d['resource'].get('sale_id'),
+                    'parent_payment': d['resource'].get('parent_payment'),
+                }
+            le.data = json.dumps(d)
+            le.shredded = True
+            le.save(update_fields=['data', 'shredded'])
+
+
+@receiver(register_data_shredders, dispatch_uid="paypal_shredders")
+def register_shredder(sender, **kwargs):
+    return [
+        PaymentLogsShredder,
+    ]