| Version 5 (modified by , 7 years ago) ( diff ) |
|---|
S3Anonymize
S3Anonymize is a tool to remove sensitive information from a record (and related records) based on configurable rules.
Overview
S3Anonymize removes information from a record (and related records) based on rules. It is primarily intended for person data, but can be re-used for any type of record.
Configuring Rules
Rules are configured using s3db.configure for the target table. The rules format looks like this:
s3db.configure("pr_person",
anonymize = {# A name and title for the rule set:
"name": "default",
"title": "Names, IDs, Reference Numbers, Contact Information, Addresses",
# Rules how to clean up fields in the master record:
"fields": {"first_name": ("set", "-"), # Set field to this value
"last_name": ("set", "-"),
"pe_label": anonymous_id, # Callable returning a new field value
"date_of_birth": obscure_dob,
"comments": "remove", # Set field value to None
},
# Rules for related records:
"cascade": [("dvr_case", {"key": "person_id", # Foreign key in the related table
"match": "id", # Match this key of the parent table
# Field rules for the related table
"fields": {"comments": "remove",
},
}),
("pr_contact", {"key": "pe_id",
"match": "pe_id",
"fields": {"contact_description": "remove",
"value": ("set", ""),
"comments": "remove",
},
"delete": True, # Delete the related records after cleanup (default False)
}),
],
},
)
- in cascading rules, the
key+matchproperties can be replaced by alookupproperty to configure a callable with the signaturelookup(table, rows, tablename)that returns a set of relevant record IDs in the related table
- standard field rules are:
"remove"sets the field value to None"reset"sets the field value to the field default("set", value)sets the field value to the specified value
- field rules can also be callables with the signature
rule(master_id, field, current_value)that return the new value for the field - field rules must produce valid records (i.e. the resulting value must pass database constraints and validators)
- after applying field rules, S3Anonymize will execute
update_superandonacceptlike any other CRUD method - records in related tables will additionally be deleted if
"delete": Trueis specified (which makes sense if the field rules remove all useful information from those records anyway) - if cascading records are to be deleted, this will additionally execute
ondelete(as last step)
Instead of a single set of rules, it is possible to configure multiple rule sets as list:
s3db.configure("pr_person",
anonymize = [{...first rule set...}, {...second rule set...}],
)
...each with its own name and title. These rule sets will later be selectable in the GUI, so that the user can choose to only remove some, but not other data from the record (see screenshot below).
GUI and REST Method
S3AnonymizeWidget
To embed S3Anonymize in the GUI, it comes with a special widget class S3AnonymizeWidget and a UI script (s3.ui.anonymize.js).
S3AnonymizeWidget produces an action button/link (with a hidden dialog) that can be embedded in the record view (e.g. in postp in place of the delete-button):
def postp(r, output):
if r.record and not r.component and r.method in (None, "update", "read") and isinstance(output, dict):
buttons = output.get("buttons") or {}
from s3 import S3AnonymizeWidget
buttons["delete_btn"] = S3AnonymizeWidget.widget(r, _class="action-btn anonymize-btn")
output["buttons"] = buttons
return output
The _class parameter can be used to control the appearance of the link. The widget function will automatically embed the UI dialog and script, and authorize the link.
Clicking on the link brings up a dialog like this:
In this dialog, the user can choose all or some of the configured rule sets, then confirm the action and submit the form.
Back-end Function
Attachments (1)
- s3anonymize.png (62.8 KB ) - added by 7 years ago.
Download all attachments as: .zip
