refactor(backend/api): extract DSFA schemas + services (Step 4 — file 14 of 18)

- Create compliance/schemas/dsfa.py (161 LOC) — extract DSFACreate, DSFAUpdate, DSFAStatusUpdate, DSFASectionUpdate, DSFAApproveRequest - Create compliance/services/dsfa_service.py (386 LOC) — CRUD + helpers + stats + audit-log + CSV export; uses domain errors - Create compliance/services/dsfa_workflow_service.py (347 LOC) — status update, section update, submit-for-review, approve, export JSON, versions - Rewrite compliance/api/dsfa_routes.py (339 LOC) as thin handlers with Depends + translate_domain_errors(); re-export legacy symbols via __all__ - Add [mypy-compliance.api.dsfa_routes] ignore_errors = False to mypy.ini - Update tests: 422 -> 400 for domain ValidationError (6 assertions) - Regenerate OpenAPI baseline (360 paths / 484 operations — unchanged) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 19:20:48 +02:00
parent 6658776610
commit ae008d7d25
7 changed files with 1359 additions and 999 deletions
--- a/backend-compliance/compliance/schemas/dsfa.py
+++ b/backend-compliance/compliance/schemas/dsfa.py
@@ -0,0 +1,161 @@
+"""
+DSFA — Datenschutz-Folgenabschaetzung schemas (Art. 35 DSGVO).
+
+Phase 1 Step 4: extracted from ``compliance.api.dsfa_routes``.
+"""
+
+from typing import List, Optional
+
+from pydantic import BaseModel
+
+
+class DSFACreate(BaseModel):
+    title: str
+    description: str = ""
+    status: str = "draft"
+    risk_level: str = "low"
+    processing_activity: str = ""
+    data_categories: List[str] = []
+    recipients: List[str] = []
+    measures: List[str] = []
+    created_by: str = "system"
+    # Section 1
+    processing_description: Optional[str] = None
+    processing_purpose: Optional[str] = None
+    legal_basis: Optional[str] = None
+    legal_basis_details: Optional[str] = None
+    # Section 2
+    necessity_assessment: Optional[str] = None
+    proportionality_assessment: Optional[str] = None
+    data_minimization: Optional[str] = None
+    alternatives_considered: Optional[str] = None
+    retention_justification: Optional[str] = None
+    # Section 3
+    involves_ai: Optional[bool] = None
+    overall_risk_level: Optional[str] = None
+    risk_score: Optional[int] = None
+    # Section 6
+    dpo_consulted: Optional[bool] = None
+    dpo_name: Optional[str] = None
+    dpo_opinion: Optional[str] = None
+    dpo_approved: Optional[bool] = None
+    authority_consulted: Optional[bool] = None
+    authority_reference: Optional[str] = None
+    authority_decision: Optional[str] = None
+    # Metadata
+    version: Optional[int] = None
+    conclusion: Optional[str] = None
+    federal_state: Optional[str] = None
+    authority_resource_id: Optional[str] = None
+    submitted_by: Optional[str] = None
+    # JSONB Arrays
+    data_subjects: Optional[List[str]] = None
+    affected_rights: Optional[List[str]] = None
+    triggered_rule_codes: Optional[List[str]] = None
+    ai_trigger_ids: Optional[List[str]] = None
+    wp248_criteria_met: Optional[List[str]] = None
+    art35_abs3_triggered: Optional[List[str]] = None
+    tom_references: Optional[List[str]] = None
+    risks: Optional[List[dict]] = None  # type: ignore[type-arg]
+    mitigations: Optional[List[dict]] = None  # type: ignore[type-arg]
+    stakeholder_consultations: Optional[List[dict]] = None  # type: ignore[type-arg]
+    review_triggers: Optional[List[dict]] = None  # type: ignore[type-arg]
+    review_comments: Optional[List[dict]] = None  # type: ignore[type-arg]
+    ai_use_case_modules: Optional[List[dict]] = None  # type: ignore[type-arg]
+    section_8_complete: Optional[bool] = None
+    # JSONB Objects
+    threshold_analysis: Optional[dict] = None  # type: ignore[type-arg]
+    consultation_requirement: Optional[dict] = None  # type: ignore[type-arg]
+    review_schedule: Optional[dict] = None  # type: ignore[type-arg]
+    section_progress: Optional[dict] = None  # type: ignore[type-arg]
+    metadata: Optional[dict] = None  # type: ignore[type-arg]
+
+
+class DSFAUpdate(BaseModel):
+    title: Optional[str] = None
+    description: Optional[str] = None
+    status: Optional[str] = None
+    risk_level: Optional[str] = None
+    processing_activity: Optional[str] = None
+    data_categories: Optional[List[str]] = None
+    recipients: Optional[List[str]] = None
+    measures: Optional[List[str]] = None
+    approved_by: Optional[str] = None
+    # Section 1
+    processing_description: Optional[str] = None
+    processing_purpose: Optional[str] = None
+    legal_basis: Optional[str] = None
+    legal_basis_details: Optional[str] = None
+    # Section 2
+    necessity_assessment: Optional[str] = None
+    proportionality_assessment: Optional[str] = None
+    data_minimization: Optional[str] = None
+    alternatives_considered: Optional[str] = None
+    retention_justification: Optional[str] = None
+    # Section 3
+    involves_ai: Optional[bool] = None
+    overall_risk_level: Optional[str] = None
+    risk_score: Optional[int] = None
+    # Section 6
+    dpo_consulted: Optional[bool] = None
+    dpo_name: Optional[str] = None
+    dpo_opinion: Optional[str] = None
+    dpo_approved: Optional[bool] = None
+    authority_consulted: Optional[bool] = None
+    authority_reference: Optional[str] = None
+    authority_decision: Optional[str] = None
+    # Metadata
+    version: Optional[int] = None
+    conclusion: Optional[str] = None
+    federal_state: Optional[str] = None
+    authority_resource_id: Optional[str] = None
+    submitted_by: Optional[str] = None
+    # JSONB Arrays
+    data_subjects: Optional[List[str]] = None
+    affected_rights: Optional[List[str]] = None
+    triggered_rule_codes: Optional[List[str]] = None
+    ai_trigger_ids: Optional[List[str]] = None
+    wp248_criteria_met: Optional[List[str]] = None
+    art35_abs3_triggered: Optional[List[str]] = None
+    tom_references: Optional[List[str]] = None
+    risks: Optional[List[dict]] = None  # type: ignore[type-arg]
+    mitigations: Optional[List[dict]] = None  # type: ignore[type-arg]
+    stakeholder_consultations: Optional[List[dict]] = None  # type: ignore[type-arg]
+    review_triggers: Optional[List[dict]] = None  # type: ignore[type-arg]
+    review_comments: Optional[List[dict]] = None  # type: ignore[type-arg]
+    ai_use_case_modules: Optional[List[dict]] = None  # type: ignore[type-arg]
+    section_8_complete: Optional[bool] = None
+    # JSONB Objects
+    threshold_analysis: Optional[dict] = None  # type: ignore[type-arg]
+    consultation_requirement: Optional[dict] = None  # type: ignore[type-arg]
+    review_schedule: Optional[dict] = None  # type: ignore[type-arg]
+    section_progress: Optional[dict] = None  # type: ignore[type-arg]
+    metadata: Optional[dict] = None  # type: ignore[type-arg]
+
+
+class DSFAStatusUpdate(BaseModel):
+    status: str
+    approved_by: Optional[str] = None
+
+
+class DSFASectionUpdate(BaseModel):
+    """Body for PUT /dsfa/{id}/sections/{section_number}."""
+    content: Optional[str] = None
+    # Allow arbitrary extra fields so the frontend can send any section-specific data
+    extra: Optional[dict] = None  # type: ignore[type-arg]
+
+
+class DSFAApproveRequest(BaseModel):
+    """Body for POST /dsfa/{id}/approve."""
+    approved: bool
+    comments: Optional[str] = None
+    approved_by: Optional[str] = None
+
+
+__all__ = [
+    "DSFACreate",
+    "DSFAUpdate",
+    "DSFAStatusUpdate",
+    "DSFASectionUpdate",
+    "DSFAApproveRequest",
+]