ae008d7d25
- Create compliance/schemas/dsfa.py (161 LOC) — extract DSFACreate, DSFAUpdate, DSFAStatusUpdate, DSFASectionUpdate, DSFAApproveRequest - Create compliance/services/dsfa_service.py (386 LOC) — CRUD + helpers + stats + audit-log + CSV export; uses domain errors - Create compliance/services/dsfa_workflow_service.py (347 LOC) — status update, section update, submit-for-review, approve, export JSON, versions - Rewrite compliance/api/dsfa_routes.py (339 LOC) as thin handlers with Depends + translate_domain_errors(); re-export legacy symbols via __all__ - Add [mypy-compliance.api.dsfa_routes] ignore_errors = False to mypy.ini - Update tests: 422 -> 400 for domain ValidationError (6 assertions) - Regenerate OpenAPI baseline (360 paths / 484 operations — unchanged) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
162 lines
6.1 KiB
Python
162 lines
6.1 KiB
Python
"""
|
|
DSFA — Datenschutz-Folgenabschaetzung schemas (Art. 35 DSGVO).
|
|
|
|
Phase 1 Step 4: extracted from ``compliance.api.dsfa_routes``.
|
|
"""
|
|
|
|
from typing import List, Optional
|
|
|
|
from pydantic import BaseModel
|
|
|
|
|
|
class DSFACreate(BaseModel):
|
|
title: str
|
|
description: str = ""
|
|
status: str = "draft"
|
|
risk_level: str = "low"
|
|
processing_activity: str = ""
|
|
data_categories: List[str] = []
|
|
recipients: List[str] = []
|
|
measures: List[str] = []
|
|
created_by: str = "system"
|
|
# Section 1
|
|
processing_description: Optional[str] = None
|
|
processing_purpose: Optional[str] = None
|
|
legal_basis: Optional[str] = None
|
|
legal_basis_details: Optional[str] = None
|
|
# Section 2
|
|
necessity_assessment: Optional[str] = None
|
|
proportionality_assessment: Optional[str] = None
|
|
data_minimization: Optional[str] = None
|
|
alternatives_considered: Optional[str] = None
|
|
retention_justification: Optional[str] = None
|
|
# Section 3
|
|
involves_ai: Optional[bool] = None
|
|
overall_risk_level: Optional[str] = None
|
|
risk_score: Optional[int] = None
|
|
# Section 6
|
|
dpo_consulted: Optional[bool] = None
|
|
dpo_name: Optional[str] = None
|
|
dpo_opinion: Optional[str] = None
|
|
dpo_approved: Optional[bool] = None
|
|
authority_consulted: Optional[bool] = None
|
|
authority_reference: Optional[str] = None
|
|
authority_decision: Optional[str] = None
|
|
# Metadata
|
|
version: Optional[int] = None
|
|
conclusion: Optional[str] = None
|
|
federal_state: Optional[str] = None
|
|
authority_resource_id: Optional[str] = None
|
|
submitted_by: Optional[str] = None
|
|
# JSONB Arrays
|
|
data_subjects: Optional[List[str]] = None
|
|
affected_rights: Optional[List[str]] = None
|
|
triggered_rule_codes: Optional[List[str]] = None
|
|
ai_trigger_ids: Optional[List[str]] = None
|
|
wp248_criteria_met: Optional[List[str]] = None
|
|
art35_abs3_triggered: Optional[List[str]] = None
|
|
tom_references: Optional[List[str]] = None
|
|
risks: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
mitigations: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
stakeholder_consultations: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
review_triggers: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
review_comments: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
ai_use_case_modules: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
section_8_complete: Optional[bool] = None
|
|
# JSONB Objects
|
|
threshold_analysis: Optional[dict] = None # type: ignore[type-arg]
|
|
consultation_requirement: Optional[dict] = None # type: ignore[type-arg]
|
|
review_schedule: Optional[dict] = None # type: ignore[type-arg]
|
|
section_progress: Optional[dict] = None # type: ignore[type-arg]
|
|
metadata: Optional[dict] = None # type: ignore[type-arg]
|
|
|
|
|
|
class DSFAUpdate(BaseModel):
|
|
title: Optional[str] = None
|
|
description: Optional[str] = None
|
|
status: Optional[str] = None
|
|
risk_level: Optional[str] = None
|
|
processing_activity: Optional[str] = None
|
|
data_categories: Optional[List[str]] = None
|
|
recipients: Optional[List[str]] = None
|
|
measures: Optional[List[str]] = None
|
|
approved_by: Optional[str] = None
|
|
# Section 1
|
|
processing_description: Optional[str] = None
|
|
processing_purpose: Optional[str] = None
|
|
legal_basis: Optional[str] = None
|
|
legal_basis_details: Optional[str] = None
|
|
# Section 2
|
|
necessity_assessment: Optional[str] = None
|
|
proportionality_assessment: Optional[str] = None
|
|
data_minimization: Optional[str] = None
|
|
alternatives_considered: Optional[str] = None
|
|
retention_justification: Optional[str] = None
|
|
# Section 3
|
|
involves_ai: Optional[bool] = None
|
|
overall_risk_level: Optional[str] = None
|
|
risk_score: Optional[int] = None
|
|
# Section 6
|
|
dpo_consulted: Optional[bool] = None
|
|
dpo_name: Optional[str] = None
|
|
dpo_opinion: Optional[str] = None
|
|
dpo_approved: Optional[bool] = None
|
|
authority_consulted: Optional[bool] = None
|
|
authority_reference: Optional[str] = None
|
|
authority_decision: Optional[str] = None
|
|
# Metadata
|
|
version: Optional[int] = None
|
|
conclusion: Optional[str] = None
|
|
federal_state: Optional[str] = None
|
|
authority_resource_id: Optional[str] = None
|
|
submitted_by: Optional[str] = None
|
|
# JSONB Arrays
|
|
data_subjects: Optional[List[str]] = None
|
|
affected_rights: Optional[List[str]] = None
|
|
triggered_rule_codes: Optional[List[str]] = None
|
|
ai_trigger_ids: Optional[List[str]] = None
|
|
wp248_criteria_met: Optional[List[str]] = None
|
|
art35_abs3_triggered: Optional[List[str]] = None
|
|
tom_references: Optional[List[str]] = None
|
|
risks: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
mitigations: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
stakeholder_consultations: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
review_triggers: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
review_comments: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
ai_use_case_modules: Optional[List[dict]] = None # type: ignore[type-arg]
|
|
section_8_complete: Optional[bool] = None
|
|
# JSONB Objects
|
|
threshold_analysis: Optional[dict] = None # type: ignore[type-arg]
|
|
consultation_requirement: Optional[dict] = None # type: ignore[type-arg]
|
|
review_schedule: Optional[dict] = None # type: ignore[type-arg]
|
|
section_progress: Optional[dict] = None # type: ignore[type-arg]
|
|
metadata: Optional[dict] = None # type: ignore[type-arg]
|
|
|
|
|
|
class DSFAStatusUpdate(BaseModel):
|
|
status: str
|
|
approved_by: Optional[str] = None
|
|
|
|
|
|
class DSFASectionUpdate(BaseModel):
|
|
"""Body for PUT /dsfa/{id}/sections/{section_number}."""
|
|
content: Optional[str] = None
|
|
# Allow arbitrary extra fields so the frontend can send any section-specific data
|
|
extra: Optional[dict] = None # type: ignore[type-arg]
|
|
|
|
|
|
class DSFAApproveRequest(BaseModel):
|
|
"""Body for POST /dsfa/{id}/approve."""
|
|
approved: bool
|
|
comments: Optional[str] = None
|
|
approved_by: Optional[str] = None
|
|
|
|
|
|
__all__ = [
|
|
"DSFACreate",
|
|
"DSFAUpdate",
|
|
"DSFAStatusUpdate",
|
|
"DSFASectionUpdate",
|
|
"DSFAApproveRequest",
|
|
]
|