Benjamin Admin
965af3a34c
F5: A/B Testing for Consent Rate - Migration 116: banner_variants table + variant tracking in audit log - BannerABService: deterministic sticky bucketing via device hash, chi-squared significance testing, variant CRUD - banner_ab_routes: 6 endpoints (CRUD + stats + assign) - ABTestPanel.tsx: variant creation, traffic sliders, opt-in comparison chart with winner/significance badges - New "A/B-Test" tab in cookie-banner page F8: Compliance Report PDF - CompliancePDFGenerator: reportlab-based A4 PDF covering all modules (Company Profile, TOM, VVT, DSFA, Risks, Vendors, Incidents, Reviews, Consents, Roles) - compliance_report_routes: GET /compliance/report/pdf - "Compliance-Report herunterladen" button on SDK dashboard [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
217 lines
9.6 KiB
Python
217 lines
9.6 KiB
Python
"""
|
|
Compliance Report PDF Generator — generates a comprehensive A4 PDF
|
|
covering all compliance modules for a project.
|
|
|
|
Uses reportlab (same as audit_pdf_generator.py).
|
|
"""
|
|
|
|
import io
|
|
import logging
|
|
from datetime import datetime, timezone
|
|
from typing import Any
|
|
|
|
from reportlab.lib import colors
|
|
from reportlab.lib.pagesizes import A4
|
|
from reportlab.lib.styles import getSampleStyleSheet, ParagraphStyle
|
|
from reportlab.lib.units import mm
|
|
from reportlab.platypus import (
|
|
SimpleDocTemplate, Paragraph, Spacer, Table, TableStyle, PageBreak,
|
|
)
|
|
from sqlalchemy import text
|
|
from sqlalchemy.orm import Session
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
# Colors
|
|
PURPLE = colors.HexColor("#7c3aed")
|
|
LIGHT_PURPLE = colors.HexColor("#f5f3ff")
|
|
GRAY = colors.HexColor("#6b7280")
|
|
GREEN = colors.HexColor("#16a34a")
|
|
RED = colors.HexColor("#dc2626")
|
|
YELLOW = colors.HexColor("#ca8a04")
|
|
|
|
|
|
def _styles():
|
|
ss = getSampleStyleSheet()
|
|
ss.add(ParagraphStyle("Title2", parent=ss["Title"], fontSize=24, textColor=PURPLE, spaceAfter=6))
|
|
ss.add(ParagraphStyle("Section", parent=ss["Heading2"], fontSize=14, textColor=PURPLE, spaceBefore=12, spaceAfter=6))
|
|
ss.add(ParagraphStyle("Body2", parent=ss["Normal"], fontSize=10, leading=14, spaceAfter=4))
|
|
ss.add(ParagraphStyle("Small", parent=ss["Normal"], fontSize=8, textColor=GRAY))
|
|
return ss
|
|
|
|
|
|
class CompliancePDFGenerator:
|
|
"""Generates a full compliance status report as PDF."""
|
|
|
|
def __init__(self, db: Session) -> None:
|
|
self.db = db
|
|
|
|
def generate(self, tenant_id: str, project_id: str | None = None, language: str = "de") -> tuple[bytes, str]:
|
|
buf = io.BytesIO()
|
|
doc = SimpleDocTemplate(buf, pagesize=A4, leftMargin=20 * mm, rightMargin=20 * mm, topMargin=25 * mm, bottomMargin=20 * mm)
|
|
ss = _styles()
|
|
story: list = []
|
|
|
|
now = datetime.now(timezone.utc)
|
|
story.append(Paragraph("Compliance-Report", ss["Title2"]))
|
|
story.append(Paragraph(f"Stand: {now.strftime('%d.%m.%Y %H:%M')} UTC", ss["Small"]))
|
|
story.append(Spacer(1, 10 * mm))
|
|
|
|
# Company Profile
|
|
self._add_company_section(story, ss, tenant_id, project_id)
|
|
# TOM
|
|
self._add_count_section(story, ss, "TOM (Technisch-Organisatorische Massnahmen)",
|
|
"compliance_toms", tenant_id)
|
|
# VVT
|
|
self._add_count_section(story, ss, "VVT (Verarbeitungstaetigkeiten)",
|
|
"compliance_vvt_activities", tenant_id)
|
|
# DSFA
|
|
self._add_count_section(story, ss, "Datenschutz-Folgenabschaetzungen",
|
|
"compliance_dsfa_assessments", tenant_id)
|
|
# Risks
|
|
self._add_risk_section(story, ss, tenant_id)
|
|
# Vendors
|
|
self._add_count_section(story, ss, "Auftragsverarbeiter",
|
|
"compliance_vendor_assessments", tenant_id)
|
|
# Incidents
|
|
self._add_count_section(story, ss, "Datenschutz-Vorfaelle",
|
|
"compliance_notfallplan_incidents", tenant_id)
|
|
# Document Reviews
|
|
self._add_review_section(story, ss, tenant_id)
|
|
# Banner Consents
|
|
self._add_consent_section(story, ss, tenant_id)
|
|
# Org Roles
|
|
self._add_role_section(story, ss, tenant_id, project_id)
|
|
# Footer
|
|
story.append(Spacer(1, 15 * mm))
|
|
story.append(Paragraph("Erstellt mit BreakPilot Compliance SDK", ss["Small"]))
|
|
|
|
doc.build(story)
|
|
filename = f"compliance-report-{now.strftime('%Y%m%d')}.pdf"
|
|
return buf.getvalue(), filename
|
|
|
|
def _add_company_section(self, story, ss, tid, pid):
|
|
story.append(Paragraph("Unternehmensprofil", ss["Section"]))
|
|
try:
|
|
where = "tenant_id = :tid"
|
|
params: dict[str, Any] = {"tid": tid}
|
|
if pid:
|
|
where += " AND project_id = :pid"
|
|
params["pid"] = pid
|
|
row = self.db.execute(text(f"SELECT * FROM compliance_company_profiles WHERE {where} LIMIT 1"), params).fetchone()
|
|
if row:
|
|
d = dict(row._mapping)
|
|
data = [
|
|
["Feld", "Wert"],
|
|
["Firma", d.get("company_name", "-")],
|
|
["Branche", d.get("industry", "-")],
|
|
["Rechtsform", d.get("legal_form", "-")],
|
|
["Mitarbeiter", str(d.get("employee_count", "-"))],
|
|
]
|
|
t = Table(data, colWidths=[60 * mm, 100 * mm])
|
|
t.setStyle(TableStyle([
|
|
("BACKGROUND", (0, 0), (-1, 0), LIGHT_PURPLE),
|
|
("TEXTCOLOR", (0, 0), (-1, 0), PURPLE),
|
|
("FONTSIZE", (0, 0), (-1, -1), 9),
|
|
("GRID", (0, 0), (-1, -1), 0.5, colors.lightgrey),
|
|
("VALIGN", (0, 0), (-1, -1), "TOP"),
|
|
]))
|
|
story.append(t)
|
|
else:
|
|
story.append(Paragraph("Kein Unternehmensprofil hinterlegt.", ss["Body2"]))
|
|
except Exception as e:
|
|
story.append(Paragraph(f"Fehler beim Laden: {e}", ss["Small"]))
|
|
story.append(Spacer(1, 5 * mm))
|
|
|
|
def _add_count_section(self, story, ss, title, table_name, tid):
|
|
story.append(Paragraph(title, ss["Section"]))
|
|
try:
|
|
count = self.db.execute(text(f"SELECT COUNT(*) FROM {table_name} WHERE tenant_id = :tid"), {"tid": tid}).scalar()
|
|
story.append(Paragraph(f"Eintraege: <b>{count or 0}</b>", ss["Body2"]))
|
|
except Exception:
|
|
story.append(Paragraph("Tabelle nicht vorhanden oder leer.", ss["Small"]))
|
|
story.append(Spacer(1, 3 * mm))
|
|
|
|
def _add_risk_section(self, story, ss, tid):
|
|
story.append(Paragraph("Risikobewertung", ss["Section"]))
|
|
try:
|
|
q = text("""
|
|
SELECT severity, COUNT(*) as cnt FROM compliance_risks
|
|
WHERE tenant_id = :tid GROUP BY severity ORDER BY severity
|
|
""")
|
|
rows = self.db.execute(q, {"tid": tid}).fetchall()
|
|
if rows:
|
|
data = [["Schweregrad", "Anzahl"]]
|
|
for r in rows:
|
|
data.append([r.severity or "UNKNOWN", str(r.cnt)])
|
|
t = Table(data, colWidths=[80 * mm, 40 * mm])
|
|
t.setStyle(TableStyle([
|
|
("BACKGROUND", (0, 0), (-1, 0), LIGHT_PURPLE),
|
|
("TEXTCOLOR", (0, 0), (-1, 0), PURPLE),
|
|
("FONTSIZE", (0, 0), (-1, -1), 9),
|
|
("GRID", (0, 0), (-1, -1), 0.5, colors.lightgrey),
|
|
]))
|
|
story.append(t)
|
|
else:
|
|
story.append(Paragraph("Keine Risiken erfasst.", ss["Body2"]))
|
|
except Exception:
|
|
story.append(Paragraph("Risiko-Tabelle nicht vorhanden.", ss["Small"]))
|
|
story.append(Spacer(1, 3 * mm))
|
|
|
|
def _add_review_section(self, story, ss, tid):
|
|
story.append(Paragraph("Dokumenten-Reviews", ss["Section"]))
|
|
try:
|
|
q = text("SELECT status, COUNT(*) as cnt FROM compliance_document_reviews WHERE tenant_id = :tid GROUP BY status")
|
|
rows = self.db.execute(q, {"tid": tid}).fetchall()
|
|
if rows:
|
|
data = [["Status", "Anzahl"]]
|
|
for r in rows:
|
|
data.append([r.status, str(r.cnt)])
|
|
t = Table(data, colWidths=[80 * mm, 40 * mm])
|
|
t.setStyle(TableStyle([
|
|
("BACKGROUND", (0, 0), (-1, 0), LIGHT_PURPLE),
|
|
("FONTSIZE", (0, 0), (-1, -1), 9),
|
|
("GRID", (0, 0), (-1, -1), 0.5, colors.lightgrey),
|
|
]))
|
|
story.append(t)
|
|
else:
|
|
story.append(Paragraph("Keine Reviews vorhanden.", ss["Body2"]))
|
|
except Exception:
|
|
story.append(Paragraph("Review-Tabelle nicht vorhanden.", ss["Small"]))
|
|
story.append(Spacer(1, 3 * mm))
|
|
|
|
def _add_consent_section(self, story, ss, tid):
|
|
story.append(Paragraph("Banner-Consents", ss["Section"]))
|
|
try:
|
|
count = self.db.execute(text("SELECT COUNT(*) FROM compliance_banner_consents WHERE tenant_id = :tid"), {"tid": tid}).scalar()
|
|
story.append(Paragraph(f"Gesamte Consents: <b>{count or 0}</b>", ss["Body2"]))
|
|
except Exception:
|
|
story.append(Paragraph("Banner-Tabelle nicht vorhanden.", ss["Small"]))
|
|
story.append(Spacer(1, 3 * mm))
|
|
|
|
def _add_role_section(self, story, ss, tid, pid):
|
|
story.append(Paragraph("Rollenkonzept", ss["Section"]))
|
|
try:
|
|
where = "tenant_id = :tid"
|
|
params: dict[str, Any] = {"tid": tid}
|
|
if pid:
|
|
where += " AND (project_id = :pid OR project_id IS NULL)"
|
|
params["pid"] = pid
|
|
rows = self.db.execute(text(f"SELECT role_key, role_label, person_name, person_email FROM compliance_org_roles WHERE {where} ORDER BY role_key"), params).fetchall()
|
|
if rows:
|
|
data = [["Rolle", "Name", "E-Mail"]]
|
|
for r in rows:
|
|
data.append([r.role_label or r.role_key, r.person_name or "-", r.person_email or "-"])
|
|
t = Table(data, colWidths=[60 * mm, 50 * mm, 50 * mm])
|
|
t.setStyle(TableStyle([
|
|
("BACKGROUND", (0, 0), (-1, 0), LIGHT_PURPLE),
|
|
("TEXTCOLOR", (0, 0), (-1, 0), PURPLE),
|
|
("FONTSIZE", (0, 0), (-1, -1), 9),
|
|
("GRID", (0, 0), (-1, -1), 0.5, colors.lightgrey),
|
|
]))
|
|
story.append(t)
|
|
else:
|
|
story.append(Paragraph("Keine Rollen zugewiesen.", ss["Body2"]))
|
|
except Exception:
|
|
story.append(Paragraph("Rollen-Tabelle nicht vorhanden.", ss["Small"]))
|