mogilvie / gdprbundle Goto Github PK

Hello,

Is there a way to query on an encrypted data ?...
For example, I want to encrypt the firstname of the User Entity. But I still want to be able to query on it. How can we do that ?

Even if the data is not encrypted, how can we query on Personal Data field ? Do we have to reset all the options of the Personal Data field before passing the parameter to the findOneBy function ? Like this :

// App\Entity\User.php
/**
* @ORM\Column(type="personal_data", length=256, options={
*     "format"="STRING",
*     "isSensitive"=false,
*     "isEncrypted"=true,
*     "idMethod"="DIRECT",
*     "basisOfCollection"="LEGITIMATE_INTEREST",
*     "identifiableBy"="Can be used to identify an individual if compared with third party database",
*     "providedBy"="The employee, the employer",
*     "purposeFor"="Used to identify the user and contact",
*     "retainFor"="P6Y",
*     "disposeBy"="ANONYMISE",
*     "methodOfReceipt"={"HTTP"},
*     "receiptProtection"={"TSS"},
*     "methodOfReturn"={"HTTP"},
*     "returnProtection"={"TSS"}
* })
*
* @GdprAssert\PersonalData({
*     @Assert\NotBlank
* })
*/
private $firstName;

// App\Controller\DefaultController.php
$firstname = new PersonalData();
$firstname->setData($encryptor->encrypt('John'))
    ->setFormat(PersonalData::FORMAT_STRING)
    ->setIsSensitive(true)
    ->setIsEncrypted(true)
    ->setIdMethod(PersonalData::ID_METHOD_DIRECT)
    ->setBasisOfCollection(PersonalData::BASIS_LEGITIMATE_INTEREST)
    ->setIdentifiableBy('Can be used to identify an individual if compared with third party database')
;

$protectedUser = $em->getRepository(User::class)
    ->setEncryptor($encryptor)
    ->findOneBy([ 'firstName' => $firstname ]);

Thanks.
Greetings.

Matthieu

Hi,

Do you have any plans to implement symfony 4 support?

Best regards,
Michal

I've started work on the disposer command, which the intention is to have run by cron to a schedule of the users choosing.

The basic structure of the disposer is there, as are some common disposer types.

I'm trying to decide how to reduce the amount of records that need to be scanned for expiry, the process could be resource intensive for large data sets, if you have to open each PersonalData type to check the creation date and the retention period.

Hi,

After failing at update command.

At first the command failed without having created a column gdpr_temp_password in the target entity.

Then comes an error message telling me about invalid keys :

I notice that the command import as as typo in naming from an array keys at

line 218 :

$personalData = $result['originalData'];

line 350 :

$personalData = $result['newPersonalData'];

Fixed with small caps as awaited.

line 218 :

$personalData = $result['originaldata'];

line 350 :

$personalData = $result['newpersonaldata'];

Greetings.

Gérard

Hi,
when I can expect support on ODM?

GdprSubscriber.php:188

1. It is onInsert subscriber, in this context we don't have entity id yet.
2. entity id it integer value, $this->encryptData wait string.

Order.php:154, App\Entity\Order->getId()
GdprSubscriber.php:188, SpecShaper\GdprBundle\Subscribers\GdprSubscriber->onInsert()
GdprSubscriber.php:152, SpecShaper\GdprBundle\Subscribers\GdprSubscriber->onFlush()
ContainerAwareEventManager.php:63, Symfony\Bridge\Doctrine\ContainerAwareEventManager->dispatchEvent()
UnitOfWork.php:3733, Doctrine\ORM\UnitOfWork->dispatchOnFlushEvent()
UnitOfWork.php:424, Doctrine\ORM\UnitOfWork->commit()
EntityManager.php:403, Doctrine\ORM\EntityManager->flush()
OrderRepository.php:94, App\Repository\OrderRepository->save()
ApiController.php:70, App\Controller\ApiController->orderSetup()
HttpKernel.php:181, Symfony\Component\HttpKernel\HttpKernel->handleRaw()
HttpKernel.php:76, Symfony\Component\HttpKernel\HttpKernel->handle()
Kernel.php:197, Symfony\Component\HttpKernel\Kernel->handle()
index.php:29, {main}()

Gen key command not working in Symfony 4 deployment as noted by @eventhorizonpl in #2.
This needs to be resolved in the Encrypt Bundle

One requirement of GDPR is the ability to provide a report of who and when someone get access to a personal data. Have you plan something for this ?

Some ideas :

• Use a monolog channel to allow manual recording
• Annotation in controller action to tell this action will display personal data, so log who/when (and maybe what)

The coverage report generator needs to be amended to append mapped superclass objects.