Begin work on a data request API (#4045)

[Core] Data Deletion And Disclosure APIs - Adds a Data Deletion API - Deletion comes in a few forms based on who is requesting - Deletion must be handled by 3rd party - Adds a Data Collection Disclosure Command - Provides a dynamically generated statement from 3rd party extensions - Modifies the always available commands to be cog compatible - Also prevents them from being unloaded accidentally
2025-11-21 18:27:59 -05:00 · 2020-08-03 09:09:07 -04:00
parent bb1a256295
commit c0b1e50a5f
38 changed files with 1761 additions and 222 deletions
--- a/redbot/cogs/audio/apis/playlist_wrapper.py
+++ b/redbot/cogs/audio/apis/playlist_wrapper.py
@@ -27,6 +27,7 @@ from ..sql_statements import (
    PRAGMA_SET_read_uncommitted,
    PRAGMA_SET_temp_store,
    PRAGMA_SET_user_version,
+    HANDLE_DISCORD_DATA_DELETION_QUERY,
 )
 from ..utils import PlaylistScope
 from .api_utils import PlaylistFetchResult
@@ -58,6 +59,8 @@ class PlaylistWrapper:
        self.statement.get_all_with_filter = PLAYLIST_FETCH_ALL_WITH_FILTER
        self.statement.get_all_converter = PLAYLIST_FETCH_ALL_CONVERTER

+        self.statement.drop_user_playlists = HANDLE_DISCORD_DATA_DELETION_QUERY
+
    async def init(self) -> None:
        """Initialize the Playlist table"""
        with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor:
@@ -247,3 +250,11 @@ class PlaylistWrapper:
                    "tracks": json.dumps(tracks),
                },
            )
+
+    async def handle_playlist_user_id_deletion(self, user_id: int):
+        with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor:
+            executor.submit(
+                self.database.cursor().execute,
+                self.statement.drop_user_playlists,
+                {"user_id": user_id},
+            )
--- a/redbot/cogs/audio/core/events/red.py
+++ b/redbot/cogs/audio/core/events/red.py
@@ -1,5 +1,6 @@
+import asyncio
 import logging
-from typing import Mapping
+from typing import Literal, Mapping

 from redbot.core import commands
 from ..abc import MixinMeta
@@ -19,3 +20,37 @@ class RedEvents(MixinMeta, metaclass=CompositeMetaClass):
            self.api_interface.spotify_api.update_token(api_tokens)
        elif service_name == "audiodb":
            self.api_interface.global_cache_api.update_token(api_tokens)
+
+    async def red_delete_data_for_user(
+        self,
+        *,
+        requester: Literal["discord_deleted_user", "owner", "user", "user_strict"],
+        user_id: int,
+    ):
+
+        await self.cog_ready_event.wait()
+
+        if requester in ("discord_deleted_user", "owner"):
+            await self.playlist_api.handle_playlist_user_id_deletion(user_id)
+
+            all_equalizers = await self.config.custom("EQUALIZER").all()
+
+            collected_for_removal = []
+
+            c = 0
+            for guild_id, guild_equalizers in all_equalizers.items():
+                c += 1
+                if not c % 100:
+                    await asyncio.sleep(0)
+
+                for preset_name, preset in guild_equalizers.get("eq_presets", {}).items():
+                    c += 1
+                    if not c % 100:
+                        await asyncio.sleep(0)
+
+                    if preset.get("author", 0) == user_id:
+                        collected_for_removal.append((guild_id, preset_name))
+
+            async with self.config.custom("EQUALIZER").all() as all_eqs:
+                for guild_id, preset_name in collected_for_removal:
+                    all_eqs[str(guild_id)]["eq_presets"][preset_name]["author"] = 0xDE1
--- a/redbot/cogs/audio/sql_statements.py
+++ b/redbot/cogs/audio/sql_statements.py
@@ -10,6 +10,8 @@ __all__ = [
    "PRAGMA_SET_read_uncommitted",
    "PRAGMA_FETCH_user_version",
    "PRAGMA_SET_user_version",
+    # Data Deletion statement
+    "HANDLE_DISCORD_DATA_DELETION_QUERY",
    # Playlist table statements
    "PLAYLIST_CREATE_TABLE",
    "PLAYLIST_DELETE",
@@ -82,6 +84,33 @@ PRAGMA_SET_user_version: Final[
 pragma user_version=3;
 """

+# Data Deletion
+# This is intentionally 2 seperate transactions due to concerns
+# Draper had. This should prevent it from being a large issue,
+# as this is no different than triggering a bulk deletion now.
+HANDLE_DISCORD_DATA_DELETION_QUERY: Final[
+    str
+] = """
+BEGIN TRANSACTION;
+
+UPDATE playlists
+SET deleted = true
+WHERE scope_id = :user_id ;
+
+UPDATE playlists
+SET author_id = 0xde1
+WHERE author_id = :user_id ;
+
+COMMIT TRANSACTION;
+
+BEGIN TRANSACTION;
+
+DELETE FROM PLAYLISTS
+WHERE deleted=true;
+
+COMMIT TRANSACTION;
+"""
+
 # Playlist table statements
 PLAYLIST_CREATE_TABLE: Final[
    str