-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample.py
More file actions
95 lines (85 loc) · 2.68 KB
/
example.py
File metadata and controls
95 lines (85 loc) · 2.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Example of a fake customer record
from PyPaC_engine import PrivacyField, PrivacyModel, PrivacyViolation
from datetime import timedelta
mask_email = lambda email: email[:2] + "****" + email[email.find("@"):]
crm_contact = PrivacyModel(user_id="cust_1001", data={
"email": PrivacyField(
value="test@example.aaa",
purpose="notifications",
retention_days=30,
consent_required=True,
access_roles=["admin", "support"],
mask_fn=mask_email,
allowed_processors=["CRM_APP", "EMAIL_SVC"]
),
"full_name": PrivacyField(
value="Test User",
purpose="profile_display",
retention_days=365,
access_roles=["admin", "support", "sales"]
),
"billing_id": PrivacyField(
value="bill-XYZ-1023",
purpose="billing",
retention_days=365 * 7,
access_roles=["admin", "finance"],
allowed_processors=["CRM_APP", "BILLING_SVC"]
),
"analytics_id": PrivacyField(
value="an-999",
purpose="analytics",
retention_days=30,
allowed_processors=["ANALYTICS_ENGINE"]
)
})
# Examples of the engine with different roles
print("\n Support accessing an email address w/ consent:")
try:
print("Email:", crm_contact.get(
"email",
role="support",
consent_given=True,
purpose="notifications",
processor="CRM_APP",
actor="support_agent_42"
))
except PrivacyViolation as e:
print("Access Denied:", e)
print("\n🔍 Analytics accessing the billing ID (unauthorized):")
try:
print("Billing ID:", crm_contact.get(
"billing_id",
role="analyst",
consent_given=False,
purpose="billing",
processor="ANALYTICS_ENGINE",
actor="analytic_user"
))
except PrivacyViolation as e:
print("Access Denied:", e)
print("\n Sales with no role trying to access (allowed):")
print("Name:", crm_contact.get(
"full_name",
role="sales",
purpose="profile_display",
processor="CRM_APP",
actor="sales_01"
))
print("\n DSAR export before it is deleted:")
print(crm_contact.export_user_data())
print("\n analytics_id expires:")
crm_contact.data["analytics_id"].created_at -= timedelta(days=31)
crm_contact.delete_expired_fields()
print("Updated DSAR Export:")
print(crm_contact.export_user_data())
print("\n DSAR request:")
crm_contact.record_request("DSAR Export")
crm_contact.record_request("Processing Restriction")
print("DSAR Request Log:")
print(crm_contact.get_request_log())
print("\n Access Log:")
for entry in crm_contact.get_access_log():
print(entry)
print("\n Data Purge (user requested purge):")
crm_contact.purge_user_data()
print("Final record:", crm_contact.data)