Skip to content

CIRC-2364 Anonymize Single Request Post API #1632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yuntianhu merged 16 commits into from
Nov 24, 2025
Merged

CIRC-2364 Anonymize Single Request Post API #1632

yuntianhu merged 16 commits into from
Nov 24, 2025

Conversation

@yuntianhu
Copy link
Contributor

@yuntianhu yuntianhu commented Nov 12, 2025
edited
Loading

CIRC-2364-Anonymize Single Request Post API #1632

Ticket Description

Purpose/Overview:
Create a /request-anonymization/{request UUID} Post API for anonymizing one a single closed request

Requirements/Scope:

Verify that the user has the UI-Requests Request-Anonymize Single Execute capability

Anonymizes request as described in https://folio-org.atlassian.net/browse/CIRC-2292

Returns an error message if anonymization fails

Acceptance Criteria:

Post API for single request anonymization by UUID is created

Summary of Work Completed for Request Anonymization (CIRC-2364 / CIRC-2292)

I implemented backend support for manual single-request anonymization in mod-circulation, including all core API logic, data scrubbing, integration with storage, permissions, event publishing, and automated tests. This work completes a brand-new FOLIO circulation feature.

  1. Added the new backend API endpoint POST /request-anonymization/{requestId}
  2. Implemented full service logic including ID validation, request fetching, status validation, PII scrubbing, persistence, and event publishing.
  3. Implemented scrubbing of requesterId, proxyUserId, requester, proxy, and delivery address fields.
  4. Integrated updates with requestRepository and eventPublisher.
  5. Created comprehensive tests for the anonymization workflow.
  6. Corrected ModuleDescriptor-template.json structure and permissions.
  7. Added new permission capability for anonymization operations.
  8. Verified PubSub integration through LOG_RECORD audit events.

Approach for Single Request Anonymization

  1. Introduced dedicated service layer with validation, scrub PII, update and publish logging
  2. Designed for future dependency injection
  3. Added new API endpoint
  4. Capability set / permission work
  5. Test suite creation
  6. Debugging & stability work
  7. Architectural alignment

@yuntianhu
Purpose/Overview:
1e02717 
Create a /request-anonymization/{request UUID} Post API for anonymizing one a single closed request

Requirements/Scope:

Verify that the user has the UI-Requests Request-Anonymize Single Execute capability

Anonymizes request as described in https://folio-org.atlassian.net/browse/CIRC-2292

Returns an error message if anonymization fails

Acceptance Criteria:

Post API for single request anonymization by UUID is created
@yuntianhu
clean the request-anonymization.raml
424fb3e
@yuntianhu
add description to anonymize-single-request-response.json
3424f23
@yuntianhu
Merge branch 'master' into CIRC-2364
820bc28
@yuntianhu
solve issues and increase test coverage
b1eea2e
@yuntianhu
solve issues and increase test coverage
9041de9
@yuntianhu
update RequestAnonymizationResource, RequestAnonymizationService, upd…
8a45dfe 
…ate wiring, update tests.
@yuntianhu yuntianhu requested review from a team, alexanderkurash and longvo-cv November 14, 2025 15:48
@yuntianhu yuntianhu changed the title CIRC 2364-Anonymize Single Request Post API CIRC-2364-Anonymize Single Request Post API Nov 17, 2025
roman-barannyk
roman-barannyk reviewed Nov 18, 2025
View reviewed changes
@yuntianhu yuntianhu requested review from a team and roman-barannyk November 18, 2025 17:33
longvo-cv
longvo-cv approved these changes Nov 19, 2025
View reviewed changes
Copy link

@longvo-cv longvo-cv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Solid implementation

OleksandrVidinieiev
OleksandrVidinieiev requested changes Nov 20, 2025
View reviewed changes
@OleksandrVidinieiev
Copy link
Contributor

OleksandrVidinieiev commented Nov 20, 2025

@yuntianhu In the future, please mention Jira ticket name in your commit messages: CIRC-2364 My awesome commit message. And when you are ready to merge your PR, please use "Squash and merge" button instead of "Create a merge commit". This makes future release process much easier.

@yuntianhu
Copy link
Contributor Author

yuntianhu commented Nov 20, 2025

@OleksandrVidinieiev Thank you for the reminder, I will surely remember to do it 😄

@yuntianhu
Refine request anonymization endpoint, permissions, and tests
44af376 
- Add permissionsRequired and modulePermissions for /request-anonymization/{requestId} handler in ModuleDescriptor-template.json
- Use UuidUtil.isUuid in RequestAnonymizationService and return failed validation when requestId is invalid
- Simplify fetchRequest to delegate to requestRepository.getById without extra failWhen logic
- Change scrubPii to return Request instead of Result and call it via mapResult
- Simplify publishLog to return Result<Void> from eventPublisher without remapping
- Fix Result chain to use flatMapResult for validateStatus and after(...) for async update/log
- Remove unused validationError helper that relied on old ValidationError constructor
- Update RequestAnonymizationServiceTest to inject mocks via constructor (remove reflection)
- Adjust not-found test to return failed RecordNotFoundFailure instead of succeeded(null)
- Reorder imports in tests to follow mod-circulation import order convention
@yuntianhu yuntianhu requested a review from a team November 21, 2025 15:46
OleksandrVidinieiev
OleksandrVidinieiev reviewed Nov 24, 2025
View reviewed changes
alexanderkurash
alexanderkurash reviewed Nov 24, 2025
View reviewed changes
@yuntianhu
CIRC-2364-Anonymize Single Request Post API
77c306e 
Fix displayName/description wording: "anonymize request" instead of "anonymize requests".

Update permission name to modperms.circulation.requests.anonymize.single.

Remove redundant modulePermission already included in anonymize.single.

Inline RequestRepository.using(...) initializer into single line.

Condense ValidationErrorFailure.failedValidation(...) into one line.

Add UUID format validation to requestId in anonymize-single-request-response.json.

Remove extra spacing alignment in EventPublisher .put() calls.

Replace wildcard imports in RequestAnonymizationServiceTest with explicit imports.

Reorder imports to follow mod-circulation import convention.

Adjust permission naming to follow FOLIO scope convention (item vs collection).
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 24, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
86.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@alexanderkurash alexanderkurash changed the title CIRC-2364-Anonymize Single Request Post API CIRC-2364 Anonymize Single Request Post API Nov 24, 2025
@yuntianhu yuntianhu merged commit 23a0ace into master Nov 24, 2025
8 checks passed
@yuntianhu yuntianhu deleted the CIRC-2364 branch December 8, 2025 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexanderkurash alexanderkurash alexanderkurash approved these changes

@longvo-cv longvo-cv longvo-cv approved these changes

@OleksandrVidinieiev OleksandrVidinieiev OleksandrVidinieiev approved these changes

@roman-barannyk roman-barannyk Awaiting requested review from roman-barannyk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yuntianhu @OleksandrVidinieiev @alexanderkurash @longvo-cv @roman-barannyk