Module: Sentiero::Erasure
- Defined in:
- lib/sentiero/erasure.rb
Overview
Right-to-erasure helpers (GDPR Art. 17). Store-agnostic. Erasure is destructive and irreversible; deleted sessions cannot be recovered.
Class Method Summary collapse
- .erase_sessions(store, ids) ⇒ Object
-
.erase_where(store, since: nil, until_time: nil) ⇒ Object
At least one bound is required to guard against erasing everything; the range is inclusive.
Class Method Details
.erase_sessions(store, ids) ⇒ Object
9 10 11 12 13 14 15 16 |
# File 'lib/sentiero/erasure.rb', line 9 def erase_sessions(store, ids) ids.each do |id| raise ArgumentError, "Invalid ID: #{id.inspect}" unless Store::VALID_ID.match?(id.to_s) end present = ids.select { |id| store.get_session(id) } present.each { |id| store.delete_session(id) } present.size end |
.erase_where(store, since: nil, until_time: nil) ⇒ Object
At least one bound is required to guard against erasing everything; the range is inclusive. Lists/deletes in capped batches (paging) until a scan is short, so one call erases every match regardless of count.
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/sentiero/erasure.rb', line 21 def erase_where(store, since: nil, until_time: nil) raise ArgumentError, "provide since: and/or until_time:" if since.nil? && until_time.nil? if since && until_time && since.to_f > until_time.to_f raise ArgumentError, "since: must not be after until_time:" end cap = store.limits.analytics_max_scan_sessions erased = 0 loop do ids = store.list_sessions( limit: cap, since: since, until_time: until_time ).map { |summary| summary[:session_id] } ids.each { |id| store.delete_session(id) } erased += ids.size # Each listed session matched and was deleted, so the set shrinks; # a short batch means the matches are exhausted. break if ids.size < cap end erased end |