Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for blocked user sync if activities config is not specified. #3003

Merged
merged 5 commits into from
Aug 8, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions endpoints/cookie_sync.go
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,6 @@ func (p usersyncPrivacy) CCPAAllowsBidderSync(bidder string) bool {
}

func (p usersyncPrivacy) ActivityAllowsUserSync(bidder string) bool {
activityResult := p.activityControl.Evaluate(privacy.ActivitySyncUser,
return p.activityControl.Evaluate(privacy.ActivitySyncUser,
privacy.ScopedName{Scope: privacy.ScopeTypeBidder, Name: bidder})
return activityResult == privacy.ActivityAllow
}
15 changes: 10 additions & 5 deletions endpoints/cookie_sync_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1909,27 +1909,32 @@ func TestCookieSyncActivityControlIntegration(t *testing.T) {
testCases := []struct {
name string
bidderName string
allow bool
accPrivacy *config.AccountPrivacy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO acc is not a common abbreviation for account. Please consider calling this accountPrivacy for clarity.

expectedResult bool
}{
{
name: "activity_is_allowed",
bidderName: "bidderA",
allow: true,
accPrivacy: getDefaultActivityConfig("bidderA", true),
expectedResult: true,
},
{
name: "activity_is_denied",
bidderName: "bidderA",
allow: false,
accPrivacy: getDefaultActivityConfig("bidderA", false),
expectedResult: false,
},
{
name: "activity_is_abstain",
bidderName: "bidderA",
accPrivacy: nil,
expectedResult: true,
},
}

for _, test := range testCases {
t.Run(test.name, func(t *testing.T) {
privacyConfig := getDefaultActivityConfig(test.bidderName, test.allow)
activities, err := privacy.NewActivityControl(privacyConfig)
activities, err := privacy.NewActivityControl(test.accPrivacy)
assert.NoError(t, err)
up := usersyncPrivacy{
activityControl: activities,
Expand Down
2 changes: 1 addition & 1 deletion endpoints/setuid.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func NewSetUIDEndpoint(cfg *config.Configuration, syncersByBidder map[string]use

userSyncActivityAllowed := activities.Evaluate(privacy.ActivitySyncUser,
privacy.ScopedName{Scope: privacy.ScopeTypeBidder, Name: bidderName})
if userSyncActivityAllowed == privacy.ActivityDeny {
if !userSyncActivityAllowed {
w.WriteHeader(http.StatusUnavailableForLegalReasons)
return
}
Expand Down
6 changes: 3 additions & 3 deletions exchange/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ func (rs *requestSplitter) cleanOpenRTBRequests(ctx context.Context,
// fetchBids activity
scopedName := privacy.ScopedName{Scope: privacy.ScopeTypeBidder, Name: bidderRequest.BidderName.String()}
fetchBidsActivityAllowed := auctionReq.Activities.Evaluate(privacy.ActivityFetchBids, scopedName)
if fetchBidsActivityAllowed == privacy.ActivityDeny {
if !fetchBidsActivityAllowed {
// skip the call to a bidder if fetchBids activity is not allowed
// do not add this bidder to allowedBidderRequests
continue
Expand All @@ -174,7 +174,7 @@ func (rs *requestSplitter) cleanOpenRTBRequests(ctx context.Context,
}

passIDActivityAllowed := auctionReq.Activities.Evaluate(privacy.ActivityTransmitUserFPD, scopedName)
if passIDActivityAllowed == privacy.ActivityDeny {
if !passIDActivityAllowed {
privacyEnforcement.UFPD = true
} else {
// run existing policies (GDPR, CCPA, COPPA, LMT)
Expand All @@ -191,7 +191,7 @@ func (rs *requestSplitter) cleanOpenRTBRequests(ctx context.Context,
}

passGeoActivityAllowed := auctionReq.Activities.Evaluate(privacy.ActivityTransmitPreciseGeo, scopedName)
if passGeoActivityAllowed == privacy.ActivityDeny {
if !passGeoActivityAllowed {
privacyEnforcement.PreciseGeo = true
} else {
// run existing policies (GDPR, CCPA, COPPA, LMT)
Expand Down
19 changes: 9 additions & 10 deletions privacy/enforcer.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,36 +124,35 @@ func conditionToRuleComponentNames(conditions []string) ([]ScopedName, error) {
return sn, nil
}

func activityDefaultToDefaultResult(activityDefault *bool) ActivityResult {
func activityDefaultToDefaultResult(activityDefault *bool) bool {
if activityDefault == nil {
// if default is unspecified, the hardcoded default-default is true.
return ActivityAllow
} else if *activityDefault {
return ActivityAllow
return true
} else {
return *activityDefault
}
return ActivityDeny
}
SyntaxNode marked this conversation as resolved.
Show resolved Hide resolved

func (e ActivityControl) Evaluate(activity Activity, target ScopedName) ActivityResult {
func (e ActivityControl) Evaluate(activity Activity, target ScopedName) bool {
plan, planDefined := e.plans[activity]

if !planDefined {
return ActivityAbstain
return true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This true value is the same as activityDefaultToDefaultResult. Do you think it might be good to extract that to a constant value? in the future, we may need to replace that constant with a function if some of the activities change to a default of false.

}

return plan.Evaluate(target)
}

type ActivityPlan struct {
defaultResult ActivityResult
defaultResult bool
rules []ActivityRule
}

func (p ActivityPlan) Evaluate(target ScopedName) ActivityResult {
func (p ActivityPlan) Evaluate(target ScopedName) bool {
for _, rule := range p.rules {
result := rule.Evaluate(target)
if result == ActivityDeny || result == ActivityAllow {
return result
return result == ActivityAllow
}
}
return p.defaultResult
Expand Down
20 changes: 10 additions & 10 deletions privacy/enforcer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -148,22 +148,22 @@ func TestActivityDefaultToDefaultResult(t *testing.T) {
testCases := []struct {
name string
activityDefault *bool
expectedResult ActivityResult
expectedResult bool
}{
{
name: "nil",
activityDefault: nil,
expectedResult: ActivityAllow,
expectedResult: true,
},
{
name: "true",
activityDefault: ptrutil.ToPtr(true),
expectedResult: ActivityAllow,
expectedResult: true,
},
{
name: "false",
activityDefault: ptrutil.ToPtr(false),
expectedResult: ActivityDeny,
expectedResult: false,
},
}

Expand All @@ -182,38 +182,38 @@ func TestAllowActivityControl(t *testing.T) {
activityControl ActivityControl
activity Activity
target ScopedName
activityResult ActivityResult
activityResult bool
}{
{
name: "plans_is_nil",
activityControl: ActivityControl{plans: nil},
activity: ActivityFetchBids,
target: ScopedName{Scope: "bidder", Name: "bidderA"},
activityResult: ActivityAbstain,
activityResult: true,
},
{
name: "activity_not_defined",
activityControl: ActivityControl{plans: map[Activity]ActivityPlan{
ActivitySyncUser: getDefaultActivityPlan()}},
activity: ActivityFetchBids,
target: ScopedName{Scope: "bidder", Name: "bidderA"},
activityResult: ActivityAbstain,
activityResult: true,
},
{
name: "activity_defined_but_not_found_default_returned",
activityControl: ActivityControl{plans: map[Activity]ActivityPlan{
ActivityFetchBids: getDefaultActivityPlan()}},
activity: ActivityFetchBids,
target: ScopedName{Scope: "bidder", Name: "bidderB"},
activityResult: ActivityAllow,
activityResult: true,
},
{
name: "activity_defined_and_allowed",
activityControl: ActivityControl{plans: map[Activity]ActivityPlan{
ActivityFetchBids: getDefaultActivityPlan()}},
activity: ActivityFetchBids,
target: ScopedName{Scope: "bidder", Name: "bidderA"},
activityResult: ActivityAllow,
activityResult: true,
},
}

Expand Down Expand Up @@ -404,7 +404,7 @@ func getDefaultActivityConfig() config.Activity {

func getDefaultActivityPlan() ActivityPlan {
return ActivityPlan{
defaultResult: ActivityAllow,
defaultResult: true,
rules: []ActivityRule{
ComponentEnforcementRule{
result: ActivityAllow,
Expand Down