diff --git a/README.md b/README.md index 789fa0c..345cd2c 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ npm add @cap-js/change-tracking ## Annotations > [!WARNING] -> Please be aware that [**sensitive** or **personal** data](https://cap.cloud.sap/docs/guides/data-privacy/annotations#annotating-personal-data) should not be change tracked, since viewing the log allows users to circumvent [audit-logging](https://cap.cloud.sap/docs/guides/data-privacy/audit-logging#setup). +> Please be aware that [**sensitive** or **personal** data](https://cap.cloud.sap/docs/guides/data-privacy/annotations#annotating-personal-data) (annotated with `@PersonalData`) is not change tracked, since viewing the log allows users to circumvent [audit-logging](https://cap.cloud.sap/docs/guides/data-privacy/audit-logging#setup). All we need to do is to identify what should be change-tracked by annotating respective entities and elements in our model with the `@changelog` annotation. Following the [best practice of separation of concerns](https://cap.cloud.sap/docs/guides/domain-modeling#separation-of-concerns), we do so in a separate file _srv/change-tracking.cds_: @@ -544,4 +544,3 @@ We as members, contributors, and leaders pledge to make participation in our com ## Licensing Copyright 2023 SAP SE or an SAP affiliate company and contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/cap-js/change-tracking). - diff --git a/lib/template-processor.js b/lib/template-processor.js index f8ee60b..b47a87f 100644 --- a/lib/template-processor.js +++ b/lib/template-processor.js @@ -12,7 +12,9 @@ const _processElement = (processFn, row, key, elements, isRoot, pathSegments, pi const element = elements[key]; const { plain } = picked; - if (plain) { + // do not change-track personal data + const isPersonalData = element && Object.keys(element).some(key => key.startsWith('@PersonalData')); + if (plain && !isPersonalData) { /** * @type import('../../types/api').templateProcessorProcessFnArgs */ diff --git a/tests/bookshop/db/schema.cds b/tests/bookshop/db/schema.cds index c04a8cc..40d9cb9 100644 --- a/tests/bookshop/db/schema.cds +++ b/tests/bookshop/db/schema.cds @@ -212,6 +212,13 @@ entity Customers : cuid { on orderItems.customer = $self; } +// do not change-track personal data +annotate Customers with { + name @PersonalData.IsPotentiallyPersonal; + name @changelog +}; + + entity OrderHeader : cuid { status : String; } diff --git a/tests/integration/service-api.test.js b/tests/integration/service-api.test.js index 0ed616b..b89778b 100644 --- a/tests/integration/service-api.test.js +++ b/tests/integration/service-api.test.js @@ -322,4 +322,17 @@ describe("change log integration test", () => { expect(changes[0].valueChangedFrom).to.equal("2012-01-01"); expect(changes[0].valueChangedTo).to.equal(""); }); + + it("Do not change track personal data", async () => { + const allCustomers = await SELECT.from(adminService.entities.Customers); + await UPDATE(adminService.entities.Customers).where({ ID: allCustomers[0].ID }).with({ + name: 'John Doe', + }); + + const changes = await SELECT.from(ChangeView).where({ + entity: "sap.capire.bookshop.Customers", + }); + + expect(changes.length).to.equal(0); + }); });