Introduce new event PrivacyManager.deleteDataSubjectsForDeletedSites

Author: sgiehl

plugins/BotTracking/BotTracking.php

@@ -40,6 +40,7 @@ public function registerEvents(): array
     {
         return [
             'PrivacyManager.deleteLogsOlderThan' => 'deleteLogsOlderThan',
+            'PrivacyManager.deleteDataSubjectsForDeletedSites' => 'deleteDataSubjectsForDeletedSites',
             'Tracker.isBotRequest' => 'isBotRequest',
         ];
     }
@@ -65,6 +66,12 @@ public function deleteLogsOlderThan(Date $dateUpperLimit): void
         (new BotRequestsDao())->deleteOldRecords($dateUpperLimit);
     }
 
+    public function deleteDataSubjectsForDeletedSites(array &$result, array $idSitesNoLongerExisting): void
+    {
+        $dao                          = new BotRequestsDao();
+        $result[$dao::getTableName()] = $dao->deleteRecordsForIdSites($idSitesNoLongerExisting);
+    }
+
     /**
      * @todo Remove, once Device Detector is able to detect all known ai bots
      */

plugins/BotTracking/Dao/BotRequestsDao.php

@@ -122,4 +122,25 @@ public function deleteOldRecords(Date $date): int
 
         return (int)Db::get()->rowCount($result);
     }
+
+    /**
+     * Delete bot telemetry records for specific sites
+     *
+     * @param array<int|string> $siteIds Delete records older than this date
+     * @return int Number of deleted records
+     */
+    public function deleteRecordsForIdSites(array $siteIds): int
+    {
+        $tableName = self::getPrefixedTableName();
+        $siteIds   = array_map('intval', $siteIds);
+
+        $sql = sprintf(
+            'DELETE FROM `%s` WHERE idsite IN (' . implode(', ', $siteIds) . ') LIMIT 25000',
+            $tableName
+        );
+
+        $result = Db::query($sql);
+
+        return (int)Db::get()->rowCount($result);
+    }
 }

plugins/BotTracking/tests/System/PurgeLogDataTest.php

@@ -11,13 +11,16 @@
 
 namespace Piwik\Plugins\BotTracking\tests\System;
 
+use Piwik\Container\StaticContainer;
 use Piwik\DataAccess\RawLogDao;
 use Piwik\Date;
 use Piwik\Db;
 use Piwik\LogDeleter;
 use Piwik\Plugin\Dimension\DimensionMetadataProvider;
 use Piwik\Plugins\BotTracking\Dao\BotRequestsDao;
 use Piwik\Plugins\PrivacyManager\LogDataPurger;
+use Piwik\Plugins\PrivacyManager\Model\DataSubjects;
+use Piwik\Plugins\SitesManager\API as SitesManagerAPI;
 use Piwik\Tests\Framework\Fixture;
 use Piwik\Tests\Framework\Mock\Plugin\LogTablesProvider;
 use Piwik\Tests\Framework\TestCase\SystemTestCase;
@@ -34,10 +37,7 @@ public function setUp(): void
 
         Fixture::createSuperUser();
         Fixture::createWebsite('2014-02-04');
-    }
 
-    public function testLogDataPurgingRemovesBotRequests(): void
-    {
         // track some bot requests
         $t = Fixture::getTracker(1, '2025-02-02 12:00:00');
         $t->setUserAgent('Mozilla/5.0 (compatible; ChatGPT-User/1.0)');
@@ -56,7 +56,10 @@ public function testLogDataPurgingRemovesBotRequests(): void
         $t->setUrl('https://matomo.org/faq/576');
         $t->setCustomTrackingParameter('recMode', '1');
         Fixture::checkResponse($t->doTrackPageView(''));
+    }
 
+    public function testLogDataPurgingRemovesBotRequests(): void
+    {
         // check that all requests were tracked
         $tableName = BotRequestsDao::getPrefixedTableName();
         $sql       = "SELECT COUNT(*) FROM `{$tableName}`";
@@ -69,10 +72,53 @@ public function testLogDataPurgingRemovesBotRequests(): void
         $purger->purgeData($days, true);
 
         // ensure that two bot requests were removed
-        $tableName = BotRequestsDao::getPrefixedTableName();
         $sql       = "SELECT * FROM `{$tableName}`";
         $bots      = Db::fetchAll($sql);
         self::assertCount(1, $bots);
         self::assertEquals('MistralAI-User', $bots[0]['bot_name']);
     }
+
+    public function testDeleteDataSubjectsForDeletedSitesRemovesBotRequests(): void
+    {
+        // track a normal visit that gets removed, otherwise bot requests won't be removed
+        $t = Fixture::getTracker(1, '2025-02-02 12:00:00');
+        $t->setUrl('https://matomo.org/faq/123');
+        Fixture::checkResponse($t->doTrackPageView(''));
+
+        // track request for another site
+        Fixture::createWebsite('2014-02-04');
+
+        // track some bot requests
+        $t = Fixture::getTracker(2, '2025-02-02 12:00:00');
+        $t->setUserAgent('Mozilla/5.0 (compatible; ChatGPT-User/1.0)');
+        $t->setUrl('https://matomo.org/faq/123');
+        $t->setCustomTrackingParameter('recMode', '1');
+        Fixture::checkResponse($t->doTrackPageView(''));
+
+        // remove site 1
+        SitesManagerAPI::getInstance()->deleteSite(1);
+
+        // check that all requests still exist
+        $tableName = BotRequestsDao::getPrefixedTableName();
+        $sql       = "SELECT COUNT(*) FROM `{$tableName}`";
+        self::assertEquals(4, Db::fetchOne($sql));
+
+        $logTablesProvider = StaticContainer::get('Piwik\Plugin\LogTablesProvider');
+        $dataSubjects      = new DataSubjects($logTablesProvider);
+        $result            = $dataSubjects->deleteDataSubjectsForDeletedSites([2]); // idsite 2 still exists
+        $this->assertEquals([
+            'log_visit'             => 1,
+            'log_link_visit_action' => 1,
+            'log_conversion_item'   => 0,
+            'log_conversion'        => 0,
+            'log_bot_request'       => 3,
+        ], $result);
+
+        // check that requests were correctly removed
+        $sql = "SELECT COUNT(*) FROM `{$tableName}` WHERE `idsite` = 1";
+        self::assertEquals(0, Db::fetchOne($sql));
+
+        $sql = "SELECT COUNT(*) FROM `{$tableName}` WHERE `idsite` = 2";
+        self::assertEquals(1, Db::fetchOne($sql));
+    }
 }

plugins/PrivacyManager/Model/DataSubjects.php

@@ -86,6 +86,25 @@ public function deleteDataSubjectsForDeletedSites($allExistingIdSites)
             }
         }
 
+        /**
+         * Lets you delete data subjects to make your plugin GDPR compliant.
+         * This can be useful if you have developed a plugin which stores any data for specific sites, not bound to a visit but doesn't
+         * use any core logic to store this data. If core API's are used, for example log tables, then the data may
+         * be deleted automatically.
+         *
+         * **Example**
+         *
+         *     public function deleteDataSubjectsForDeletedSites(&$result, $idSitesNoLongerExisting)
+         *     {
+         *         $numDeletes = $this->deleteDataForSites($idSitesNoLongerExisting)
+         *         $result['myplugin'] = $numDeletes;
+         *     }
+         *
+         * @param array &$results An array storing the result of how much data was deleted for.
+         * @param array &$idSitesNoLongerExisting An array with multiple site ids that were removed
+         */
+        Piwik::postEvent('PrivacyManager.deleteDataSubjectsForDeletedSites', [&$results, $idSitesNoLongerExisting]);
+
         krsort($results); // make sure test results are always in same order
         return $results;
     }