![no-ui](https://img.shields.io/static/v1?label=UI&message=none&color=lightgrey)

The GDPR API is a simple **REST** API to enable the automated deletion of assets that depict a certain person. Prerequisite is that the asset is already known to be a picture of this person, though some sort of ID, e.g. an internal employee-ID.

[MINITOC]

## Properties

To be configured in {home}/appserver/conf/custom.properties

##### gdprApi.license
> type: String, **required: yes**, default: -

The license key for the plugin (product: gdprApi), provided by brix.

##### gdprApi.staticToken

> type: String, **required: yes**, default: -

The token that needs to be sent in the `Authorization` header for the request to be processed. You can also send it as a GET parameter `token`, but it's recommended that you use the header, e.g. `Authorization: Bearer <your token>`

##### gdprApi.textInfofieldId
> type: long, required: no, default: -

The ID of the text information field that contains the person's ID. Currently only supports a single ID in the field.

##### gdprApi.numberInfofieldId

> type: long, required: no, default: -

Alternatively, the ID of the number information field that contains the person's ID.

##### trashbin.nodeType

> type: long, required: no, default: -

In case the trashbin feature is enabled, this plugin will automatically detect it and immediately remove an asset that has been scheduled for deletion from the trashbin as well .

## Parameters

##### [GET] /gdpr/employee?id={id}

Searches all assets that contain the provided ID in either the text- or number-field configured above and returns it as a list.

```json
{
    "status": 200,
    "count": 2,
    "deleted": 0,
    "assets":[
        {id: 42, name: "some asset.jpg"},
        {id: 1337, name: "some other asset.png"},
    ]
}
```

##### [DELETE] /gdpr/employee?id={id}

Deletes all assets that contain the provided ID in either the text- or number-field configured above and returns a count.

```json
{
    "status": 200,
    "count": 2,
    "deleted": 2,
    "assets": null
}
```

### Error Codes

* 400 - Bad Request (e.g. you did not supply an id=...)
* 403 - Forbidden (e.g. you forgot to provide `Authorization`)
* 404 - Not Found (e.g. no assets match the id=...)
* 500 - Internal Server Error

## Compatibility Matrix

| GDPR API | CELUM (min. version)    |
|-----------------|-------------------------|
| 1.0.0           | 6.8  (tested up to 6.12) |

## Release Notes

#### 1.0.0
> Release: 2022-05-19

Initial release