diff --git a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py index 84cb453a63..f70beb805e 100644 --- a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py +++ b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py @@ -2662,10 +2662,14 @@ def get_test_privacy_request_results( # Escape datetime and ObjectId values raw_data = privacy_request.get_raw_access_results() escaped_json = json.dumps(raw_data, indent=2, default=storage_json_encoder) - escaped_data = json.loads(escaped_json) + results = json.loads(escaped_json) return { "privacy_request_id": privacy_request.id, "status": privacy_request.status, - "results": escaped_data, + "results": ( + results + if CONFIG.security.subject_request_download_ui_enabled + else "Access results download is disabled." + ), } diff --git a/src/fides/api/schemas/privacy_request.py b/src/fides/api/schemas/privacy_request.py index 69ebcb2df5..c4e7445a25 100644 --- a/src/fides/api/schemas/privacy_request.py +++ b/src/fides/api/schemas/privacy_request.py @@ -401,4 +401,4 @@ class FilteredPrivacyRequestResults(FidesSchema): privacy_request_id: str status: PrivacyRequestStatus - results: Dict[str, Any] + results: Union[Dict[str, Any], str] diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py index eb28b35657..044587fd49 100644 --- a/tests/fixtures/application_fixtures.py +++ b/tests/fixtures/application_fixtures.py @@ -3453,6 +3453,14 @@ def subject_request_download_ui_enabled(): CONFIG.security.subject_request_download_ui_enabled = original_value +@pytest.fixture(scope="function") +def subject_request_download_ui_disabled(): + original_value = CONFIG.security.subject_request_download_ui_enabled + CONFIG.security.subject_request_download_ui_enabled = False + yield + CONFIG.security.subject_request_download_ui_enabled = original_value + + @pytest.fixture(scope="function") def system_with_no_uses(db: Session) -> Generator[System, None, None]: system = System.create( diff --git a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py index aaf64d4e7b..aa334710f5 100644 --- a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py +++ b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py @@ -8462,6 +8462,47 @@ def test_filtered_results_postgres( "results", } + @pytest.mark.integration_postgres + @pytest.mark.usefixtures( + "default_access_policy", + "postgres_integration_db", + "subject_request_download_ui_disabled", + ) + def test_filtered_results_postgres_access_results_disabled( + self, + connection_config, + postgres_example_test_dataset_config, + api_client: TestClient, + generate_auth_header, + ) -> None: + dataset_url = get_connection_dataset_url( + connection_config, postgres_example_test_dataset_config + ) + auth_header = generate_auth_header(scopes=[DATASET_TEST]) + response = api_client.post( + dataset_url + "/test", + headers=auth_header, + json={"email": "jane@example.com"}, + ) + assert response.status_code == HTTP_200_OK + + privacy_request_id = response.json()["privacy_request_id"] + url = V1_URL_PREFIX + PRIVACY_REQUEST_FILTERED_RESULTS.format( + privacy_request_id=privacy_request_id + ) + auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ_ACCESS_RESULTS]) + response = api_client.get( + url, + headers=auth_header, + ) + assert response.status_code == HTTP_200_OK + assert set(response.json().keys()) == { + "privacy_request_id", + "status", + "results", + } + assert response.json()["results"] == "Access results download is disabled." + @pytest.mark.integration_mongo @pytest.mark.usefixtures("default_access_policy") def test_filtered_results_mongo(