Disable raw data access for sites with visitor logs/profiles disabled

[nathangavin]

Description:

Previously, raw data for sites with visitor logs/profiles disabled was available via the GDPR tools. This PR addresses this by filtering the data retrieved during the PrivacyManager.findDataSubjects API call to redact information related to sites with visitor logs/profiles disabled. Resolves issue #20686

Review

• Functional review done
• Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done
• Wording review done
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• Documentation added if needed
• Existing documentation updated if needed

[caddoo]

Really nice 👍

I like that you found a simpler/cleaner solution for this problem in the end, I tested this manually in the end at it seems to work well.

Requesting changes for some (small) possible problems in code, but also the lack of test coverage,

[nathangavin]

working on extending existing system tests at plugins/PrivacyManager/tests/System/APITest.php to properly test new functionality.

[sgiehl]

Nice work @nathangavin. Overall this is very clean and straight forward. I've nevertheless added some suggestions for improvements you should apply.

Besides that it looks like the PrivacyManager UI tests now started failing due to and exception being shown that the userid segment is not available.

I checked locally for the reason. It seems to be caused by various malfunctions:
When the segment editor is loaded it automatically tries to fetch the suggested values for the selected segment. By default that here is userid. Fetching that is currently done by passing in the siteId from URL instead of the siteId of the selected site. So it always fails if the site has disabled visitslog. That would need to be fixed in the SegmentEditor, but can be ignored for now I think, as the suggestedvalue api does not support all as idsite anyway.
In addition you can currently use the userid segment when searching all sites, but it fails when used on a site directly where visits log is disabled. That does not make much sense. I guess it would be better to have the userid segment available for that specific case.

To ensure the userid segment can always be used for the privacy tools I would suggest this change:

diff --git a/plugins/CoreHome/Columns/UserId.php b/plugins/CoreHome/Columns/UserId.php
index 11c1f0c26a..d91c86d6fa 100644
--- a/plugins/CoreHome/Columns/UserId.php
+++ b/plugins/CoreHome/Columns/UserId.php
@@ -51,8 +51,8 @@ class UserId extends VisitDimension

     public function configureSegments(SegmentsList $segmentsList, DimensionSegmentFactory $dimensionSegmentFactory)
     {
-        // Configure userId segment only if visitor profile is available
-        if (Live::isVisitorProfileEnabled()) {
+        // Configure userId segment only if visitor profile is available or when requesting data for privacy tools
+        if (Live::isVisitorProfileEnabled() || \Piwik\API\Request::getRootApiRequestMethod() === 'PrivacyManager.findDataSubjects') {
             parent::configureSegments($segmentsList, $dimensionSegmentFactory);
         }
     }

[nathangavin]

@sgiehl Updated the UserId column logic regarding segment configuration to allow the segment if this specific API function is being used, as suggested.