Support excluded bidders from config in userId/deviceId masking (#1082)

Author: DGarbar

src/main/java/org/prebid/server/privacy/gdpr/tcfstrategies/purpose/PurposeStrategy.java

@@ -52,13 +52,18 @@ public Collection<VendorPermission> processTypePurposeStrategy(
             Collection<VendorPermissionWithGvl> vendorPermissions,
             boolean wasDowngraded) {
 
-        allowedByTypeStrategy(vendorConsent, purpose, vendorPermissions).stream()
+        final Collection<VendorPermissionWithGvl> excludedVendors = excludedVendors(vendorPermissions, purpose);
+        final Collection<VendorPermissionWithGvl> vendorForPurpose = vendorPermissions.stream()
+                .filter(vendorPermission -> !excludedVendors.contains(vendorPermission))
+                .collect(Collectors.toList());
+
+        allowedByTypeStrategy(vendorConsent, purpose, vendorForPurpose, excludedVendors).stream()
                 .map(VendorPermission::getPrivacyEnforcementAction)
                 .forEach(this::allow);
 
         final Collection<VendorPermission> naturalVendorPermission = wasDowngraded
-                ? allowedByBasicTypeStrategy(vendorConsent, true, vendorPermissions, Collections.emptyList())
-                : allowedByFullTypeStrategy(vendorConsent, true, vendorPermissions, Collections.emptyList());
+                ? allowedByBasicTypeStrategy(vendorConsent, true, vendorForPurpose, excludedVendors)
+                : allowedByFullTypeStrategy(vendorConsent, true, vendorForPurpose, excludedVendors);
 
         naturalVendorPermission.stream()
                 .map(VendorPermission::getPrivacyEnforcementAction)
@@ -71,12 +76,8 @@ public Collection<VendorPermission> processTypePurposeStrategy(
 
     private Collection<VendorPermission> allowedByTypeStrategy(TCString vendorConsent,
                                                                Purpose purpose,
-                                                               Collection<VendorPermissionWithGvl> vendorPermissions) {
-
-        final Collection<VendorPermissionWithGvl> excludedVendors = excludedVendors(vendorPermissions, purpose);
-        final Collection<VendorPermissionWithGvl> vendorForPurpose = vendorPermissions.stream()
-                .filter(vendorPermission -> !excludedVendors.contains(vendorPermission))
-                .collect(Collectors.toList());
+                                                               Collection<VendorPermissionWithGvl> vendorForPurpose,
+                                                               Collection<VendorPermissionWithGvl> excludedVendors) {
         final boolean isEnforceVendors = BooleanUtils.isNotFalse(purpose.getEnforceVendors());
 
         final EnforcePurpose purposeType = purpose.getEnforcePurpose();
@@ -105,7 +106,7 @@ protected Collection<VendorPermissionWithGvl> excludedVendors(Collection<VendorP
         return CollectionUtils.isEmpty(bidderNameExceptions)
                 ? Collections.emptyList()
                 : CollectionUtils.select(vendorPermissions, vendorPermission ->
-                bidderNameExceptions.contains(vendorPermission.getVendorPermission().getBidderName()));
+                        bidderNameExceptions.contains(vendorPermission.getVendorPermission().getBidderName()));
     }
 
     protected Collection<VendorPermission> allowedByBasicTypeStrategy(

src/test/java/org/prebid/server/privacy/gdpr/tcfstrategies/purpose/PurposeEightStrategyTest.java

@@ -27,6 +27,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
 public class PurposeEightStrategyTest {
@@ -222,20 +223,20 @@ public void processTypePurposeStrategyShouldPassEmptyListWithFullEnforcementsWhe
                 vendorPermissionsWithGvl, false);
 
         // then
-        final VendorPermission vendorPermission1Changed = VendorPermission.of(1, "b1", allowAllPurpose());
-        final VendorPermission vendorPermission2Changed = VendorPermission.of(2, "b2", allowAllPurpose());
-        final VendorPermission vendorPermission3Changed = VendorPermission.of(3, "b3", allowAllPurpose());
+        final VendorPermission vendorPermission1Changed = VendorPermission.of(1, "b1", allowPurposeAndNaturally());
+        final VendorPermission vendorPermission2Changed = VendorPermission.of(2, "b2", allowPurposeAndNaturally());
+        final VendorPermission vendorPermission3Changed = VendorPermission.of(3, "b3", allowPurposeAndNaturally());
         assertThat(result).usingFieldByFieldElementComparator().isEqualTo(
                 Arrays.asList(vendorPermission1Changed, vendorPermission2Changed, vendorPermission3Changed));
 
-        verify(fullEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString, emptyList(),
+        verify(fullEnforcePurposeStrategy, times(2)).allowedByTypeStrategy(PURPOSE, tcString, emptyList(),
                 vendorPermissionsWithGvl, true);
     }
 
     @Test
-    public void processTypePurposeStrategyShouldAllowOnlyPurposeWhenThereAreNoNaturalAllowance() {
+    public void processTypePurposeStrategyShouldAllowPurposeAndNaturallyVendorExceptions() {
         // given
-        final Purpose purpose = Purpose.of(EnforcePurpose.full, null, Arrays.asList("b1", "b2", "b3", "b5", "b7"));
+        final Purpose purpose = Purpose.of(EnforcePurpose.full, null, Arrays.asList("b1", "b2"));
         final VendorPermission vendorPermission1 = VendorPermission.of(1, "b1", PrivacyEnforcementAction.restrictAll());
         final VendorPermission vendorPermission2 = VendorPermission.of(2, "b2", PrivacyEnforcementAction.restrictAll());
         final VendorPermission vendorPermission3 = VendorPermission.of(3, "b3", PrivacyEnforcementAction.restrictAll());
@@ -247,34 +248,37 @@ public void processTypePurposeStrategyShouldAllowOnlyPurposeWhenThereAreNoNatura
                 VendorV2.empty(3));
         final List<VendorPermission> vendorPermissions = Arrays.asList(vendorPermission1, vendorPermission2,
                 vendorPermission3);
-        final List<VendorPermissionWithGvl> vendorPermissionsWithGvl = Arrays.asList(vendorPermissionWitGvl1,
-                vendorPermissionWitGvl2, vendorPermissionWitGvl3);
+        final List<VendorPermission> excludedVendorPermissions = Arrays.asList(vendorPermission1, vendorPermission2);
 
         given(fullEnforcePurposeStrategy.allowedByTypeStrategy(any(), any(), any(), any(), anyBoolean()))
                 .willReturn(vendorPermissions)
-                .willReturn(emptyList());
+                .willReturn(excludedVendorPermissions);
+
+        final List<VendorPermissionWithGvl> vendorPermissionsWithGvl = Arrays.asList(vendorPermissionWitGvl1,
+                vendorPermissionWitGvl2, vendorPermissionWitGvl3);
 
         // when
         final Collection<VendorPermission> result = target.processTypePurposeStrategy(tcString, purpose,
                 vendorPermissionsWithGvl, false);
 
         // then
-        final VendorPermission vendorPermission1Changed = VendorPermission.of(1, "b1", allowPurpose());
-        final VendorPermission vendorPermission2Changed = VendorPermission.of(2, "b2", allowPurpose());
+        final List<VendorPermissionWithGvl> excludedVendorPermissionsWithGvl = Arrays.asList(vendorPermissionWitGvl1,
+                vendorPermissionWitGvl2);
+
+        final VendorPermission vendorPermission1Changed = VendorPermission.of(1, "b1", allowPurposeAndNaturally());
+        final VendorPermission vendorPermission2Changed = VendorPermission.of(2, "b2", allowPurposeAndNaturally());
         final VendorPermission vendorPermission3Changed = VendorPermission.of(3, "b3", allowPurpose());
         assertThat(result).usingFieldByFieldElementComparator().isEqualTo(
                 Arrays.asList(vendorPermission1Changed, vendorPermission2Changed, vendorPermission3Changed));
 
-        verify(fullEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString, emptyList(),
-                vendorPermissionsWithGvl, true);
-        verify(fullEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString, vendorPermissionsWithGvl,
-                emptyList(), true);
+        verify(fullEnforcePurposeStrategy, times(2)).allowedByTypeStrategy(PURPOSE, tcString,
+                singletonList(vendorPermissionWitGvl3), excludedVendorPermissionsWithGvl, true);
     }
 
     @Test
-    public void processTypePurposeStrategyShouldAllowOnlyPurposeWhenThereAreNoNaturalAllowanceForDowngraded() {
+    public void processTypePurposeStrategyShouldAllowPurposeAndNaturallyWhenVendorPermissionsReturnedForDowngraded() {
         // given
-        final Purpose purpose = Purpose.of(EnforcePurpose.no, null, Arrays.asList("b1", "b2", "b3", "b5", "b7"));
+        final Purpose purpose = Purpose.of(EnforcePurpose.no, null, Arrays.asList("b1", "b2"));
         final VendorPermission vendorPermission1 = VendorPermission.of(1, "b1", PrivacyEnforcementAction.restrictAll());
         final VendorPermission vendorPermission2 = VendorPermission.of(2, "b2", PrivacyEnforcementAction.restrictAll());
         final VendorPermission vendorPermission3 = VendorPermission.of(3, "b3", PrivacyEnforcementAction.restrictAll());
@@ -286,44 +290,50 @@ public void processTypePurposeStrategyShouldAllowOnlyPurposeWhenThereAreNoNatura
                 VendorV2.empty(3));
         final List<VendorPermission> vendorPermissions = Arrays.asList(vendorPermission1, vendorPermission2,
                 vendorPermission3);
-        final List<VendorPermissionWithGvl> vendorPermissionsWithGvl = Arrays.asList(vendorPermissionWitGvl1,
-                vendorPermissionWitGvl2, vendorPermissionWitGvl3);
+
+        final List<VendorPermission> excludedVendorPermissions = Arrays.asList(vendorPermission1, vendorPermission2);
 
         given(noEnforcePurposeStrategy.allowedByTypeStrategy(any(), any(), any(), any(), anyBoolean()))
                 .willReturn(vendorPermissions);
         given(basicEnforcePurposeStrategy.allowedByTypeStrategy(any(), any(), any(), any(), anyBoolean()))
-                .willReturn(emptyList());
+                .willReturn(excludedVendorPermissions);
+
+        final List<VendorPermissionWithGvl> vendorPermissionsWithGvl = Arrays.asList(vendorPermissionWitGvl1,
+                vendorPermissionWitGvl2, vendorPermissionWitGvl3);
 
         // when
         final Collection<VendorPermission> result = target.processTypePurposeStrategy(tcString, purpose,
                 vendorPermissionsWithGvl, true);
 
         // then
-        final VendorPermission vendorPermission1Changed = VendorPermission.of(1, "b1", allowPurpose());
-        final VendorPermission vendorPermission2Changed = VendorPermission.of(2, "b2", allowPurpose());
+        final List<VendorPermissionWithGvl> excludedVendorPermissionsWithGvl = Arrays.asList(vendorPermissionWitGvl1,
+                vendorPermissionWitGvl2);
+
+        final VendorPermission vendorPermission1Changed = VendorPermission.of(1, "b1", allowPurposeAndNaturally());
+        final VendorPermission vendorPermission2Changed = VendorPermission.of(2, "b2", allowPurposeAndNaturally());
         final VendorPermission vendorPermission3Changed = VendorPermission.of(3, "b3", allowPurpose());
         assertThat(result).usingFieldByFieldElementComparator().isEqualTo(
                 Arrays.asList(vendorPermission1Changed, vendorPermission2Changed, vendorPermission3Changed));
 
-        verify(noEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString, emptyList(),
-                vendorPermissionsWithGvl, true);
-        verify(basicEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString, vendorPermissionsWithGvl,
-                emptyList(), true);
+        verify(noEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString,
+                singletonList(vendorPermissionWitGvl3), excludedVendorPermissionsWithGvl, true);
+        verify(basicEnforcePurposeStrategy).allowedByTypeStrategy(PURPOSE, tcString,
+                singletonList(vendorPermissionWitGvl3), excludedVendorPermissionsWithGvl, true);
     }
 
-    private static PrivacyEnforcementAction allowAllPurpose() {
-        final PrivacyEnforcementAction privacyEnforcementAction = PrivacyEnforcementAction.restrictAll();
-        privacyEnforcementAction.setRemoveUserIds(false);
-        privacyEnforcementAction.setMaskDeviceInfo(false);
-        return privacyEnforcementAction;
+    private static PrivacyEnforcementAction allowPurposeAndNaturally() {
+        return allowNatural(allowPurpose());
     }
 
     private static PrivacyEnforcementAction allowPurpose() {
         return PrivacyEnforcementAction.restrictAll();
     }
 
     private static PrivacyEnforcementAction allowNatural() {
-        final PrivacyEnforcementAction privacyEnforcementAction = PrivacyEnforcementAction.restrictAll();
+        return allowNatural(PrivacyEnforcementAction.restrictAll());
+    }
+
+    private static PrivacyEnforcementAction allowNatural(PrivacyEnforcementAction privacyEnforcementAction) {
         privacyEnforcementAction.setRemoveUserIds(false);
         privacyEnforcementAction.setMaskDeviceInfo(false);
         return privacyEnforcementAction;