feat: update sync functions to respect GDPR access policies #95

- Updated WooCommerce sync to check products/orders/customers access policies
- Updated Shopify sync to check access policies from store_sync_config
- Updated ShopRenter sync to check access policies from store_sync_config
- Updated WooCommerce scheduled sync to report policy status
- Updated ShopRenter scheduled sync to check policies before sync
- Sync only occurs when access_policy is 'sync' (not 'api_only' or 'not_allowed')
- Added detailed logging of access policy status for all platforms

supabase/functions/shopify-sync/index.ts

@@ -859,16 +859,26 @@ serve(wrapHandler('shopify-sync', async (req) => {
     }
 
     // Check data access permissions
-    const permissions = store.data_access_permissions || {}
-    const canSyncProducts = permissions.allow_product_access !== false
-    const canSyncOrders = permissions.allow_order_access !== false
-    const canSyncCustomers = permissions.allow_customer_access !== false
+    // Get access policies from store_sync_config
+    const { data: syncConfig } = await supabaseAdmin
+      .from('store_sync_config')
+      .select('products_access_policy, orders_access_policy, customers_access_policy')
+      .eq('store_id', store_id)
+      .single()
+
+    // Only sync if policy is 'sync' (not 'api_only' or 'not_allowed')
+    const canSyncProducts = syncConfig?.products_access_policy === 'sync'
+    const canSyncOrders = syncConfig?.orders_access_policy === 'sync'
+    const canSyncCustomers = syncConfig?.customers_access_policy === 'sync'
     const qdrantEnabled = store.qdrant_sync_enabled !== false
 
     console.log('[Shopify] Sync permissions:', {
       products: canSyncProducts,
+      productsPolicy: syncConfig?.products_access_policy || 'not_configured',
       orders: canSyncOrders,
+      ordersPolicy: syncConfig?.orders_access_policy || 'not_configured',
       customers: canSyncCustomers,
+      customersPolicy: syncConfig?.customers_access_policy || 'not_configured',
       qdrant: qdrantEnabled
     })
 

supabase/functions/shoprenter-scheduled-sync/index.ts

@@ -201,9 +201,10 @@ serve(wrapHandler('shoprenter-scheduled-sync', async (req) => {
         // Note: Orders/customers are NOT cached to database for GDPR compliance
         // They are only synced to Qdrant for AI access when flags are enabled
         const qdrantEnabled = store.qdrant_sync_enabled !== false
-        const permissions = store.data_access_permissions || {}
-        const canSyncOrders = permissions.allow_order_access !== false
-        const canSyncCustomers = permissions.allow_customer_access !== false
+        // Report access policy status (for logging/monitoring)
+        const canSyncOrders = config.orders_access_policy === 'sync'
+        const canSyncCustomers = config.customers_access_policy === 'sync'
+        const canSyncProducts = config.products_access_policy === 'sync'
         const shouldSyncOrders = config?.sync_orders === true
         const shouldSyncCustomers = config?.sync_customers === true
 

supabase/functions/shoprenter-sync/index.ts

@@ -764,18 +764,23 @@ serve(wrapHandler('shoprenter-sync', async (req) => {
     console.log(`[ShopRenter] Starting full sync for store ${storeId}`)
 
     // Check data access permissions
-    const permissions = store.data_access_permissions || {}
-    const canSyncProducts = permissions.allow_product_access !== false
-    const canSyncOrders = permissions.allow_order_access !== false
-    const canSyncCustomers = permissions.allow_customer_access !== false
-    const qdrantEnabled = store.qdrant_sync_enabled !== false
+    // Get access policies from store_sync_config
+    const { data: syncConfig } = await supabase
+      .from('store_sync_config')
+      .select('products_access_policy, orders_access_policy, customers_access_policy')
+      .eq('store_id', store_id)
+      .single()
 
-    // Check store_sync_config for orders/customers sync flags
-    const syncConfig = (store as any).store_sync_config?.[0] || {}
-    const shouldSyncOrders = syncConfig.sync_orders !== false  // Default to true if not explicitly disabled
-    const shouldSyncCustomers = syncConfig.sync_customers !== false  // Default to true if not explicitly disabled
+    // Only sync if policy is 'sync' (not 'api_only' or 'not_allowed')
+    const canSyncProducts = syncConfig?.products_access_policy === 'sync'
+    const canSyncOrders = syncConfig?.orders_access_policy === 'sync'
+    const canSyncCustomers = syncConfig?.customers_access_policy === 'sync'
+    const qdrantEnabled = store.qdrant_sync_enabled !== false
 
     console.log('[ShopRenter] Sync permissions:', {
+      productsPolicy: syncConfig?.products_access_policy || 'not_configured',
+      ordersPolicy: syncConfig?.orders_access_policy || 'not_configured',
+      customersPolicy: syncConfig?.customers_access_policy || 'not_configured',
       products: canSyncProducts,
       orders: canSyncOrders,
       customers: canSyncCustomers,

supabase/functions/woocommerce-scheduled-sync/index.ts

@@ -219,10 +219,10 @@ serve(wrapHandler('woocommerce-scheduled-sync', async (req) => {
           const hasErrors = syncStats.products.errors > 0
           syncStats.status = hasErrors ? 'partial' : 'success'
 
-          // Test data access permissions (don't sync, just validate)
-          const permissions = store.data_access_permissions || {}
-          syncStats.customer_access_tested = permissions.allow_customer_access || false
-          syncStats.order_access_tested = permissions.allow_order_access || false
+          // Report access policy status (for logging/monitoring)
+          syncStats.customer_access_policy = config.customers_access_policy || 'not_configured'
+          syncStats.order_access_policy = config.orders_access_policy || 'not_configured'
+          syncStats.product_access_policy = config.products_access_policy || 'not_configured'
         } else {
           syncStats.status = 'failed'
           syncStats.error_message = syncResult.error || 'Unknown error'

supabase/functions/woocommerce-sync/index.ts

@@ -932,17 +932,26 @@ serve(wrapHandler('woocommerce-sync', async (req) => {
         )
       }
 
-      // Check data access permissions
-      const permissions = store.data_access_permissions || {}
-      const canSyncProducts = permissions.allow_product_access !== false
-      const canSyncOrders = permissions.allow_order_access !== false
-      const canSyncCustomers = permissions.allow_customer_access !== false
+      // Get access policies from store_sync_config
+      const { data: syncConfig } = await supabaseAdmin
+        .from('store_sync_config')
+        .select('products_access_policy, orders_access_policy, customers_access_policy')
+        .eq('store_id', store_id)
+        .single()
+
+      // Only sync if policy is 'sync' (not 'api_only' or 'not_allowed')
+      const canSyncProducts = syncConfig?.products_access_policy === 'sync'
+      const canSyncOrders = syncConfig?.orders_access_policy === 'sync'
+      const canSyncCustomers = syncConfig?.customers_access_policy === 'sync'
       const qdrantEnabled = store.qdrant_sync_enabled !== false
 
       console.log('[WooCommerce] Sync permissions:', {
         products: canSyncProducts,
+        productsPolicy: syncConfig?.products_access_policy || 'not_configured',
         orders: canSyncOrders,
+        ordersPolicy: syncConfig?.orders_access_policy || 'not_configured',
         customers: canSyncCustomers,
+        customersPolicy: syncConfig?.customers_access_policy || 'not_configured',
         qdrant: qdrantEnabled
       })