crewli/api/app/Services/FormBuilder/FormSubmissionAnonymisationService.php

<?php

declare(strict_types=1);

namespace App\Services\FormBuilder;

use App\Enums\FormBuilder\FormFieldType;
use App\Events\FormBuilder\FormSubmissionAnonymised;
use App\Models\FormBuilder\FormSubmission;
use App\Models\FormBuilder\FormValue;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Storage;

/**
 * Right-to-be-forgotten per ARCH §13.3 + §23.4. Blanks PII values + signature
 * files, marks value_anonymised, writes per-field activity log entries.
 */
final class FormSubmissionAnonymisationService
{
    public function anonymise(FormSubmission $submission, string $reason = 'retention_policy'): void
    {
        DB::transaction(function () use ($submission, $reason): void {
            $values = FormValue::query()
                ->with('field')
                ->where('form_submission_id', $submission->id)
                ->get();

            foreach ($values as $value) {
                $field = $value->field;
                if ($field === null || ! $field->is_pii) {
                    continue;
                }

                $this->anonymiseValue($value, $field->field_type);

                activity()
                    ->performedOn($value)
                    ->withProperties([
                        'field_slug' => $field->slug,
                        'reason' => $reason,
                        'original_was_pii' => true,
                    ])
                    ->log('field.anonymised');
            }

            $submission->anonymised_at = now();
            $submission->search_index = null;
            $submission->save();
        });

        FormSubmissionAnonymised::dispatch($submission);
    }

    private function anonymiseValue(FormValue $value, string $fieldType): void
    {
        if ($fieldType === FormFieldType::SIGNATURE->value) {
            $raw = $value->value;
            if (is_array($raw) && isset($raw['file_path'], $raw['disk'])) {
                try {
                    Storage::disk((string) $raw['disk'])->delete((string) $raw['file_path']);
                } catch (\Throwable) {
                    // Swallow; best-effort.
                }
            }
            $value->value = ['anonymised' => true];
        } elseif (in_array($fieldType, [FormFieldType::FILE_UPLOAD->value, FormFieldType::IMAGE_UPLOAD->value], true)) {
            $raw = $value->value;
            if (is_array($raw) && isset($raw['file_path'])) {
                try {
                    Storage::disk((string) ($raw['disk'] ?? config('filesystems.default')))->delete((string) $raw['file_path']);
                } catch (\Throwable) {
                    // Best-effort.
                }
            }
            $value->value = ['anonymised' => true, 'original_filename_redacted' => true];
        } else {
            $value->value = '[ANONYMISED]';
        }

        $value->value_indexed = null;
        $value->value_number = null;
        $value->value_date = null;
        $value->value_bool = null;
        $value->value_anonymised = true;
        $value->save();
    }
}