The data protection feature allows a user to request a copy of all personal data that edu-sharing has stored about them – in accordance with the GDPR right of access. A request is processed asynchronously in the background; once the export is ready, the user is notified by email and can download it.
What the feature does
A user (or an administrator on their behalf) can request an independent GDPR data export. edu-sharing collects all data stored about this user, packages it, and makes it available for download. The processing happens in the background — the request is immediately acknowledged, and the actual export is assembled by a scheduled job.
What is exported
Depending on the operational configuration (see Part B), the export contains:
-
Home directory — all folders and objects in the user's personal workspace.
-
Collections — both private and shared collections owned by the user.
-
Shared objects — objects and folders owned by the user and shared with others.
-
Feedbacks — feedback entries submitted by the user.
-
Comments — comments written by the user.
-
Safe area — the corresponding home and shared content in the protected "Safe" area.
For each object, the archive may contain the following:
-
the metadata as a
.jsonfile, -
the original file (binary content),
-
the thumbnail (
.png).
Additionally, a summary PDF report is created. This lists the user's master data and account information, for example:
-
First name, last name, username, and any secondary (local) IDs,
-
Email address and role,
-
School / school number, media centers, and group memberships,
-
first and last login,
-
private and shared collections, feedbacks, and comments,
-
a series of information links as well as the export date.
Output formats
The export is provided in one of two forms:
-
Complete ZIP archive — the full data export (metadata, binary data, thumbnails) including the summary report.
-
PDF report only — only the summary PDF file, without the file archive.
Which form is produced depends on the configuration described in Part B.
How to request an export
The export is triggered via the application, which calls the REST endpoint:
POST /iam/v1/people/{repository}/{person}/dataprotection
-
Use
-home-as{repository}for the home repository and-me-as{person}for the current user. -
To request an export for a different user, administrator rights are required.
Responses:
-
200 OK — the request was accepted (a new export was queued).
-
409 Conflict — an export has already been requested or is running for this user; the current queue entry is returned.
What happens next
-
The request is queued with the status REQUESTED in a processing queue.
-
The scheduled job picks it up, sets it to RUNNING and assembles the export.
-
Upon completion, the entry is set to FINISHED, and the user receives an email with a download link (only if the account has an email address).
The current status and the resulting download object can be retrieved at any time with:
GET /iam/v1/people/{repository}/{person}/dataprotection
This returns the queue status and, once available, the node of the finished export. If no finished export exists, the endpoint responds with 404 Not Found.
Availability period
A completed export is retained only for a limited retention period and then automatically deleted (default: 10 days — see Part B).
If a new export is requested after a previous one has been completed, the old export is deleted and a new one is started. As long as a request is still REQUESTED or RUNNING, repeated requests have no effect (return 409).
Operation / Configuration
Enabling the feature
The GDPR data export is configured in the block repository.dataprotection in edu-sharing.conf. The available keys and their default values are documented in edu-sharing.reference.conf:
hocon
repository {
dataprotection: {
enabled: false
//retentionPeriod: "PT240H"
//metadataExport: true
//binaryExport: true
//summaryExport: true
//fileName: "dataprotectioninfo_edu-sharing"
//templatePath: "html/dataprotection/report.html"
//links: ["http://edu-sharing.com","http://edu-sharing.net"]
//cronExpression: "Cron[0 * * * * ?]"
}
}
The feature is disabled by default. Setting enabled: true registers the periodic background job that processes the export queue.
Prerequisite: Database table
The queue is stored in the database table edu_dataprotection_queue. The associated creation script dataprotection-queue.sql must be part of the startup scripts (it is included in the core scripts of edu-sharing.reference.conf):
sql
CREATE TABLE edu_dataprotection_queue
(
"user" varchar(100) not null UNIQUE,
status varchar(100) not null,
requested timestamp not null,
node_id varchar(36),
finished timestamp
);
Configuration reference
|
Key |
Default value |
Effect |
|---|---|---|
|
|
|
Enables the feature and the associated background processing job. |
|
|
|
Schedule of the export processing job (default: every minute). |
|
|
|
How long a completed export is retained before it is automatically deleted. |
|
|
|
Include node metadata ( |
|
|
|
Include original files and thumbnails in the export. |
|
|
|
Generate the summary PDF report. |
|
|
|
Base name of the resulting file (a date prefix |
|
|
|
Thymeleaf template used to create the summary PDF report. |
|
|
|
Informative links displayed in the PDF report (comma-separated list). |
How the flags determine the output format
The three export flags determine what is exported and together decide which format is produced:
-
summaryExport=trueandmetadataExport=false→ the result is a single PDF report (no ZIP archive). This is the "report only" mode. -
Otherwise → the result is a ZIP archive, whose content depends on the flags:
-
metadataExport=trueadds the.jsonmetadata files and the folder structure of each area (home,collection,shared,feedback,comment,safe/home,safe/shared). -
binaryExport=trueadds the original files and.pngthumbnails. -
summaryExport=trueadds the summary PDF report inside the archive.
-
Note: With
metadataExport=false, the folder structure is not created, so the binary data has no place to go — therefore disabling metadata while summary is enabled results in a pure PDF output.
Retention behavior
On each run, the processing job checks all FINISHED exports. If the node of a completed export is older than retentionPeriod, both the export node and the associated queue entry are deleted. This prevents personal data from being retained longer than necessary and limits storage usage.
Notification
When an export is completed, an email is sent to the user using the gdpr mail template. It contains the download link and the retention period (in days). No email is sent if the user account has no email address.
Storage / Footprint
-
Exports are assembled in a working directory next to the content store:
<contentstore>/../dataprotection. Temporary files there are removed once the export is saved. -
The completed export is saved as a node in the GDPR system folder (within
Company Home / Edu_Sharing_System /) and made readable for the exported user (consumer permission), so they can download it via the link.
Operational notes and current limitations
-
Report language / timezone are currently fixed to German (
Europe/Berlin,Locale.GERMANY), regardless of the user's profile. -
Ratings are not yet part of the summary report.
-
The processing job runs according to the configured
cronExpression; increasing the interval reduces background load if exports are rare.