[ENG-2040] Duplicate DSR: approve/deny

[JadeCara]

Ticket ENG-2040

Description Of Changes

🎯 The approve/deny actions cannot be performed in a duplicate request. They currently raise a "Cannot transition status". These and the bulk operations should work on duplicates too.

Code Changes

• Added duplicate status to the checks for approve and deny in privacy request service
• Added tests for individual and bulk endpoints for duplicate tests
• Added approve and deny to duplicate status in .ts files

Steps to Confirm

1. Run Fidesplus pointed at this branch.
2. in the config (PATCH /api/v1/config) enable duplicate detection

{
  "privacy_request_duplicate_detection": {
    "enabled": true
  }
} 

3. Create at least 4 privacy requests with the same email you should see all but 1 of them as duplicates.

4. Select the first couple and then bulk approve - you will get a prompt, hit continue and verify that the approved pop up happens and the selected requests are now approved.

5. Now select the others and bulk deny them - again look for any error pop ups and verify they are denied.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
fides-plus-nightly	Ignored	Preview		Nov 18, 2025 10:41pm
fides-privacy-center	Ignored			Nov 18, 2025 10:41pm

[JadeCara]

Since denied is another end state column these DSRs are no longer active. Duplicates should only consider other active DSRs.

[greptile-apps]

Greptile Summary

• Enables approve and deny actions for duplicate DSRs by adding PrivacyRequestStatus.duplicate to status checks in backend service methods and frontend UI components
• Adds denied status to non-canonical request filter in duplicate detection logic to allow processing of duplicates even when original requests are denied
• Includes comprehensive test coverage with parameterized tests for both individual and bulk operations across pending and duplicate statuses

Confidence Score: 5/5

• This PR is safe to merge with minimal risk.
• The changes are focused, well-tested, and follow consistent patterns across backend and frontend. The implementation correctly handles status transitions by adding duplicate status alongside pending in all relevant checks. The duplication detection logic enhancement to exclude denied requests from canonical filtering is logical and prevents edge cases. Comprehensive test coverage includes parameterized tests, bulk operations, and mixed status scenarios.
• No files require special attention.

Important Files Changed

Filename	Overview
src/fides/service/privacy_request/privacy_request_service.py	Added duplicate status to approval/denial checks, allowing duplicate DSRs to be approved or denied alongside pending requests.
src/fides/api/service/privacy_request/duplication_detection.py	Added denied status to non-canonical filter, allowing duplicate detection to ignore denied requests when determining canonical requests.
tests/ops/api/v1/endpoints/privacy_request/test_privacy_request_endpoints.py	Comprehensive test coverage including parameterized tests for both pending and duplicate statuses, bulk operations, and mixed status scenarios.

[greptile-apps]

_{6 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile
React with 👍 or 👎 to share your feedback on this new summary format}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.80%. Comparing base (af05648) to head (ac13df8).
⚠️ Report is 12 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6998      +/-   ##
==========================================
- Coverage   87.30%   85.80%   -1.51%     
==========================================
  Files         525      525              
  Lines       34526    34515      -11     
  Branches     3986     3984       -2     
==========================================
- Hits        30144    29616     -528     
- Misses       3513     4008     +495     
- Partials      869      891      +22     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lucanovera]

Tested alongside my FE changes. Approve/deny work on individual request endpoints and bulk endpoints too. Approved! Thanks for getting this up so quickly.

[vcruces]

Looks great to me, pretty straightforward! I didn’t run manual tests on it, but since Lucano already did, I’m comfortable with the changes