[ENG-1974] schema updates for bulk filtered dsr

[JadeCara]

Ticket ENG-1974

Description Of Changes

🎯 As a Fides user I want to be able to filter my results and then act on them, so that I can perform actions on many pages of results instead of having to go 1 by 1.

AC:

• Existing bulk action endpoints accept all the same filters as the search endpoint and apply the actions to the results.
• Existing bulk action endpoints accept a list of exclude_ids to be excluded from the actions
• Implementation reuses patterns for bulk actions used in the action center

This PR updates the schema with tests and updates the endpoints with the schema. It paves the way for adding the filters to the request but the functionality will still currently only work with a list of ids.

Code Changes

• src/fides/api/schemas/privacy_request.py: moved from ReviewPrivacyRequestIds to new PrivacyRequestBulkSelection schema for privacy request selection
• src/fides/api/api/v1/endpoints/privacy_request_endpoints.py: Updated imports for new schemas functions with updates schema and functionality
• bonus fix for some flaky tests erroring on teardown.

This is just the first step.

• ENG-1974 add bulk operations to privacy request service #7050 updates the privacy request service to batch ids
• [ENG-1974] helper functions #7051 adds the helper functions for ids and filters
• [ENG-1974] Filtered bulk actions for DSRs #7027 updates the endpoints to use the filters with tests

Steps to Confirm

1. There should be no change in current functionality. Right now the front end passes back a list for all bulk functions so any tests with the front end should work exactly the same.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
fides-plus-nightly	Ready	Preview	Comment	Dec 8, 2025 0:32am

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
fides-privacy-center	Ignored			Dec 8, 2025 0:32am

[codecov]

Codecov Report

❌ Patch coverage is 65.51724% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.26%. Comparing base (04356c4) to head (805fd9d).
⚠️ Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
.../api/api/v1/endpoints/privacy_request_endpoints.py	0.00%	5 Missing and 5 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7049      +/-   ##
==========================================
- Coverage   87.28%   87.26%   -0.02%     
==========================================
  Files         530      530              
  Lines       34858    34882      +24     
  Branches     4036     4044       +8     
==========================================
+ Hits        30426    30440      +14     
- Misses       3550     3555       +5     
- Partials      882      887       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR refactors bulk privacy request action schemas to support future filtered operations. The changes replace ReviewPrivacyRequestIds with a new flexible PrivacyRequestBulkSelection schema that accepts either explicit IDs or filters (with exclusions).

Key changes:

• Introduced PrivacyRequestBulkSelection with comprehensive validation ensuring request_ids and filters are mutually exclusive
• Updated 5 bulk endpoints (approve, deny, cancel, finalize, soft-delete) with temporary guards requiring request_ids until filter support lands in subsequent PRs
• Added schema unit tests covering all validation rules and edge cases
• Fixed flaky performance tests by disabling celery worker during test teardown

The implementation follows good patterns with validation at the schema level rather than in route handlers. Current functionality remains unchanged as filter support is deferred to follow-up PRs #7050, #7051, and #7027.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it's a well-designed refactoring with comprehensive tests and no breaking changes
• The changes are purely additive with no behavioral changes to existing functionality. The schema validation is thorough with clear error messages, comprehensive unit tests cover all edge cases, and the temporary guards in endpoints prevent premature use of filter functionality. The celery test fix addresses a legitimate flaky test issue.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
src/fides/api/schemas/privacy_request.py	5/5	Replaced ReviewPrivacyRequestIds with new PrivacyRequestBulkSelection schema that supports both explicit IDs and filters. Added comprehensive validation logic with clear error messages for mutually exclusive options.
src/fides/api/api/v1/endpoints/privacy_request_endpoints.py	5/5	Updated 5 bulk action endpoints to use new schema with temporary guards requiring request_ids until filter support is added in subsequent PRs. Replaced assertions with proper HTTPException error handling.
tests/api/schemas/test_privacy_request.py	5/5	Added comprehensive unit tests for PrivacyRequestBulkSelection validation rules covering valid configurations and error cases with clear parametrized test cases.

[greptile-apps]

_{5 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[JadeCara]

@greptile please review

[greptile-apps]

_{5 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[erosselli]

Approving with some nit comments

[erosselli]

I'm a bit confused at this parameterization , it seems like expected_request_ids always matches request_ids , expected_filters always matches filters and expected_exclude_ids always matches exclude_ids . Are all the params needed?

[JadeCara]

Fixed :)

[erosselli]

nit: another case would be just exclude ids provided

[JadeCara]

Ooo good point :D

[JadeCara]

added test :)

[erosselli]

nice find!

[JadeCara]

This ended up not working :( updating the celery fixture to end if stuck instead.