[ENG-2735] Add "download troubleshooting data" action to privacy request admin UI

[nreyes-dev]

Ticket ENG-2735

Description Of Changes

Add "download troubleshooting data" action to privacy request admin UI

Code Changes

• Add diagnostics export query: Introduce getPrivacyRequestDiagnostics in fides/clients/admin-ui/src/features/privacy-requests/privacy-requests.slice.ts (GET privacy-request/${privacy_request_id}/diagnostics) and export useLazyGetPrivacyRequestDiagnosticsQuery.
• Add download hook: Add useDownloadPrivacyRequestDiagnostics in fides/clients/admin-ui/src/features/privacy-requests/hooks/useDownloadPrivacyRequestDiagnostics.ts to:
  • Fetch download_url via useLazyGetPrivacyRequestDiagnosticsQuery
  • Gate visibility by ScopeRegistryEnum.PRIVACY_REQUEST_READ
  • Show toast errors when the URL can’t be resolved
  • Show an info message when diagnostics are stored locally (non-HTTP URL)
  • Open the download URL in a new tab when it’s a remote URL
• Wire into request details actions: Update fides/clients/admin-ui/src/features/privacy-requests/PrivacyRequestActionsDropdown.tsx to add a “Download troubleshooting data” action (disabled while the request is fetching) with data-testid="download-troubleshooting-data-btn. This dropdown is rendered on the privacy request details page (fides/clients/admin-ui/src/pages/privacy-requests/[id].tsx).

Steps to Confirm

1. Start the OSS backend + Admin UI, and ensure at least one privacy request exists (e.g. create one via Privacy Center so it appears in Request Manager).
2. In Admin UI, go to Privacy requests → Request manager and open any request’s Request details page.
3. Click the Actions dropdown (top right).
4. Confirm Download troubleshooting data is present.
5. Click Download troubleshooting data and confirm behavior:
   • Remote storage: a new tab opens / file download starts (uses returned download_url).
   • Local storage: a toast appears saying “Troubleshooting data stored locally cannot be downloaded” and nothing downloads.
6. Simulate an API failure (temporarily stop the backend or block the endpoint) and confirm an error toast appears (e.g. “Unable to resolve download URL”) and the action becomes clickable again after the request completes.
7. Verify the action is not shown for a user lacking PRIVACY_REQUEST_READ.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

Summary by CodeRabbit

• New Features
  • Added a "Download troubleshooting data" action to the privacy request Admin UI, allowing administrators to retrieve diagnostic export files for investigating privacy request issues. The action appears conditionally and indicates progress while the export is being prepared.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Mar 4, 2026 7:46pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		Mar 4, 2026 7:46pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fef70049-d312-4d37-8d38-51c21afe1e05

📥 Commits

Reviewing files that changed from the base of the PR and between 315a8cb and 750208d.

📒 Files selected for processing (1)

• clients/admin-ui/src/features/privacy-requests/hooks/useDownloadPrivacyRequestDiagnostics.ts

---

📝 Walkthrough

Walkthrough

Adds a "Download troubleshooting data" action to the Admin UI privacy request workflow: new hook to fetch diagnostics and perform downloads, dropdown integration to surface the action, new API lazy endpoint to retrieve diagnostics, and a response type for the diagnostics export.

Changes

Cohort / File(s)	Summary
Hook Implementation clients/admin-ui/src/features/privacy-requests/hooks/useDownloadPrivacyRequestDiagnostics.ts	New default-exported React hook that checks read permission, uses a lazy diagnostics query, exposes showDownloadTroubleshootingData, downloadTroubleshootingData() and isLoading, handles errors, and triggers programmatic browser downloads for remote URLs.
Dropdown Integration clients/admin-ui/src/features/privacy-requests/PrivacyRequestActionsDropdown.tsx	Integrates the new hook into the actions dropdown, conditionally adds a "Download troubleshooting data" menu item, ties disabled state to loading, and updates memo dependencies.
API Slice & Types clients/admin-ui/src/features/privacy-requests/privacy-requests.slice.ts, clients/admin-ui/src/features/privacy-requests/types.ts	Adds getPrivacyRequestDiagnostics endpoint with useLazyGetPrivacyRequestDiagnosticsQuery and introduces PrivacyRequestDiagnosticsExportResponse type (download_url, storage_type, object_key, created_at).
Changelog changelog/ENG-2735-download-troubleshooting-data.yaml	New changelog entry documenting the added "Download troubleshooting data" action in the privacy request Admin UI (PR 7548).

Sequence Diagram

sequenceDiagram
    participant Admin as Admin User
    participant Dropdown as PrivacyRequestActionsDropdown
    participant Hook as useDownloadPrivacyRequestDiagnostics
    participant API as Privacy Request API
    participant Storage as Remote Storage

    Admin->>Dropdown: Click "Download troubleshooting data"
    Dropdown->>Hook: call downloadTroubleshootingData()
    Hook->>API: GET /privacy-request/{id}/diagnostics
    API->>Storage: generate/upload diagnostics (if needed)
    Storage-->>API: return download_url
    API-->>Hook: return PrivacyRequestDiagnosticsExportResponse
    Hook->>Hook: validate download_url & storage_type
    Hook->>Storage: fetch diagnostics file (remote URL)
    Storage-->>Hook: return file stream/url
    Hook->>Admin: trigger browser download (anchor click)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A nibble, a hop, a diagnostic trail,

Click once and the troubleshooting sails.
Bundled logs in a neat little pack,
Downloaded swiftly—no rabbit backtrack! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and specifically describes the main change: adding a 'download troubleshooting data' action to the privacy request admin UI, with ticket reference.
Description check	✅ Passed	The pull request description comprehensively covers required template sections: ticket reference, detailed code changes, clear confirmation steps, and completed pre-merge checklist items.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nreyes/eng-2735

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR adds a "Download troubleshooting data" action to the privacy request admin UI. It introduces a new RTK Query endpoint (GET privacy-request/{id}/diagnostics), a custom hook (useDownloadPrivacyRequestDiagnostics) that fetches the download URL and triggers a browser download or shows an appropriate toast, and wires this into the existing PrivacyRequestActionsDropdown.

The overall approach is well-structured and consistent with the existing useDownloadPrivacyRequestResults hook. Two issues require attention:

1. preferCacheValue: true (line 29 of the hook): Passing true as the second argument instructs RTK Query to serve previously cached responses instead of re-fetching. If the backend returns time-limited presigned URLs (e.g., AWS S3 pre-signed URLs), repeated clicks within the same session will silently reuse the cached — and potentially expired — URL, causing download failures.

2. Dead code in error handler (lines 32-41): The inner if (result.error) check is always true within the outer if ("error" in result) block due to RTK Query's type guarantees, making the else branch unreachable. This can be simplified by removing the redundant inner check.

Confidence Score: 2/5

• Not safe to merge — the preferCacheValue: true argument in line 29 causes stale/expired presigned URLs to be served on repeated clicks, which is a real functional bug for time-limited download URLs.
• The PR implementation is well-structured and consistent with existing patterns, but contains a critical logic issue with preferCacheValue: true that will cause stale URLs to be reused on repeated clicks. This is a real-world problem for backends returning time-limited presigned URLs. Additionally, there's unnecessary dead code in error handling (a minor style issue). Both require fixes before merge.
• clients/admin-ui/src/features/privacy-requests/hooks/useDownloadPrivacyRequestDiagnostics.ts — specifically lines 27-30 (preferCacheValue argument) and lines 32-41 (dead code branch).

_{Last reviewed commit: 315a8cb}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@clients/admin-ui/src/features/privacy-requests/hooks/useDownloadPrivacyRequestDiagnostics.ts`:
- Around line 27-30: The code is passing preferCacheValue=true to
fetchDiagnostics which may return stale presigned download_url; update the call
in useDownloadPrivacyRequestDiagnostics (the fetchDiagnostics trigger) to omit
the second boolean argument so it always fetches fresh data: replace
fetchDiagnostics({ privacy_request_id: privacyRequest.id }, true) with a
single-argument call fetchDiagnostics({ privacy_request_id: privacyRequest.id })
(or otherwise remove/disable the preferCacheValue flag) so presigned URLs are
not served from cache.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bea76d71-61be-4a68-a00c-6c87fee13ccf

📥 Commits

Reviewing files that changed from the base of the PR and between 2c0ee18 and 315a8cb.

📒 Files selected for processing (5)

• changelog/ENG-2735-download-troubleshooting-data.yaml
• clients/admin-ui/src/features/privacy-requests/PrivacyRequestActionsDropdown.tsx
• clients/admin-ui/src/features/privacy-requests/hooks/useDownloadPrivacyRequestDiagnostics.ts
• clients/admin-ui/src/features/privacy-requests/privacy-requests.slice.ts
• clients/admin-ui/src/features/privacy-requests/types.ts

[jpople]

Looks good overall, couple nits about the code.

[jpople]

Can we use an auto-generated type for this?

[jpople]

This doesn't seem to be used in any tests, so we shouldn't need the span wrapper with the test ID.