[Task]: Add ability to add/update addon privacy policies

[rougetimelord]

Description

Hi! I'm a maintainer on an addon that's listed on AMO, and we (semi) recently were asked to update our privacy policy. I would like to be able to push updates to our privacy policy using our release workflow, rather than having to ping the person who's AMO account actually hosts the addon every time there's a change to our privacy policy.

So basically, I would like if there was a Privacy Policy (and probably EULA) key to the following external API endpoints:

• PATCH /api/v5/addons/addon/(int:id|string:slug|string:guid)/
• PUT /api/v5/addons/addon/(string:guid)/
• POST /api/v5/addons/addon/(int:addon_id|string:addon_slug|string:addon_guid)/versions/ (if it would make sense to add it there?)

Another possible solution is to add push/patch/put methods to the /api/v5/addons/addon/(int:id|string:slug|string:guid)/eula_policy/ endpoint.

Acceptance Criteria

### Milestones/checkpoints
- [x] Add a way to update privacy policies and/or EULAs to the external API.

Checks

• [X] If the issue is ready to work on, I have removed the "needs:info" label.
• [X] If I have identified that the work is specific to a repository, I have removed "repository:addons-server" or "repository:addons-frontend"

┆Issue is synchronized with this Jira Task

[diox]

An API already exists: https://mozilla.github.io/addons-server/topics/api/addons.html#eula-and-privacy-policy

[rougetimelord]

An API already exists: https://mozilla.github.io/addons-server/topics/api/addons.html#eula-and-privacy-policy

From my reading of the docs this endpoint only gets the current policies for an addon. I want to be able to create/update the privacy policy of an addon.

I'm unable to test currently but does the endpoint accept PUSH/PATCH/PUT methods?

[diox]

My apologies, you're correct! It's an oversight on our part, it should be straightforward to fix, we'll try to get it done for our next release.

[diox]

/api/v5/addons/addon/(int:id|string:slug|string:guid)/eula_policy/ will allow PATCH to edit eula/privacy policy. Docs will be updated soon, the patch will only land in production for our next push August 8th though.

[ioanarusiczki]

I sent from https://httpie.io/app PATCH requests for eula and privacy policy, some examples:

EULA with some long text (~10000 chars) https://addons-dev.allizom.org/en-US/firefox/addon/ublock-origin_test/eula/ with emojis https://addons-dev.allizom.org/fr/firefox/addon/ublock-origin_test/eula/ with urls https://addons-dev.allizom.org/en-US/firefox/addon/foxclocks_test/eula/ privacy policy https://addons-dev.allizom.org/en-US/firefox/addon/foxclocks_test/privacy/

@diox I can send these for a theme too , and it's going to be displayed on frontend or rev tools. Themes don't have these fields available in dev hub, but in case this is a problem let me know, I'll file a followup.

[diox]

@ioanarusiczki yeah let's have a follow-up for this, we can prevent that from happening.

I also noticed in devhub, changing the privacy policy triggers an activity log ({addon} policy changed, action id 38) that is not happening through that new API, we should fix that while we're at it.

[ioanarusiczki]

@diox I'm looking into models/activity/activitylog/ and added/changed eula or privacy policy for some add-ons from dev hub but I don't see an activity log (checked dev and stage). I see an activity recorded for License only.

[diox]

You're right, I was basing that on some 15 years old code I see in the form but it doesn't look like it's doing anything...