Encrypt CSV download from submissions view

[dc2007git]

More of a TODO than an issue - but logging here for reference:

The download button in the audit cohort view still requires functionality to be integrated. I imagine it should just redownload the same csv as was submitted for that instance.

[mbarton]

To match the security measures of the previous platform we should wrap any downloads in a password encrypted ZIP file. The old platform let you specify your own password but I would prefer we generate a one time password displayed after the download

[mbarton]

I think it's important to download literally the same CSV file as was uploaded - so implementing this should be less of an "export" option and more "download what the user uploaded to help debugging"

[mbarton]

Implemented in #257

The old system puts any downloads in a password protected ZIP file but we haven't done that for people downloading the CSV files. It seems maybe overkill since they were likely to have submitted the files in the first place.

@AmaniKrayemRCPCH should we password protect the CSV when people download it?

[AmaniKrayemRCPCH]

Has something similar been implemented in E12? Do they require a password?

[mbarton]

I don't think we ever implemented it in E12, there was some discussion late last year rcpch/rcpch-audit-engine#643

Do data uploaders need download access anyway since they had the spreadsheet unencrypted beforehand? If we limit the feature to the NPDA team then I would say we don't need it as we will already store and handle it appropriately.

[AmaniKrayemRCPCH]

Having looked at our DPIA, we state that any data downloaded by units is password protected, so we need to stick with that.

It's hard to tell how often people are actually exporting their data - it's not in our user event log. Nor can I think of a use case.
Those submitting via CSV will already have their data file, but those submitting via questionnaire won't.

I can get some user perspective at the next dataset and methodology working group or project board meeting?

[mbarton]

Yeah this is specifically for downloading the CSV you uploaded, which I think was in the original requirements so the NPDA team could investigate claims that numbers were incorrect.

We haven't implemented data export for people submitting via questionnaire yet.

I can get some user perspective at the next dataset and methodology working group or project board meeting?

That would be very useful thanks, we can use that to guide what we password protect and if we need to give people other than the NPDA team access to download the CSV files