FE: Filter consent manual task condition fields

[gilluminate]

Ticket ENG-2412

Description Of Changes

Filtered manual task condition field options based on configured request types. Consent manual tasks cannot use dataset field conditions (no data flow in consent DSRs) and certain privacy request fields like due_date (no execution timeframe). When only consent tasks are configured, the UI now hides unavailable field options. When both consent and access/erasure tasks exist, a warning banner explains the limitations.

Code Changes

• Added CONSENT_ALLOWED_PRIVACY_REQUEST_FIELDS constant excluding due_date field
• Created useConfiguredRequestTypes hook to detect which request types have tasks configured
• Updated PrivacyRequestFieldPicker to filter fields when isConsentOnly is true
• Updated AddConditionForm to hide dataset field source option for consent-only configurations
• Updated TaskConditionsTab to show warning banner for mixed consent + access/erasure configurations
• Added Cypress tests for consent-only and mixed configuration scenarios
• Added test fixtures for consent-only and mixed manual task configurations

Steps to Confirm

1. Navigate to Integrations > Manual Tasks integration > Manual tasks tab
2. Add a consent-only task (checkbox field type)
3. Go to Conditions tab
4. Click "Add condition" - verify dataset field source is hidden and due_date field is not in dropdown
5. Add an access task to create a mixed configuration
6. Verify warning banner appears explaining consent limitations
7. Verify dataset field source is now available (applies to access/erasure only)

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
• UX review:
  • No UX review needed
• Followup issues:
  • No followup issues
• Database migrations:
  • No migrations
• Documentation:
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Feb 5, 2026 0:01am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		Feb 5, 2026 0:01am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR filters manual task condition field options based on configured request types. When only consent tasks are configured, the UI hides dataset field sources (consent DSRs don't have data flow between nodes) and filters out privacy request fields like due_date (consent requests lack execution timeframes). A warning banner appears when both consent and access/erasure tasks exist to explain these limitations.

Key implementation details:

• New useConfiguredRequestTypes hook detects which request types have manual tasks configured by examining the manual fields API response
• CONSENT_ALLOWED_PRIVACY_REQUEST_FIELDS constant excludes due_date from available fields
• AddConditionForm conditionally hides the dataset field source radio button when isConsentOnly is true and initializes the fieldSource state to FieldSource.PRIVACY_REQUEST
• PrivacyRequestFieldPicker filters field options using the consent-specific allowlist when isConsentOnly is true
• Comprehensive Cypress tests verify consent-only, mixed, and standard configurations with appropriate fixtures
• Minor unrelated fix adds legacyBehavior prop to NextLink in useLinkSystemStep.tsx

The implementation properly addresses the issue raised in the previous thread about state initialization - the fieldSource state is now conditionally initialized based on isConsentOnly at line 60-64 in AddConditionForm.tsx.

Confidence Score: 5/5

• This PR is safe to merge with no critical issues found
• The implementation is well-structured with proper state management, comprehensive test coverage for all scenarios (consent-only, mixed, and standard configurations), and clear documentation. The previous thread concern about fieldSource state initialization has been properly addressed.
• No files require special attention

Important Files Changed

Filename	Overview
clients/admin-ui/src/features/integrations/configure-tasks/hooks/useConfiguredRequestTypes.ts	New hook to detect configured request types (consent-only, access, erasure); well-structured with clear documentation
clients/admin-ui/src/features/integrations/configure-tasks/utils.ts	Added consent-specific field constants to filter unavailable fields for consent-only configurations
clients/admin-ui/src/features/integrations/configure-tasks/AddConditionForm.tsx	Conditionally hides dataset field source option for consent-only; initializes state appropriately
clients/admin-ui/src/features/integrations/configure-tasks/TaskConditionsTab.tsx	Shows warning banner for mixed consent + access/erasure configurations; uses new hook to detect task types
clients/admin-ui/cypress/e2e/integration-management-manual-task-conditions.cy.ts	Comprehensive tests for consent-only, mixed, and standard configurations with proper fixtures

[greptile-apps]

_{5 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[gilluminate]

@greptile

[greptile-apps]

_{6 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

clients/admin-ui/src/features/integrations/configure-tasks/AddConditionForm.tsx
handleCancel always resets fieldSource to DATASET on line 134, but when isConsentOnly is true, dataset fields aren't available. This could cause issues if the user cancels and reopens the form.

  const handleCancel = useCallback(() => {
    form.resetFields();
    setFieldSource(isConsentOnly ? FieldSource.PRIVACY_REQUEST : FieldSource.DATASET);
    onCancel();
  }, [form, onCancel, isConsentOnly]);

[gilluminate]

@greptile

[greptile-apps]

_{5 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[speaker-ender]

Tested in preview and looks good!