def pii_get(pid=None):
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
data_list, is_objectid, is_error, resp = get_data_list_pid(pid)
if is_error:
return resp
auth_pass = check_id(auth_resp, data_list[0])
if not (auth_pass):
msg = {
"reason": "The user info in id token and db are not matching.",
"error": "Authorization Failed."
}
msg_json = jsonutils.create_log_json("PII", "GET", msg)
logging.error("PII GET " + json.dumps(msg_json))
return jsonutils.create_auth_fail_message()
# remove fileDescriptors from db_data
data_list = jsonutils.remove_file_descriptor_from_data_list(data_list)
out_json = mongoutils.construct_json_from_query_list(data_list[0])
msg_json = jsonutils.create_log_json("PII", "GET", data_list[0], 'pii')
logging.info("PII GET " + json.dumps(msg_json))
return out_json
def pii_delete(pid=None):
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
data_list, is_objectid, is_error, resp = get_data_list_pid(pid)
if is_error:
return resp
auth_pass = check_id(auth_resp, data_list[0])
if not (auth_pass):
msg = {
"reason": "The user info in id token and db are not matching.",
"error": "Authorization Failed."
}
msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
logging.error("PII DELETE " + json.dumps(msg_json))
return jsonutils.create_auth_fail_message()
try:
if (is_objectid):
id = ObjectId(pid)
mongoutils.db_pii.pii_collection.delete_one(
{cfg.FIELD_OBJECTID: id})
msg = {"pid": str(pid)}
msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
logging.info("PII DELETE " + json.dumps(msg_json))
return rs_handlers.entry_deleted('ObjectID', pid)
else:
mongoutils.db_pii.pii_collection.delete_one({cfg.FIELD_PID: pid})
msg = {"pid": str(pid)}
msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
logging.info("PII DELETE " + json.dumps(msg_json))
return rs_handlers.entry_deleted('pid', pid)
except:
msg = {
"reason": "Failed to deleted pii. not found: " + str(pid),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
logging.info("PII DELETE " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
def pii_put(pid=None):
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token(
auth_resp)
try:
in_json = request.get_json()
# ToDo following lines are commented out for now
# but it should be used if the email and phone number get updated
# # if there is any phone number or email information in input json, they will be removed
# # since the current policy is not updating the email or phone number
# # until further decision
# try:
# del in_json["uin"]
# except:
# pass
# try:
# del in_json["phone"]
# except:
# pass
except Exception as ex:
msg = {
"reason": "Json format error: " + str(pid),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if the pid is really existing in the database
pii_dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PID, pid)
if pii_dataset == None:
msg = {
"reason": "There is no dataset with given pii uuid: " + str(pid),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
creation_date = pii_dataset.get_creation_date()
tmp_dataset = json.loads(json.dumps(pii_dataset.__dict__))
auth_pass = check_id(auth_resp, tmp_dataset)
if not (auth_pass):
msg = {
"reason": "The user info in id token and db are not matching.",
"error": "Authorization Failed."
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return jsonutils.create_auth_fail_message()
# get the current testResultsConset value to see if it is changed
# if changed, update last modified date after updating pii data
consent_provided = None
consent_last_modified = None
try:
consent_provided = pii_dataset.testResultsConsent["consentProvided"]
consent_last_modified = pii_dataset.testResultsConsent["dateModified"]
except:
pass
pii_dataset = datasetutils.update_pii_dataset_from_json(pii_dataset, in_json)
currenttime = otherutils.get_current_time_utc()
# if consentProvided value has been changed, update the last modified date
try:
if consent_provided != pii_dataset.testResultsConsent['consentProvided']:
pii_dataset = update_test_results_consent(pii_dataset)
else: # record the exising modified date that got lost during the json update
pii_dataset.testResultsConsent['dateModified'] = consent_last_modified
except:
pass
pii_dataset.set_last_modified_date(currenttime)
# remove creation date field and pid so doesn't get updated
del pii_dataset.creationDate
del pii_dataset.pid
# update pii_dataset's non_pii_uuid
non_pii_uuid_from_dataset = pii_dataset.get_uuid()
try:
non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID]
# both non_pii_uuid and non_pii_uuid_from_dataset should be list
if (type(non_pii_uuid) is not list) or (type(non_pii_uuid_from_dataset) is not list):
msg = {
"reason": "The uuid information is not a list.",
"error": "Json format error."
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
pii_dataset.set_uuid(non_pii_uuid)
# # the following lines can be used for item to item comparison and append when it is needed
# for i in range(len(non_pii_uuid)):
# pii_dataset = append_non_pii_uuid(non_pii_uuid[i], non_pii_uuid_from_dataset, pii_dataset)
except:
pass
# update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing.
# if tk_firstname is not None:
# pii_dataset.set_firstname(tk_firstname)
# if tk_lastname is not None:
# pii_dataset.set_lastname(tk_lastname)
# if tk_email is not None:
# pii_dataset.set_email(tk_email)
if tk_phone is not None:
pii_dataset.set_phone(tk_phone)
if tk_uin is not None:
pii_dataset.set_uin(tk_uin)
result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid,
pii_dataset)
if result is None:
msg = {
"reason": "Failed to update non pii uuid into pii dataset: " + str(pid),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
# add pid and original creation date to dataset for output json
try:
pii_dataset["pid"] = pid
pii_dataset["creationDate"] = creation_date
except:
pass
pii_dataset = jsonutils.remove_file_descriptor_from_dataset(pii_dataset)
out_json = mongoutils.construct_json_from_query_list(pii_dataset)
msg_json = jsonutils.create_log_json("PII", "PUT", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii')
logging.info("PII PUT " + json.dumps(msg_json))
return out_json