def get(self, p_id=None):
auth_awardee = None
user_email, user_info = get_validated_user_info()
if AWARDEE in user_info['roles']:
if user_email == DEV_MAIL:
auth_awardee = request.args.get('awardee')
else:
try:
auth_awardee = user_info['awardee']
except KeyError:
raise InternalServerError("Config error for awardee")
# data only for user_awardee, assert that query has same awardee
if p_id:
if auth_awardee and user_email != DEV_MAIL:
raise Forbidden
return super(ParticipantSummaryApi, self).get(p_id)
else:
if auth_awardee:
# make sure request has awardee
requested_awardee = request.args.get('awardee')
if requested_awardee != auth_awardee:
raise Forbidden
return super(ParticipantSummaryApi, self)._query('participantId')
def wrapped(*args, **kwargs):
if not is_config_admin(app_util.get_oauth_id()):
_, user_info = get_validated_user_info()
if not HEALTHPRO in user_info.get('roles', []):
logging.info(
'User has roles {}, but HEALTHPRO or admin is required'.
format(user_info.get('roles')))
raise Forbidden()
return func(*args, **kwargs)
def post(self):
try:
resource = request.get_json(force=True)
user_email = get_validated_user_info()[0]
resource['auth_user'] = user_email
except BadRequest:
raise BadRequest('missing FHIR resource')
method = self._lookup_resource_type_method(
{
'SupplyRequest': self._post_supply_request,
'SupplyDelivery': self._post_supply_delivery
}, resource)
return method(resource)
def get(self):
"""
Return participant_id and last_modified for all records or a subset based
on the awardee parameter.
"""
response = list()
user_email, user_info = get_validated_user_info()
request_awardee = None
with self.dao.session() as session:
# validate parameter when passed an awardee.
if 'awardee' in request.args:
request_awardee = request.args.get('awardee')
hpo = session.query(
HPO.hpoId).filter(HPO.name == request_awardee).first()
if not hpo:
raise BadRequest('invalid awardee')
# verify user has access to the requested awardee.
if AWARDEE in user_info['roles'] and user_email != DEV_MAIL:
try:
if not request_awardee or user_info[
'awardee'] != request_awardee:
raise Forbidden
except KeyError:
raise InternalServerError("config error for awardee")
query = session.query(ParticipantSummary.participantId,
ParticipantSummary.lastModified)
query = query.order_by(ParticipantSummary.participantId)
if request_awardee:
query = query.filter(ParticipantSummary.hpoId == hpo.hpoId)
items = query.all()
for item in items:
response.append({
'participantId':
'P{0}'.format(item.participantId),
'lastModified':
item.lastModified.isoformat()
})
return response