def pii_get(pid=None): # Get ID Token data from global context variable. auth_resp = g.user_token_data data_list, is_objectid, is_error, resp = get_data_list_pid(pid) if is_error: return resp auth_pass = check_id(auth_resp, data_list[0]) if not (auth_pass): msg = { "reason": "The user info in id token and db are not matching.", "error": "Authorization Failed." } msg_json = jsonutils.create_log_json("PII", "GET", msg) logging.error("PII GET " + json.dumps(msg_json)) return jsonutils.create_auth_fail_message() # remove fileDescriptors from db_data data_list = jsonutils.remove_file_descriptor_from_data_list(data_list) out_json = mongoutils.construct_json_from_query_list(data_list[0]) msg_json = jsonutils.create_log_json("PII", "GET", data_list[0], 'pii') logging.info("PII GET " + json.dumps(msg_json)) return out_json
def get(uuid=None): data_list, is_objectid, is_error, resp = get_data_list(uuid) if is_error: return resp out_json = jsonutils.remove_null_subcategory(data_list[0]) msg_json = jsonutils.create_log_json("Profile", "GET", copy.copy(out_json)) logging.info("GET " + json.dumps(msg_json)) out_json = mongoutils.construct_json_from_query_list(out_json) return out_json
def get(token_info=None, id=None): login_id, is_login = otherutils.get_login(token_info) data_list, is_objectid, is_error, resp = otherutils.get_data_list( id, login_id, is_login, coll_contribution) # if getting data process failed, that is is_error is true, return error reponse if is_error: return resp jsonutils.convert_obejctid_from_dataset_json(data_list[0]) out_json = mongoutils.construct_json_from_query_list(data_list[0]) msg_json = jsonutils.create_log_json("Contribution", "GET", {"id": str(id)}) logging.info("Contribution GET " + json.dumps(jsonutils.remove_objectid_from_dataset(msg_json))) return out_json
def put(uuid=None): try: in_json = request.get_json() except Exception as ex: msg = { "reason": "Json format error: " + str(uuid), "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("Profile", "PUT", msg) logging.error("PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) # check if the uuid is really existing in the database non_pii_dataset = mongoutils.get_non_pii_dataset_from_field(cfg.FIELD_PROFILE_UUID, uuid) if non_pii_dataset is None: msg = { "reason": "There is no profile dataset with given uuid: " + str(uuid), "error": "Not Found: " + request.url, } msg_json = jsonutils.create_log_json("Profile", "PUT", msg) logging.error("PUT " + json.dumps(msg_json)) return rs_handlers.not_found(msg_json) # the level check in in_json should be performed level_ok, level = otherutils.check_privacy_level(in_json) if level_ok == False: msg = { "reason": "The given privacy level is not correct: " + str(level), "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("Profile", "PUT", msg) logging.error("PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) non_pii_dataset, restjson = datasetutils.update_non_pii_dataset_from_json(non_pii_dataset, in_json) currenttime = datetime.datetime.now() currenttime = currenttime.strftime("%Y/%m/%dT%H:%M:%S") non_pii_dataset.set_last_modified_date(currenttime) result, non_pii_dataset = mongoutils.update_non_pii_dataset_in_mongo_by_field( cfg.FIELD_PROFILE_UUID, uuid, non_pii_dataset) # update the json information that doesn't belong to data schema if len(restjson) > 0: result, non_pii_dataset = mongoutils.update_json_with_no_schema(cfg.FIELD_PROFILE_UUID, uuid, non_pii_dataset, restjson) if result is None: msg = { "reason": "Failed to update Profile dataset: " + str(uuid), "error": "Not Implemented: " + request.url, } msg_json = jsonutils.create_log_json("Profile", "PUT", msg) logging.error("PUT " + json.dumps(msg_json)) return rs_handlers.not_implemented(msg_json) non_pii_dataset = jsonutils.remove_file_descriptor_from_dataset(non_pii_dataset) out_json = jsonutils.remove_null_subcategory(non_pii_dataset) msg_json = jsonutils.create_log_json("Profile", "PUT", copy.copy(out_json)) logging.info("PUT " + json.dumps(msg_json)) out_json = mongoutils.construct_json_from_query_list(out_json) return out_json
def pii_put(pid=None): # Get ID Token data from global context variable. auth_resp = g.user_token_data tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token( auth_resp) try: in_json = request.get_json() # ToDo following lines are commented out for now # but it should be used if the email and phone number get updated # # if there is any phone number or email information in input json, they will be removed # # since the current policy is not updating the email or phone number # # until further decision # try: # del in_json["uin"] # except: # pass # try: # del in_json["phone"] # except: # pass except Exception as ex: msg = { "reason": "Json format error: " + str(pid), "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) # check if the pid is really existing in the database pii_dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PID, pid) if pii_dataset == None: msg = { "reason": "There is no dataset with given pii uuid: " + str(pid), "error": "Not Found: " + request.url, } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.not_found(msg_json) creation_date = pii_dataset.get_creation_date() tmp_dataset = json.loads(json.dumps(pii_dataset.__dict__)) auth_pass = check_id(auth_resp, tmp_dataset) if not (auth_pass): msg = { "reason": "The user info in id token and db are not matching.", "error": "Authorization Failed." } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return jsonutils.create_auth_fail_message() # get the current testResultsConset value to see if it is changed # if changed, update last modified date after updating pii data consent_provided = None consent_last_modified = None try: consent_provided = pii_dataset.testResultsConsent["consentProvided"] consent_last_modified = pii_dataset.testResultsConsent["dateModified"] except: pass pii_dataset = datasetutils.update_pii_dataset_from_json(pii_dataset, in_json) currenttime = otherutils.get_current_time_utc() # if consentProvided value has been changed, update the last modified date try: if consent_provided != pii_dataset.testResultsConsent['consentProvided']: pii_dataset = update_test_results_consent(pii_dataset) else: # record the exising modified date that got lost during the json update pii_dataset.testResultsConsent['dateModified'] = consent_last_modified except: pass pii_dataset.set_last_modified_date(currenttime) # remove creation date field and pid so doesn't get updated del pii_dataset.creationDate del pii_dataset.pid # update pii_dataset's non_pii_uuid non_pii_uuid_from_dataset = pii_dataset.get_uuid() try: non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID] # both non_pii_uuid and non_pii_uuid_from_dataset should be list if (type(non_pii_uuid) is not list) or (type(non_pii_uuid_from_dataset) is not list): msg = { "reason": "The uuid information is not a list.", "error": "Json format error." } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) pii_dataset.set_uuid(non_pii_uuid) # # the following lines can be used for item to item comparison and append when it is needed # for i in range(len(non_pii_uuid)): # pii_dataset = append_non_pii_uuid(non_pii_uuid[i], non_pii_uuid_from_dataset, pii_dataset) except: pass # update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing. # if tk_firstname is not None: # pii_dataset.set_firstname(tk_firstname) # if tk_lastname is not None: # pii_dataset.set_lastname(tk_lastname) # if tk_email is not None: # pii_dataset.set_email(tk_email) if tk_phone is not None: pii_dataset.set_phone(tk_phone) if tk_uin is not None: pii_dataset.set_uin(tk_uin) result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid, pii_dataset) if result is None: msg = { "reason": "Failed to update non pii uuid into pii dataset: " + str(pid), "error": "Not Implemented: " + request.url, } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.not_implemented(msg_json) # add pid and original creation date to dataset for output json try: pii_dataset["pid"] = pid pii_dataset["creationDate"] = creation_date except: pass pii_dataset = jsonutils.remove_file_descriptor_from_dataset(pii_dataset) out_json = mongoutils.construct_json_from_query_list(pii_dataset) msg_json = jsonutils.create_log_json("PII", "PUT", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii') logging.info("PII PUT " + json.dumps(msg_json)) return out_json
def core_search(uin=None, phone=None): if request.headers.get( "ROKWIRE-CORE-BB-API-KEY") != cfg.ROKWIRE_CORE_BB_API_KEY: msg = { "reason": "Unauthorized", "error": "Unauthorized: " + request.url, } msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg) logging.error("CORE PROFILE GET " + json.dumps(msg_json)) return rs_handlers.forbidden(msg_json) fields = {} if uin: fields['uin'] = uin if phone: fields['phone'] = phone if len(fields) == 0: msg = { "reason": "Must provide uin or phone", "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg) logging.error("CORE PROFILE GET " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) if fields != None: data_list = mongoutils.get_pii_result(fields) if len(data_list) > 1: msg = { "reason": "There is more than 1 pii record: " + str(fields), "error": "There is more than 1 pii record: " + request.url, } msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg) logging.error("CORE PROFILE GET " + json.dumps(msg_json)) return rs_handlers.internal_server_error(msg_json) if len(data_list) == 0: msg = {"Not Found": str(fields)} msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg) logging.info("CORE PROFILE GET " + json.dumps(msg_json)) return mongoutils.construct_json_from_query_list({}) else: msg = { "reason": "Invalid search: " + str(fields), "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg) logging.error("CORE PROFILE GET " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) data_list = jsonutils.remove_file_descriptor_from_data_list(data_list) uuid_list = data_list[0].get('uuid') return_data = {"pii": jsonutils.remove_null_fields(data_list[0])} if uuid_list != None and len(uuid_list) > 0: non_pii_data = mongoutils.get_non_pii_query_json_from_field( cfg.FIELD_PROFILE_UUID, uuid_list[0]) non_pii_data = jsonutils.remove_file_descriptor_from_dataset( non_pii_data) non_pii_data = jsonutils.remove_null_subcategory(non_pii_data) return_data["non_pii"] = jsonutils.remove_null_fields(non_pii_data) out_json = mongoutils.construct_json_from_query_list(return_data) msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", return_data) logging.info("CORE PROFILE GET " + json.dumps(msg_json)) currenttime = otherutils.get_current_time_utc() mongoutils.update_pii_core_migrate_date(fields, currenttime) return out_json
def put(token_info, id): try: in_json = request.get_json() except Exception as ex: msg = { "reason": "Json format error: " + str(id), "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("Contribution", "PUT", msg) logging.error("Contribution PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) # check if the given id exists contribution_dataset = mongoutils.get_contribution_dataset_from_objectid_no_status( coll_contribution, id) if contribution_dataset is None: msg = { "reason": "There is no contribution dataset with given id: " + str(id), "error": "Not Found: " + request.url, } msg_json = jsonutils.create_log_json("Contribution", "PUT", msg) logging.error("Contribution PUT " + json.dumps(msg_json)) return rs_handlers.not_found(msg_json) # check contribution admins contribution_admins = contribution_dataset.contributionAdmins # check if the logged in user's login is included in contribution admin list is_admin_user = otherutils.check_login_admin(token_info["login"], contribution_admins) if not is_admin_user: msg = { "reason": "Contribution admin list must contain logged in user", "error": "Not Authorized: " + request.url, } msg_json = jsonutils.create_log_json("Contribution", "POST", msg) logging.error("Contribution POST " + json.dumps(msg_json)) return rs_handlers.not_authorized(msg_json) date_created = contribution_dataset.dateCreated contribution_dataset, restjson = datasetutils.update_contribution_dataset_from_json( contribution_dataset, in_json) currenttime = datetime.datetime.now() currenttime = currenttime.strftime("%Y/%m/%dT%H:%M:%S") contribution_dataset.set_date_modified(currenttime) contribution_dataset.set_date_created(date_created) # set capability list capability_list = [] try: capability_json = in_json["capabilities"] for i in range(len(capability_json)): capability, rest_capability_json, msg = modelutils.construct_capability( capability_json[i]) if capability is None: return rs_handlers.bad_request(msg) # check if the capability id is in uuid format is_uuid = otherutils.check_if_uuid(capability.id) if not is_uuid: msg = { "reason": "Capability id is not in uuid format", "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("Contribution", "POST", msg) logging.error("Contribution POST " + json.dumps(msg_json)) return rs_handlers.bad_request(msg) capability_list.append(capability) contribution_dataset.set_capabilities(capability_list) except: pass # set talent list talent_list = [] try: talent_json = in_json["talents"] for i in range(len(talent_json)): talent, rest_talent_json, msg = modelutils.construct_talent( talent_json[i]) if talent is None: return rs_handlers.bad_request(msg) # check if the talent id is in uuid format is_uuid = otherutils.check_if_uuid(talent.id) if not is_uuid: msg = { "reason": "Talent id is not in uuid format", "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("Contribution", "POST", msg) logging.error("Contribution POST " + json.dumps(msg_json)) return rs_handlers.bad_request(msg) # check required capabilities id format if talent.requiredCapabilities is not None: required_cap_list = talent.requiredCapabilities for capability_json in required_cap_list: capability, rest_capability_json, msg = modelutils.construct_capability( capability_json) is_uuid = otherutils.check_if_uuid(capability.id) if not is_uuid: msg = { "reason": "Capability id in requiredCapabilities is not in uuid format", "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json( "Contribution", "POST", msg) logging.error("Contribution POST " + json.dumps(msg_json)) return rs_handlers.bad_request(msg) talent_list.append(talent) contribution_dataset.set_talents(talent_list) except: pass result, contribution_dataset = mongoutils.update_dataset_in_mongo_by_objectid( coll_contribution, id, contribution_dataset) if result is None: msg = { "reason": "Failed to update contribution dataset: " + str(id), "error": "Not Implemented: " + request.url, } msg_json = jsonutils.create_log_json("Contribution", "PUT", msg) logging.error("Contribution PUT " + json.dumps(msg_json)) return rs_handlers.not_implemented(msg_json) out_json = contribution_dataset msg_json = jsonutils.create_log_json("Contribution", "PUT", {"id": str(id)}) logging.info("Contribution PUT " + json.dumps(msg_json)) out_json = mongoutils.construct_json_from_query_list(out_json) return out_json