def pii_get(pid=None):
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
data_list, is_objectid, is_error, resp = get_data_list_pid(pid)
if is_error:
return resp
auth_pass = check_id(auth_resp, data_list[0])
if not (auth_pass):
msg = {
"reason": "The user info in id token and db are not matching.",
"error": "Authorization Failed."
}
msg_json = jsonutils.create_log_json("PII", "GET", msg)
logging.error("PII GET " + json.dumps(msg_json))
return jsonutils.create_auth_fail_message()
# remove fileDescriptors from db_data
data_list = jsonutils.remove_file_descriptor_from_data_list(data_list)
out_json = mongoutils.construct_json_from_query_list(data_list[0])
msg_json = jsonutils.create_log_json("PII", "GET", data_list[0], 'pii')
logging.info("PII GET " + json.dumps(msg_json))
return out_json
def get(uuid=None):
data_list, is_objectid, is_error, resp = get_data_list(uuid)
if is_error:
return resp
out_json = jsonutils.remove_null_subcategory(data_list[0])
msg_json = jsonutils.create_log_json("Profile", "GET", copy.copy(out_json))
logging.info("GET " + json.dumps(msg_json))
out_json = mongoutils.construct_json_from_query_list(out_json)
return out_json
def get(token_info=None, id=None):
login_id, is_login = otherutils.get_login(token_info)
data_list, is_objectid, is_error, resp = otherutils.get_data_list(
id, login_id, is_login, coll_contribution)
# if getting data process failed, that is is_error is true, return error reponse
if is_error:
return resp
jsonutils.convert_obejctid_from_dataset_json(data_list[0])
out_json = mongoutils.construct_json_from_query_list(data_list[0])
msg_json = jsonutils.create_log_json("Contribution", "GET",
{"id": str(id)})
logging.info("Contribution GET " +
json.dumps(jsonutils.remove_objectid_from_dataset(msg_json)))
return out_json
def put(uuid=None):
try:
in_json = request.get_json()
except Exception as ex:
msg = {
"reason": "Json format error: " + str(uuid),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if the uuid is really existing in the database
non_pii_dataset = mongoutils.get_non_pii_dataset_from_field(cfg.FIELD_PROFILE_UUID, uuid)
if non_pii_dataset is None:
msg = {
"reason": "There is no profile dataset with given uuid: " + str(uuid),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
# the level check in in_json should be performed
level_ok, level = otherutils.check_privacy_level(in_json)
if level_ok == False:
msg = {
"reason": "The given privacy level is not correct: " + str(level),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
non_pii_dataset, restjson = datasetutils.update_non_pii_dataset_from_json(non_pii_dataset, in_json)
currenttime = datetime.datetime.now()
currenttime = currenttime.strftime("%Y/%m/%dT%H:%M:%S")
non_pii_dataset.set_last_modified_date(currenttime)
result, non_pii_dataset = mongoutils.update_non_pii_dataset_in_mongo_by_field(
cfg.FIELD_PROFILE_UUID, uuid,
non_pii_dataset)
# update the json information that doesn't belong to data schema
if len(restjson) > 0:
result, non_pii_dataset = mongoutils.update_json_with_no_schema(cfg.FIELD_PROFILE_UUID, uuid,
non_pii_dataset, restjson)
if result is None:
msg = {
"reason": "Failed to update Profile dataset: " + str(uuid),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
non_pii_dataset = jsonutils.remove_file_descriptor_from_dataset(non_pii_dataset)
out_json = jsonutils.remove_null_subcategory(non_pii_dataset)
msg_json = jsonutils.create_log_json("Profile", "PUT", copy.copy(out_json))
logging.info("PUT " + json.dumps(msg_json))
out_json = mongoutils.construct_json_from_query_list(out_json)
return out_json
def pii_put(pid=None):
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token(
auth_resp)
try:
in_json = request.get_json()
# ToDo following lines are commented out for now
# but it should be used if the email and phone number get updated
# # if there is any phone number or email information in input json, they will be removed
# # since the current policy is not updating the email or phone number
# # until further decision
# try:
# del in_json["uin"]
# except:
# pass
# try:
# del in_json["phone"]
# except:
# pass
except Exception as ex:
msg = {
"reason": "Json format error: " + str(pid),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if the pid is really existing in the database
pii_dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PID, pid)
if pii_dataset == None:
msg = {
"reason": "There is no dataset with given pii uuid: " + str(pid),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
creation_date = pii_dataset.get_creation_date()
tmp_dataset = json.loads(json.dumps(pii_dataset.__dict__))
auth_pass = check_id(auth_resp, tmp_dataset)
if not (auth_pass):
msg = {
"reason": "The user info in id token and db are not matching.",
"error": "Authorization Failed."
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return jsonutils.create_auth_fail_message()
# get the current testResultsConset value to see if it is changed
# if changed, update last modified date after updating pii data
consent_provided = None
consent_last_modified = None
try:
consent_provided = pii_dataset.testResultsConsent["consentProvided"]
consent_last_modified = pii_dataset.testResultsConsent["dateModified"]
except:
pass
pii_dataset = datasetutils.update_pii_dataset_from_json(pii_dataset, in_json)
currenttime = otherutils.get_current_time_utc()
# if consentProvided value has been changed, update the last modified date
try:
if consent_provided != pii_dataset.testResultsConsent['consentProvided']:
pii_dataset = update_test_results_consent(pii_dataset)
else: # record the exising modified date that got lost during the json update
pii_dataset.testResultsConsent['dateModified'] = consent_last_modified
except:
pass
pii_dataset.set_last_modified_date(currenttime)
# remove creation date field and pid so doesn't get updated
del pii_dataset.creationDate
del pii_dataset.pid
# update pii_dataset's non_pii_uuid
non_pii_uuid_from_dataset = pii_dataset.get_uuid()
try:
non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID]
# both non_pii_uuid and non_pii_uuid_from_dataset should be list
if (type(non_pii_uuid) is not list) or (type(non_pii_uuid_from_dataset) is not list):
msg = {
"reason": "The uuid information is not a list.",
"error": "Json format error."
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
pii_dataset.set_uuid(non_pii_uuid)
# # the following lines can be used for item to item comparison and append when it is needed
# for i in range(len(non_pii_uuid)):
# pii_dataset = append_non_pii_uuid(non_pii_uuid[i], non_pii_uuid_from_dataset, pii_dataset)
except:
pass
# update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing.
# if tk_firstname is not None:
# pii_dataset.set_firstname(tk_firstname)
# if tk_lastname is not None:
# pii_dataset.set_lastname(tk_lastname)
# if tk_email is not None:
# pii_dataset.set_email(tk_email)
if tk_phone is not None:
pii_dataset.set_phone(tk_phone)
if tk_uin is not None:
pii_dataset.set_uin(tk_uin)
result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid,
pii_dataset)
if result is None:
msg = {
"reason": "Failed to update non pii uuid into pii dataset: " + str(pid),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
# add pid and original creation date to dataset for output json
try:
pii_dataset["pid"] = pid
pii_dataset["creationDate"] = creation_date
except:
pass
pii_dataset = jsonutils.remove_file_descriptor_from_dataset(pii_dataset)
out_json = mongoutils.construct_json_from_query_list(pii_dataset)
msg_json = jsonutils.create_log_json("PII", "PUT", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii')
logging.info("PII PUT " + json.dumps(msg_json))
return out_json
def core_search(uin=None, phone=None):
if request.headers.get(
"ROKWIRE-CORE-BB-API-KEY") != cfg.ROKWIRE_CORE_BB_API_KEY:
msg = {
"reason": "Unauthorized",
"error": "Unauthorized: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.forbidden(msg_json)
fields = {}
if uin:
fields['uin'] = uin
if phone:
fields['phone'] = phone
if len(fields) == 0:
msg = {
"reason": "Must provide uin or phone",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
if fields != None:
data_list = mongoutils.get_pii_result(fields)
if len(data_list) > 1:
msg = {
"reason": "There is more than 1 pii record: " + str(fields),
"error": "There is more than 1 pii record: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.internal_server_error(msg_json)
if len(data_list) == 0:
msg = {"Not Found": str(fields)}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.info("CORE PROFILE GET " + json.dumps(msg_json))
return mongoutils.construct_json_from_query_list({})
else:
msg = {
"reason": "Invalid search: " + str(fields),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
data_list = jsonutils.remove_file_descriptor_from_data_list(data_list)
uuid_list = data_list[0].get('uuid')
return_data = {"pii": jsonutils.remove_null_fields(data_list[0])}
if uuid_list != None and len(uuid_list) > 0:
non_pii_data = mongoutils.get_non_pii_query_json_from_field(
cfg.FIELD_PROFILE_UUID, uuid_list[0])
non_pii_data = jsonutils.remove_file_descriptor_from_dataset(
non_pii_data)
non_pii_data = jsonutils.remove_null_subcategory(non_pii_data)
return_data["non_pii"] = jsonutils.remove_null_fields(non_pii_data)
out_json = mongoutils.construct_json_from_query_list(return_data)
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", return_data)
logging.info("CORE PROFILE GET " + json.dumps(msg_json))
currenttime = otherutils.get_current_time_utc()
mongoutils.update_pii_core_migrate_date(fields, currenttime)
return out_json
def put(token_info, id):
try:
in_json = request.get_json()
except Exception as ex:
msg = {
"reason": "Json format error: " + str(id),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Contribution", "PUT", msg)
logging.error("Contribution PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if the given id exists
contribution_dataset = mongoutils.get_contribution_dataset_from_objectid_no_status(
coll_contribution, id)
if contribution_dataset is None:
msg = {
"reason":
"There is no contribution dataset with given id: " + str(id),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("Contribution", "PUT", msg)
logging.error("Contribution PUT " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
# check contribution admins
contribution_admins = contribution_dataset.contributionAdmins
# check if the logged in user's login is included in contribution admin list
is_admin_user = otherutils.check_login_admin(token_info["login"],
contribution_admins)
if not is_admin_user:
msg = {
"reason": "Contribution admin list must contain logged in user",
"error": "Not Authorized: " + request.url,
}
msg_json = jsonutils.create_log_json("Contribution", "POST", msg)
logging.error("Contribution POST " + json.dumps(msg_json))
return rs_handlers.not_authorized(msg_json)
date_created = contribution_dataset.dateCreated
contribution_dataset, restjson = datasetutils.update_contribution_dataset_from_json(
contribution_dataset, in_json)
currenttime = datetime.datetime.now()
currenttime = currenttime.strftime("%Y/%m/%dT%H:%M:%S")
contribution_dataset.set_date_modified(currenttime)
contribution_dataset.set_date_created(date_created)
# set capability list
capability_list = []
try:
capability_json = in_json["capabilities"]
for i in range(len(capability_json)):
capability, rest_capability_json, msg = modelutils.construct_capability(
capability_json[i])
if capability is None:
return rs_handlers.bad_request(msg)
# check if the capability id is in uuid format
is_uuid = otherutils.check_if_uuid(capability.id)
if not is_uuid:
msg = {
"reason": "Capability id is not in uuid format",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Contribution", "POST",
msg)
logging.error("Contribution POST " + json.dumps(msg_json))
return rs_handlers.bad_request(msg)
capability_list.append(capability)
contribution_dataset.set_capabilities(capability_list)
except:
pass
# set talent list
talent_list = []
try:
talent_json = in_json["talents"]
for i in range(len(talent_json)):
talent, rest_talent_json, msg = modelutils.construct_talent(
talent_json[i])
if talent is None:
return rs_handlers.bad_request(msg)
# check if the talent id is in uuid format
is_uuid = otherutils.check_if_uuid(talent.id)
if not is_uuid:
msg = {
"reason": "Talent id is not in uuid format",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Contribution", "POST",
msg)
logging.error("Contribution POST " + json.dumps(msg_json))
return rs_handlers.bad_request(msg)
# check required capabilities id format
if talent.requiredCapabilities is not None:
required_cap_list = talent.requiredCapabilities
for capability_json in required_cap_list:
capability, rest_capability_json, msg = modelutils.construct_capability(
capability_json)
is_uuid = otherutils.check_if_uuid(capability.id)
if not is_uuid:
msg = {
"reason":
"Capability id in requiredCapabilities is not in uuid format",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json(
"Contribution", "POST", msg)
logging.error("Contribution POST " +
json.dumps(msg_json))
return rs_handlers.bad_request(msg)
talent_list.append(talent)
contribution_dataset.set_talents(talent_list)
except:
pass
result, contribution_dataset = mongoutils.update_dataset_in_mongo_by_objectid(
coll_contribution, id, contribution_dataset)
if result is None:
msg = {
"reason": "Failed to update contribution dataset: " + str(id),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("Contribution", "PUT", msg)
logging.error("Contribution PUT " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
out_json = contribution_dataset
msg_json = jsonutils.create_log_json("Contribution", "PUT",
{"id": str(id)})
logging.info("Contribution PUT " + json.dumps(msg_json))
out_json = mongoutils.construct_json_from_query_list(out_json)
return out_json
