def pii_get(pid=None): # Get ID Token data from global context variable. auth_resp = g.user_token_data data_list, is_objectid, is_error, resp = get_data_list_pid(pid) if is_error: return resp auth_pass = check_id(auth_resp, data_list[0]) if not (auth_pass): msg = { "reason": "The user info in id token and db are not matching.", "error": "Authorization Failed." } msg_json = jsonutils.create_log_json("PII", "GET", msg) logging.error("PII GET " + json.dumps(msg_json)) return jsonutils.create_auth_fail_message() # remove fileDescriptors from db_data data_list = jsonutils.remove_file_descriptor_from_data_list(data_list) out_json = mongoutils.construct_json_from_query_list(data_list[0]) msg_json = jsonutils.create_log_json("PII", "GET", data_list[0], 'pii') logging.info("PII GET " + json.dumps(msg_json)) return out_json
def pii_delete(pid=None): # Get ID Token data from global context variable. auth_resp = g.user_token_data data_list, is_objectid, is_error, resp = get_data_list_pid(pid) if is_error: return resp auth_pass = check_id(auth_resp, data_list[0]) if not (auth_pass): msg = { "reason": "The user info in id token and db are not matching.", "error": "Authorization Failed." } msg_json = jsonutils.create_log_json("PII", "DELETE", msg) logging.error("PII DELETE " + json.dumps(msg_json)) return jsonutils.create_auth_fail_message() try: if (is_objectid): id = ObjectId(pid) mongoutils.db_pii.pii_collection.delete_one( {cfg.FIELD_OBJECTID: id}) msg = {"pid": str(pid)} msg_json = jsonutils.create_log_json("PII", "DELETE", msg) logging.info("PII DELETE " + json.dumps(msg_json)) return rs_handlers.entry_deleted('ObjectID', pid) else: mongoutils.db_pii.pii_collection.delete_one({cfg.FIELD_PID: pid}) msg = {"pid": str(pid)} msg_json = jsonutils.create_log_json("PII", "DELETE", msg) logging.info("PII DELETE " + json.dumps(msg_json)) return rs_handlers.entry_deleted('pid', pid) except: msg = { "reason": "Failed to deleted pii. not found: " + str(pid), "error": "Not Found: " + request.url, } msg_json = jsonutils.create_log_json("PII", "DELETE", msg) logging.info("PII DELETE " + json.dumps(msg_json)) return rs_handlers.not_found(msg_json)
def pii_put(pid=None): # Get ID Token data from global context variable. auth_resp = g.user_token_data tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token( auth_resp) try: in_json = request.get_json() # ToDo following lines are commented out for now # but it should be used if the email and phone number get updated # # if there is any phone number or email information in input json, they will be removed # # since the current policy is not updating the email or phone number # # until further decision # try: # del in_json["uin"] # except: # pass # try: # del in_json["phone"] # except: # pass except Exception as ex: msg = { "reason": "Json format error: " + str(pid), "error": "Bad Request: " + request.url, } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) # check if the pid is really existing in the database pii_dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PID, pid) if pii_dataset == None: msg = { "reason": "There is no dataset with given pii uuid: " + str(pid), "error": "Not Found: " + request.url, } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.not_found(msg_json) creation_date = pii_dataset.get_creation_date() tmp_dataset = json.loads(json.dumps(pii_dataset.__dict__)) auth_pass = check_id(auth_resp, tmp_dataset) if not (auth_pass): msg = { "reason": "The user info in id token and db are not matching.", "error": "Authorization Failed." } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return jsonutils.create_auth_fail_message() # get the current testResultsConset value to see if it is changed # if changed, update last modified date after updating pii data consent_provided = None consent_last_modified = None try: consent_provided = pii_dataset.testResultsConsent["consentProvided"] consent_last_modified = pii_dataset.testResultsConsent["dateModified"] except: pass pii_dataset = datasetutils.update_pii_dataset_from_json(pii_dataset, in_json) currenttime = otherutils.get_current_time_utc() # if consentProvided value has been changed, update the last modified date try: if consent_provided != pii_dataset.testResultsConsent['consentProvided']: pii_dataset = update_test_results_consent(pii_dataset) else: # record the exising modified date that got lost during the json update pii_dataset.testResultsConsent['dateModified'] = consent_last_modified except: pass pii_dataset.set_last_modified_date(currenttime) # remove creation date field and pid so doesn't get updated del pii_dataset.creationDate del pii_dataset.pid # update pii_dataset's non_pii_uuid non_pii_uuid_from_dataset = pii_dataset.get_uuid() try: non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID] # both non_pii_uuid and non_pii_uuid_from_dataset should be list if (type(non_pii_uuid) is not list) or (type(non_pii_uuid_from_dataset) is not list): msg = { "reason": "The uuid information is not a list.", "error": "Json format error." } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.bad_request(msg_json) pii_dataset.set_uuid(non_pii_uuid) # # the following lines can be used for item to item comparison and append when it is needed # for i in range(len(non_pii_uuid)): # pii_dataset = append_non_pii_uuid(non_pii_uuid[i], non_pii_uuid_from_dataset, pii_dataset) except: pass # update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing. # if tk_firstname is not None: # pii_dataset.set_firstname(tk_firstname) # if tk_lastname is not None: # pii_dataset.set_lastname(tk_lastname) # if tk_email is not None: # pii_dataset.set_email(tk_email) if tk_phone is not None: pii_dataset.set_phone(tk_phone) if tk_uin is not None: pii_dataset.set_uin(tk_uin) result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid, pii_dataset) if result is None: msg = { "reason": "Failed to update non pii uuid into pii dataset: " + str(pid), "error": "Not Implemented: " + request.url, } msg_json = jsonutils.create_log_json("PII", "PUT", msg) logging.error("PII PUT " + json.dumps(msg_json)) return rs_handlers.not_implemented(msg_json) # add pid and original creation date to dataset for output json try: pii_dataset["pid"] = pid pii_dataset["creationDate"] = creation_date except: pass pii_dataset = jsonutils.remove_file_descriptor_from_dataset(pii_dataset) out_json = mongoutils.construct_json_from_query_list(pii_dataset) msg_json = jsonutils.create_log_json("PII", "PUT", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii') logging.info("PII PUT " + json.dumps(msg_json)) return out_json