예제 #1
0
def get_data_list_pid(pid):
    is_error = False
    resp = None

    if pid != None:
        is_objectid = mongoutils.check_if_objectid(pid)

        # query using either non-pii ObjectId or uuid
        if (is_objectid):
            id = ObjectId(pid)
            db_data = mongoutils.query_pii_dataset_by_objectid(id)
        else:
            db_data = mongoutils.query_pii_dataset(cfg.FIELD_PID, pid)

        data_list = list(db_data)
        if len(data_list) > 1:
            msg = {
                "reason": "There are more than 1 pii record: " + str(pid),
                "error": "Bad Request: " + request.url,
            }
            msg_json = jsonutils.create_log_json("PII", "GET", msg)
            logging.error("PII GET " + json.dumps(msg_json))
            is_error = True
            resp = rs_handlers.bad_request(msg_json)

            return None, None, is_error, resp

        if len(data_list) == 0:
            msg = {
                "reason": "There is no pii record for the pid: " + str(pid),
                "error": "Not Found: " + request.url,
            }
            msg_json = jsonutils.create_log_json("PII", "GET", msg)
            logging.error("PII GET " + json.dumps(msg_json))
            is_error = True
            resp = rs_handlers.not_found(msg_json)

            return None, None, is_error, resp

        if len(data_list) > 0:
            return data_list, is_objectid, is_error, resp

    else:
        msg = {
            "reason": "Pii dataset does not exist: " + str(pid),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("PII", "GET", msg)
        logging.error("PII GET " + json.dumps(msg_json))
        is_error = True
        resp = rs_handlers.not_found(msg_json)

        return None, None, is_error, resp
def admin_reviewers_delete(token_info, id):
    # check if the logged in user is in the reviewers db
    is_reviewer = adminutils.check_if_superuser(token_info["login"])

    if not is_reviewer:
        msg = {
            "reason": "The logged0in user should be an administrator",
            "error": "Not Authorized: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution Admin ", "GET", msg)
        logging.error("Contribution Admin GET " + json.dumps(msg_json))
        return rs_handlers.not_authorized(msg_json)

    resp = coll_reviewer.delete_one({cfg.FIELD_OBJECTID: ObjectId(id)})
    if resp.deleted_count > 0:
        msg = {"id": str(id)}
        msg_json = jsonutils.create_log_json("Contribution Admin ", "DELETE",
                                             msg)
        logging.info("Contribution Admin DELETE " + json.dumps(msg_json))
        return rs_handlers.entry_deleted('ID', id)
    else:
        msg = {
            "reason": "There is no reviewer with given id: " + str(id),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution Admin ", "DELETE",
                                             msg)
        logging.info("Contribution Admin DELETE " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)
예제 #3
0
def delete(uuid=None):
    data_list, is_objectid, is_error, resp = get_data_list(uuid)
    if is_error:
        return resp

    if (is_objectid):
        mongoutils.db_profile.non_pii_collection.delete_one({cfg.FIELD_OBJECTID: uuid})
        msg = {"uuid": str(uuid)}
        msg_json = jsonutils.create_log_json("Profile", "DELETE", msg)
        logging.info("DELETE " + json.dumps(msg_json))
        return rs_handlers.entry_deleted('uuid', uuid)

    try:
        mongoutils.db_profile.non_pii_collection.delete_one({cfg.FIELD_PROFILE_UUID: uuid})
        msg = {"uuid": str(uuid)}
        msg_json = jsonutils.create_log_json("Profile", "DELETE", msg)
        logging.info("DELETE " + json.dumps(msg_json))
        return rs_handlers.entry_deleted('uuid', uuid)
    except:
        msg = {
            "reason": "Failed to delete. The dataset does not exist: " + str(uuid),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Profile", "DELETE", msg)
        logging.error("DELETE " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)
def talents_get(token_info=None, id=None, talent_id=None):
    talent_datasets = talents_search(token_info, id)

    # when the talent_datasets is an error response
    if isinstance(talent_datasets, wrappers.Response):
        return talent_datasets

    # otherwise it means that the talent_datasets contains the correct content.

    # search talent that is the correct id
    talent_index = 0
    talent = None

    # there shouldn't be empty list of talent_datasets
    # since it has to be filtered in talents_search() already
    for talent_dataset in talent_datasets:
        # this will make an error if there is no id field in talent dataset
        # however, this shouldn't be happen because it is required in connexion
        if talent_dataset["id"] == talent_id:
            talent = talent_dataset
            talent_index += 1

    if talent_index > 1:
        msg = {
            "reason":
            "There is more than one Capabilities with given talent id: " +
            str(talent_id),
            "error":
            "Bad Request: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Talent", "GET", msg)
        logging.error("Talent GET " + json.dumps(msg_json))
        return rs_handlers.bad_request(msg_json)
    elif talent_index == 0:
        msg = {
            "reason":
            "There is no Capability with given capability id: " +
            str(talent_id),
            "error":
            "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Capability", "GET", msg)
        logging.error("Capability GET " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)
    else:
        return talent
예제 #5
0
def pii_delete(pid=None):
    # Get ID Token data from global context variable.
    auth_resp = g.user_token_data

    data_list, is_objectid, is_error, resp = get_data_list_pid(pid)
    if is_error:
        return resp

    auth_pass = check_id(auth_resp, data_list[0])

    if not (auth_pass):
        msg = {
            "reason": "The user info in id token and db are not matching.",
            "error": "Authorization Failed."
        }
        msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
        logging.error("PII DELETE " + json.dumps(msg_json))
        return jsonutils.create_auth_fail_message()

    try:
        if (is_objectid):
            id = ObjectId(pid)
            mongoutils.db_pii.pii_collection.delete_one(
                {cfg.FIELD_OBJECTID: id})
            msg = {"pid": str(pid)}
            msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
            logging.info("PII DELETE " + json.dumps(msg_json))
            return rs_handlers.entry_deleted('ObjectID', pid)
        else:
            mongoutils.db_pii.pii_collection.delete_one({cfg.FIELD_PID: pid})
            msg = {"pid": str(pid)}
            msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
            logging.info("PII DELETE " + json.dumps(msg_json))
            return rs_handlers.entry_deleted('pid', pid)
    except:
        msg = {
            "reason": "Failed to deleted pii. not found: " + str(pid),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("PII", "DELETE", msg)
        logging.info("PII DELETE " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)
예제 #6
0
def put(uuid=None):
    try:
        in_json = request.get_json()
    except Exception as ex:
        msg = {
            "reason": "Json format error: " + str(uuid),
            "error": "Bad Request: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
        logging.error("PUT " + json.dumps(msg_json))
        return rs_handlers.bad_request(msg_json)

    # check if the uuid is really existing in the database
    non_pii_dataset = mongoutils.get_non_pii_dataset_from_field(cfg.FIELD_PROFILE_UUID, uuid)

    if non_pii_dataset is None:
        msg = {
            "reason": "There is no profile dataset with given uuid: " + str(uuid),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
        logging.error("PUT " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)

    # the level check in in_json should be performed
    level_ok, level = otherutils.check_privacy_level(in_json)
    if level_ok == False:
        msg = {
            "reason": "The given privacy level is not correct: " + str(level),
            "error": "Bad Request: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
        logging.error("PUT " + json.dumps(msg_json))
        return rs_handlers.bad_request(msg_json)

    non_pii_dataset, restjson = datasetutils.update_non_pii_dataset_from_json(non_pii_dataset, in_json)
    currenttime = datetime.datetime.now()
    currenttime = currenttime.strftime("%Y/%m/%dT%H:%M:%S")
    non_pii_dataset.set_last_modified_date(currenttime)

    result, non_pii_dataset = mongoutils.update_non_pii_dataset_in_mongo_by_field(
        cfg.FIELD_PROFILE_UUID, uuid,
        non_pii_dataset)

    # update the json information that doesn't belong to data schema
    if len(restjson) > 0:
        result, non_pii_dataset = mongoutils.update_json_with_no_schema(cfg.FIELD_PROFILE_UUID, uuid,
                                                                        non_pii_dataset, restjson)

    if result is None:
        msg = {
            "reason": "Failed to update Profile dataset: " + str(uuid),
            "error": "Not Implemented: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
        logging.error("PUT " + json.dumps(msg_json))
        return rs_handlers.not_implemented(msg_json)

    non_pii_dataset = jsonutils.remove_file_descriptor_from_dataset(non_pii_dataset)
    out_json = jsonutils.remove_null_subcategory(non_pii_dataset)
    msg_json = jsonutils.create_log_json("Profile", "PUT", copy.copy(out_json))
    logging.info("PUT " + json.dumps(msg_json))
    out_json = mongoutils.construct_json_from_query_list(out_json)

    return out_json
예제 #7
0
def pii_put(pid=None):
    # Get ID Token data from global context variable.
    auth_resp = g.user_token_data
    tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token(
        auth_resp)

    try:
        in_json = request.get_json()
        # ToDo following lines are commented out for now
        #  but it should be used if the email and phone number get updated
        # # if there is any phone number or email information in input json, they will be removed
        # # since the current policy is not updating the email or phone number
        # # until further decision
        # try:
        #     del in_json["uin"]
        # except:
        #     pass
        # try:
        #     del in_json["phone"]
        # except:
        #     pass

    except Exception as ex:
        msg = {
            "reason": "Json format error: " + str(pid),
            "error": "Bad Request: " + request.url,
        }
        msg_json = jsonutils.create_log_json("PII", "PUT", msg)
        logging.error("PII PUT " + json.dumps(msg_json))
        return rs_handlers.bad_request(msg_json)

    # check if the pid is really existing in the database
    pii_dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PID, pid)

    if pii_dataset == None:
        msg = {
            "reason": "There is no dataset with given pii uuid: " + str(pid),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("PII", "PUT", msg)
        logging.error("PII PUT " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)

    creation_date = pii_dataset.get_creation_date()
    tmp_dataset = json.loads(json.dumps(pii_dataset.__dict__))
    auth_pass = check_id(auth_resp, tmp_dataset)

    if not (auth_pass):
        msg = {
            "reason": "The user info in id token and db are not matching.",
            "error": "Authorization Failed."
        }
        msg_json = jsonutils.create_log_json("PII", "PUT", msg)
        logging.error("PII PUT " + json.dumps(msg_json))
        return jsonutils.create_auth_fail_message()

    # get the current testResultsConset value to see if it is changed
    # if changed, update last modified date after updating pii data
    consent_provided = None
    consent_last_modified = None
    try:
        consent_provided = pii_dataset.testResultsConsent["consentProvided"]
        consent_last_modified = pii_dataset.testResultsConsent["dateModified"]
    except:
        pass
    pii_dataset = datasetutils.update_pii_dataset_from_json(pii_dataset, in_json)
    currenttime = otherutils.get_current_time_utc()

    # if consentProvided value has been changed, update the last modified date
    try:
        if consent_provided != pii_dataset.testResultsConsent['consentProvided']:
            pii_dataset = update_test_results_consent(pii_dataset)
        else: # record the exising modified date that got lost during the json update
            pii_dataset.testResultsConsent['dateModified'] = consent_last_modified
    except:
        pass

    pii_dataset.set_last_modified_date(currenttime)
    # remove creation date field and pid so doesn't get updated
    del pii_dataset.creationDate
    del pii_dataset.pid

    # update pii_dataset's non_pii_uuid
    non_pii_uuid_from_dataset = pii_dataset.get_uuid()
    try:
        non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID]
        # both non_pii_uuid and non_pii_uuid_from_dataset should be list
        if (type(non_pii_uuid) is not list) or (type(non_pii_uuid_from_dataset) is not list):
            msg = {
                "reason": "The uuid information is not a list.",
                "error": "Json format error."
            }
            msg_json = jsonutils.create_log_json("PII", "PUT", msg)
            logging.error("PII PUT " + json.dumps(msg_json))
            return rs_handlers.bad_request(msg_json)

        pii_dataset.set_uuid(non_pii_uuid)
        # # the following lines can be used for item to item comparison and append when it is needed
        # for i in range(len(non_pii_uuid)):
        #     pii_dataset = append_non_pii_uuid(non_pii_uuid[i], non_pii_uuid_from_dataset, pii_dataset)
    except:
        pass

    # update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing.
    # if tk_firstname is not None:
    #     pii_dataset.set_firstname(tk_firstname)
    # if tk_lastname is not None:
    #     pii_dataset.set_lastname(tk_lastname)
    # if tk_email is not None:
    #     pii_dataset.set_email(tk_email)
    if tk_phone is not None:
        pii_dataset.set_phone(tk_phone)
    if tk_uin is not None:
        pii_dataset.set_uin(tk_uin)

    result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid,
                                                                          pii_dataset)

    if result is None:
        msg = {
            "reason": "Failed to update non pii uuid into pii dataset: " + str(pid),
            "error": "Not Implemented: " + request.url,
        }
        msg_json = jsonutils.create_log_json("PII", "PUT", msg)
        logging.error("PII PUT " + json.dumps(msg_json))
        return rs_handlers.not_implemented(msg_json)

    # add pid and original creation date to dataset for output json
    try:
        pii_dataset["pid"] = pid
        pii_dataset["creationDate"] = creation_date
    except:
        pass

    pii_dataset = jsonutils.remove_file_descriptor_from_dataset(pii_dataset)
    out_json = mongoutils.construct_json_from_query_list(pii_dataset)
    msg_json = jsonutils.create_log_json("PII", "PUT", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii')
    logging.info("PII PUT " + json.dumps(msg_json))
    return out_json
def get_data_list(name, login_id, is_login, coll_contribution):
    resp = None
    is_error = False
    is_unauthorized = False

    if name != None:
        is_objectid = mongoutils.check_if_objectid(name)

        # query using ObjectId or name
        if (is_objectid):  # when it the query is using object id
            id = ObjectId(name)
            if (is_login):
                # when user token provided
                db_data = mongoutils.query_dataset_by_objectid(
                    coll_contribution, id, login_id, is_login)
                data_list = list(db_data)
            else:
                # check when there is no user login that means apikey used
                db_data = mongoutils.query_dataset_by_objectid_no_status(
                    coll_contribution, id)
                data_list = list(db_data)
                # if there is a result, it must check the status
                # because only published one will be provide to apikey
                if len(data_list) > 0:
                    # check if the status is in the record
                    if "status" not in data_list[0]:
                        msg = {
                            "reason":
                            "Status is not in the dataset " + str(name),
                            "error": "Not Authorized: " + request.url,
                        }
                        msg_json = jsonutils.create_log_json(
                            "Contribution", "GET", msg)
                        logging.error("Contribution GET " +
                                      json.dumps(msg_json))
                        resp = rs_handlers.not_authorized(msg_json)
                        return data_list, is_objectid, True, resp
                    # if there is status in the record, check the value for status
                    status = data_list[0]["status"]
                    if status != "Published":
                        msg = {
                            "reason":
                            "Not authorized to view the contribution dataset with given id:"
                            + str(name),
                            "error":
                            "Not Authorized: " + request.url,
                        }
                        msg_json = jsonutils.create_log_json(
                            "Contribution", "GET", msg)
                        logging.error("Contribution GET " +
                                      json.dumps(msg_json))
                        resp = rs_handlers.not_authorized(msg_json)
                        return data_list, is_objectid, True, resp
            # if there are more than one result it should be something wrong
            # because there should be only one record with given objectid
            if len(data_list) > 1:
                msg = {
                    "reason":
                    "There are more than 1 contribution record: " + str(name),
                    "error":
                    "Bad Request: " + request.url,
                }
                msg_json = jsonutils.create_log_json("Contribution", "GET",
                                                     msg)
                logging.error("Contribution GET " + json.dumps(msg_json))
                is_error = True
                resp = rs_handlers.bad_request(msg_json)
        else:  # when the query is using the actual name not object id
            if (is_login):  # when using github auth
                db_data = mongoutils.query_dataset(coll_contribution,
                                                   cfg.FIELD_NAME, name,
                                                   login_id, is_login)
                data_list = list(db_data)
            else:  # when using apikey auth
                db_data = mongoutils.query_dataset_no_status(
                    coll_contribution, cfg.FIELD_NAME, name)
                tmp_data_list = list(db_data)
                data_list = []
                # check only published ones to apikey. The result can be multiple unlike object id query
                for data in tmp_data_list:
                    if "status" in data:
                        status = data["status"]
                        if status == "Published":
                            data_list.append(data)
                        else:
                            is_unauthorized = True
        # when there is no result
        if len(data_list) == 0:
            if is_unauthorized:
                msg = {
                    "reason":
                    "Not authorized to view the contribution dataset with given id:"
                    + str(name),
                    "error":
                    "Not Authorized: " + request.url,
                }
                msg_json = jsonutils.create_log_json("Contribution", "GET",
                                                     msg)
                logging.error("Contribution GET " + json.dumps(msg_json))
                is_error = True
                resp = rs_handlers.not_authorized(msg_json)
            else:
                msg = {
                    "reason": "There is no contribution record: " + str(name),
                    "error": "Not Found: " + request.url,
                }
                msg_json = jsonutils.create_log_json("Contribution", "GET",
                                                     msg)
                logging.error("Contribution GET " + json.dumps(msg_json))
                is_error = True
                resp = rs_handlers.not_found(msg_json)

        return data_list, is_objectid, is_error, resp

    else:
        msg = {
            "reason": "The contribution does not exist: " + str(name),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution", "GET", msg)
        logging.error("Contribution GET " + json.dumps(msg_json))
        resp = rs_handlers.not_found(msg_json)

    return None, None, True, resp
def talents_search(token_info=None, id=None):
    login_id, is_login = otherutils.get_login(token_info)

    contribution_dataset, status_code = mongoutils.get_contribution_dataset_from_objectid(
        coll_contribution, id, login_id, is_login)

    if status_code == '200':
        if contribution_dataset is not None:
            talent_dataset = contribution_dataset.get_talents()
            for talent in talent_dataset:
                talent[
                    "contributionAdmins"] = contribution_dataset.contributionAdmins
        else:
            msg = {
                "reason":
                "There is no contribution dataset with given id, "
                "or you don't have privilege to view this: " + str(id),
                "error":
                "Not Authorized: " + request.url,
            }
            msg_json = jsonutils.create_log_json("Talent", "SEARCH", msg)
            logging.error("Talent SEARCH " + json.dumps(msg_json))
            return rs_handlers.not_authorized(msg_json)
    else:
        if status_code == "401":
            msg = {
                "reason":
                "Not authorized to view the contribution dataset with given id: "
                + str(id),
                "error":
                "Not Authorized: " + request.url,
            }
            msg_json = jsonutils.create_log_json("Talent", "SEARCH", msg)
            logging.error("Talent SEARCH " + json.dumps(msg_json))
            return rs_handlers.not_authorized(msg_json)
        elif status_code == '404':
            msg = {
                "reason":
                "There is no contribution dataset with given id: " + str(id),
                "error":
                "Not Found: " + request.url,
            }
            msg_json = jsonutils.create_log_json("Talent", "SEARCH", msg)
            logging.error("Talent SEARCH " + json.dumps(msg_json))
            return rs_handlers.not_found(msg_json)
        else:
            msg = {
                "reason":
                "The query was not successfully performed: " + str(id),
                "error": "Bad Request: " + request.url,
            }
            msg_json = jsonutils.create_log_json("Talent", "SEARCH", msg)
            logging.error("Talent SEARCH " + json.dumps(msg_json))
            return rs_handlers.bad_request(msg_json)

    if talent_dataset is None:
        msg = {
            "reason":
            "There is no Talent with given contribution id: " + str(id),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Talent", "GET", msg)
        logging.error("Talent SEARCH " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)

    msg = {
        "search":
        "Talent data in the contribution dataset with given id : " + str(id)
    }
    msg_json = jsonutils.create_log_json("Talent", "GET", msg)
    logging.info("Talent GET " + json.dumps(msg))

    return talent_dataset
def put(token_info, id):
    try:
        in_json = request.get_json()
    except Exception as ex:
        msg = {
            "reason": "Json format error: " + str(id),
            "error": "Bad Request: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution", "PUT", msg)
        logging.error("Contribution PUT " + json.dumps(msg_json))
        return rs_handlers.bad_request(msg_json)
    # check if the given id exists
    contribution_dataset = mongoutils.get_contribution_dataset_from_objectid_no_status(
        coll_contribution, id)

    if contribution_dataset is None:
        msg = {
            "reason":
            "There is no contribution dataset with given id: " + str(id),
            "error": "Not Found: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution", "PUT", msg)
        logging.error("Contribution PUT " + json.dumps(msg_json))
        return rs_handlers.not_found(msg_json)

    # check contribution admins
    contribution_admins = contribution_dataset.contributionAdmins

    # check if the logged in user's login is included in contribution admin list
    is_admin_user = otherutils.check_login_admin(token_info["login"],
                                                 contribution_admins)
    if not is_admin_user:
        msg = {
            "reason": "Contribution admin list must contain logged in user",
            "error": "Not Authorized: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution", "POST", msg)
        logging.error("Contribution POST " + json.dumps(msg_json))
        return rs_handlers.not_authorized(msg_json)

    date_created = contribution_dataset.dateCreated
    contribution_dataset, restjson = datasetutils.update_contribution_dataset_from_json(
        contribution_dataset, in_json)
    currenttime = datetime.datetime.now()
    currenttime = currenttime.strftime("%Y/%m/%dT%H:%M:%S")
    contribution_dataset.set_date_modified(currenttime)
    contribution_dataset.set_date_created(date_created)

    # set capability list
    capability_list = []
    try:
        capability_json = in_json["capabilities"]
        for i in range(len(capability_json)):
            capability, rest_capability_json, msg = modelutils.construct_capability(
                capability_json[i])
            if capability is None:
                return rs_handlers.bad_request(msg)
            # check if the capability id is in uuid format
            is_uuid = otherutils.check_if_uuid(capability.id)
            if not is_uuid:
                msg = {
                    "reason": "Capability id is not in uuid format",
                    "error": "Bad Request: " + request.url,
                }
                msg_json = jsonutils.create_log_json("Contribution", "POST",
                                                     msg)
                logging.error("Contribution POST " + json.dumps(msg_json))
                return rs_handlers.bad_request(msg)
            capability_list.append(capability)
        contribution_dataset.set_capabilities(capability_list)
    except:
        pass

    # set talent list
    talent_list = []
    try:
        talent_json = in_json["talents"]
        for i in range(len(talent_json)):
            talent, rest_talent_json, msg = modelutils.construct_talent(
                talent_json[i])
            if talent is None:
                return rs_handlers.bad_request(msg)
            # check if the talent id is in uuid format
            is_uuid = otherutils.check_if_uuid(talent.id)
            if not is_uuid:
                msg = {
                    "reason": "Talent id is not in uuid format",
                    "error": "Bad Request: " + request.url,
                }
                msg_json = jsonutils.create_log_json("Contribution", "POST",
                                                     msg)
                logging.error("Contribution POST " + json.dumps(msg_json))
                return rs_handlers.bad_request(msg)

            # check required capabilities id format
            if talent.requiredCapabilities is not None:
                required_cap_list = talent.requiredCapabilities
                for capability_json in required_cap_list:
                    capability, rest_capability_json, msg = modelutils.construct_capability(
                        capability_json)
                    is_uuid = otherutils.check_if_uuid(capability.id)
                    if not is_uuid:
                        msg = {
                            "reason":
                            "Capability id in requiredCapabilities is not in uuid format",
                            "error": "Bad Request: " + request.url,
                        }
                        msg_json = jsonutils.create_log_json(
                            "Contribution", "POST", msg)
                        logging.error("Contribution POST " +
                                      json.dumps(msg_json))
                        return rs_handlers.bad_request(msg)

            talent_list.append(talent)
        contribution_dataset.set_talents(talent_list)
    except:
        pass

    result, contribution_dataset = mongoutils.update_dataset_in_mongo_by_objectid(
        coll_contribution, id, contribution_dataset)

    if result is None:
        msg = {
            "reason": "Failed to update contribution dataset: " + str(id),
            "error": "Not Implemented: " + request.url,
        }
        msg_json = jsonutils.create_log_json("Contribution", "PUT", msg)
        logging.error("Contribution PUT " + json.dumps(msg_json))
        return rs_handlers.not_implemented(msg_json)

    out_json = contribution_dataset
    msg_json = jsonutils.create_log_json("Contribution", "PUT",
                                         {"id": str(id)})
    logging.info("Contribution PUT " + json.dumps(msg_json))
    out_json = mongoutils.construct_json_from_query_list(out_json)

    return out_json