diff --git a/microsetta_private_api/api/_consent.py b/microsetta_private_api/api/_consent.py index fdf7fe14c..5222dee18 100644 --- a/microsetta_private_api/api/_consent.py +++ b/microsetta_private_api/api/_consent.py @@ -75,6 +75,19 @@ def sign_consent_doc(account_id, source_id, consent_type, body, token_info): code=403, message="Invalid age_range update" ), 403 + # NB For the time being, we need to block any pre-overhaul under-18 + # profiles from re-consenting. For API purposes, the safest way to + # check whether it's a pre-overhaul or post-overhaul source is to look + # at the creation_time on the source. Anything pre-overhaul is + # prevented from signing a new consent document. + if source.source_data.age_range not in ["legacy", "18-plus"] and\ + not source_repo.check_source_post_overhaul( + account_id, source_id + ): + return jsonify( + code=403, message="Minors may not sign new consent documents" + ), 403 + # Now back to the normal flow of signing a consent document consent_repo = ConsentRepo(t) sign_id = str(uuid.uuid4()) diff --git a/microsetta_private_api/repo/source_repo.py b/microsetta_private_api/repo/source_repo.py index 8785796b3..300978b82 100644 --- a/microsetta_private_api/repo/source_repo.py +++ b/microsetta_private_api/repo/source_repo.py @@ -283,3 +283,27 @@ def get_duplicate_source_name(self, account_id, source_name): if r is None: return {'source_duplicate': False} return {'source_duplicate': True} + + def check_source_post_overhaul(self, account_id, source_id): + """Check whether source was created after the TMI overhaul deployment + + Parameters + ---------- + account_id : str, uuid + The associated account ID to check + source_id : str, uuid + The associated source ID to check + + Returns + ------- + True if the source is post-overhaul, False otherwise + """ + with self._transaction.cursor() as cur: + cur.execute( + "SELECT id " + "FROM ag.source " + "WHERE account_id = %s AND id = %s " + "AND creation_time >= '2023-08-30 09:10:00'", + (account_id, source_id) + ) + return cur.rowcount == 1 diff --git a/microsetta_private_api/repo/tests/test_source.py b/microsetta_private_api/repo/tests/test_source.py index 2196f24ef..602f720a3 100644 --- a/microsetta_private_api/repo/tests/test_source.py +++ b/microsetta_private_api/repo/tests/test_source.py @@ -105,6 +105,31 @@ def test_update_legacy_source_age_range_fail(self): ) self.assertFalse(obs) + def test_check_source_post_overhaul_true(self): + # We'll check a newly created source and confirm that it's + # treated as post-overhaul. The source created during setUp + # can safely be used as-is. + with Transaction() as t: + sr = SourceRepo(t) + obs = sr.check_source_post_overhaul(ACCOUNT_ID, HUMAN_SOURCE.id) + self.assertTrue(obs) + + def test_check_source_post_overhaul_false(self): + # Now we'll modify the creation_time column by hand and confirm it's + # treated as pre-overhaul + with Transaction() as t: + cur = t.cursor() + cur.execute( + "UPDATE ag.source " + "SET creation_time = '2023-01-01 10:00:00' " + "WHERE id = %s", + (HUMAN_SOURCE.id, ) + ) + + sr = SourceRepo(t) + obs = sr.check_source_post_overhaul(ACCOUNT_ID, HUMAN_SOURCE.id) + self.assertFalse(obs) + if __name__ == '__main__': unittest.main()