From 7a134603a81967386525068abffd7a4f3dbd83af Mon Sep 17 00:00:00 2001 From: Cassidy Symons Date: Thu, 30 Nov 2023 15:54:27 -0800 Subject: [PATCH 1/5] Adjust date limits for sample collection info --- microsetta_private_api/api/_sample.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/microsetta_private_api/api/_sample.py b/microsetta_private_api/api/_sample.py index d83549e24..31f6cd1b1 100644 --- a/microsetta_private_api/api/_sample.py +++ b/microsetta_private_api/api/_sample.py @@ -137,9 +137,13 @@ def update_sample_association(account_id, source_id, sample_id, body, except ValueError: raise BadRequest("Invalid sample_datetime") curdate = datetime.now(sample_datetime.tzinfo) - lower_limit = curdate + relativedelta(years=-10) + lower_limit = curdate + relativedelta(years=-1) upper_limit = curdate + relativedelta(months=+1) - if sample_datetime < lower_limit or sample_datetime > upper_limit: + is_admin = token_grants_admin_access(token_info) + + # Allow admins to bypass the back-dating/forward-dating limits + if (sample_datetime < lower_limit or sample_datetime > upper_limit)\ + and not is_admin: raise BadRequest('Invalid sample date') # sample_site will not be present if its environmental. this will # default to None if the key is not present @@ -151,7 +155,6 @@ def update_sample_association(account_id, source_id, sample_id, body, body["sample_notes"] ) - is_admin = token_grants_admin_access(token_info) sample_repo.update_info(account_id, source_id, sample_info, override_locked=is_admin) From dbd0ed6b40edf1d0bc96a8888e45edb8495909fd Mon Sep 17 00:00:00 2001 From: Cassidy Symons Date: Thu, 30 Nov 2023 16:14:02 -0800 Subject: [PATCH 2/5] Tests --- microsetta_private_api/api/tests/test_api.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/microsetta_private_api/api/tests/test_api.py b/microsetta_private_api/api/tests/test_api.py index 1bfb4a8bf..cba1b6e05 100644 --- a/microsetta_private_api/api/tests/test_api.py +++ b/microsetta_private_api/api/tests/test_api.py @@ -920,7 +920,7 @@ def test_account_scrub_success(self): sample_body = {'sample_site': 'Stool', "sample_notes": "foobar", - 'sample_datetime': "2017-07-21T17:32:28Z"} + 'sample_datetime': datetime.datetime.utcnow()} put_resp = self.client.put( '%s?%s' % (sample_url, self.default_lang_querystring), @@ -2353,7 +2353,7 @@ def test_update_sample_association_locked(self): sample_url = "{0}/{1}".format(base_url, MOCK_SAMPLE_ID) body = {'sample_site': 'Stool', "sample_notes": "", - 'sample_datetime': "2017-07-21T17:32:28Z"} + 'sample_datetime': datetime.datetime.utcnow()} put_resp = self.client.put( '%s?%s' % (sample_url, self.default_lang_querystring), @@ -2376,7 +2376,7 @@ def test_update_sample_association_locked(self): # attempt to modify the locked sample as the participant body = {'sample_site': 'Saliva', "sample_notes": "", - 'sample_datetime': "2017-07-21T17:32:28Z"} + 'sample_datetime': datetime.datetime.utcnow()} put_resp = self.client.put( '%s?%s' % (sample_url, self.default_lang_querystring), From fc4ca55ab8c2779fa1fe64aa3e8e6cafd1082919 Mon Sep 17 00:00:00 2001 From: Cassidy Symons Date: Thu, 30 Nov 2023 16:24:54 -0800 Subject: [PATCH 3/5] Tests --- microsetta_private_api/api/tests/test_api.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/microsetta_private_api/api/tests/test_api.py b/microsetta_private_api/api/tests/test_api.py index cba1b6e05..29123823c 100644 --- a/microsetta_private_api/api/tests/test_api.py +++ b/microsetta_private_api/api/tests/test_api.py @@ -1016,10 +1016,10 @@ def test_account_scrub_success(self): self.assertEqual(response_obj['sample_site'], sample_body['sample_site']) - # strip the trailing "Z" which comes from the database... easier - # than loading into datetime - self.assertEqual(response_obj['sample_datetime'], - sample_body['sample_datetime'][:-1]) + self.assertEqual( + response_obj['sample_datetime'], + sample_body['sample_datetime'].strftime("%Y-%m-%d %H:%M:%S") + ) # This test specifically verifies that the scenario in Private API # issue #492 - where a user takes an external survey, deletes the source, From a7faa980998e7012230b65404f1fe9e1d1145ed4 Mon Sep 17 00:00:00 2001 From: Cassidy Symons Date: Thu, 30 Nov 2023 16:34:16 -0800 Subject: [PATCH 4/5] Tests --- microsetta_private_api/api/tests/test_api.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/microsetta_private_api/api/tests/test_api.py b/microsetta_private_api/api/tests/test_api.py index 29123823c..0b9356c0b 100644 --- a/microsetta_private_api/api/tests/test_api.py +++ b/microsetta_private_api/api/tests/test_api.py @@ -1016,8 +1016,11 @@ def test_account_scrub_success(self): self.assertEqual(response_obj['sample_site'], sample_body['sample_site']) + response_ts = datetime.strptime( + response_obj['sample_datetime'], "%Y-%m-%dT%H:%M:%S.%f" + ) self.assertEqual( - response_obj['sample_datetime'], + response_ts.strftime("%Y-%m-%d %H:%M:%S"), sample_body['sample_datetime'].strftime("%Y-%m-%d %H:%M:%S") ) From fc709c32e7aab2b84510239352b008c1463c62c1 Mon Sep 17 00:00:00 2001 From: Cassidy Symons Date: Thu, 30 Nov 2023 16:41:37 -0800 Subject: [PATCH 5/5] Tests --- microsetta_private_api/api/tests/test_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microsetta_private_api/api/tests/test_api.py b/microsetta_private_api/api/tests/test_api.py index 0b9356c0b..d4333dc88 100644 --- a/microsetta_private_api/api/tests/test_api.py +++ b/microsetta_private_api/api/tests/test_api.py @@ -1016,7 +1016,7 @@ def test_account_scrub_success(self): self.assertEqual(response_obj['sample_site'], sample_body['sample_site']) - response_ts = datetime.strptime( + response_ts = datetime.datetime.strptime( response_obj['sample_datetime'], "%Y-%m-%dT%H:%M:%S.%f" ) self.assertEqual(