NRL-1987 Update create and update endpoints to allow for v2 access controls - override creation datetime (#1170)

Author: sandyforresternhs

api/producer/createDocumentReference/create_document_reference.py

@@ -5,6 +5,7 @@
     PERMISSION_AUDIT_DATES_FROM_PAYLOAD,
     PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL,
     TYPES_WITH_MULTIPLES,
+    AccessControls,
 )
 from nrlf.core.decorators import request_handler
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
@@ -18,7 +19,9 @@
 
 
 def _set_create_time_fields(
-    create_time: str, document_reference: DocumentReference, nrl_permissions: list[str]
+    create_time: str,
+    document_reference: DocumentReference,
+    metadata: ConnectionMetadata,
 ) -> DocumentReference:
     """
     Set the date and lastUpdated timestamps on the provided DocumentReference
@@ -27,11 +30,15 @@ def _set_create_time_fields(
         document_reference.meta = Meta()
     document_reference.meta.lastUpdated = create_time
 
-    if (
-        document_reference.date
-        and PERMISSION_AUDIT_DATES_FROM_PAYLOAD in nrl_permissions
-    ):
-        # Perserving the original date if it exists and the permission is set
+    can_override_creation_datetime = (
+        AccessControls.ALLOW_OVERRIDE_CREATION_DATETIME.value
+        in metadata.nrl_permissions_policy.access_controls
+        if metadata.nrl_permissions_policy
+        else PERMISSION_AUDIT_DATES_FROM_PAYLOAD in metadata.nrl_permissions
+    )
+
+    if document_reference.date and can_override_creation_datetime:
+        # Preserving the original date if it exists and the permission is set
         logger.log(
             LogReference.PROCREATE011,
             id=document_reference.id,
@@ -51,7 +58,7 @@ def _create_core_model(resource: DocumentReference, metadata: ConnectionMetadata
     document_reference = _set_create_time_fields(
         creation_time,
         document_reference=resource,
-        nrl_permissions=metadata.nrl_permissions,
+        metadata=metadata,
     )
 
     return DocumentPointer.from_document_reference(

api/producer/createDocumentReference/tests/test_create_document_reference.py

@@ -10,8 +10,14 @@
     _set_create_time_fields,
     handler,
 )
-from nrlf.core.constants import CLIENT_RP_DETAILS, SNOMED_SYSTEM_URL, V2Headers
+from nrlf.core.constants import (
+    CLIENT_RP_DETAILS,
+    SNOMED_SYSTEM_URL,
+    AccessControls,
+    V2Headers,
+)
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
+from nrlf.core.model import ConnectionMetadata
 from nrlf.producer.fhir.r4.model import (
     DocumentReferenceRelatesTo,
     Identifier,
@@ -1806,9 +1812,19 @@ def test_create_document_reference_with_date_overridden(
 def test__set_create_time_fields(doc_ref_name: str):
     test_time = "2024-03-24T12:34:56.789Z"
     test_doc_ref = load_document_reference(doc_ref_name)
-    test_perms = []
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": [],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
 
-    response = _set_create_time_fields(test_time, test_doc_ref, test_perms)
+    response = _set_create_time_fields(test_time, test_doc_ref, test_metadata)
 
     assert response.model_dump(exclude_none=True) == {
         **test_doc_ref.model_dump(exclude_none=True),
@@ -1827,12 +1843,22 @@ def test__set_create_time_fields(doc_ref_name: str):
         "Y05868-736253002-Valid-with-date-and-meta-lastupdated",
     ],
 )
-def test__set_create_time_fields_when_doc_has_date_and_perms(doc_ref_name: str):
+def test__set_create_time_fields_when_doc_has_date_and_v1_perms(doc_ref_name: str):
     test_time = "2024-03-24T12:34:56.789Z"
     test_doc_ref = load_document_reference(doc_ref_name)
-    test_perms = ["audit-dates-from-payload"]
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": ["audit-dates-from-payload"],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
 
-    response = _set_create_time_fields(test_time, test_doc_ref, test_perms)
+    response = _set_create_time_fields(test_time, test_doc_ref, test_metadata)
 
     assert response.model_dump(exclude_none=True) == {
         **test_doc_ref.model_dump(exclude_none=True),
@@ -1844,12 +1870,95 @@ def test__set_create_time_fields_when_doc_has_date_and_perms(doc_ref_name: str):
 
 
 @freeze_time("2024-03-25")
-def test__set_create_time_fields_when_no_date_but_perms():
+def test__set_create_time_fields_when_no_date_but_v1_perms():
     test_time = "2024-03-24T12:34:56.789Z"
     test_doc_ref = load_document_reference("Y05868-736253002-Valid")
-    test_perms = ["audit-dates-from-payload"]
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": ["audit-dates-from-payload"],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
+
+    response = _set_create_time_fields(test_time, test_doc_ref, test_metadata)
+
+    assert response.model_dump(exclude_none=True) == {
+        **test_doc_ref.model_dump(exclude_none=True),
+        "meta": {
+            "lastUpdated": test_time,
+        },
+        "date": test_time,
+    }
+
+
+@freeze_time("2024-03-25")
+@mark.parametrize(
+    "doc_ref_name",
+    [
+        "Y05868-736253002-Valid-with-date",
+        "Y05868-736253002-Valid-with-date-and-meta-lastupdated",
+    ],
+)
+def test__set_create_time_fields_v2_when_doc_has_date_and_access_control(
+    doc_ref_name: str,
+):
+    test_time = "2024-03-24T12:34:56.789Z"
+    test_doc_ref = load_document_reference(doc_ref_name)
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": [],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+            "nrl_permissions_policy": {
+                "access_controls": [
+                    AccessControls.ALLOW_OVERRIDE_CREATION_DATETIME.value
+                ]
+            },
+        }
+    )
+
+    response = _set_create_time_fields(test_time, test_doc_ref, test_metadata)
+
+    assert response.model_dump(exclude_none=True) == {
+        **test_doc_ref.model_dump(exclude_none=True),
+        "meta": {
+            "lastUpdated": test_time,
+        },
+        "date": test_doc_ref.date,
+    }
+
+
+@freeze_time("2024-03-25")
+def test__set_create_time_fields_v2_when_no_date_but_access_control():
+    test_time = "2024-03-24T12:34:56.789Z"
+    test_doc_ref = load_document_reference("Y05868-736253002-Valid")
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": [],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+            "nrl_permissions_policy": {
+                "access_controls": [
+                    AccessControls.ALLOW_OVERRIDE_CREATION_DATETIME.value
+                ]
+            },
+        }
+    )
 
-    response = _set_create_time_fields(test_time, test_doc_ref, test_perms)
+    response = _set_create_time_fields(test_time, test_doc_ref, test_metadata)
 
     assert response.model_dump(exclude_none=True) == {
         **test_doc_ref.model_dump(exclude_none=True),

api/producer/upsertDocumentReference/tests/test_upsert_document_reference.py

@@ -12,9 +12,11 @@
 from nrlf.core.constants import (
     CLIENT_RP_DETAILS,
     PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL,
+    AccessControls,
     V2Headers,
 )
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
+from nrlf.core.model import ConnectionMetadata, PermissionsPolicy
 from nrlf.producer.fhir.r4.model import (
     DocumentReferenceRelatesTo,
     Identifier,
@@ -1773,9 +1775,19 @@ def test_upsert_document_reference_with_date_overridden(
 def test__set_create_time_fields(doc_ref_name: str):
     test_time = "2024-03-24T12:34:56.789Z"
     test_doc_ref = load_document_reference(doc_ref_name)
-    test_perms = []
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": [],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
 
-    response = _set_upsert_time_fields(test_time, test_doc_ref, test_perms)
+    response = _set_upsert_time_fields(test_time, test_doc_ref, test_metadata)
 
     assert response.model_dump(exclude_none=True) == {
         **test_doc_ref.model_dump(exclude_none=True),
@@ -1794,12 +1806,90 @@ def test__set_create_time_fields(doc_ref_name: str):
         "Y05868-736253002-Valid-with-date-and-meta-lastupdated",
     ],
 )
-def test__set_create_time_fields_when_doc_has_date_and_perms(doc_ref_name: str):
+def test__set_create_time_fields_when_doc_has_date_and_v1_perms(doc_ref_name: str):
+    test_time = "2024-03-24T12:34:56.789Z"
+    test_doc_ref = load_document_reference(doc_ref_name)
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": ["audit-dates-from-payload"],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
+
+    response = _set_upsert_time_fields(test_time, test_doc_ref, test_metadata)
+
+    assert response.model_dump(exclude_none=True) == {
+        **test_doc_ref.model_dump(exclude_none=True),
+        "meta": {
+            "lastUpdated": test_time,
+        },
+        "date": test_doc_ref.date,
+    }
+
+
+@freeze_time("2024-03-25")
+def test__set_create_time_fields_when_no_date_but_v1_perms():
+    test_time = "2024-03-24T12:34:56.789Z"
+    test_doc_ref = load_document_reference("Y05868-736253002-Valid")
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": ["audit-dates-from-payload"],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
+
+    response = _set_upsert_time_fields(test_time, test_doc_ref, test_metadata)
+
+    assert response.model_dump(exclude_none=True) == {
+        **test_doc_ref.model_dump(exclude_none=True),
+        "meta": {
+            "lastUpdated": test_time,
+        },
+        "date": test_time,
+    }
+
+
+@freeze_time("2024-03-25")
+@mark.parametrize(
+    "doc_ref_name",
+    [
+        "Y05868-736253002-Valid-with-date",
+        "Y05868-736253002-Valid-with-date-and-meta-lastupdated",
+    ],
+)
+def test__set_upsert_time_fields_v2_when_doc_has_date_and_access_control(
+    doc_ref_name: str,
+):
     test_time = "2024-03-24T12:34:56.789Z"
     test_doc_ref = load_document_reference(doc_ref_name)
-    test_perms = ["audit-dates-from-payload"]
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": [],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+            "nrl_permissions_policy": {
+                "access_controls": [
+                    AccessControls.ALLOW_OVERRIDE_CREATION_DATETIME.value
+                ]
+            },
+        }
+    )
 
-    response = _set_upsert_time_fields(test_time, test_doc_ref, test_perms)
+    response = _set_upsert_time_fields(test_time, test_doc_ref, test_metadata)
 
     assert response.model_dump(exclude_none=True) == {
         **test_doc_ref.model_dump(exclude_none=True),
@@ -1811,12 +1901,25 @@ def test__set_create_time_fields_when_doc_has_date_and_perms(doc_ref_name: str):
 
 
 @freeze_time("2024-03-25")
-def test__set_create_time_fields_when_no_date_but_perms():
+def test__set_upsert_time_fields_v2_when_no_date_but_access_control():
     test_time = "2024-03-24T12:34:56.789Z"
     test_doc_ref = load_document_reference("Y05868-736253002-Valid")
-    test_perms = ["audit-dates-from-payload"]
+    test_metadata = ConnectionMetadata.model_validate(
+        {
+            "nrl.ods-code": "Y05868",
+            "nrl.permissions": [],
+            "nrl.app-id": "Y05868-TestApp",
+            "client_rp_details": {
+                "developer.app.name": "TestApp",
+                "developer.app.id": "12345",
+            },
+        }
+    )
+    test_metadata.nrl_permissions_policy = PermissionsPolicy(
+        access_controls=[AccessControls.ALLOW_OVERRIDE_CREATION_DATETIME.value]
+    )
 
-    response = _set_upsert_time_fields(test_time, test_doc_ref, test_perms)
+    response = _set_upsert_time_fields(test_time, test_doc_ref, test_metadata)
 
     assert response.model_dump(exclude_none=True) == {
         **test_doc_ref.model_dump(exclude_none=True),