bugfix provider view: analytics token provider refactor

febe02af · 0x539 · 5b6eda30 · febe02af
Commit febe02af authored 2 years ago by 0x539
--- a/src/providers/views.py
+++ b/src/providers/views.py
@@ -363,19 +363,86 @@ class GetProviderData(APIView):

            collection = lrs_db["statements"]

+            active_verbs = list(map(lambda x : x["verb"], list(AnalyticsTokenVerb.objects.filter(analytics_token_id = analytics_token).values())))
+            providers = []
+            # check for anonymized collection
+            for analytics_token_verb in AnalyticsTokenVerb.objects.filter(analytics_token_id = analytics_token):
+                if analytics_token_verb.provider not in providers:
+                    providers.append(analytics_token_verb.provider)
+
+            for provider in providers:
+            # get verbs that can be collected anonymously and their minimum count
+            # and get those, whose minimum count is reached
+                anon_verbs = []
+                try:
+                    latest_schema = ProviderSchema.objects.get(
+                        provider=provider, superseded_by__isnull=True
+                    )
+                except ObjectDoesNotExist:
+                    return JsonResponse(
+                        {
+                            "message": "No consent provider schema found.",
+                            "provider": provider.name,
+                        },
+                        safe=False,
+                        status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                    )
+
+ 
+                for verb in [verb for verblist in [group["verbs"] for group in latest_schema.groups] for verb in verblist]:
+                    if verb["id"] in active_verbs and verb.get("allowAnonymizedCollection", False):
+                        min_count = verb.get("allowAnonymizedCollectionMinCount", settings.ANONYMIZATION_DEFAULT_MINIMUM_COUNT)
+                        current_count = collection.distinct("actor.mbox", {
+                            "$and": [
+                                {"verb.id": {"$eq": verb["id"]}},
+                                {"actor.mbox": {"$exists": True}},
+                                {"actor.mbox": {"$regex": "^" + settings.ANONYMIZATION_HASH_PREFIX}}
+                            ]
+                        }).length
+                        if current_count >= min_count:
+                            anon_verbs.append(verb)
+
+            # selects for anonymized statements of which there are enough different actors
+            # or explicitly non-anonymized statements
+            anon_query = {"$or": [
+                            # current statement is anonymized and
+                            # enough anonymized statements for this verb exist
+                            {"$and": [
+                                {"actor.mbox": {"$exists": True}},
+                                {"actor.mbox": {"$regex": "^" + settings.ANONYMIZATION_HASH_PREFIX}},
+                                {"verb.id": {"$in": anon_verbs}},
+                            ]},
+                            # current statement is not anonymized
+                            {"$or": [
+                                {"actor.mbox": {"$exists": False}},
+                                {"$and": [
+                                    {"actor.mbox": {"$exists": False}},
+                                    {"actor.mbox": {"$regex": "^mailto"}},
+                                ]}
+                            ]}
+                        ]}
+
            query = (
                {
                    "$and": [
+                        {"actor.tan": {"$exists": False}},  # important! flagged statements filtered out here
                        {"_id": {"$gt": ObjectId(last_object_id)}},
-                        {"verb.id": {"$in": analytics_token.active_verbs}},
+                        {"verb.id": {"$in": active_verbs}},
+                        anon_query  # for anonymized statements
                    ]
                }
                if last_object_id
-                else {"verb.id": {"$in": analytics_token.active_verbs}}
+                else {
+                    "$and": [
+                        {"actor.tan": {"$exists": False}},
+                        {"verb.id": {"$in": active_verbs}},
+                        anon_query  # for anonymized statements
+                    ]
+                }
            )
            cursor = collection.find(query).limit(page_size)
            data = {
-                "verbs": list(set(analytics_token.active_verbs)),
+                "verbs": list(set(active_verbs)),
                "statements": list(cursor),
                "page_size": page_size,
            }
@@ -414,7 +481,7 @@ class StoreAnalyticsEngineResult(APIView):
            collection.insert_one(
                {
                    "created_at": datetime.now(),
-                    "provider_id": analytics_token.provider.id,
+                    #"provider_id": analytics_token.provider.id,
                    "name": analytics_token.name,
                    "analytics_token": token,
                    "result": request.data.get("result"),
@@ -570,9 +637,19 @@ class GetAnalyticsEngineResults(APIView):
        try:
            analytics_token = AnalyticsToken.objects.get(key=token)

-            accessible_provider_ids = [
-                token.id for token in analytics_token.can_access.all()
-            ] + [analytics_token.provider.id]
+            provider_ids = []
+            #providers from this token
+            for analytics_token_verb in AnalyticsTokenVerb.objects.filter(analytics_token_id = analytics_token):
+                if analytics_token_verb.provider.id not in provider_ids:
+                    provider_ids.append(analytics_token_verb.provider.id)
+                    
+            #providers from can_acccess tokens
+            for token in analytics_token.can_access.all():
+                for analytics_token_verb in AnalyticsTokenVerb.objects.filter(analytics_token_id = token.id):
+                    if analytics_token_verb.provider.id not in provider_ids:
+                        provider_ids.append(analytics_token_verb.provider.id)
+
+            accessible_provider_ids = provider_ids

            collection = lrs_db["results"]
            query = {"provider_id": {"$in": accessible_provider_ids}}