From 932454ea923728cb729fcde03a3d09beb53cc0e2 Mon Sep 17 00:00:00 2001 From: Albin Antony Date: Fri, 27 Oct 2023 22:48:17 +0530 Subject: [PATCH] Fix #392 Safeguard measure: Create data agreement record for same individual and data agreement should not be allowed if exists --- src/v2/dataagreement_record/db.go | 12 +++++++++++ .../service_create_dataagreement_record.go | 20 +++++++++++++++--- ...e_create_paired_dataagreement_record.go.go | 21 +++++++++++++++---- 3 files changed, 46 insertions(+), 7 deletions(-) diff --git a/src/v2/dataagreement_record/db.go b/src/v2/dataagreement_record/db.go index 0066b23..805fa2f 100644 --- a/src/v2/dataagreement_record/db.go +++ b/src/v2/dataagreement_record/db.go @@ -90,6 +90,18 @@ func (darRepo *DataAgreementRecordRepository) DeleteAllRecordsForIndividual(indi return err } +// CountDataAgreementRecords counts the data agreement record containing data agreement id and individual id +func (darRepo *DataAgreementRecordRepository) CountDataAgreementRecords(dataAgreementId string, individualId string) (int64, error) { + filter := common.CombineFilters(darRepo.DefaultFilter, bson.M{"individualid": individualId, "dataagreementid": dataAgreementId}) + + count, err := Collection().CountDocuments(context.Background(), filter) + if err != nil { + return count, nil + } + + return count, nil +} + // PipelineForList creates pipeline for list data agreement records func PipelineForList(organisationId string, id string, lawfulBasis string, isId bool, isLawfulBasis bool) ([]primitive.M, error) { var pipeline []primitive.M diff --git a/src/v2/handler/service/service_create_dataagreement_record.go b/src/v2/handler/service/service_create_dataagreement_record.go index 8788d55..00cdc95 100644 --- a/src/v2/handler/service/service_create_dataagreement_record.go +++ b/src/v2/handler/service/service_create_dataagreement_record.go @@ -70,6 +70,23 @@ func ServiceCreateDataAgreementRecord(w http.ResponseWriter, r *http.Request) { dataAgreementId := common.Sanitize(mux.Vars(r)[config.DataAgreementId]) + // Repository + darRepo := daRecord.DataAgreementRecordRepository{} + darRepo.Init(organisationId) + + // Check for existing data agreement record with same data agreement id and individual id + count, err := darRepo.CountDataAgreementRecords(dataAgreementId, individualId) + if err != nil { + m := fmt.Sprintf("Failed to fetch data agreement record for data agreement: %v", dataAgreementId) + common.HandleErrorV2(w, http.StatusInternalServerError, m, err) + return + } + if count > 0 { + m := fmt.Sprintf("Data agreement record for data agreement: %v and individual id : %s exists", dataAgreementId, individualId) + common.HandleErrorV2(w, http.StatusInternalServerError, m, err) + return + } + revisionId, err := daRecord.ParseQueryParams(r, config.RevisionId, daRecord.RevisionIdIsMissingError) revisionId = common.Sanitize(revisionId) var rev revision.Revision @@ -123,9 +140,6 @@ func ServiceCreateDataAgreementRecord(w http.ResponseWriter, r *http.Request) { common.HandleErrorV2(w, http.StatusInternalServerError, m, err) return } - // Repository - darRepo := daRecord.DataAgreementRecordRepository{} - darRepo.Init(organisationId) savedDaRecord, err := darRepo.Add(newDaRecord) if err != nil { diff --git a/src/v2/handler/service/service_create_paired_dataagreement_record.go.go b/src/v2/handler/service/service_create_paired_dataagreement_record.go.go index d0abe85..e1692cc 100644 --- a/src/v2/handler/service/service_create_paired_dataagreement_record.go.go +++ b/src/v2/handler/service/service_create_paired_dataagreement_record.go.go @@ -40,6 +40,23 @@ func ServiceCreatePairedDataAgreementRecord(w http.ResponseWriter, r *http.Reque defer r.Body.Close() json.Unmarshal(b, &dataAgreementRecordReq) + // Repository + darRepo := daRecord.DataAgreementRecordRepository{} + darRepo.Init(organisationId) + + // Check for existing data agreement record with same data agreement id and individual id + count, err := darRepo.CountDataAgreementRecords(dataAgreementRecordReq.DataAgreementRecord.DataAgreementId, individualId) + if err != nil { + m := fmt.Sprintf("Failed to fetch data agreement record for data agreement: %v", dataAgreementRecordReq.DataAgreementRecord.DataAgreementId) + common.HandleErrorV2(w, http.StatusInternalServerError, m, err) + return + } + if count > 0 { + m := fmt.Sprintf("Data agreement record for data agreement: %v and individual id : %s exists", dataAgreementRecordReq.DataAgreementRecord.DataAgreementId, individualId) + common.HandleErrorV2(w, http.StatusInternalServerError, m, err) + return + } + dataAgreementRecord := dataAgreementRecordReq.DataAgreementRecord currentSignature := dataAgreementRecordReq.Signature @@ -60,10 +77,6 @@ func ServiceCreatePairedDataAgreementRecord(w http.ResponseWriter, r *http.Reque } toBeCreatedSignature.Id = primitive.NewObjectID() - // Repository - darRepo := daRecord.DataAgreementRecordRepository{} - darRepo.Init(organisationId) - dataAgreementRecord.SignatureId = toBeCreatedSignature.Id.Hex() savedDataAgreementRecord, err := darRepo.Add(dataAgreementRecord)