[Loris-dev] Error insert candidates api/v0.0.3/candidates

Morales Pinzon, Alfredo AMORALESPINZON at BWH.HARVARD.EDU
Mon Jun 21 16:23:44 EDT 2021 

Hi Xavier,

I used the path that you provided and now I can create the Candidates.

Thank you very much.

Best,
Alfredo.

On Jun 17, 2021, at 9:21 AM, Xavier Lecours Boucher, Mr <xavier.lecoursboucher at mcgill.ca<mailto:xavier.lecoursboucher at mcgill.ca>> wrote:

        External Email - Use Caution

Hi Alfredo,

What is the content of $data['Candidate']['Site'] and $usersites ? Can you find the string of the first one in the elements of the second one?

Meanwhile, here is the fix we are likely incorporating in our new patch https://github.com/aces/Loris/pull/7486/files<https://secure-web.cisco.com/1Up4fHe8vBRYFrapfz6lKG58mNhQxqnsS4rlj6IK9pbvVaS1hNwu6ey5eaQqGWX68dFoq-6uRC37GfSM2cfMRWw6to3M2XyZ3TTIgLjkzxn4-sRhpqWtc9Cu4Uglrhh1LDW-I_om5h9vR1DuVn1brqO6-TQVyow1XWDonRlcjF7hhZsIcwhFvW8DJQe9l2bA-_MilV9hDJQMfakQzhuWbS11AY4XERzgrOLzhBdvU1LVmhLl7yJySGxm7s4dL7u-K8F85shHxPDXHZy2KJYT8kg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fpull%2F7486%2Ffiles>

@bientôt
Xavier


________________________________
From: Morales Pinzon, Alfredo <AMORALESPINZON at BWH.HARVARD.EDU<mailto:AMORALESPINZON at BWH.HARVARD.EDU>>
Sent: June 15, 2021 2:05 PM
To: Xavier Lecours Boucher, Mr <xavier.lecoursboucher at mcgill.ca<mailto:xavier.lecoursboucher at mcgill.ca>>
Cc: loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca> <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>; Sridar Narayanan, Dr. <sridar.narayanan at mcgill.ca<mailto:sridar.narayanan at mcgill.ca>>; Douglas Arnold, Dr. <douglas.arnold at mcgill.ca<mailto:douglas.arnold at mcgill.ca>>; Guttmann, Charles,M.D. <guttmann at bwh.harvard.edu<mailto:guttmann at bwh.harvard.edu>>; Istvan Akos Imre Morocz, Dr <istvan.morocz at mcgill.ca<mailto:istvan.morocz at mcgill.ca>>
Subject: Re: Error insert candidates api/v0.0.3/candidates

Hi Xavier,

Thank you for creating the issue and suggesting a fix. As a mentioned in my previous email, the issue is still present for a user that doesn’t have a lot of centers so that the list of centers is not truncated. In this case I am getting the same message "You are not affiliated with the candidate`s site”. In my previous email I sent the results of the API for this user, is the one that starts with “array(56)”.

What is you input on this case?

Best,
Alfredo.

On Jun 15, 2021, at 10:48 AM, Xavier Lecours Boucher, Mr <xavier.lecoursboucher at mcgill.ca<mailto:xavier.lecoursboucher at mcgill.ca>> wrote:

        External Email - Use Caution

Hi Alfredo,

Indeed, this is a bug.
As a quick fix, you could add the following line just before the problematic statement:


$DB->run('SET SESSION group_concat_max_len = 100000');

I have created a github issue so we can find a better solution : https://github.com/aces/Loris/issues/7480<https://secure-web.cisco.com/1wQOmIgqkiH7F3yTDPeQF-ONl3EmpIJMgfd50iZp4w25bCUCNXf9gqbwyBCJB3qZF-1KEFteDwpdhZLqPaX2yn_BQLYBrnQynKca06QGu_q7kOjJZV4to959daS2ZbV4Xavoj4d3OomO73Hnw37D_EfcnzgGosvSzRmRnMUZ-nFIL-8iUO_2iAk1WtrVo7ho4vGA-JeMmPt2YihoRD7SXpit95jyyOY9yJTSAL7nAAUc5wGgD_wyfRh5cfD0XJzOukG76nShQBozibDmS_cDuSg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fissues%2F7480>

Thank you for the accurate reporting 🙂
- Xavier

________________________________
From: Morales Pinzon, Alfredo <AMORALESPINZON at BWH.HARVARD.EDU<mailto:AMORALESPINZON at BWH.HARVARD.EDU>>
Sent: June 14, 2021 7:19 PM
To: Xavier Lecours Boucher, Mr <xavier.lecoursboucher at mcgill.ca<mailto:xavier.lecoursboucher at mcgill.ca>>
Cc: loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca> <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>; Sridar Narayanan, Dr. <sridar.narayanan at mcgill.ca<mailto:sridar.narayanan at mcgill.ca>>; Douglas Arnold, Dr. <douglas.arnold at mcgill.ca<mailto:douglas.arnold at mcgill.ca>>; Guttmann, Charles,M.D. <guttmann at bwh.harvard.edu<mailto:guttmann at bwh.harvard.edu>>; Istvan Akos Imre Morocz, Dr <istvan.morocz at mcgill.ca<mailto:istvan.morocz at mcgill.ca>>
Subject: Re: Error insert candidates api/v0.0.3/candidates

Hi Xavier,

Thank you for reaching out.

There is a first bug int the following line:

https://github.com/aces/Loris/blob/fc574c06f5f6c96483f22788ed446f9aa36a4783/php/libraries/User.class.inc#L71<https://secure-web.cisco.com/1is0gCN2r6hBd-51j4mZFeeJjBMdeq7KAF8qWNfBz_zVRYRKx0N5hT29cPQRpGT2awzDS4wUaksDBCo4nLjbN-ffNauQNwH716qcgIxE02xF4vz63_eooqwbhE2Y5aCjL17XZPB-bqwybaWidSYy5JWbgnSG9PcsUB-CqucRPZ2Tw1TJyEB12UQY6IgUNqS5H_zga_rxEGeNQUBrzOPbSumr6l4mHs3jHEIPgv6g4nTQ_29J9BZKmtKkIMwjxdHW1L7AzbnOCPZtRlKlu2LzOeA/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2Ffc574c06f5f6c96483f22788ed446f9aa36a4783%2Fphp%2Flibraries%2FUser.class.inc%23L71>

If a user affiliated with multiple center such that the concatenation of the names of the center has more than 1024 characters, then the response is cut to 1024 and if the center name I want to use is not in there, then I get the same error. This is the case for my admin user and the more than 500 affiliation centers. We saw this with Cécile on Friday.

Here is the response of the API after the changes you suggested using a user that has few center affiliations, including the one I want to add a Candidate to:

===
array(56) {
[0]=>
string(8) "inf_0102"
[1]=>
string(8) "inf_0103"
...
[55]=>
string(8) "inf_0313"
}
string(3) "BGI"
===

This is the same output when using my admin user:

===
array(114) {
[0]=>
string(9) "101-KGH-1"
[1]=>
string(9) "101-LHS-1"
...
[111]=>
string(9) "272-CAA-1"
[112]=>
string(9) "273-DDM-1"
[113]=>
string(1) "2"
}
string(3) "BGI"
===

Let me know what is the next step? I’m happy to debug over Zoom if that helps.

Best,
Alfredo.

On Jun 14, 2021, at 11:04 AM, Xavier Lecours Boucher, Mr <xavier.lecoursboucher at mcgill.ca<mailto:xavier.lecoursboucher at mcgill.ca>> wrote:

        External Email - Use Caution

Hi Alfredo,

There is a discrepancy between the frontend and the API way to determine which site the user have, which site to give the new candidate and if a user is allowed to create a candidate at a given site. Looking at the frontend code, I can't see any validation on the site other than the content of the html dropdown.

The API checks if the user has the given site.

Here is the API code<https://secure-web.cisco.com/1if5Eh5lps70ewShywnybjkoSptbZugNrF3KFp3Ikj31HdtP_kKvS_EXtIV8bo4sQ1XhY1mFp5CQ97Ta_5VBA3uwcObZQDvyGWwqHmVY0RTDJczBF5eOvEjZp7XGPCCyrnC4a97TlYo56eat54xNRJvdoVSn2fB149oaDE6j2hyCWmy1zrBbbWahlzbiuR4ydd0k7ZkfEvAvqWjjFfssiSvOxhGd280OG8sBE1fHVx3TqRc84NdaTQzYkM7BTv0DfNMKxpaQDEwZhM8ymX88Ctg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L185>:
$usersites = $user->getSiteNames();
if (!in_array($data['Candidate']['Site'], $usersites)) {
    return new \LORIS\Http\Response\JSON\Forbidden(
        'You are not affiliated with the candidate`s site'
    );
}
So, for debugging, can you add the following lines at https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L184<https://secure-web.cisco.com/1fNyuDjwP45YKJ02APn6ItF2MKoXIN6PCZlwgpbccCqoLUyWWzBLPJbE9XvOxBwjXow-KCKAzoVz8qwXZiF1zDuQ5f6yXeKAzrO1vsrM5j3wIBR2iM29VBUkAdxLP_5M47korX_RF2RXn6XOisI2aTB6xZnehZf6R1VVjTIBiLrLcDC5Jvcauo6T97HesnSkByNr0iYbJYpIgZlaHnGZkPWOBjVGGezJr6Jh8gsh04CJgRl6JZjW5wAwoqqecRvhHRMnKhW7tmcggfWieTL112Q/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L184> , then tell me what it the response to your POST request ?

var_dump($user->getSiteNames(), $data['Candidate']['Site']);
exit;
Thank you
Xavier


<https://secure-web.cisco.com/1if5Eh5lps70ewShywnybjkoSptbZugNrF3KFp3Ikj31HdtP_kKvS_EXtIV8bo4sQ1XhY1mFp5CQ97Ta_5VBA3uwcObZQDvyGWwqHmVY0RTDJczBF5eOvEjZp7XGPCCyrnC4a97TlYo56eat54xNRJvdoVSn2fB149oaDE6j2hyCWmy1zrBbbWahlzbiuR4ydd0k7ZkfEvAvqWjjFfssiSvOxhGd280OG8sBE1fHVx3TqRc84NdaTQzYkM7BTv0DfNMKxpaQDEwZhM8ymX88Ctg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L185>




________________________________
From: loris-dev-bounces at bic.mni.mcgill.ca<mailto:loris-dev-bounces at bic.mni.mcgill.ca> <loris-dev-bounces at bic.mni.mcgill.ca<mailto:loris-dev-bounces at bic.mni.mcgill.ca>> on behalf of Morales Pinzon, Alfredo <AMORALESPINZON at BWH.HARVARD.EDU<mailto:AMORALESPINZON at BWH.HARVARD.EDU>>
Sent: June 10, 2021 6:43 PM
To: loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca> <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Cc: Rozie Arnaoutelis, Ms. <rozie.arnaoutelis at mcgill.ca<mailto:rozie.arnaoutelis at mcgill.ca>>; Sridar Narayanan, Dr. <sridar.narayanan at mcgill.ca<mailto:sridar.narayanan at mcgill.ca>>; Douglas Arnold, Dr. <douglas.arnold at mcgill.ca<mailto:douglas.arnold at mcgill.ca>>; Guttmann, Charles, M.D. <guttmann at bwh.harvard.edu<mailto:guttmann at bwh.harvard.edu>>
Subject: [Loris-dev] Error insert candidates api/v0.0.3/candidates

Dear LorisDev team,

I can create Candidates using the web interface using an admin account that is linked to all the project and all the sites in the system. However when I try to create a Candidate using the api api/v0.0.3/candidates I am getting the following error:

===
{
"error": "You are not affiliated with the candidate`s site"
}
===

I’m happy to run some queries in the database to figure out what’s happening. Any ideas?

Best,
Alfredo.
The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at http://www.massgeneralbrigham.org/complianceline<http://secure-web.cisco.com/1RIVOq7LsmWlGiSIpDV1iDxaKZDL4FrGgQqzQtNFdUclqgR60trLfQ1Mrv_3Jb_-Nh4SRJc_iFLFJXdP2NJMN-0HWzFBk2MS4e6vgU15rC0uEPg1nX41lWaBkOPKqdov7TstiKnJaFkbN5V7SktHpEnB3YYGFW1gB6K2lnAdqBdfpA7Aqd2s-V5UtJpeqM2FMPp-6AX661pD9MbwDsRNm-XzJR8bNHmTV73XfqLOtbx3837t9gQYbTub-VXeXIHQbr3uLsfcOkE7rA-nTlDJnnQ/http%3A%2F%2Fwww.massgeneralbrigham.org%2Fcomplianceline> . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.

Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail.

The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at http://www.massgeneralbrigham.org/complianceline<http://secure-web.cisco.com/1Vwh3UUC6V4rpqXvU_q2VCQpZWGlmFiazKloKWLfmZwJ4rZfTMZAjadDHqpiL4hdyiZwxyJ8d8PAf6E-F1LJ0q-S_1MWdESz5IOFewIa8Q5tdt3PpW4m6WX1GpW4lJzHiBxvhPZSQx0IEXiwIIh2EkQED5DcL5a_7MbJpo9NwB_hq8PWYX9g3zzxor7IGOpaAsgBVF09dT5wNtAH2HLm4uFh26TWsaLgdpVdeMYW8I6Vp6og-Cz_zxlZga7QW03bZG7Go80C3nIJcwxvnjWOPjw/http%3A%2F%2Fwww.massgeneralbrigham.org%2Fcomplianceline> . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.

Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail.

The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at http://www.massgeneralbrigham.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.

Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail.

The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at http://www.massgeneralbrigham.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20210621/e943037f/attachment-0001.html>

More information about the Loris-dev mailing list