<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

Hi Xavier,

<div class=""><br class="">

</div>

<div class="">Thank you for reaching out.</div>

<div class=""><br class="">

</div>

<div class="">There is a first bug int the following line:</div>

<div class=""><br class="">

</div>

<div class=""><a href="https://github.com/aces/Loris/blob/fc574c06f5f6c96483f22788ed446f9aa36a4783/php/libraries/User.class.inc#L71" class="">https://github.com/aces/Loris/blob/fc574c06f5f6c96483f22788ed446f9aa36a4783/php/libraries/User.class.inc#L71</a></div>

<div class=""><br class="">

</div>

<div class="">If a user affiliated with multiple center such that the concatenation of the names of the center has more than 1024 characters, then the response is cut to 1024 and if the center name I want to use is not in there, then I get the same error. This

 is the case for my admin user and the more than 500 affiliation centers. We saw this with Cécile on Friday.</div>

<div class=""><br class="">

</div>

<div class="">Here is the response of the API after the changes you suggested using a user that has few center affiliations, including the one I want to add a Candidate to:</div>

<div class=""><br class="">

</div>

<div class="">===</div>

<div class="">

<div style="color: rgb(54, 54, 54); background-color: rgb(255, 255, 255); font-family: Menlo, Monaco, "Courier New", monospace; line-height: 18px; white-space: pre;" class="">

<div class="">array(56) {</div>

<div class="">[0]=></div>

<div class="">string(8) "inf_0102"</div>

<div class="">[1]=></div>

<div class="">string(8) "inf_0103"</div>

<div class="">...</div>

<div class="">[55]=></div>

<div class="">string(8) "inf_0313"</div>

<div class="">}</div>

<div class="">string(3) "BGI"</div>

</div>

</div>

<div class="">===</div>

<div class=""><br class="">

</div>

<div class="">This is the same output when using my admin user:</div>

<div class=""><br class="">

</div>

<div class="">===</div>

<div class="">

<div style="color: rgb(54, 54, 54); background-color: rgb(255, 255, 255); font-family: Menlo, Monaco, "Courier New", monospace; line-height: 18px; white-space: pre;" class="">

<div class="">array(114) {</div>

<div class="">[0]=></div>

<div class="">string(9) "101-KGH-1"</div>

<div class="">[1]=></div>

<div class="">string(9) "101-LHS-1"</div>

<div class="">...</div>

<div class="">[111]=></div>

<div class="">string(9) "272-CAA-1"</div>

<div class="">[112]=></div>

<div class="">string(9) "273-DDM-1"</div>

<div class="">[113]=></div>

<div class="">string(1) "2"</div>

<div class="">}</div>

<div class="">string(3) "BGI"</div>

</div>

</div>

<div class="">===</div>

<div class=""><br class="">

</div>

<div class="">Let me know what is the next step? I’m happy to debug over Zoom if that helps.</div>

<div class=""><br class="">

</div>

<div class="">Best,</div>

<div class="">Alfredo.</div>

<div class="">

<div class=""><br class="">

<blockquote type="cite" class="">

<div class="">On Jun 14, 2021, at 11:04 AM, Xavier Lecours Boucher, Mr <<a href="mailto:xavier.lecoursboucher@mcgill.ca" class="">xavier.lecoursboucher@mcgill.ca</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div style="margin-top: 0px; margin-bottom: 0px; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">

<span style="padding: 3px 10px; border-top-left-radius: 5px; border-top-right-radius: 5px; border-bottom-right-radius: 5px; border-bottom-left-radius: 5px; color: rgb(255, 255, 255); font-weight: bold; display: inline-block; background-color: rgb(255, 0, 0);" class="">        External

 Email - Use Caution        </span></div>

<p style="margin-top: 0px; margin-bottom: 0px; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">

</p>

<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

Hi Alfredo,</div>

<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

<br class="">

</div>

<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

There is a discrepancy between the frontend and the API way to determine which site the user have, which site to give the new candidate and if a user is allowed to create a candidate at a given site. Looking at the frontend code, I can't see any validation

 on the site other than the content of the html dropdown.</div>

<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

<br class="">

</div>

<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

The API checks if the user has the given site.  </div>

<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

<br class="">

</div>

<div style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

Here is the API<span class="Apple-converted-space"> </span><a href="https://secure-web.cisco.com/1if5Eh5lps70ewShywnybjkoSptbZugNrF3KFp3Ikj31HdtP_kKvS_EXtIV8bo4sQ1XhY1mFp5CQ97Ta_5VBA3uwcObZQDvyGWwqHmVY0RTDJczBF5eOvEjZp7XGPCCyrnC4a97TlYo56eat54xNRJvdoVSn2fB149oaDE6j2hyCWmy1zrBbbWahlzbiuR4ydd0k7ZkfEvAvqWjjFfssiSvOxhGd280OG8sBE1fHVx3TqRc84NdaTQzYkM7BTv0DfNMKxpaQDEwZhM8ymX88Ctg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L185" title="https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L185" id="LPlnk555894" style="margin: 0px; background-color: rgb(255, 255, 255);" class="">code</a>:<br class="">

<blockquote itemscope="" itemtype="https://schemas.microsoft.com/QuotedText" style="border-left-width: 3px; border-left-style: solid; border-color: rgb(200, 200, 200); padding-left: 1ex; margin-left: 0.8ex; color: rgb(102, 102, 102);" class="">

<div class="">$usersites = $user->getSiteNames();

<div class="">if (!in_array($data['Candidate']['Site'], $usersites)) {</div>

<div class="">    return new \LORIS\Http\Response\JSON\Forbidden(</div>

<div class="">        'You are not affiliated with the candidate`s site'</div>

<div class="">    );</div>

</div>

<div class="">}<br class="">

</div>

</blockquote>

<div class="">So, for debugging, can you add the following lines at <a href="https://secure-web.cisco.com/1fNyuDjwP45YKJ02APn6ItF2MKoXIN6PCZlwgpbccCqoLUyWWzBLPJbE9XvOxBwjXow-KCKAzoVz8qwXZiF1zDuQ5f6yXeKAzrO1vsrM5j3wIBR2iM29VBUkAdxLP_5M47korX_RF2RXn6XOisI2aTB6xZnehZf6R1VVjTIBiLrLcDC5Jvcauo6T97HesnSkByNr0iYbJYpIgZlaHnGZkPWOBjVGGezJr6Jh8gsh04CJgRl6JZjW5wAwoqqecRvhHRMnKhW7tmcggfWieTL112Q/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L184" id="LPlnk928209" class="">https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L184</a> ,

 then tell me what it the response to your POST request ?</div>

<div class=""><br class="">

</div>

<blockquote itemscope="" itemtype="https://schemas.microsoft.com/QuotedText" style="border-left-width: 3px; border-left-style: solid; border-color: rgb(200, 200, 200); padding-left: 1ex; margin-left: 0.8ex; color: rgb(102, 102, 102);" class="">

<div class="">var_dump(<span style="color: rgb(102, 102, 102); background-color: rgb(255, 255, 255); display: inline !important;" class="">$user->getSiteNames(), <span style="background-color: rgb(255, 255, 255); display: inline !important;" class="">$data['Candidate']['Site']</span></span>);</div>

<div class="">exit;</div>

</blockquote>

<div class="">Thank you</div>

<div class="">Xavier</div>

<div class=""><br class="">

</div>

<div class=""><br class="">

</div>

<div class=""><a href="https://secure-web.cisco.com/1if5Eh5lps70ewShywnybjkoSptbZugNrF3KFp3Ikj31HdtP_kKvS_EXtIV8bo4sQ1XhY1mFp5CQ97Ta_5VBA3uwcObZQDvyGWwqHmVY0RTDJczBF5eOvEjZp7XGPCCyrnC4a97TlYo56eat54xNRJvdoVSn2fB149oaDE6j2hyCWmy1zrBbbWahlzbiuR4ydd0k7ZkfEvAvqWjjFfssiSvOxhGd280OG8sBE1fHVx3TqRc84NdaTQzYkM7BTv0DfNMKxpaQDEwZhM8ymX88Ctg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L185" title="https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L185" class=""></a><br class="">

</div>

<div class=""><br class="">

</div>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

<br class="">

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

<br class="">

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">

<br class="">

</div>

<hr tabindex="-1" style="display: inline-block; width: 670.7156372070312px;" class="">

<div id="divRplyFwdMsg" dir="ltr" class=""><font face="Calibri, sans-serif" style="font-size: 11pt;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span><a href="mailto:loris-dev-bounces@bic.mni.mcgill.ca" class="">loris-dev-bounces@bic.mni.mcgill.ca</a>

 <<a href="mailto:loris-dev-bounces@bic.mni.mcgill.ca" class="">loris-dev-bounces@bic.mni.mcgill.ca</a>> on behalf of Morales Pinzon, Alfredo <<a href="mailto:AMORALESPINZON@BWH.HARVARD.EDU" class="">AMORALESPINZON@BWH.HARVARD.EDU</a>><br class="">

<b class="">Sent:</b><span class="Apple-converted-space"> </span>June 10, 2021 6:43 PM<br class="">

<b class="">To:</b><span class="Apple-converted-space"> </span><a href="mailto:loris-dev@bic.mni.mcgill.ca" class="">loris-dev@bic.mni.mcgill.ca</a> <<a href="mailto:loris-dev@bic.mni.mcgill.ca" class="">loris-dev@bic.mni.mcgill.ca</a>><br class="">

<b class="">Cc:</b><span class="Apple-converted-space"> </span>Rozie Arnaoutelis, Ms. <<a href="mailto:rozie.arnaoutelis@mcgill.ca" class="">rozie.arnaoutelis@mcgill.ca</a>>; Sridar Narayanan, Dr. <<a href="mailto:sridar.narayanan@mcgill.ca" class="">sridar.narayanan@mcgill.ca</a>>;

 Douglas Arnold, Dr. <<a href="mailto:douglas.arnold@mcgill.ca" class="">douglas.arnold@mcgill.ca</a>>; Guttmann, Charles, M.D. <<a href="mailto:guttmann@bwh.harvard.edu" class="">guttmann@bwh.harvard.edu</a>><br class="">

<b class="">Subject:</b><span class="Apple-converted-space"> </span>[Loris-dev] Error insert candidates api/v0.0.3/candidates</font>

<div class=""> </div>

</div>

<div class="" style="word-wrap: break-word; line-break: after-white-space;">Dear LorisDev team,

<div class=""><br class="">

</div>

<div class="" style="orphans: 2; widows: 2;">I can create Candidates using the web interface using an admin account that is linked to all the project and all the sites in the system. However when I try to create a Candidate using the api <span class="" style="color: rgb(19, 19, 19); font-family: Inter, OpenSans, Helvetica, Arial, sans-serif; orphans: 2; white-space: pre-wrap; widows: 2; background-color: rgb(255, 255, 255);">api/v0.0.3/candidates

</span><span class="" style="orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space: pre-wrap;">I am getting the following error:</span></font></font></span></div>

<div class="" style="orphans: 2; widows: 2;"><span class="" style="orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space: pre-wrap;"><br class="">

</span></font></font></span></div>

<div class="" style="orphans: 2; widows: 2;"><span class="" style="orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space: pre-wrap;">===</span></font></font></span></div>

<div class="" style="orphans: 2; widows: 2;">

<div class="" style="color: rgb(54, 54, 54); background-color: rgb(255, 255, 255); font-family: Menlo, Monaco, "Courier New", monospace; line-height: 18px; white-space: pre;">

<div class=""><span class="" style="color: rgb(44, 44, 44);">{</span></div>

<div class=""><span class="" style="color: rgb(9, 89, 132);">"error"</span><span class="" style="color: rgb(44, 44, 44);">:</span>

<span class="" style="color: rgb(162, 86, 55);">"You are not affiliated with the candidate`s site"</span></div>

<div class=""><span class="" style="color: rgb(44, 44, 44);">}</span></div>

</div>

</div>

<div class="" style="orphans: 2; widows: 2;"><span class="" style="orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space: pre-wrap;">===</span></font></font></span></div>

<div class="" style="orphans: 2; widows: 2;"><span class="" style="orphans: 2; widows: 2; background-color: rgb(255, 255, 255);"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space: pre-wrap;"><br class="">

</span></font></font></span></div>

<div class="" style="orphans: 2; widows: 2;"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color: rgb(255, 255, 255);"><span class="" style="white-space: pre-wrap;">I’m happy to run some queries in the

 database to figure out what’s happening. Any ideas?</span></span></font></div>

<div class="" style="orphans: 2; widows: 2;"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color: rgb(255, 255, 255);"><span class="" style="white-space: pre-wrap;"><br class="">

</span></span></font></div>

<div class="" style="orphans: 2; widows: 2;"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color: rgb(255, 255, 255);"><span class="" style="white-space: pre-wrap;">Best,</span></span></font></div>

<div class="" style="orphans: 2; widows: 2;"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color: rgb(255, 255, 255);"><span class="" style="white-space: pre-wrap;">Alfredo.</span></span></font></div>

<div class="">The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine

 at<span class="Apple-converted-space"> </span><a href="http://www.massgeneralbrigham.org/complianceline" class="">http://www.massgeneralbrigham.org/complianceline</a><span class="Apple-converted-space"> </span>. If the e-mail was sent to you in error but does

 not contain patient information, please contact the sender and properly dispose of the e-mail.</div>

<br class="">

<div style="margin-top: 0px; margin-bottom: 0px;" class="">Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send

 or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail. </div>

</div>

</div>

</div>

</blockquote>

</div>

<br class="">

</div>

</div>

<div>The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at http://www.massgeneralbrigham.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.</div><br>

<p class="MsoNormal">Please note that this e-mail is not secure

(encrypted).  If you do not wish to continue communication over

unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you

understand and accept this risk and wish to continue to communicate over

unencrypted e-mail.  </p></body>

</html>