
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>


</head>


<body dir="ltr">


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">Hi Alfredo, </span></div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">Indeed, this is a bug. </span></div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">As a quick fix, you could add the following line just before the problematic statement:</span></div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


</div>


<pre class="lang-sql s-code-block hljs" style="margin-top:0px;margin-bottom:calc(var(--s-prose-spacing) + 0.4em);padding:12px;line-height:1.30769;font-family:var(--ff-mono);font-size:13px;width:auto;max-height:600px;overflow:auto;background-color:var(--highlight-bg);border-radius:5px;color:var(--highlight-color);text-align:left"><code style="margin:0px"><span class="hljs-keyword" style="margin: 0px; color: var(--highlight-keyword); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; line-height: normal;">$DB->run('SET</span><span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; line-height: normal;"> SESSION group_concat_max_len </span><span class="hljs-operator" style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; line-height: normal;">=</span><span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; line-height: normal;"> </span><span class="hljs-number" style="margin: 0px; color: var(--highlight-namespace); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; line-height: normal;">100000');</span></code></pre>


<div>


<div id="appendonsend"></div>


<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">


<span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;"><br>


</span></div>


<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">


<span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">I have created a github issue so we can find a better solution : </span><a href="https://github.com/aces/Loris/issues/7480" id="LPlnk"><span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">https://github.com/aces/Loris/issues/7480</span></a></div>


<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1"></div>


<br>


</div>


<div><span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">Thank you for the accurate reporting


</span><span id="🙂" style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">🙂</span><span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;"> </span></div>


<div><span style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">- Xavier <br>


</span><br>


<hr tabindex="-1" style="display:inline-block; width:98%">


<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Morales Pinzon, Alfredo <AMORALESPINZON@BWH.HARVARD.EDU><br>


<b>Sent:</b> June 14, 2021 7:19 PM<br>


<b>To:</b> Xavier Lecours Boucher, Mr <xavier.lecoursboucher@mcgill.ca><br>


<b>Cc:</b> loris-dev@bic.mni.mcgill.ca <loris-dev@bic.mni.mcgill.ca>; Sridar Narayanan, Dr. <sridar.narayanan@mcgill.ca>; Douglas Arnold, Dr. <douglas.arnold@mcgill.ca>; Guttmann, Charles,M.D. <guttmann@bwh.harvard.edu>; Istvan Akos Imre Morocz, Dr <istvan.morocz@mcgill.ca><br>


<b>Subject:</b> Re: Error insert candidates api/v0.0.3/candidates</font>


<div> </div>


</div>


<div class="" style="word-wrap:break-word; line-break:after-white-space">


<div class="" style="word-wrap:break-word; line-break:after-white-space">


<div class="" style="word-wrap:break-word; line-break:after-white-space">Hi Xavier,


<div class=""><br class="">


</div>


<div class="">Thank you for reaching out.</div>


<div class=""><br class="">


</div>


<div class="">There is a first bug int the following line:</div>


<div class=""><br class="">


</div>


<div class=""><a href="https://github.com/aces/Loris/blob/fc574c06f5f6c96483f22788ed446f9aa36a4783/php/libraries/User.class.inc#L71" class="">https://github.com/aces/Loris/blob/fc574c06f5f6c96483f22788ed446f9aa36a4783/php/libraries/User.class.inc#L71</a></div>


<div class=""><br class="">


</div>


<div class="">If a user affiliated with multiple center such that the concatenation of the names of the center has more than 1024 characters, then the response is cut to 1024 and if the center name I want to use is not in there, then I get the same error. This


 is the case for my admin user and the more than 500 affiliation centers. We saw this with Cécile on Friday.</div>


<div class=""><br class="">


</div>


<div class="">Here is the response of the API after the changes you suggested using a user that has few center affiliations, including the one I want to add a Candidate to:</div>


<div class=""><br class="">


</div>


<div class="">===</div>


<div class="">


<div class="" style="color:rgb(54,54,54); background-color:rgb(255,255,255); font-family:Menlo,Monaco,"Courier New",monospace; line-height:18px; white-space:pre">


<div class="">array(56) {</div>


<div class="">[0]=></div>


<div class="">string(8) "inf_0102"</div>


<div class="">[1]=></div>


<div class="">string(8) "inf_0103"</div>


<div class="">...</div>


<div class="">[55]=></div>


<div class="">string(8) "inf_0313"</div>


<div class="">}</div>


<div class="">string(3) "BGI"</div>


</div>


</div>


<div class="">===</div>


<div class=""><br class="">


</div>


<div class="">This is the same output when using my admin user:</div>


<div class=""><br class="">


</div>


<div class="">===</div>


<div class="">


<div class="" style="color:rgb(54,54,54); background-color:rgb(255,255,255); font-family:Menlo,Monaco,"Courier New",monospace; line-height:18px; white-space:pre">


<div class="">array(114) {</div>


<div class="">[0]=></div>


<div class="">string(9) "101-KGH-1"</div>


<div class="">[1]=></div>


<div class="">string(9) "101-LHS-1"</div>


<div class="">...</div>


<div class="">[111]=></div>


<div class="">string(9) "272-CAA-1"</div>


<div class="">[112]=></div>


<div class="">string(9) "273-DDM-1"</div>


<div class="">[113]=></div>


<div class="">string(1) "2"</div>


<div class="">}</div>


<div class="">string(3) "BGI"</div>


</div>


</div>


<div class="">===</div>


<div class=""><br class="">


</div>


<div class="">Let me know what is the next step? I’m happy to debug over Zoom if that helps.</div>


<div class=""><br class="">


</div>


<div class="">Best,</div>


<div class="">Alfredo.</div>


<div class="">


<div class=""><br class="">


<blockquote type="cite" class="">


<div class="">On Jun 14, 2021, at 11:04 AM, Xavier Lecours Boucher, Mr <<a href="mailto:xavier.lecoursboucher@mcgill.ca" class="">xavier.lecoursboucher@mcgill.ca</a>> wrote:</div>


<br class="x_Apple-interchange-newline">


<div class="">


<div class="" style="margin-top:0px; margin-bottom:0px; font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">


<span class="" style="padding:3px 10px; border-top-left-radius:5px; border-top-right-radius:5px; border-bottom-right-radius:5px; border-bottom-left-radius:5px; color:rgb(255,255,255); font-weight:bold; display:inline-block; background-color:rgb(255,0,0)">        External


 Email - Use Caution        </span></div>


<p class="" style="margin-top:0px; margin-bottom:0px; font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">


</p>


<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


Hi Alfredo,</div>


<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


<br class="">


</div>


<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


There is a discrepancy between the frontend and the API way to determine which site the user have, which site to give the new candidate and if a user is allowed to create a candidate at a given site. Looking at the frontend code, I can't see any validation


 on the site other than the content of the html dropdown.</div>


<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


<br class="">


</div>


<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


The API checks if the user has the given site.  </div>


<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


<br class="">


</div>


<div class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">


<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


Here is the API<span class="x_Apple-converted-space"> </span><a href="https://secure-web.cisco.com/1if5Eh5lps70ewShywnybjkoSptbZugNrF3KFp3Ikj31HdtP_kKvS_EXtIV8bo4sQ1XhY1mFp5CQ97Ta_5VBA3uwcObZQDvyGWwqHmVY0RTDJczBF5eOvEjZp7XGPCCyrnC4a97TlYo56eat54xNRJvdoVSn2fB149oaDE6j2hyCWmy1zrBbbWahlzbiuR4ydd0k7ZkfEvAvqWjjFfssiSvOxhGd280OG8sBE1fHVx3TqRc84NdaTQzYkM7BTv0DfNMKxpaQDEwZhM8ymX88Ctg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L185" title="https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L185" id="LPlnk555894" class="" style="margin:0px; background-color:rgb(255,255,255)">code</a>:<br class="">


<blockquote itemscope="" itemtype="https://schemas.microsoft.com/QuotedText" class="" style="border-left-width:3px; border-left-style:solid; border-color:rgb(200,200,200); padding-left:1ex; margin-left:0.8ex; color:rgb(102,102,102)">


<div class="">$usersites = $user->getSiteNames();


<div class="">if (!in_array($data['Candidate']['Site'], $usersites)) {</div>


<div class="">    return new \LORIS\Http\Response\JSON\Forbidden(</div>


<div class="">        'You are not affiliated with the candidate`s site'</div>


<div class="">    );</div>


</div>


<div class="">}<br class="">


</div>


</blockquote>


<div class="">So, for debugging, can you add the following lines at <a href="https://secure-web.cisco.com/1fNyuDjwP45YKJ02APn6ItF2MKoXIN6PCZlwgpbccCqoLUyWWzBLPJbE9XvOxBwjXow-KCKAzoVz8qwXZiF1zDuQ5f6yXeKAzrO1vsrM5j3wIBR2iM29VBUkAdxLP_5M47korX_RF2RXn6XOisI2aTB6xZnehZf6R1VVjTIBiLrLcDC5Jvcauo6T97HesnSkByNr0iYbJYpIgZlaHnGZkPWOBjVGGezJr6Jh8gsh04CJgRl6JZjW5wAwoqqecRvhHRMnKhW7tmcggfWieTL112Q/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L184" id="LPlnk928209" class="">https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L184</a> ,


 then tell me what it the response to your POST request ?</div>


<div class=""><br class="">


</div>


<blockquote itemscope="" itemtype="https://schemas.microsoft.com/QuotedText" class="" style="border-left-width:3px; border-left-style:solid; border-color:rgb(200,200,200); padding-left:1ex; margin-left:0.8ex; color:rgb(102,102,102)">


<div class="">var_dump(<span class="" style="color:rgb(102,102,102); background-color:rgb(255,255,255); display:inline!important">$user->getSiteNames(), <span class="" style="background-color:rgb(255,255,255); display:inline!important">$data['Candidate']['Site']</span></span>);</div>


<div class="">exit;</div>


</blockquote>


<div class="">Thank you</div>


<div class="">Xavier</div>


<div class=""><br class="">


</div>


<div class=""><br class="">


</div>


<div class=""><a href="https://secure-web.cisco.com/1if5Eh5lps70ewShywnybjkoSptbZugNrF3KFp3Ikj31HdtP_kKvS_EXtIV8bo4sQ1XhY1mFp5CQ97Ta_5VBA3uwcObZQDvyGWwqHmVY0RTDJczBF5eOvEjZp7XGPCCyrnC4a97TlYo56eat54xNRJvdoVSn2fB149oaDE6j2hyCWmy1zrBbbWahlzbiuR4ydd0k7ZkfEvAvqWjjFfssiSvOxhGd280OG8sBE1fHVx3TqRc84NdaTQzYkM7BTv0DfNMKxpaQDEwZhM8ymX88Ctg/https%3A%2F%2Fgithub.com%2Faces%2FLoris%2Fblob%2F23.0-release%2Fmodules%2Fapi%2Fphp%2Fendpoints%2Fcandidates.class.inc%23L185" title="https://github.com/aces/Loris/blob/23.0-release/modules/api/php/endpoints/candidates.class.inc#L185" class=""></a><br class="">


</div>


<div class=""><br class="">


</div>


</div>


<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


<br class="">


</div>


<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


<br class="">


</div>


<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">


<br class="">


</div>


<hr tabindex="-1" class="" style="display:inline-block; width:670.7156372070312px">


<div id="x_divRplyFwdMsg" dir="ltr" class=""><font face="Calibri, sans-serif" class="" style="font-size:11pt"><b class="">From:</b><span class="x_Apple-converted-space"> </span><a href="mailto:loris-dev-bounces@bic.mni.mcgill.ca" class="">loris-dev-bounces@bic.mni.mcgill.ca</a>


 <<a href="mailto:loris-dev-bounces@bic.mni.mcgill.ca" class="">loris-dev-bounces@bic.mni.mcgill.ca</a>> on behalf of Morales Pinzon, Alfredo <<a href="mailto:AMORALESPINZON@BWH.HARVARD.EDU" class="">AMORALESPINZON@BWH.HARVARD.EDU</a>><br class="">


<b class="">Sent:</b><span class="x_Apple-converted-space"> </span>June 10, 2021 6:43 PM<br class="">


<b class="">To:</b><span class="x_Apple-converted-space"> </span><a href="mailto:loris-dev@bic.mni.mcgill.ca" class="">loris-dev@bic.mni.mcgill.ca</a> <<a href="mailto:loris-dev@bic.mni.mcgill.ca" class="">loris-dev@bic.mni.mcgill.ca</a>><br class="">


<b class="">Cc:</b><span class="x_Apple-converted-space"> </span>Rozie Arnaoutelis, Ms. <<a href="mailto:rozie.arnaoutelis@mcgill.ca" class="">rozie.arnaoutelis@mcgill.ca</a>>; Sridar Narayanan, Dr. <<a href="mailto:sridar.narayanan@mcgill.ca" class="">sridar.narayanan@mcgill.ca</a>>;


 Douglas Arnold, Dr. <<a href="mailto:douglas.arnold@mcgill.ca" class="">douglas.arnold@mcgill.ca</a>>; Guttmann, Charles, M.D. <<a href="mailto:guttmann@bwh.harvard.edu" class="">guttmann@bwh.harvard.edu</a>><br class="">


<b class="">Subject:</b><span class="x_Apple-converted-space"> </span>[Loris-dev] Error insert candidates api/v0.0.3/candidates</font>


<div class=""> </div>


</div>


<div class="" style="word-wrap:break-word; line-break:after-white-space">Dear LorisDev team,


<div class=""><br class="">


</div>


<div class="" style="orphans:2; widows:2">I can create Candidates using the web interface using an admin account that is linked to all the project and all the sites in the system. However when I try to create a Candidate using the api <span class="" style="color:rgb(19,19,19); font-family:Inter,OpenSans,Helvetica,Arial,sans-serif; orphans:2; white-space:pre-wrap; widows:2; background-color:rgb(255,255,255)">api/v0.0.3/candidates


</span><span class="" style="orphans:2; widows:2; background-color:rgb(255,255,255)"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space:pre-wrap">I am getting the following error:</span></font></font></span></div>


<div class="" style="orphans:2; widows:2"><span class="" style="orphans:2; widows:2; background-color:rgb(255,255,255)"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space:pre-wrap"><br class="">


</span></font></font></span></div>


<div class="" style="orphans:2; widows:2"><span class="" style="orphans:2; widows:2; background-color:rgb(255,255,255)"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space:pre-wrap">===</span></font></font></span></div>


<div class="" style="orphans:2; widows:2">


<div class="" style="color:rgb(54,54,54); background-color:rgb(255,255,255); font-family:Menlo,Monaco,"Courier New",monospace; line-height:18px; white-space:pre">


<div class=""><span class="" style="color:rgb(44,44,44)">{</span></div>


<div class=""><span class="" style="color:rgb(9,89,132)">"error"</span><span class="" style="color:rgb(44,44,44)">:</span>


<span class="" style="color:rgb(162,86,55)">"You are not affiliated with the candidate`s site"</span></div>


<div class=""><span class="" style="color:rgb(44,44,44)">}</span></div>


</div>


</div>


<div class="" style="orphans:2; widows:2"><span class="" style="orphans:2; widows:2; background-color:rgb(255,255,255)"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space:pre-wrap">===</span></font></font></span></div>


<div class="" style="orphans:2; widows:2"><span class="" style="orphans:2; widows:2; background-color:rgb(255,255,255)"><font class=""><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="white-space:pre-wrap"><br class="">


</span></font></font></span></div>


<div class="" style="orphans:2; widows:2"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color:rgb(255,255,255)"><span class="" style="white-space:pre-wrap">I’m happy to run some queries in the database


 to figure out what’s happening. Any ideas?</span></span></font></div>


<div class="" style="orphans:2; widows:2"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color:rgb(255,255,255)"><span class="" style="white-space:pre-wrap"><br class="">


</span></span></font></div>


<div class="" style="orphans:2; widows:2"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color:rgb(255,255,255)"><span class="" style="white-space:pre-wrap">Best,</span></span></font></div>


<div class="" style="orphans:2; widows:2"><font face="Inter, OpenSans, Helvetica, Arial, sans-serif" class=""><span class="" style="background-color:rgb(255,255,255)"><span class="" style="white-space:pre-wrap">Alfredo.</span></span></font></div>


<div class="">The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine


 at<span class="x_Apple-converted-space"> </span><a href="http://www.massgeneralbrigham.org/complianceline" class="">http://www.massgeneralbrigham.org/complianceline</a><span class="x_Apple-converted-space"> </span>. If the e-mail was sent to you in error but


 does not contain patient information, please contact the sender and properly dispose of the e-mail.</div>


<br class="">


<div class="" style="margin-top:0px; margin-bottom:0px">Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send


 or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail. </div>


</div>


</div>


</div>


</blockquote>


</div>


<br class="">


</div>


</div>


</div>


<div>The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at http://www.massgeneralbrigham.org/complianceline


 . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.</div>


<br>


<p class="x_MsoNormal">Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving


 this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail. 


</p>


</div>


</div>


</body>


</html>