|
3 | 3 | from microsetta_private_api import localization |
4 | 4 | from microsetta_private_api.api._account import \ |
5 | 5 | _validate_account_access |
6 | | -from microsetta_private_api.model.consent import ConsentSignature |
| 6 | +from microsetta_private_api.model.consent import ConsentSignature,\ |
| 7 | + HUMAN_CONSENT_AGE_GROUPS |
7 | 8 | from microsetta_private_api.repo.consent_repo import ConsentRepo |
8 | 9 | from microsetta_private_api.repo.source_repo import SourceRepo |
9 | 10 | from microsetta_private_api.repo.transaction import Transaction |
@@ -63,36 +64,53 @@ def sign_consent_doc(account_id, source_id, consent_type, body, token_info): |
63 | 64 | _validate_account_access(token_info, account_id) |
64 | 65 |
|
65 | 66 | with Transaction() as t: |
66 | | - # Sources with an age_range of "legacy" will select an age range |
67 | | - # the first time they sign a new consent document. We need to |
68 | | - # catch legacy sources as they come in and update their age. |
| 67 | + # Sources are now permitted to update their age range, but only if it |
| 68 | + # moves the source to an older age group. For this purpose, "legacy" |
| 69 | + # is treated as younger than "0-6", as they're choosing an age group |
| 70 | + # for the first time. |
69 | 71 | source_repo = SourceRepo(t) |
70 | 72 | source = source_repo.get_source(account_id, source_id) |
71 | 73 | if source is None: |
72 | 74 | return jsonify(code=404, message=SRC_NOT_FOUND_MSG), 404 |
73 | 75 |
|
74 | | - if source.source_data.age_range == "legacy": |
75 | | - update_success = source_repo.update_legacy_source_age_range( |
| 76 | + if source.source_data.age_range != body['age_range']: |
| 77 | + # Let's make sure it's a valid change. First, grab the index of |
| 78 | + # their current age range. |
| 79 | + try: |
| 80 | + cur_age_index = HUMAN_CONSENT_AGE_GROUPS.index( |
| 81 | + source.source_data.age_range |
| 82 | + ) |
| 83 | + except ValueError: |
| 84 | + # Catch any sources that have a blank, "legacy", or faulty |
| 85 | + # age_range |
| 86 | + cur_age_index = -1 |
| 87 | + |
| 88 | + # Next, make sure their new age range is valid |
| 89 | + try: |
| 90 | + new_age_index = HUMAN_CONSENT_AGE_GROUPS.index( |
| 91 | + body['age_range'] |
| 92 | + ) |
| 93 | + except ValueError: |
| 94 | + # Shouldn't reach this point, but if we do, reject it |
| 95 | + return jsonify( |
| 96 | + code=403, message="Invalid age_range update" |
| 97 | + ), 403 |
| 98 | + |
| 99 | + # Finally, make sure the new age_range isn't younger than the |
| 100 | + # current age_range. |
| 101 | + if new_age_index < cur_age_index: |
| 102 | + return jsonify( |
| 103 | + code=403, message="Invalid age_range update" |
| 104 | + ), 403 |
| 105 | + |
| 106 | + update_success = source_repo.update_source_age_range( |
76 | 107 | source_id, body['age_range'] |
77 | 108 | ) |
78 | 109 | if not update_success: |
79 | 110 | return jsonify( |
80 | 111 | code=403, message="Invalid age_range update" |
81 | 112 | ), 403 |
82 | 113 |
|
83 | | - # NB For the time being, we need to block any pre-overhaul under-18 |
84 | | - # profiles from re-consenting. For API purposes, the safest way to |
85 | | - # check whether it's a pre-overhaul or post-overhaul source is to look |
86 | | - # at the creation_time on the source. Anything pre-overhaul is |
87 | | - # prevented from signing a new consent document. |
88 | | - if source.source_data.age_range not in ["legacy", "18-plus"] and\ |
89 | | - not source_repo.check_source_post_overhaul( |
90 | | - account_id, source_id |
91 | | - ): |
92 | | - return jsonify( |
93 | | - code=403, message="Minors may not sign new consent documents" |
94 | | - ), 403 |
95 | | - |
96 | 114 | # Now back to the normal flow of signing a consent document |
97 | 115 | consent_repo = ConsentRepo(t) |
98 | 116 | sign_id = str(uuid.uuid4()) |
|
0 commit comments