analyses follow phi rules

scitran · Aug 18, 2017 · 19177b4 · 19177b4
1 parent 3654b0a
commit 19177b4
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/api/auth/containerauth.py b/api/auth/containerauth.py
@@ -122,7 +122,8 @@ def f(method, _id=None, payload=None):
                 result = exec_op(method, _id=_id, payload=payload)
 
                 if method == 'GET' and exec_op is not noop:
-                    if not handler.phi_get_access(handler.uid, parent_container) > INTEGER_PERMISSIONS['no-phi-ro']:
+                    handler.phi = _get_access(handler.uid, parent_container) > INTEGER_PERMISSIONS['no-phi-ro']
+                    if not handler.phi:
                         if handler.is_true('phi'):
                             handler.abort(403, "User not authorized to view PHI fields.")
                         result = phi_scrub(result)