PHI permission Enhancements

[hkethi002]

Fixes #869

Changes Made

• New phi-access permission property blacklists phi fields (This is a frontend change)
  • phi-access is a required property for every permission POST except at group level, defaults to true
• phi flag can be used to return PHI fields on get_all calls

		phi=false/missing	phi=true/superuser invoked
phi=true	get_all	403	phi returned
phi=false/missing	get_all	phi not returned	phi not returned
phi=true	get	phi not returned	phi returned
phi=false/missing	get	phi not returned	phi returned*

* This is to support existing behavior

This PR has not applied PHI permissions to POST and PUT methods on containers

Review Checklist

• Tests were added to cover all code changes
• Documentation was added / updated
• Code and tests follow standards in CONTRIBUTING.md

[ryansanford]

Confirmed today that the scope of this PR does not include ability to configure which fields are impacted.

[kofalt]

I'll need to hop on this to make sure the SDK will work with this change.

[codecov-io]

Codecov Report

Merging #877 into master will increase coverage by <.01%.
The diff coverage is 87.12%.

@@            Coverage Diff             @@
##           master     #877      +/-   ##
==========================================
+ Coverage   90.64%   90.64%   +<.01%     
==========================================
  Files          50       50              
  Lines        6763     6854      +91     
==========================================
+ Hits         6130     6213      +83     
- Misses        633      641       +8

[kofalt]

Questions:

1. How can I tell the difference between a field that was censored, and a field set to ***?
2. Any objection to changing no-phi-ro to ro-no-phi? Seems more logical.
3. You mention that PHI is returned on a get_all call when you have > ro-no-phi access. Can you give an example?

[hkethi002]

1. We are removing ***, soon to be pushed
2. Nope
3. If your access is ro, and the phi param is set to true on a get_all, the PHI will be returned and logged.

[nagem]

What is the noop clause for? Usually we'll pass a noop when we want to see if the user had permission to do something but don't want to actually to follow through with the action yet.

[nagem]

For organizational purposes we should set the projection and view the query param in the handler logic. Then we can just pass a PHI=true/false to this method instead.

[nagem]

We'll probably want to create a more efficient way to call this with a list. Right now it will recreate the hierarchy from this container up. If this level is acquisitions, it means grabbing the same session-project-group from the db for each acquisition, even when it's the same session-project-group.

[nagem]

Why did this change order?

[hkethi002]

If I remember correctly, it had to do with some persistence of the validator when the test failed before the moved line that made it difficult to understand the underlying error.

[nagem]

I see some tests were added, mind adding a few more to get diff coverage closer to 100%? Looks like some of the missed lines involved PHI permissions, covering those lines are most important.

[nagem]

This can be removed

[ryansanford]

I need to create an instance tracking this branch for integration testing.

[ryansanford]

Was it intentional for phi-access to be a required parameter on group POST? Could we get a summary in PR description where this is to be required, and what the default is where it is not required?

2017-11-14 14:41:22      scitran.api                  base.py    54:INFO Initialized request request_id=d505f2d1-1510670482
2017-11-14 14:41:22      scitran.api                  base.py   340:WARN u'phi-access' is a required property

Failed validating u'required' in schema:
    {u'$schema': u'http://json-schema.org/draft-04/schema#',
     u'allOf': [{u'$ref': u'../definitions/permission.json#/definitions/permission'}],
     u'key_fields': [u'_id'],
     u'required': [u'_id', u'access', u'phi-access'],
     u'type': u'object'}

On instance:
    {u'_id': u'ci@flywheel.io', u'access': u'admin'} request_id=d505f2d1-1510670482
[pid: 23|app: 0|req: 28/58] 172.20.0.11 () {40 vars in 576 bytes} [Tue Nov 14 14:41:22 2017] POST /api/groups/scitran/permissions => generated 447 bytes in 14 msecs (HTTP/1.1 400) 3 headers in 121 bytes 
(2 switches on core 1)

[hkethi002]

Having the phi-access property at the group level would simplify the propagation logic and allow projects and groups to keep the same permission logic. However I am not sure if that would complicate the frontend more than its worth, so I can change it if it would make more sense to only require it at the project and collection level permissions.
Made change in #991 but group perm post no longer requires phi-access, defaults to True

[hkethi002]

Also, it may be better to track #991 as it is branched off of this PR and is ready for review.

[nagem]

Closing PR for now as requirements for this enhancement are reworked within the team.