Revert "VED-73- drop obfuscation for s-flag-patient"

Valswyn-NHS · web-flow · commit 48fd9e27a2e2 · 2025-03-24T15:40:38.000Z
diff --git a/backend/.envrc.default b/backend/.envrc.default
@@ -1,3 +1,3 @@
-layout pyenv 3.10.16
+layout pyenv 3.10.12
 
-dotenv
+dotenv
diff --git a/backend/.gitignore b/backend/.gitignore
@@ -1,2 +1,2 @@
 build
-.venv
+.venv
diff --git a/backend/src/fhir_service.py b/backend/src/fhir_service.py
@@ -85,19 +85,26 @@ def get_immunization_by_id(self, imms_id: str, imms_vax_type_perms: str) -> Opti
         if not (imms_resp := self.immunization_repo.get_immunization_by_id(imms_id, imms_vax_type_perms)):
             return None
 
-        # Returns the Immunisation full resource with no obfuscation
-        resource = imms_resp.get("Resource", {})
-        imms_filtered_for_read = Filter.read(resource) if resource else {}
+        # Remove fields rom the imms resource which are not to be returned for read
+        imms_filtered_for_read = Filter.read(imms_resp.get("Resource", {}))
 
+        # Handle s-flag filtering, where applicable
+        if not (nhs_number := obtain_field_value(imms_filtered_for_read, FieldNames.patient_identifier_value)):
+            imms_filtered_for_read_and_s_flag = imms_filtered_for_read
+        else:
+            if patient := self.pds_service.get_patient_details(nhs_number):
+                imms_filtered_for_read_and_s_flag = handle_s_flag(imms_filtered_for_read, patient)
+            else:
+                raise UnhandledResponseError("unable to validate NHS number with downstream service")
 
         return {
             "Version": imms_resp.get("Version", ""),
-            "Resource": Immunization.parse_obj(imms_filtered_for_read),
+            "Resource": Immunization.parse_obj(imms_filtered_for_read_and_s_flag),
         }
 
     def get_immunization_by_id_all(self, imms_id: str, imms: dict) -> Optional[dict]:
         """
-        Get an Immunization by its ID. Return None if it is not found. If the patient doesn't have an NHS number,
+        Get an Immunization by its ID. Return None if not found. If the patient doesn't have an NHS number,
         return the Immunization without calling PDS or checking S flag.
         """
         imms["id"] = imms_id
diff --git a/backend/tests/test_fhir_service.py b/backend/tests/test_fhir_service.py
@@ -204,7 +204,23 @@ def test_get_immunization_by_id_patient_not_restricted(self):
 
         # Then
         self.assertEqual(actual_output["Resource"], expected_output)
-       
+
+    def test_get_immunization_by_id_patient_restricted(self):
+        """it should return a filtered Immunization when patient is restricted"""
+        imms_id = "restricted_id"
+        immunization_data = load_json_data("completed_covid19_immunization_event.json")
+        filtered_immunization = load_json_data("completed_covid19_immunization_event_filtered_for_s_flag_and_read.json")
+        self.imms_repo.get_immunization_by_id.return_value = {"Resource": immunization_data}
+        patient_data = {"meta": {"security": [{"code": "R"}]}}
+        self.fhir_service.pds_service.get_patient_details.return_value = patient_data
+
+        # When
+        resp_imms = self.fhir_service.get_immunization_by_id(imms_id, "COVID19:read")
+        act_res = resp_imms["Resource"]
+        filtered_immunization_res = Immunization.parse_obj(filtered_immunization)
+        # Then
+        self.assertEqual(act_res, filtered_immunization_res)
+
     def test_pre_validation_failed(self):
         """it should throw exception if Immunization is not valid"""
         imms_id = "an-id"
diff --git a/devtools/.terraform.lock.hcl b/devtools/.terraform.lock.hcl
diff --git a/e2e/poetry.lock b/e2e/poetry.lock
diff --git a/e2e/test_s_flag_immunization.py b/e2e/test_s_flag_immunization.py
@@ -23,6 +23,21 @@ def store_imms(self, imms_api: ImmunisationApi, patient_is_restricted: bool) ->
 
 class TestGetSFlagImmunization(SFlagBaseTest):
     """Test that sensitive data is filtered out for a READ if and only if the patient is s-flagged"""
+
+    def test_get_s_flagged_imms(self):
+        """Test that sensitive data is filtered out for a READ when the patient is s-flagged"""
+        for imms_api in self.imms_apis:
+            with self.subTest(imms_api):
+                imms_id = self.store_imms(imms_api, patient_is_restricted=True)
+                read_imms = imms_api.get_immunization_by_id(imms_id).json(parse_float=Decimal)
+                expected_response = generate_filtered_imms_resource(
+                    crud_operation_to_filter_for="READ",
+                    filter_for_s_flag=True,
+                    nhs_number=valid_nhs_number_with_s_flag,
+                )
+                expected_response["id"] = read_imms["id"]
+                self.assertEqual(read_imms, expected_response)
+
     def test_get_not_s_flagged_imms(self):
         """Test that sensitive data is not filtered out for a READ when the patient is not s-flagged"""
         for imms_api in self.imms_apis:

-Original file line number
+Diff line change
@@ @@ -1,3 +1,3 @@ @@
 -layout pyenv 3.10.16
 +layout pyenv 3.10.12
 -dotenv
 +dotenv