search

cph-cachet / carp.core-kotlin

Infrastructure-agnostic framework for distributed data collection.
https://carp.cachet.dk/core/
MIT License
21 stars 3 forks source link

Why am I getting all invitations, incl. the ones not assigned to me? #482

Closed bardram closed 2 months ago

bardram commented 2 months ago

I have made a family study with a father and a mother, and made a deployment with assignments to users like this:

image

So - Jakob is the "Mother" and Aamir is the "Father".

However, when I authenticate to CAWS as "Jakob" (jakob@bardram.net), I get the following invitations from the ParticipationService:

[
    {
        "participation": {
            "studyDeploymentId": "58ce18ff-40e3-4cd0-9fba-fc893d784891",
            "participantId": "264bf3dc-b6c8-4252-b44e-2c5e00262ce9",
            "assignedRoles": {
                "__type": "dk.cachet.carp.common.application.users.AssignedTo.Roles",
                "roleNames": [
                    "Mother"
                ]
            }
        },
        "invitation": {
            "name": "Family Study w. Participant Data",
            "applicationData": "d6d047d5-4cfd-479b-87ac-99f4b5fee172"
        },
        "assignedDevices": [
            {
                "device": {
                    "__type": "dk.cachet.carp.common.application.devices.Smartphone",
                    "roleName": "Mother's Phone",
                    "isPrimaryDevice": true
                }
            }
        ]
    },
    {
        "participation": {
            "studyDeploymentId": "58ce18ff-40e3-4cd0-9fba-fc893d784891",
            "participantId": "5b486d25-b75e-4116-9a4f-eea8105ceea0",
            "assignedRoles": {
                "__type": "dk.cachet.carp.common.application.users.AssignedTo.Roles",
                "roleNames": [
                    "Father"
                ]
            }
        },
        "invitation": {
            "name": "Family Study w. Participant Data",
            "applicationData": "d6d047d5-4cfd-479b-87ac-99f4b5fee172"
        },
        "assignedDevices": [
            {
                "device": {
                    "__type": "dk.cachet.carp.common.application.devices.Smartphone",
                    "roleName": "Father's Phone",
                    "isPrimaryDevice": true
                }
            }
        ]
    },
]

So - even though I autheticate as the "Mother" I get BOTH invitations????

This entails, that I (as a participant) could choose to be the Father, even though the researcher has assigned me the Mother role......

Whathecode commented 2 months ago

This could also be a CAWS bug. Let's have a look whether we have proper coverage of the Core part of this logic ...

Seemingly not. It should be worthwhile adding a more complex invitation test here similar to the scenario you describe.

Maybe a suitable small task for @yuanchen233 ? That way we can more easily determine whether it is CAWS or Core.

bardram commented 2 months ago

@Whathecode - I'm a bit confused. Is this a bug in Core or CAWS? Above you point to a test case, but this doesn't reveal (at least to me) if something has to be "fixed" in Core.

Whathecode commented 2 months ago

The code was sufficiently complex I couldn't quickly/easily rule it out as a core bug. It's missing test coverage to do so. I haven't looked into more detail.

So best approach is adding such a test so we have future coverage, and we'll know whether it is core or CAWS. :)

yuanchen233 commented 2 months ago

We don't have test case covering this scenario, thus can not tell if this is something need to be fixed in Core. I can look into this next.

But, the description for getActiveParticipationInvitations states 'all participations', so does this imply this result is expected?

Whathecode commented 2 months ago

But, the description for getActiveParticipationInvitations states 'all participations', so does this imply this result is expected?

It does qualify:

.... the account with the given [accountId] has been invited to.

So, it shouldn't return participations from other account IDs. ;)

yuanchen233 commented 2 months ago

I wrote a simple test case and Core implementation works as expected, this bug is caused by CAWS implementation of ParticipationRepository.getParticipationInvitations. More specifically, participations from all participantGroup should be flattened before filter by accountId, otherwise it will return all participations within a participant group which contains that accountId.

Whathecode commented 2 months ago

Thank you @yuanchen233 Feel free to create a PR for the test case. It would still be relevant for core.

Reassigned this as an "enhancement" (providing test coverage) rather than a bug.

bardram commented 2 months ago

I just tested this on the new DEV deployment and now I only get the invitations I am supposed to get.

yuanchen233 commented 2 months ago

Thank you @yuanchen233 Feel free to create a PR for the test case. It would still be relevant for core.

Sure and thanks, I wanted to see if there are other situations/test cases can benefit from a more complex participant group as well, but didn't find anything right away. If this scenario can be re-used for testing other modules, I'll add it to createTestObject.