Andrew Vella · Andrew Vella · Andrew Vella · Andrew Vella · Andrew Vella · Andrew Vella
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [1.5.0] - 2023-04-21
+
+### Added
+
+- Photo API 'soft_delete' action to /photo-identifiers endpoint.
+- Photo API /photo-identifiers filter by is_highest_primary_identifier.
+- Photo API /photo-identifiers bulk update endpoint.
+
 ## [1.4.0] - 2023-04-05

 ### Added

--- a/identitylib/api_client_mixin.py
+++ b/identitylib/api_client_mixin.py
@@ -48,7 +48,7 @@ class ClientCredentialsConfigurationMixin:
        ):
            return self._access_token

-        LOG.info("Refreshing API Gateway access token")
+        LOG.debug("Refreshing API Gateway access token")

        auth = requests.auth.HTTPBasicAuth(self.client_key, self.client_secret)
        data = {"grant_type": "client_credentials"}

--- a/setup.py
+++ b/setup.py
@@ -8,7 +8,7 @@ PACKAGE_DESCRIPTION = (
    "A module containing helpers and shared code related to identity systems within UIS, "
    "University of Cambridge."
 )
-PACKAGE_VERSION = "1.4.0"
+PACKAGE_VERSION = "1.5.0"
 PACKAGE_URL = "https://gitlab.developers.cam.ac.uk/uis/devops/iam/identity-lib"



--- a/specs/photo.sha
+++ b/specs/photo.sha
-91fb24228035f226bdc50a9f3cb10166abec9a29
\ No newline at end of file
+e4c29bebf4b593b42f97b2e06ea7d5ae16c7f031
\ No newline at end of file
--- a/specs/photo.yaml
+++ b/specs/photo.yaml
@@ -10,6 +10,18 @@ components:
        - v1alpha1
        - v1beta1
      type: object
+    ActionEnum:
+      description: |-
+        * `set_retention` - Retention
+        * `restore` - Restore
+        * `soft_delete` - Soft Delete
+        * `hard_delete` - Hard Delete
+      enum:
+        - set_retention
+        - restore
+        - soft_delete
+        - hard_delete
+      type: string
    BadRequest:
      properties:
        detail:
@@ -64,23 +76,6 @@ components:
            $ref: '#/components/schemas/V1Beta1Photo'
          type: array
      type: object
-    PatchedV1Beta1PhotoIdentifierSummaryRequest:
-      properties:
-        scheme:
-          allOf:
-            - $ref: '#/components/schemas/SchemeEnum'
-          description: |-
-            The identifier's scheme
-
-            * `v1.person.identifiers.cam.ac.uk` - CRSID of the person identified by this Photo
-            * `person.v1.student-records.university.identifiers.cam.ac.uk` - CamSIS Identifier of the person identified by this Photo
-            * `person.v1.human-resources.university.identifiers.cam.ac.uk` - CHRIS Identifier of the person identified by this Photo
-            * `photo.v1.legacy-card.university.identifiers.cam.ac.uk` - Legacy Card DB Photo Identifier
-        value:
-          description: The identifier's value
-          minLength: 1
-          type: string
-      type: object
    Permissions:
      properties:
        permissions:
@@ -101,6 +96,10 @@ components:
          type: string
        isDeleted:
          type: boolean
+        isHighestPrimaryIdentifier:
+          description: Photo identifier is highest primary identifier
+          title: Primary
+          type: boolean
        photos:
          description: Photos identified by this identifier
          items:
@@ -135,6 +134,26 @@ components:
        - scheme
        - value
      type: object
+    PhotoIdentifierBulkUpdateRequestRequest:
+      properties:
+        updates:
+          items:
+            $ref: '#/components/schemas/PhotoIdentifierBulkUpdateUpdateRequest'
+          type: array
+      required:
+        - updates
+      type: object
+    PhotoIdentifierBulkUpdateUpdateRequest:
+      description: Request to update a single photo identifier as part of a bulk update.
+      properties:
+        action:
+          $ref: '#/components/schemas/ActionEnum'
+        id:
+          type: string
+      required:
+        - action
+        - id
+      type: object
    SchemeEnum:
      description: |-
        * `v1.person.identifiers.cam.ac.uk` - CRSID of the person identified by this Photo
@@ -301,6 +320,26 @@ components:
        - scheme
        - value
      type: object
+    V1Beta1PhotoIdentifierSummaryRequest:
+      properties:
+        scheme:
+          allOf:
+            - $ref: '#/components/schemas/SchemeEnum'
+          description: |-
+            The identifier's scheme
+
+            * `v1.person.identifiers.cam.ac.uk` - CRSID of the person identified by this Photo
+            * `person.v1.student-records.university.identifiers.cam.ac.uk` - CamSIS Identifier of the person identified by this Photo
+            * `person.v1.human-resources.university.identifiers.cam.ac.uk` - CHRIS Identifier of the person identified by this Photo
+            * `photo.v1.legacy-card.university.identifiers.cam.ac.uk` - Legacy Card DB Photo Identifier
+        value:
+          description: The identifier's value
+          minLength: 1
+          type: string
+      required:
+        - scheme
+        - value
+      type: object
  securitySchemes:
    apiGatewayAuthorizationCodeSecurityScheme:
      description: API Gateway authorization code security scheme
@@ -1223,6 +1262,11 @@ paths:
          name: identifier
          schema:
            type: string
+        - description: Filter is_highest_primary_identifier
+          in: query
+          name: is_highest_primary_identifier
+          schema:
+            type: boolean
        - description: Number of results to return per page.
          in: query
          name: pageSize
@@ -1312,6 +1356,98 @@ paths:
      summary: List photo identifiers
      tags:
        - Photo Identifiers
+  /v1beta1/photo-identifiers/update:
+    put:
+      description: |2+
+
+        ## Bulk update the photo identifier
+
+        This method allows a client to submit a list of photo identifiers and corresponding action to apply to the photo identifier. The allowed actions are `set_retention`, `restore`, `soft_delete` and `hard_delete`.
+
+        ### Permissions
+
+        Principals with the `CARD_ADMIN` permission will be able to affect this endpoint.
+
+      operationId: v1beta1_photo_identifiers_update_update
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PhotoIdentifierBulkUpdateRequestRequest'
+          application/x-www-form-urlencoded:
+            schema:
+              $ref: '#/components/schemas/PhotoIdentifierBulkUpdateRequestRequest'
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/PhotoIdentifierBulkUpdateRequestRequest'
+        required: true
+      responses:
+        "200":
+          description: No response body
+        "400":
+          content:
+            application/json:
+              examples:
+                InvalidRequest:
+                  description: A response indicating that the request could not be processed because it is invalid or malformed
+                  summary: Invalid Request
+                  value:
+                    detail: Malformed request.
+              schema:
+                $ref: '#/components/schemas/BadRequest'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              examples:
+                Unauthorized:
+                  description: A response indicating that the request could not be processed because the requester is not authorized to make the request.
+                  value:
+                    detail: Unauthorized request.
+              schema:
+                $ref: '#/components/schemas/Unauthorized'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              examples:
+                Forbidden:
+                  description: A response indicating that the request could not be processed because the requester does not have the permissions required to make the request.
+                  value:
+                    detail: Forbidden
+              schema:
+                $ref: '#/components/schemas/Forbidden'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                NotFound:
+                  description: A response indicating that the entity could not be found.
+                  summary: Not Found
+                  value:
+                    detail: Not found.
+              schema:
+                $ref: '#/components/schemas/NotFound'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              examples:
+                ServerError:
+                  description: A response indicating that the request could not be processed because of an internal server error.
+                  summary: Server Error
+                  value:
+                    detail: Server error.
+              schema:
+                $ref: '#/components/schemas/InternalServerError'
+          description: Internal Server Error
+      security:
+        - apiGatewayAuthorizationCodeSecurityScheme: []
+        - apiGatewayClientCredentialsSecurityScheme: []
+      summary: Bulk update photo identifiers by photo identifier UUID.
+      tags:
+        - Photo Identifiers
  /v1beta1/photo-identifiers/{id}:
    delete:
      description: |2+
@@ -1489,18 +1625,18 @@ paths:
      summary: Get a photo identifier by identifier UUID.
      tags:
        - Photo Identifier
-    patch:
+    put:
      description: |2+

        ## Update the photo identifier

-        This method allows a client to submit an action in the request query for a given photo identifier. The allowed actions are `set_retention`, `restore` and `hard_delete`.
+        This method allows a client to submit an action in the request query for a given photo identifier. The allowed actions are `set_retention`, `restore`, `soft_delete` and `hard_delete`.

        ### Permissions

        Principals with the `CARD_ADMIN` permission will be able to affect this endpoint.

-      operationId: v1beta1_photo_identifiers_partial_update
+      operationId: v1beta1_photo_identifiers_update
      parameters:
        - description: Action applied to the photo identifier.
          in: query
@@ -1510,6 +1646,7 @@ paths:
              - hard_delete
              - restore
              - set_retention
+              - soft_delete
            type: string
        - description: A UUID string identifying this photo identifier.
          in: path
@@ -1521,13 +1658,14 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/PatchedV1Beta1PhotoIdentifierSummaryRequest'
+              $ref: '#/components/schemas/V1Beta1PhotoIdentifierSummaryRequest'
          application/x-www-form-urlencoded:
            schema:
-              $ref: '#/components/schemas/PatchedV1Beta1PhotoIdentifierSummaryRequest'
+              $ref: '#/components/schemas/V1Beta1PhotoIdentifierSummaryRequest'
          multipart/form-data:
            schema:
-              $ref: '#/components/schemas/PatchedV1Beta1PhotoIdentifierSummaryRequest'
+              $ref: '#/components/schemas/V1Beta1PhotoIdentifierSummaryRequest'
+        required: true
      responses:
        "200":
          description: No response body