def get_queryset(self):
qs = EmployeeProfile.objects.all()
employee_profile = utils.employee_profile_or_none(self.request.user)
patient_profile = utils.patient_profile_or_none(self.request.user)
organization = self.request.query_params.get('organization_id')
role = self.request.query_params.get('role_id')
billing_view = self.request.query_params.get('billing_view')
qualified_practitioner = self.request.query_params.get(
'qualified_practitioner')
if organization:
qs = qs.filter(
Q(organizations__id__in=[organization])
| Q(organizations_managed__id__in=[organization]))
if role:
qs = qs.filter(Q(roles__id__in=[role]))
if billing_view:
qs = qs.filter(billing_view=billing_view == 'true')
if qualified_practitioner:
qs = qs.filter(
qualified_practitioner=qualified_practitioner == 'true')
if employee_profile is not None:
# TODO: For employees, only return employees in the same facilities/organizations
return qs.all()
if patient_profile is not None:
care_team_members = CareTeamMember.objects.filter(
plan__patient=patient_profile).values_list(
'employee_profile', flat=True).distinct()
return qs.filter(id__in=list(care_team_members))
return qs.none()
def has_permission(self, request, view):
employee_profile = utils.employee_profile_or_none(request.user)
patient_profile = utils.patient_profile_or_none(request.user)
if request.method in permissions.SAFE_METHODS:
return True
else:
if employee_profile is not None:
return True
return False
def get_queryset(self):
qs = EmployeeProfile.objects.all()
employee_profile = utils.employee_profile_or_none(self.request.user)
patient_profile = utils.patient_profile_or_none(self.request.user)
organization = self.request.query_params.get('organization_id')
role = self.request.query_params.get('role_id')
billing_view = self.request.query_params.get('billing_view')
qualified_practitioner = self.request.query_params.get(
'qualified_practitioner')
if organization:
qs = qs.filter(
Q(organizations__id__in=[organization])
| Q(organizations_managed__id__in=[organization]))
if role:
qs = qs.filter(Q(roles__id__in=[role]))
if billing_view:
qs = qs.filter(billing_view=billing_view == 'true')
if qualified_practitioner:
qs = qs.filter(
qualified_practitioner=qualified_practitioner == 'true')
if employee_profile is not None:
if employee_profile.organizations_managed.count() > 0:
# For organization managers, return all employees in
# managed organizations (and other facilities they manage)
organizations_managed = employee_profile.organizations_managed.values_list(
'id', flat=True)
facilities_managed = employee_profile.facilities_managed.values_list(
'id', flat=True)
return qs.filter(
Q(organizations_managed__id__in=organizations_managed)
| Q(organizations__id__in=organizations_managed)
| Q(facilities_managed__id__in=facilities_managed)
| Q(facilities__id__in=facilities_managed)).distinct()
elif employee_profile.facilities_managed.count() > 0:
# For facility managers, return all employees in the facilities
# they manage.
facilities_managed = employee_profile.facilities_managed.values_list(
'id', flat=True)
return qs.filter(
Q(facilities_managed__id__in=facilities_managed)
| Q(facilities__id__in=facilities_managed)).distinct()
else:
# For regular employees, return only the employees in the same
# facilities as them.
facilities = employee_profile.facilities.values_list('id',
flat=True)
return qs.filter(
Q(facilities_managed__id__in=facilities)
| Q(facilities__id__in=facilities)).distinct()
if patient_profile is not None:
care_team_members = CareTeamMember.objects.filter(
plan__patient=patient_profile).values_list(
'employee_profile', flat=True).distinct()
return qs.filter(id__in=list(care_team_members))
return qs.none()
def get_queryset(self):
qs = self.queryset
employee_profile = utils.employee_profile_or_none(self.request.user)
patient_profile = utils.patient_profile_or_none(self.request.user)
if employee_profile is not None:
# TODO: Only get procedures for patients this employee has access to
return qs.all()
elif patient_profile is not None:
return qs.filter(patient__id=patient_profile.id)
else:
return qs.none()
def get_queryset(self):
qs = Organization.objects.all()
employee_profile = utils.employee_profile_or_none(self.request.user)
patient_profile = utils.patient_profile_or_none(self.request.user)
# If user is a employee, get all organizations that they belong to
if employee_profile is not None:
qs = qs.filter(
Q(id__in=employee_profile.organizations.all())
| Q(id__in=employee_profile.organizations_managed.all()), )
return qs.all()
# If user is a patient, only return the organization their facility belongs to
if patient_profile is not None:
qs = qs.filter(id=patient_profile.facility.organization.id)
return qs.all()
return qs.none()
def get_queryset(self):
queryset = super(PatientTaskTemplateViewSet, self).get_queryset()
employee_profile = utils.employee_profile_or_none(self.request.user)
patient_profile = utils.patient_profile_or_none(self.request.user)
if employee_profile is not None:
# TODO: Only get task templates for patients this employee
# has access to
return queryset
elif patient_profile is not None:
patient_plans = patient_profile.care_plans.all()
plan_templates = patient_plans.values_list("plan_template",
flat=True)
queryset = queryset.filter(plan_template__id__in=plan_templates)
return queryset
else:
return queryset
def has_object_permission(self, request, view, obj):
if request.user.is_superuser:
return True
if request.method in permissions.SAFE_METHODS:
return True
employee_profile = utils.employee_profile_or_none(request.user)
patient_profile = utils.patient_profile_or_none(request.user)
if request.method == "PUT" or request.method == "PATCH":
if employee_profile and obj.facility in employee_profile.facilities_managed.all(
):
return True
if patient_profile and patient_profile == obj:
return True
if request.method == "DELETE":
return employee_profile and obj.facility in employee_profile.facilities_managed.all(
)
return False
def post(self, request, require_validated=True):
serializer = self.serializer_class(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except ValidationError as err:
if 'non_field_errors' in err.detail:
return Response(status=401)
raise err
user = serializer.validated_data['user']
if require_validated and not user.validated_at:
response = GenericErrorResponse(
'User has not yet been validated. Check the email on the '
'account for a validation request.')
response.status_code = 401
return response
# Requires that a user has either a employee profile or a patient profile
# to obtain an authentication token.
employee_profile = utils.employee_profile_or_none(user)
patient_profile = utils.patient_profile_or_none(user)
if not employee_profile and not patient_profile:
response = GenericErrorResponse(
'User does not have an active associated employee or patient profile'
)
response.status_code = 401
return response
if employee_profile and employee_profile.status == 'inactive' or \
patient_profile and (not patient_profile.is_active or patient_profile.is_archived):
response = GenericErrorResponse(
'User does not have an active associated employee or patient profile'
)
response.status_code = 401
return response
token, created = Token.objects.get_or_create(user=user)
response_data = {'token': token.key}
if employee_profile:
response_data.update({'employee_profile': employee_profile.id})
elif patient_profile:
response_data.update({'patient_profile': patient_profile.id})
response = Response(response_data)
return response