def update_mobile_phone(request): if (request.method != 'POST'): return err_GE002() user_type = int(request.user_type) form = UpdateMobileForm(request.POST, user_type=user_type) if (not form.is_valid()): return err_GE031(form) mobile_phone = form.cleaned_data["mobile_phone"] # If CALL_ENABLE = True, and mobile_phone is not empty, # this function can't be accessed directly. # If CALL_ENABLE = True, mobile phone must be stored after validation. if (settings.CALL_ENABLE and mobile_phone): return err403(request) # If the mobile_phone number is used by others, return error. if mobile_phone and has_mhluser_with_mobile_phone(mobile_phone, request.user.id): return err_AM020() if mobile_phone: MHLUser.objects.filter(id=request.user.id).update(mobile_phone=mobile_phone) else: if user_type not in [USER_TYPE_OFFICE_MANAGER, USER_TYPE_OFFICE_STAFF]: return err403(request) MHLUser.objects.filter(id=request.user.id).update(mobile_phone='', mobile_confirmed=False) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def dicom_view(request, message_id, attachment_id): """ Handles dicom viewer. :param request: The HTTP request :type request: django.core.handlers.wsgi.WSGIRequest :param message_id: Message uuid :type message_id: uuid :param attachment_id: Attachment uuid :type attachment_id: uuid :returns: DicomView.html :raises: Exception """ if (request.method != 'POST'): return err_GE002() form = MsgGetForm(request.POST) if (not form.is_valid()): return err_GE031(form) try: # Get/set up data for KMS. device_assn = request.device_assn request.session['key'] = device_assn.secret secret = form.cleaned_data['secret'] context = getDicomInfo(request, message_id, attachment_id, dicom_jpg_func_name='MHLogin.apps.smartphone.v1.views_messaging_dicom.dicom_view_jpg', secret=secret) context["secret"] = secret context["device_id"] = device_assn.device_id return render_to_response('DoctorCom/Messaging/DicomView_APP.html', context) except KeyInvalidException: return err_GE021()
def get_key(request): if (request.method != 'POST'): return err_GE002() form = GetKeyForm(request.POST) if (not form.is_valid()): return err_GE031(form) #dbkey = get_user_key(request, ss=form.cleaned_data['secret']) db_secret = request.device_assn.db_secret xor = XOR.new(base64.b64decode(form.cleaned_data['secret'])) db_key = xor.encrypt(base64.b64decode(db_secret)) if (not request.device_assn.verify_db_key(db_key)): return err_GE022() # Okay, we need to test the validity of this key before we return it. # Otherwise, we could return an invalid key. response = { 'data': { 'key':base64.b64encode(db_key), # 'gcm_project_id': settings.GCM_PROJECT_ID }, 'warnings':{} } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def new_task(request): if (request.method != 'POST'): return err_GE002() form = NewTaskForm(request.POST) if (not form.is_valid()): return err_GE031(form) local_tz = timezone(settings.TIME_ZONE) task = FollowUps( user=request.user, due_date=timezone_conversion( form.cleaned_data['due'], local_tz, ).replace(tzinfo=None), priority=form.cleaned_data['priority'], task=form.cleaned_data['description'], note=form.cleaned_data['note'], ) task.save() response = { 'data': { 'id': task.id }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def new_task(request): if (request.method != 'POST'): return err_GE002() form = NewTaskForm(request.POST) if (not form.is_valid()): return err_GE031(form) local_tz = timezone(settings.TIME_ZONE) task = FollowUps( user=request.user, due_date=timezone_conversion( form.cleaned_data['due'], local_tz, ).replace(tzinfo=None), priority=form.cleaned_data['priority'], task=form.cleaned_data['description'], note=form.cleaned_data['note'], ) task.save() response = { 'data': {'id': task.id}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def compose_refer(request): if (request.method != 'POST'): return err_GE002() form = MessageReferForm(request.POST, request.FILES) if (not form.is_valid()): return err_GE031(form) sender = request.user sender_role_user = request.role_user subject = u'Refer' body = form.cleaned_data['reason_of_refer'] recipients = form.cleaned_data['user_recipients'] attachments = [] if ('attachments' in request.FILES): attachments = request.FILES.getlist('attachments') request.session['key'] = request.device_assn.secret ss = request.POST['secret'] createNewMessage(request, sender, sender_role_user, recipients, body, ccs=None, subject=subject, uploads=attachments, file_data_list=None, refer_data=form.cleaned_data, api_secret=None, ss=ss) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def check_in(request): if (request.method == 'GET'): return err_GE002() response = { 'data': {}, 'warnings': {}, } data = response['data'] data['status'] = 'ok' if (not request.device_assn.is_active): data['status'] = 'wipe' return HttpResponse(content=json.dumps(response), mimetype='application/json') data['password_changed'] = request.device_assn.password_reset form = CheckInForm(request.POST, auto_id=False) if (not form.is_valid()): return err_GE031(form) if ('key' in request.POST): key = get_user_key(request, ss=form.cleaned_data['key']) if (not request.device_assn.verify_key(key)): return err_GE022() data['key'] = base64.b64encode(key) if ('rx_timestamp' in request.POST): data['received_messages'] = rx_message_list_data(request, form.cleaned_data['rx_timestamp'], None, None, None) if ('tx_timestamp' in request.POST): data['sent_messages'] = tx_message_list_data(request, form.cleaned_data['tx_timestamp'], None, None, None) return HttpResponse(content=json.dumps(response), mimetype='application/json')
def update_refer(request, refer_id): """ update_refer :param request: Recipient info :type request: django.core.handlers.wsgi.WSGIRequest :param refer_id: The refferal's id :type refer_id: uuid :returns: { 'data': {}, 'warnings': {}, } """ if (request.method != 'POST'): return err_GE002() form = ReferEditForm(request.POST) if (not form.is_valid()): return err_GE031(form) updateRefer(request, form, refer_id) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def send_message_check(request): if (request.method != 'POST'): return err_GE002() form = MsgCompositionCheckForm(request.POST) if (not form.is_valid()): return err_GE031(form) sender = request.user recipients = [] form.cleaned_data['recipients'] if 'recipients' in form.cleaned_data and len(form.cleaned_data['recipients']) > 0: recipients = form.cleaned_data['recipients'] elif 'practice_recipients' in form.cleaned_data and len(form.cleaned_data['practice_recipients']) > 0: recipients = form.cleaned_data['practice_recipients'] ccs = [] if 'ccs' in form.cleaned_data and len(form.cleaned_data['ccs']) > 0: ccs = form.cleaned_data['ccs'] attachment_count = 0 if 'attachment_count' in form.cleaned_data and form.cleaned_data['attachment_count']: attachment_count = form.cleaned_data['attachment_count'] valid = sendMessageCheck(sender, attachment_count, recipients, ccs) response = { 'data': {'valid': valid}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def refuseInvitation(request, pending_id): if (request.method != 'POST'): return err_GE002() form = HandleInviteForm(request.POST) if (not form.is_valid()): return err_GE031(form) invite_type = form.cleaned_data['invite_type'] mhluser_id = request.user.id first_name = request.user.first_name last_name = request.user.last_name fullname=get_fullname(request.user) ret_data = {} if invite_type == 1: ret_data = rejectToJoinPractice(request.user, pending_id) elif invite_type == 3: ret_data = join_call_group(pending_id, "Reject", request.role_user) else: ret_data = rejected_member_org_invite(mhluser_id, fullname, pending_id) response = { 'data': ret_data, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def delta_task_list(request): if (request.method != 'POST'): return err_GE002() form = TaskDeltaForm(request.POST) if (not form.is_valid()): return err_GE031(form) response = { 'data': {}, 'warnings': {}, } data = response['data'] qs = FollowUps.objects.filter( user=request.user, update_timestamp__gte=form.cleaned_data['timestamp']) data['tasks'] = [{ 'id': task.id, 'due': task.due_date.strftime(TIME_DISPLAY_FORMAT), 'priority': task.priority, 'description': task.task, 'done_flag': task.done, 'note': task.note, } for task in qs] data['timestamp'] = time.time() return HttpResponse(content=json.dumps(response), mimetype='application/json')
def check_dicom(request, message_id, attachment_id): """ Check dicom jpg exsit or not. :param request: The HTTP request :type request: django.core.handlers.wsgi.WSGIRequest :param message_id: Message uuid :type message_id: uuid :param attachment_id: Attachment uuid :type attachment_id: uuid :returns: JSON Data :raises: Exception """ if (request.method != 'POST'): return err_GE002() form = MsgGetForm(request.POST) if (not form.is_valid()): return err_GE031(form) try: # Get/set up data for KMS. request.session['key'] = request.device_assn.secret ret_data = checkDicom(request, message_id, attachment_id, secret=form.cleaned_data['secret']) response = { 'data': ret_data, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') except KeyInvalidException: return err_GE021()
def testChangePassword(self): response = self.client.get(reverse\ ('MHLogin.api.v1.views_account.changePassword'), **self.extra) self.assertEqual(response.content, err_GE002().content, response.status_code) response = self.client.post(reverse\ ('MHLogin.api.v1.views_account.changePassword'), **self.extra) self.assertEqual(response.status_code, 400, response.status_code)
def testUpdateMobilePhone(self): response = self.client.get(reverse\ ('MHLogin.api.v1.views_account.updateMobilePhone'), **self.extra) self.assertEqual(response.content, err_GE002().content, response.status_code) response = self.client.post(reverse\ ('MHLogin.api.v1.views_account.updateMobilePhone'), data={'mobile_phone':9001234124}, **self.extra) self.assertEqual(response.status_code, 200, response.status_code) msg = json.loads(response.content) self.assertEqual(len(msg), 2)
def page_user(request, user_id): if (request.method != 'POST'): return err_GE002() form = PagerNumberForm(request.POST) if (not form.is_valid()): return err_GE031(form) if (not MHLUser.objects.filter(pk=user_id).exists()): return err_GE010() provider = None try: provider = Provider.objects.get(user=user_id) except Provider.DoesNotExist: # This is ok. pass office_staff = None try: office_staff = OfficeStaff.objects.get(user=user_id) except OfficeStaff.DoesNotExist: # this is okay. pass paged = None # The user getting paged. if (provider): paged = provider if (not provider.pager): err_obj = { 'errno': 'TE002', 'descr': _('Requested user doesn\'t have a pager.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') elif (office_staff): paged = office_staff if (not office_staff.pager): err_obj = { 'errno': 'TE002', 'descr': _('Requested user doesn\'t have a pager.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') else: # Error! User doesn't appear to be a provider or an office staffer. return err_GE010() send_page(request.user, paged, form.cleaned_data['number']) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def rx_message_list(request, return_python=False): """ Gets a list of the received message headers. If return_python is true, this will just return the object that would have been converted to JSON format. """ if (request.method != 'POST'): return err_GE002() form = MsgListForm(request.POST) if (not form.is_valid()): return err_GE031(form) from_timestamp = None if ('from_timestamp' in form.cleaned_data): from_timestamp = form.cleaned_data['from_timestamp'] to_timestamp = None if ('to_timestamp' in form.cleaned_data): to_timestamp = form.cleaned_data['to_timestamp'] count = None if ('count' in form.cleaned_data): count = form.cleaned_data['count'] resolved = None if ('resolved' in request.POST): resolved = form.cleaned_data['resolved'] read = None if ('read' in request.POST): read = form.cleaned_data['read'] exclude_id = None if ('exclude_id' in form.cleaned_data): exclude_id = form.cleaned_data['exclude_id'] is_threading = False if 'is_threading' in form.cleaned_data: is_threading = form.cleaned_data['is_threading'] thread_uuid = None if 'thread_uuid' in form.cleaned_data: thread_uuid = form.cleaned_data['thread_uuid'] use_time_setting = False if 'use_time_setting' in form.cleaned_data: use_time_setting = form.cleaned_data['use_time_setting'] response = { 'data': rx_message_list_data(request, from_timestamp, to_timestamp, count, resolved, read, exclude_id, is_threading=is_threading, use_time_setting=use_time_setting, thread_uuid=thread_uuid), 'warnings': {}, } if (return_python): return response return HttpResponse(content=json.dumps(response), mimetype='application/json')
def app_version_update(request): if (request.method == 'GET'): return err_GE002() form = VersionUpdateForm(request.POST, auto_id=False) if (not form.is_valid()): return err_GE031(form) request.device_assn.version = form.cleaned_data['app_version'] request.device_assn.save(request) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def register_push_token(request): if(request.method == 'POST'): form = PushTokenForm(request.POST) if(form.is_valid()): #SmartPhoneAssn.objects.filter(user=request.user).\ # update(push_token=form.cleaned_data['token']) SmartPhoneAssn.objects.filter(pk=request.device_assn.pk).\ update(push_token=form.cleaned_data['token']) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') return err_GE031(form) return err_GE002()
def register_push_token(request): if (request.method == 'POST'): form = PushTokenForm(request.POST) if (form.is_valid()): #SmartPhoneAssn.objects.filter(user=request.user).\ # update(push_token=form.cleaned_data['token']) SmartPhoneAssn.objects.filter(pk=request.device_assn.pk).\ update(push_token=form.cleaned_data['token']) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') return err_GE031(form) return err_GE002()
def resend_invite(request, invitation_id): if (request.method != 'POST'): return err_GE002() user_type = int(request.user_type) if USER_TYPE_OFFICE_STAFF == user_type: return err403(request) note = '' if (request.method == 'POST'): form = ResendInviteForm(request.POST) if (not form.is_valid()): return err_GE031(form) if ('note' in form.cleaned_data): note = form.cleaned_data['note'] try: invite = Invitation.objects.get(pk=invitation_id, sender=request.user) except Invitation.DoesNotExist: raise Http404 if User.objects.filter(email=invite.recipient).exists(): return err_IN002() invite.resend_invite(msg=note) use_time_setting = False if 'use_time_setting' in request.POST and request.POST[ 'use_time_setting'] == 'true': use_time_setting = True user = request.user local_tz = getCurrentTimeZoneForUser(user) response = { 'data': { 'id': invite.id, 'timestamp': formatTimeSetting(user, invite.requestTimestamp, local_tz, use_time_setting), 'request_timestamp': convertDatetimeToUTCTimestamp(invite.requestTimestamp), }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def user_search(request): """ Query MHLUser by name (first and/or last) returning Providers and Staff """ if (request.method != 'POST'): return err_GE002() form = UserSearchForm(request.POST) if (not form.is_valid()): return err_GE031(form) curr_mobile = request.role_user.user.mobile_phone object_ids = get_my_favorite_ids(request.user, OBJECT_TYPE_FLAG_MHLUSER) limit = form.cleaned_data['limit'] if 'limit' in form.cleaned_data else None qry = generate_name_query(form.cleaned_data['name']) user_qry = search_mhluser(qry, limit=limit) response = {'data': {'count': 0, 'results': []}, 'warnings': {}} provs = Provider.objects.filter(user__in=user_qry) staffs = OfficeStaff.objects.filter(user__in=user_qry) phys = Physician.objects.filter(user__in=provs) provs = {prov.user_id: prov for prov in provs} staffs = {staf.user_id: staf for staf in staffs} phys = {phy.user_id: phy for phy in phys} for user in user_qry: prov = provs[user.id] if user.id in provs else None staf = staffs[user.id] if user.id in staffs else None if not (staf or prov): continue # only include staff/providers phy = phys[prov.id] if prov and prov.id in phys else None pract = (prov and prov.current_practice) or (staf and staf.current_practice) pphoto = pract and pract.practice_photo response['data']['results'].append({ 'id': user.id, 'first_name': user.first_name, 'last_name': user.last_name, 'has_mobile': True if user.mobile_phone and curr_mobile else False, 'has_pager': True if (prov and prov.pager) or (staf and staf.pager) else False, 'thumbnail': get_image_by_type(user.photo, "Small", "Provider"), 'user_photo_m': get_image_by_type(user.photo, "Middle", "Provider"), 'practice_photo': get_image_by_type(pphoto, "Large", "Practice"), 'prefer_logo': get_prefer_logo(user.id, pract) if pract else '', 'is_favorite': user.id in object_ids, 'specialty': phy.get_specialty_display() if phy else '', 'fullname':get_fullname(user) }) response['data']['count'] += 1 return HttpResponse(content=json.dumps(response), mimetype='application/json')
def user_update_photo(request): if (request.method != 'POST'): return err_GE002() try: mhluser = request.user except MHLUser.DoesNotExist: err_obj = { 'errno': 'PF001', 'descr': _('User not found.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') old_url = None if mhluser.photo: old_url = request.user.photo.name form = UserPhotoForm(request.POST, request.FILES, instance=mhluser) user = form.save(commit=False) user.save() new_url = None if user.photo: new_url = user.photo.name if old_url != new_url: generate_image(old_url, new_url) user_type = int(request.user_type) if user_type in [USER_TYPE_OFFICE_MANAGER, USER_TYPE_OFFICE_STAFF]: nurse = Nurse.objects.filter(user__user=mhluser) if nurse: photo = get_image_by_type(mhluser.photo, "Middle", type="Nurse") else: photo = get_image_by_type(mhluser.photo, "Middle", type="Staff") else: photo = get_image_by_type(mhluser.photo, "Middle") if photo: response = { 'photo': photo, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') else: err_obj = { 'errno': 'PF002', 'descr': _('Update user photo failed.'), } return HttpResponse(content=json.dumps(err_obj), mimetype='application/json')
def validate(request): if (request.method != 'POST'): return err_GE002() form = ValidateForm(request.POST) if (not form.is_valid()): return err_GE031(form) user_type = request.user_type ret_json = validateLogic(form, request.user, user_type) ret_json["settings_validate_lock_time"] = settings.VALIDATE_LOCK_TIME response = { 'data': ret_json, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def get_refer_pdf(request, refer_id): """ get_refer_pdf :param request: Request info :type request: django.core.handlers.wsgi.WSGIRequest :param refer_id: referall id :type refer_id: uuid :returns: django.http.HttpResponse -- the result in an HttpResonse object """ if (request.method != 'POST'): return err_GE002() form = MsgGetForm(request.POST) if (not form.is_valid()): return err_GE031(form) refer = get_object_or_404(MessageRefer, uuid=refer_id) message = refer.message if ((message.sender and request.user.pk != message.sender.pk) and not ((request.user.pk,) in message.recipients.values_list('id') or (request.user.pk,) in message.ccs.values_list('id'))): return err403(request, err_msg=_("You don't seem to be a valid recipient for this file.")) # Get/set up data for KMS. request.session['key'] = request.device_assn.secret try: clearkey = decrypt_cipherkey(request, refer, ss=form.cleaned_data['secret']) except KeyInvalidException: return err_GE021() try: response = refer.get_file(request, clearkey) return response except Exception as e: err_email_body = '\n'.join([ ('PDF file not exist!'), ''.join(['Server: ', settings.SERVER_ADDRESS]), ''.join(['Session: ', str(request.session.session_key)]), ''.join(['Message: ', (u'PDF file not exist in media/refer/pdf')]), ''.join(['Exception: ', str(e)]), ''.join(['Exception data: ', str(e.args)]), ]) mail_admins(_('PDF folder not exist'), err_email_body) raise Exception(_('A seemingly invalid URL has been stored for Refer Pdf.'))
def resend_invite(request, invitation_id): if (request.method != 'POST'): return err_GE002() user_type = int(request.user_type) if USER_TYPE_OFFICE_STAFF == user_type: return err403(request) note = '' if (request.method == 'POST'): form = ResendInviteForm(request.POST) if (not form.is_valid()): return err_GE031(form) if ('note' in form.cleaned_data): note = form.cleaned_data['note'] try: invite = Invitation.objects.get(pk=invitation_id, sender=request.user) except Invitation.DoesNotExist: raise Http404 if User.objects.filter(email=invite.recipient).exists(): return err_IN002() invite.resend_invite(msg=note) use_time_setting = False if 'use_time_setting' in request.POST and request.POST['use_time_setting'] == 'true': use_time_setting = True user = request.user local_tz = getCurrentTimeZoneForUser(user) response = { 'data': { 'id': invite.id, 'timestamp': formatTimeSetting(user, invite.requestTimestamp, local_tz, use_time_setting), 'request_timestamp': convertDatetimeToUTCTimestamp(invite.requestTimestamp), }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def check_user(request): if (request.method == 'GET'): return err_GE002() form = CheckUserForm(request.POST) if (not form.is_valid()): return err_GE031(form) try: User.objects.get(username=form.cleaned_data['username']) response = { 'data': { }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') except User.DoesNotExist: err_obj = { 'errno': 'PF001', 'descr': _('User not found.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json')
def sendCode(request): if (request.method != 'POST'): return err_GE002() form = SendCodeForm(request.POST) if (not form.is_valid()): return err_GE031(form) # uniqueness check for mobile phone type = form.cleaned_data["type"] recipient = form.cleaned_data["recipient"] if "2" == type and has_mhluser_with_mobile_phone(recipient, request.user.id): return err_AM020() request.session['key'] = request.device_assn.secret ret_json = sendCodeLogic(form, request.user, request) if "error_code" in ret_json: if ret_json["error_code"] == 403: return errlib.err403(request) elif ret_json["error_code"] == 404: err_obj = { 'errno': 'VA001', 'descr': _('The number is invalid, we can\'t send code to you. ' 'Please input a valid mobile phone number.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') ret_json[ "settings_send_code_waiting_time"] = settings.SEND_CODE_WAITING_TIME ret_json["settings_validate_lock_time"] = settings.VALIDATE_LOCK_TIME response = { 'data': ret_json, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def update_task(request, task_id): if (request.method != 'POST'): return err_GE002() form = UpdateTaskForm(request.POST) if (not form.is_valid()): return err_GE031(form) try: task = FollowUps.objects.get(pk=task_id, user=request.user) except FollowUps.DoesNotExist: raise Http404 local_tz = timezone(settings.TIME_ZONE) data = form.cleaned_data if ('due' in data): task.due_date = timezone_conversion( data['due'], local_tz, ).replace(tzinfo=None) if ('priority' in data): task.priority = data['priority'] if ('description' in data): task.task = data['description'] if ('note' in data): task.note = data['note'] if ('completed' in data): if (data['completed']): task.completion_date = datetime.now() task.done = data['completed'] task.save() response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def toggle_favorite(request): if (request.method != 'POST'): return err_GE002() owner = request.user form = ToggleFavoriteForm(request.POST) if (not form.is_valid()): return err_GE031(form) object_type_flag = form.cleaned_data["object_type_flag"] object_id = form.cleaned_data["object_id"] is_favorite = form.cleaned_data["is_favorite"] do_toggle_favorite(owner, object_type_flag, object_id, is_favorite=is_favorite) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def acceptInvitation(request, pending_id): if (request.method != 'POST'): return err_GE002() form = HandleInviteForm(request.POST) if (not form.is_valid()): return err_GE031(form) invite_type = form.cleaned_data['invite_type'] user_id = request.user.id ret_data = {} if invite_type == 1: ret_data = acceptToJoinPractice(request.user, pending_id, provider = request.role_user) elif invite_type == 3: ret_data = join_call_group(pending_id, "Accept", request.role_user) else: ret_data = accept_member_org_invite(user_id, pending_id) response = { 'data': ret_data, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def update_message(request, message_id): """update_message request: :param request: The HTTP update message request :type request: django.core.handlers.wsgi.WSGIRequest :param message_id: The message uuid :type message_id: uuid :returns: django.http.HttpResponse -- the JSON result in an HttpResonse object :raises: None """ if (request.method != 'POST'): return err_GE002() form = UpdateMessageForm(request.POST) if (not form.is_valid()): return err_GE031(form) update_message_status(request.user, message_id, request.POST) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def check_user(request): if (request.method == 'GET'): return err_GE002() form = CheckUserForm(request.POST) if (not form.is_valid()): return err_GE031(form) try: User.objects.get(username=form.cleaned_data['username']) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') except User.DoesNotExist: err_obj = { 'errno': 'PF001', 'descr': _('User not found.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json')
def get_attachment(request, message_id, attachment_id): if (request.method != 'POST'): return err_GE002() form = MsgGetForm(request.POST) if (not form.is_valid()): return err_GE031(form) attachment = get_object_or_404(MessageAttachment, message__uuid=message_id, uuid=attachment_id) message = attachment.message if ((message.sender and request.user.pk != message.sender.pk) and not ((request.user.pk,) in message.recipients.values_list('id') or (request.user.pk,) in message.ccs.values_list('id'))): return err403(request, err_msg="You don't seem to be a valid recipient for this file.") # Get/set up data for KMS. request.session['key'] = request.device_assn.secret try: clearkey = decrypt_cipherkey(request, attachment, ss=form.cleaned_data['secret']) except KeyInvalidException: return err_GE021() url = attachment.decrypt_url(request, key=clearkey) if (url[0:4] == 'file'): response = HttpResponse(content_type=attachment.content_type) attachment.get_file(request, response) return response elif (url[0:4] == 'http'): # This is likely a fully qualified URL if (not attachment.encrypted): return HttpResponseRedirect(url) else: # Download and decrypt this attachment. pass else: raise Exception('A seemingly invalid URL has been stored: %s, ' 'for MessageAttachment %s.' % (url, attachment_id,))
def my_favorite(request): if (request.method != 'POST'): return err_GE002() form = FavoriteListForm(request.POST) if (not form.is_valid()): return err_GE031(form) object_type_flag = None if "object_type_flag" in form.cleaned_data and form.cleaned_data[ "object_type_flag"]: object_type_flag = form.cleaned_data["object_type_flag"] favorites = get_my_favorite(request.user, object_type_flag=object_type_flag, show_picture=True) response = { 'data': { "favorites": favorites }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def dicom_info(request, message_id, attachment_id): """ Handles dicom viewer. :param request: The HTTP request :type request: django.core.handlers.wsgi.WSGIRequest :param message_id: Message uuid :type message_id: uuid :param attachment_id: Attachment uuid :type attachment_id: uuid :returns: json :raises: Exception """ if (request.method != 'POST'): return err_GE002() form = MsgGetForm(request.POST) if (not form.is_valid()): return err_GE031(form) try: # Get/set up data for KMS. device_assn = request.device_assn request.session['key'] = device_assn.secret secret = form.cleaned_data['secret'] context = getDicomInfo(request, message_id, attachment_id, dicom_jpg_func_name='MHLogin.apps.smartphone.v1.views_messaging_dicom.dicom_view_jpg', secret=secret) response = { 'data': context, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json') except KeyInvalidException: return err_GE021()
def check_in(request): if (request.method == 'GET'): return err_GE002() response = { 'data': {}, 'warnings': {}, } data = response['data'] data['status'] = 'ok' if (not request.device_assn.is_active): data['status'] = 'wipe' return HttpResponse(content=json.dumps(response), mimetype='application/json') data['password_changed'] = request.device_assn.password_reset form = CheckInForm(request.POST, auto_id=False) if (not form.is_valid()): return err_GE031(form) if ('key' in request.POST): key = get_user_key(request, ss=form.cleaned_data['key']) if (not request.device_assn.verify_key(key)): return err_GE022() data['key'] = base64.b64encode(key) if ('rx_timestamp' in request.POST): data['received_messages'] = rx_message_list_data( request, form.cleaned_data['rx_timestamp'], None, None, None) if ('tx_timestamp' in request.POST): data['sent_messages'] = tx_message_list_data( request, form.cleaned_data['tx_timestamp'], None, None, None) return HttpResponse(content=json.dumps(response), mimetype='application/json')
def delta_task_list(request): if (request.method != 'POST'): return err_GE002() form = TaskDeltaForm(request.POST) if (not form.is_valid()): return err_GE031(form) response = { 'data': {}, 'warnings': {}, } data = response['data'] qs = FollowUps.objects.filter(user=request.user, update_timestamp__gte=form.cleaned_data['timestamp']) data['tasks'] = [{ 'id':task.id, 'due': task.due_date.strftime(TIME_DISPLAY_FORMAT), 'priority': task.priority, 'description': task.task, 'done_flag': task.done, 'note': task.note, } for task in qs] data['timestamp'] = time.time() return HttpResponse(content=json.dumps(response), mimetype='application/json')
def getUserTabs(request): if (request.method != 'POST'): return err_GE002() form = UserTabForm(request.POST) if (not form.is_valid()): return err_GE031(form) role_user = request.role_user current_practice = role_user.current_practice mhluser = request.user is_only_user_tab = False if "is_only_user_tab" in form.cleaned_data: is_only_user_tab = form.cleaned_data['is_only_user_tab'] show_my_favorite = False if "show_my_favorite" in form.cleaned_data: show_my_favorite = form.cleaned_data["show_my_favorite"] current_practice_id = None if current_practice is None: type_name = "" else: type_name = current_practice.organization_type.name current_practice_id = current_practice.id userTab = [{ 'tab_name': _('Site Providers'), 'tab_type': '1', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_users.site_providers') }, { 'tab_name': _('Site Staff'), 'tab_type': '2', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_users.site_staff') }, { 'tab_name': _('%s Provider') % (type_name), 'tab_type': '3', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_users.practice_providers') }, { 'tab_name': _('%s Staff') % (type_name), 'tab_type': '4', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_users.practice_staff') }, { 'tab_name': _('Community Providers'), 'tab_type': '5', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_users.community_providers') }] if not is_only_user_tab: userTab.append({ 'tab_name': _('Local Practices'), 'tab_type': '6', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_practices.local_office') }) orgs = which_orgs_contain_this_user(mhluser.id, exclude_org_ids=current_practice_id) if orgs and len(orgs): for org in orgs: userTab.append({ 'tab_name': org.practice_name, 'tab_type': '7', 'logo': ImageHelper.get_image_by_type(org.practice_photo, "Small", '', resize_type='img_size_logo'), 'logo_middle': ImageHelper.get_image_by_type(org.practice_photo, "Middle", '', resize_type='img_size_logo'), 'logo_large': ImageHelper.get_image_by_type(org.practice_photo, "Large", '', resize_type='img_size_logo'), 'org_id': org.pk, 'url': reverse('MHLogin.apps.smartphone.v1.views_orgs.getOrgUsers', kwargs={'org_id': org.pk}) }) if show_my_favorite: userTab.append({ 'tab_name': _('My Favorites'), 'tab_type': '8', 'logo': '', 'logo_middle': '', 'logo_large': '', 'org_id': '', 'url': reverse('MHLogin.apps.smartphone.v1.views_my_favorite.my_favorite') }) response = { 'data': userTab, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def new_invite(request): if (request.method != 'POST'): return err_GE002() user_type = int(request.user_type) role_user = request.role_user if USER_TYPE_OFFICE_STAFF == user_type: return err403(request) form = NewInviteForm(request.POST) if (not form.is_valid()): return err_GE031(form) invite_user_type = int(form.cleaned_data['invite_user_type']) invite_type = int(form.cleaned_data['invite_type']) recipient = form.cleaned_data['email'] if USER_TYPE_OFFICE_MANAGER != user_type and 2 == invite_type: return err403(request) if User.objects.filter(email=recipient).exists(): return err_IN002() note = '' if ('note' in form.cleaned_data and form.cleaned_data['note']): note = form.cleaned_data['note'] # if (Invitation.objects.filter(recipient=form.cleaned_data['email']).exists()): # err_obj = { # 'errno': 'IN001', # 'descr': _('Recipient already has an outstanding invitation'), # } # return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') current_practice = role_user.current_practice invites = Invitation.objects.filter(sender=request.user, recipient=form.cleaned_data['email'], userType=invite_user_type) if 2 == invite_type and current_practice: invites = invites.filter(assignPractice=current_practice) else: invites = invites.filter(assignPractice=None) if (len(invites) > 0): invite = invites[0] invite.resend_invite(msg=note) else: invite = Invitation( sender=request.user, recipient=recipient, userType=invite_user_type, ) if 2 == invite_type and current_practice: invite.assignPractice = current_practice invite.save() invite.email_invite(msg=note) use_time_setting = False if 'use_time_setting' in request.POST and request.POST[ 'use_time_setting'] == 'true': use_time_setting = True user = request.user local_tz = getCurrentTimeZoneForUser(user) response = { 'data': { 'id': invite.id, 'timestamp': formatTimeSetting(user, invite.requestTimestamp, local_tz, use_time_setting), 'request_timestamp': convertDatetimeToUTCTimestamp(invite.requestTimestamp), }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def new_invite(request): if (request.method != 'POST'): return err_GE002() user_type = int(request.user_type) role_user = request.role_user if USER_TYPE_OFFICE_STAFF == user_type: return err403(request) form = NewInviteForm(request.POST) if (not form.is_valid()): return err_GE031(form) invite_user_type = int(form.cleaned_data['invite_user_type']) invite_type = int(form.cleaned_data['invite_type']) recipient = form.cleaned_data['email'] if USER_TYPE_OFFICE_MANAGER != user_type and 2 == invite_type: return err403(request) if User.objects.filter(email=recipient).exists(): return err_IN002() note = '' if ('note' in form.cleaned_data and form.cleaned_data['note']): note = form.cleaned_data['note'] # if (Invitation.objects.filter(recipient=form.cleaned_data['email']).exists()): # err_obj = { # 'errno': 'IN001', # 'descr': _('Recipient already has an outstanding invitation'), # } # return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') current_practice = role_user.current_practice invites = Invitation.objects.filter(sender=request.user, recipient=form.cleaned_data['email'], userType=invite_user_type) if 2 == invite_type and current_practice: invites = invites.filter(assignPractice=current_practice) else: invites = invites.filter(assignPractice=None) if (len(invites) > 0): invite = invites[0] invite.resend_invite(msg=note) else: invite = Invitation( sender=request.user, recipient=recipient, userType=invite_user_type, ) if 2 == invite_type and current_practice: invite.assignPractice = current_practice invite.save() invite.email_invite(msg=note) use_time_setting = False if 'use_time_setting' in request.POST and request.POST['use_time_setting'] == 'true': use_time_setting = True user = request.user local_tz = getCurrentTimeZoneForUser(user) response = { 'data': { 'id':invite.id, 'timestamp': formatTimeSetting(user, invite.requestTimestamp, local_tz, use_time_setting), 'request_timestamp': convertDatetimeToUTCTimestamp(invite.requestTimestamp), }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def get_all_providers_and_staffs(request): if (request.method != 'POST'): return err_GE002() response = { 'users': {} } practice = None try: practice = Provider.objects.get(pk=request.user).current_practice except: try: practice = OfficeStaff.objects.get(pk=request.user).current_practice except: pass q_1 = Q() q_2 = Q() if 'name' in request.POST: search_terms = unicode.split(request.POST['name']) if search_terms: if len(search_terms) == 1: first_name = search_terms[0] last_name2 = '' else: first_name = search_terms[0] last_name = search_terms[1:] last_name2 = ' '.join(last_name) if last_name2: q_2 = Q(user__first_name__icontains=first_name) \ & Q(user__last_name__icontains=last_name2) \ | Q(user__first_name__icontains=last_name2) \ & Q(user__last_name__icontains=first_name) q_1 = Q(user__user__first_name__icontains=first_name) \ & Q(user__user__last_name__icontains=last_name2) \ | Q(user__user__first_name__icontains=last_name2) \ & Q(user__user__last_name__icontains=first_name) else: q_2 = Q(user__first_name__icontains=first_name) \ | Q(user__last_name__icontains=first_name) q_1 = Q(user__user__first_name__icontains=first_name) \ | Q(user__user__last_name__icontains=first_name) np_pas = NP_PA.active_objects.filter(q_1).\ select_related('user', 'user__user', 'user__user__user') physicians = Physician.active_objects.filter(q_1).\ select_related('user', 'user__user', 'user__user__user') office_managers = Office_Manager.active_objects.\ filter(q_1).select_related('user', 'user__user') office_staffs = OfficeStaff.active_objects.filter(q_2).\ filter(practices=practice).select_related('user', 'user__user') return_set = [] for phy in physicians: u = phy.user user_info = { 'id': u.user.id, 'first_name': u.user.first_name, 'last_name': u.user.last_name, 'user_type': 'Physican', 'office_address': ' '.join([u.user.address1, u.user.address2, u.user.city, u.user.state, u.user.zip]), 'specialty': _('N/A'), 'fullname':get_fullname(u.user) } if ('specialty' in dir(phy) and phy.specialty): user_info['specialty'] = phy.get_specialty_display() if u.clinical_clerk: user_info['specialty'] = '' user_info['user_type'] = 'Medical Student' return_set.append(user_info) for np_pa in np_pas: u = np_pa.user user_info = { 'id': u.user.id, 'first_name': u.user.first_name, 'last_name': u.user.last_name, 'user_type': 'NP/PA/Midwife', 'office_address': ' '.join([u.user.address1, u.user.address2, u.user.city, u.user.state, u.user.zip]), 'specialty': 'NP/PA/Midwife', 'fullname':get_fullname(u.user) } return_set.append(user_info) for staff in office_staffs: user_info = { 'id': staff.user.id, 'first_name': staff.user.first_name, 'last_name': staff.user.last_name, 'user_type': 'Staff', 'office_address': ' '.join([staff.user.address1, staff.user.address2, staff.user.city, staff.user.state, staff.user.zip]), 'specialty': 'N/A', 'fullname':get_fullname(staff) } if office_managers.filter(user=staff).exists(): user_info['user_type'] = 'Manager' return_set.append(user_info) response['users'] = sorted_uses(return_set) return HttpResponse(json.dumps(response))
def get_message(request, message_id): if (request.method != 'POST'): return err_GE002() form = MsgGetForm(request.POST) if (not form.is_valid()): return err_GE031(form) msgs = list(MessageBodyUserStatus.objects.filter(user=request.user, delete_flag=False, msg_body__message__uuid=message_id) .extra(select={'sender_title':"SELECT MHLUsers_mhluser.title \ FROM MHLUsers_mhluser INNER JOIN Messaging_message ON \ MHLUsers_mhluser.user_ptr_id = Messaging_message.sender_id \ INNER JOIN Messaging_messagebody ON \ Messaging_message.id = Messaging_messagebody.message_id \ WHERE Messaging_messagebody.id = Messaging_messagebodyuserstatus.msg_body_id"}). order_by('-msg_body__message__send_timestamp').select_related( 'msg_body', 'msg_body__message', 'msg_body__message__sender'))\ # Integrity check. if (len(msgs) > 1): # shouldn't be possible! mail_admins('Duplicate message ID', ' '.join(['server: ', settings.SERVER_ADDRESS, '\n', 'The message id with uuid', message_id, 'has returned with', 'more than one Message!\nAt: ', str(inspect.getfile(inspect.currentframe())), ':', str(inspect.currentframe().f_back.f_lineno) ])) if (len(msgs) == 0): raise Http404 status_obj = msgs[0] # Get/set up data for KMS. request.session['key'] = request.device_assn.secret ss = form.cleaned_data['secret'] current_user = request.role_user current_user_mobile = current_user.user.mobile_phone try: read_message(request, status_obj.msg_body, ss=ss) except KeyInvalidException: return err_GE021() msg = status_obj.msg_body.message recipients = MessageRecipient.objects.filter(message__uuid=message_id).\ select_related('user').extra(select={'title':'SELECT title FROM MHLUsers_mhluser \ WHERE MHLUsers_mhluser.user_ptr_id = Messaging_message_recipients.user_id'}).\ only('user__first_name', 'user__last_name') attachments = MessageAttachment.objects.filter(message=msg) ccs = MessageCC.objects.filter(message__uuid=message_id).select_related('user').\ extra(select={'title':'SELECT title FROM MHLUsers_mhluser \ WHERE MHLUsers_mhluser.user_ptr_id = Messaging_message_ccs.user_id'}).\ only('user__first_name', 'user__last_name', 'message') use_time_setting = False if 'use_time_setting' in request.POST and request.POST['use_time_setting'] == 'true': use_time_setting = True user = request.user local_tz = getCurrentTimeZoneForUser(user) action_history = get_message_action_history(status_obj.msg_body.message.id) response = { 'data': { 'body': status_obj.msg_body.clear_data, 'timestamp': formatTimeSetting(user, msg.send_timestamp, local_tz, use_time_setting), 'send_timestamp': msg.send_timestamp, 'sender': { 'name': get_fullname_bystr(msg.sender.last_name,msg.sender.first_name,status_obj.sender_title)\ if msg.sender else "System Message", 'id': msg.sender.id if msg.sender else 0, }, 'recipients': [{ 'name': get_fullname_bystr(u.user.last_name,u.user.first_name,u.title), 'id': u.user.id, } for u in recipients], 'ccs': [{ 'name': get_fullname_bystr(u.user.last_name,u.user.first_name,u.title), 'id': u.user.id, } for u in ccs], 'attachments': [ { 'id': att.uuid, 'filename': get_attachment_filename(request, att, ss), 'filesize': att.size, 'suffix':att.suffix, } for att in attachments], 'message_type': msg.message_type if msg.message_type else 'NM', 'callback_number': msg.callback_number, 'callback_available': settings.CALL_ENABLE and bool(msg.callback_number) and bool(current_user_mobile), 'urgent': bool(msg.urgent), 'resolution_flag': bool(msg._resolved_by_id), 'refer': _get_refer_from_mbus(status_obj, logo_size="Large"), 'thread_uuid': msg.thread_uuid, 'action_history': action_history, 'action_history_count': len(action_history) }, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def associate(request): logger.debug(''.join([str(request.session.session_key), '-Request: ', str(request)])) if (request.method == 'GET'): logger.debug(''.join([str(request.session.session_key), '-Returning GE002!!!'])) return err_GE002() form = AssociationForm(request.POST, auto_id=False) if (not form.is_valid()): return err_GE031(form) # Consider the compatibility, use the key: "allow_staff_login" -- it's optional, # distinguish different client version allow_staff_login = False if "allow_staff_login" in form.cleaned_data and form.cleaned_data["allow_staff_login"]: allow_staff_login = True user = authenticate(username=form.cleaned_data['username'], password=form.cleaned_data['password']) if (not user): err_obj = { 'errno': 'DM001', 'descr': _('Username or password incorrect.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') # TESTING_KMS_INTEGRATION check if user is g'fathered uprivs = UserPrivateKey.objects.filter(user=user, credtype=CRED_WEBAPP, gfather=True) if uprivs.exists(): recrypt_keys(uprivs, settings.SECRET_KEY, form.cleaned_data['password']) if (not user.is_active): return err_DM002() # Okay, everything checks out. Now check that the user is a Provider or Practice Manager providers = Provider.objects.filter(user=user.id) staff = OfficeStaff.objects.filter(user__pk=user.id) mobile_phone = '' mdcom_number = '' utype = None if providers and len(providers) > 0: utype = USER_TYPE_DOCTOR mdcom_number = providers[0].mdcom_phone mobile_phone = providers[0].user.mobile_phone elif staff and len(staff) > 0: staff = staff[0] if not staff_is_active(staff): return err_DM002() if not staff.user.has_perm('MHLUsers.access_smartphone'): return err_DM005() utype = USER_TYPE_OFFICE_STAFF manager_practice = staff.current_practice if manager_practice: mdcom_number = manager_practice.mdcom_phone mobile_phone = staff.user.mobile_phone if Office_Manager.objects.filter(user=staff).exists(): utype = USER_TYPE_OFFICE_MANAGER else: if not allow_staff_login: return err_DM020() else: return err_DM020() # When user login from app, clean some assn, such as: # 1. Other user's assn in the same app client. # 2. Same user's assn in other app client. # But, one user can login one mobile device and one tablet at the same time. # Now, the platform is only three options iPhone, Android, iPad. # If available platform options changed, please change the following logic. platform = form.cleaned_data['platform'] old_assns = None if platform in ('iPhone', 'Android'): old_assns = SmartPhoneAssn.objects.filter(Q(device_serial=form.cleaned_data['device_id']) | Q(user__pk=user.pk, platform__in=('iPhone', 'Android'))) else: old_assns = SmartPhoneAssn.objects.filter(Q(device_serial=form.cleaned_data['device_id']) | Q(user__pk=user.pk, platform='iPad')) if (old_assns and old_assns.exists()): for old_assn in old_assns: old_assn.dissociate(request, True) # get/set up all necessary crypto values. password = form.cleaned_data['password'] # key strengthened below in different way local, remote = split_user_key(password) # NOTE: splitkey result reversed compared to web, but we should be # OK as long as whatever deemed remote is not stored server side. db_key = os.urandom(32) xor = XOR.new(base64.b64decode(remote)) dbsplit = base64.b64encode(xor.encrypt(db_key)) # Next, create the association object assn = SmartPhoneAssn( user_id=user.pk, device_serial=form.cleaned_data['device_id'], version=form.cleaned_data['app_version'], platform=platform, user_type=utype, ) if ('name' in form.cleaned_data): assn.name = form.cleaned_data['name'] assn.save(request) assn.update_secret(local, password) assn.update_db_secret(dbsplit, db_key) response = { 'data': { 'mdcom_id': assn.device_id, 'secret': remote, 'mdcom_number': mdcom_number, 'mobile_phone': mobile_phone, 'user_id': user.pk, # about the number of user_type, please read USER_TYPE_CHOICES # in the MHLogin.utils.contants.py 'user_type': utype, 'gcm_project_id': settings.GCM_PROJECT_ID, 'call_available': settings.CALL_ENABLE and bool(mobile_phone) }, 'warnings': {}, } setSystemInfoToResponse(response) response["settings"]['prefer_logo'] = get_prefer_logo(user.pk) return HttpResponse(content=json.dumps(response), mimetype='application/json')
def associate(request): logger.debug(''.join( [str(request.session.session_key), '-Request: ', str(request)])) if (request.method == 'GET'): logger.debug(''.join( [str(request.session.session_key), '-Returning GE002!!!'])) return err_GE002() form = AssociationForm(request.POST, auto_id=False) if (not form.is_valid()): return err_GE031(form) # Consider the compatibility, use the key: "allow_staff_login" -- it's optional, # distinguish different client version allow_staff_login = False if "allow_staff_login" in form.cleaned_data and form.cleaned_data[ "allow_staff_login"]: allow_staff_login = True user = authenticate(username=form.cleaned_data['username'], password=form.cleaned_data['password']) if (not user): err_obj = { 'errno': 'DM001', 'descr': _('Username or password incorrect.'), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') # TESTING_KMS_INTEGRATION check if user is g'fathered uprivs = UserPrivateKey.objects.filter(user=user, credtype=CRED_WEBAPP, gfather=True) if uprivs.exists(): recrypt_keys(uprivs, settings.SECRET_KEY, form.cleaned_data['password']) if (not user.is_active): return err_DM002() # Okay, everything checks out. Now check that the user is a Provider or Practice Manager providers = Provider.objects.filter(user=user.id) staff = OfficeStaff.objects.filter(user__pk=user.id) mobile_phone = '' mdcom_number = '' utype = None if providers and len(providers) > 0: utype = USER_TYPE_DOCTOR mdcom_number = providers[0].mdcom_phone mobile_phone = providers[0].user.mobile_phone elif staff and len(staff) > 0: staff = staff[0] if not staff_is_active(staff): return err_DM002() if not staff.user.has_perm('MHLUsers.access_smartphone'): return err_DM005() utype = USER_TYPE_OFFICE_STAFF manager_practice = staff.current_practice if manager_practice: mdcom_number = manager_practice.mdcom_phone mobile_phone = staff.user.mobile_phone if Office_Manager.objects.filter(user=staff).exists(): utype = USER_TYPE_OFFICE_MANAGER else: if not allow_staff_login: return err_DM020() else: return err_DM020() # When user login from app, clean some assn, such as: # 1. Other user's assn in the same app client. # 2. Same user's assn in other app client. # But, one user can login one mobile device and one tablet at the same time. # Now, the platform is only three options iPhone, Android, iPad. # If available platform options changed, please change the following logic. platform = form.cleaned_data['platform'] old_assns = None if platform in ('iPhone', 'Android'): old_assns = SmartPhoneAssn.objects.filter( Q(device_serial=form.cleaned_data['device_id']) | Q(user__pk=user.pk, platform__in=('iPhone', 'Android'))) else: old_assns = SmartPhoneAssn.objects.filter( Q(device_serial=form.cleaned_data['device_id']) | Q(user__pk=user.pk, platform='iPad')) if (old_assns and old_assns.exists()): for old_assn in old_assns: old_assn.dissociate(request, True) # get/set up all necessary crypto values. password = form.cleaned_data[ 'password'] # key strengthened below in different way local, remote = split_user_key(password) # NOTE: splitkey result reversed compared to web, but we should be # OK as long as whatever deemed remote is not stored server side. db_key = os.urandom(32) xor = XOR.new(base64.b64decode(remote)) dbsplit = base64.b64encode(xor.encrypt(db_key)) # Next, create the association object assn = SmartPhoneAssn( user_id=user.pk, device_serial=form.cleaned_data['device_id'], version=form.cleaned_data['app_version'], platform=platform, user_type=utype, ) if ('name' in form.cleaned_data): assn.name = form.cleaned_data['name'] assn.save(request) assn.update_secret(local, password) assn.update_db_secret(dbsplit, db_key) response = { 'data': { 'mdcom_id': assn.device_id, 'secret': remote, 'mdcom_number': mdcom_number, 'mobile_phone': mobile_phone, 'user_id': user.pk, # about the number of user_type, please read USER_TYPE_CHOICES # in the MHLogin.utils.contants.py 'user_type': utype, 'gcm_project_id': settings.GCM_PROJECT_ID, 'call_available': settings.CALL_ENABLE and bool(mobile_phone) }, 'warnings': {}, } setSystemInfoToResponse(response) response["settings"]['prefer_logo'] = get_prefer_logo(user.pk) return HttpResponse(content=json.dumps(response), mimetype='application/json')
def compose_message(request): if (request.method != 'POST'): return err_GE002() form = MsgCompositionForm(request.POST) if (not form.is_valid()): return err_GE031(form) sender = request.user sender_role_user = request.role_user subject = form.cleaned_data['subject'] body = form.cleaned_data['body'] recipients = [] form.cleaned_data['recipients'] if 'recipients' in form.cleaned_data and len(form.cleaned_data['recipients']) > 0: recipients = form.cleaned_data['recipients'] elif 'practice_recipients' in form.cleaned_data and \ len(form.cleaned_data['practice_recipients']) > 0: recipients = form.cleaned_data['practice_recipients'] ccs = [] if 'ccs' in form.cleaned_data and len(form.cleaned_data['ccs']) > 0: ccs = form.cleaned_data['ccs'] attachments = [] if ('attachment' in request.FILES): attachments = request.FILES.getlist('attachment') attachment_count = len(attachments) if not sendMessageCheck(sender, attachment_count, recipients, ccs): err_obj = { 'errno': 'MS002', 'descr': _("Thank you for your interest in sharing files with DoctorCom's secure system." \ + "This share is compliments of DoctorCom and your file has been sent to the intended party." \ + "However, to have full access you'll need a subscription for only $25/month."), } return HttpResponseBadRequest(content=json.dumps(err_obj), mimetype='application/json') exist_attchments = None if 'message_id' in form.cleaned_data and form.cleaned_data['message_id']\ and 'attachment_ids' in form.cleaned_data and \ len(form.cleaned_data['attachment_ids']) > 0: exist_attchments = { "message_id": form.cleaned_data['message_id'], "attachment_ids": form.cleaned_data['attachment_ids'] } exist_refer = None if 'message_id' in form.cleaned_data and form.cleaned_data['message_id'] \ and 'refer_id' in form.cleaned_data and form.cleaned_data['refer_id']: exist_refer = { "message_id": form.cleaned_data['message_id'], "refer_id": form.cleaned_data['refer_id'] } thread_uuid = None if 'thread_uuid' in form.cleaned_data and form.cleaned_data['thread_uuid']: thread_uuid = form.cleaned_data['thread_uuid'] request.session['key'] = request.device_assn.secret ss = form.cleaned_data['secret'] createNewMessage(request, sender, sender_role_user, recipients, body, ccs=ccs, subject=subject, uploads=attachments, exist_attchments=exist_attchments, exist_refer=exist_refer, thread_uuid=thread_uuid, ss=ss) response = { 'data': {}, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def get_message_details(request): if (request.method != 'POST'): return err_GE002() form = GetMsgDetailsForm(request.POST) if (not form.is_valid()): return err_GE031(form) message_uuids = form.cleaned_data['message_uuids'] msgss = list(MessageBodyUserStatus.objects.filter(user=request.user, delete_flag=False, msg_body__message__uuid__in=message_uuids) .extra(select={'sender_title':"SELECT MHLUsers_mhluser.title \ FROM MHLUsers_mhluser INNER JOIN Messaging_message ON \ MHLUsers_mhluser.user_ptr_id = Messaging_message.sender_id \ INNER JOIN Messaging_messagebody ON \ Messaging_message.id = Messaging_messagebody.message_id \ WHERE Messaging_messagebody.id = Messaging_messagebodyuserstatus.msg_body_id"}) .order_by('-msg_body__message__send_timestamp') .select_related('msg_body', 'msg_body__message', 'msg_body__message__sender')) if (len(msgss) == 0): raise Http404 # Get/set up data for KMS. request.session['key'] = request.device_assn.secret ss = form.cleaned_data['secret'] recipients = MessageRecipient.objects.filter(message__uuid__in=message_uuids) \ .select_related('user', 'message')\ .only('user__first_name', 'user__last_name', 'message__uuid') recp_dict = convert_query_set_to_dict_with_uuid(recipients) ccs = MessageCC.objects.filter(message__uuid__in=message_uuids)\ .select_related('user', 'message')\ .only('user__first_name', 'user__last_name', 'message__uuid') cc_dict = convert_query_set_to_dict_with_uuid(ccs) attachments = MessageAttachment.objects.filter(message__uuid__in=message_uuids)\ .select_related('message') attach_dict = convert_query_set_to_dict_with_uuid(attachments) mahs = MessageActionHistory.objects.filter(message__uuid__in=message_uuids)\ .select_related('user', 'message')\ .extra(select={'title':'SELECT title FROM MHLUsers_mhluser \ WHERE MHLUsers_mhluser.user_ptr_id = Messaging_messageactionhistory.user_id'}) mah_dict = convert_query_set_to_dict_with_uuid(mahs) refers = MessageRefer.objects.filter(message__uuid__in=message_uuids)\ .select_related('message') refer_dict = convert_query_set_to_dict_with_uuid(refers) user = request.user local_tz = getCurrentTimeZoneForUser(user) current_user = request.role_user current_user_mobile = current_user.user.mobile_phone ret_msgs = [] for status_obj in msgss: try: read_message(request, status_obj.msg_body, ss=ss) except KeyInvalidException: return err_GE021() msg = status_obj.msg_body.message msg_uuid = msg.uuid recipients = [] if msg_uuid in recp_dict: recipients = [{ 'name': get_fullname_bystr(msg.sender.last_name, msg.sender.first_name,status_obj.sender_title), 'id': u.user.id, } for u in recp_dict[msg_uuid]] ccs = [] if msg_uuid in cc_dict: ccs = [{ 'name': get_fullname_bystr(u.user.last_name, u.user.first_name, u.title), 'id': u.user.id, } for u in cc_dict[msg_uuid]] attachments = [] if msg_uuid in attach_dict: attachments = [ { 'id': att.uuid, 'filename': get_attachment_filename(request, att, ss), 'filesize': att.size, 'suffix':att.suffix, } for att in attach_dict[msg_uuid]] refer = None if msg_uuid in refer_dict: refer = _get_refer_from_mbus(status_obj, logo_size="Large", refers=refer_dict[msg_uuid]) action_history = [] if msg_uuid in mah_dict: action_history = render_action_histories(mah_dict[msg_uuid], user=user, time_zone=local_tz) ret_msgs.append({ 'body': status_obj.msg_body.clear_data, 'timestamp': formatTimeSetting(user, msg.send_timestamp, local_tz, True), 'send_timestamp': msg.send_timestamp, 'sender': { 'name': get_fullname_bystr(msg.sender.last_name, msg.sender.first_name,status_obj.sender_title)\ if msg.sender else "System Message", 'id': msg.sender.id if msg.sender else 0, }, 'recipients': recipients, 'ccs': ccs, 'attachments': attachments, 'message_type': msg.message_type if msg.message_type else 'NM', 'callback_number': msg.callback_number, 'callback_available': settings.CALL_ENABLE and bool(msg.callback_number) and bool(current_user_mobile), 'urgent': bool(msg.urgent), 'resolution_flag': bool(msg._resolved_by_id), 'refer': refer, 'thread_uuid': msg.thread_uuid, 'action_history': action_history, 'action_history_count': len(action_history) }) response = { 'data': ret_msgs, 'warnings': {}, } return HttpResponse(content=json.dumps(response), mimetype='application/json')
def list_tasks(request): if (request.method != 'POST'): return err_GE002() form = TaskListForm(request.POST) if (not form.is_valid()): return err_GE031(form) response = { 'data': {}, 'warnings': {}, } data = response['data'] qs = FollowUps.objects.filter(user=request.user) data['total_task_count'] = qs.count() data['incomplete_task_count'] = qs.filter(done=False).count() local_tz = timezone(settings.TIME_ZONE) # Configuration values from the form. if ('done_from' in form.cleaned_data): done_from = form.cleaned_data['done_from'] if ('due_from_timestamp' in form.cleaned_data and form.cleaned_data['due_from_timestamp']): due_from = timezone_conversion( form.cleaned_data['due_from_timestamp'], local_tz).replace(tzinfo=None) if ('creation_from_timestamp' in form.cleaned_data and form.cleaned_data['creation_from_timestamp']): creation_from = timezone_conversion( form.cleaned_data['creation_from_timestamp'], local_tz).replace(tzinfo=None) qs = qs.filter( Q( Q(done=done_from), Q(due_date=due_from, creation_date__gte=creation_from) | Q(due_date__gt=due_from)) | Q(done__gt=done_from)) else: qs = qs.filter( Q(done=done_from, due_date__gte=due_from) | Q(done__gt=done_from)) if ('done_to' in form.cleaned_data): done_to = form.cleaned_data['done_to'] if ('due_to_timestamp' in form.cleaned_data and form.cleaned_data['due_to_timestamp']): due_to = timezone_conversion(form.cleaned_data['due_to_timestamp'], local_tz).replace(tzinfo=None) if ('creation_to_timestamp' in form.cleaned_data and form.cleaned_data['creation_to_timestamp']): creation_to = timezone_conversion( form.cleaned_data['creation_to_timestamp'], local_tz).replace(tzinfo=None) qs = qs.filter( Q( Q(done=done_to), Q(due_date=due_to, creation_date__lte=creation_to) | Q(due_date__lt=due_to)) | Q(done__lt=done_to)) else: qs = qs.filter( Q(done=done_to, due_date__lte=due_to) | Q(done__lt=done_to)) if ('exclude_id' in form.cleaned_data and form.cleaned_data['exclude_id']): exclude_id = form.cleaned_data['exclude_id'] qs = qs.exclude(id=exclude_id) count = 20 if ('count' in form.cleaned_data and form.cleaned_data['count']): count = form.cleaned_data['count'] if ('completed' in request.POST): qs = qs.filter(done=form.cleaned_data['completed']) query_count = qs.count() if (query_count > count): qs = qs[:count] data['limit_hit'] = True else: data['limit_hit'] = False data['query_count'] = qs.count() tasks = data['tasks'] = [] for task in qs: tasks.append({ 'id': task.id, 'due': task.due_date.strftime(TIME_DISPLAY_FORMAT), 'due_timestamp': convertDatetimeToUTCTimestamp(task.due_date), 'creation_timestamp': convertDatetimeToUTCTimestamp(task.creation_date), 'priority': task.priority, 'description': task.task, 'done_flag': task.done, 'note': task.note, }) return HttpResponse(content=json.dumps(response), mimetype='application/json')