def create_test():
if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
name = request.form['testname']
if len(request.form.getlist('testavail')) > 0:
avail = True
else:
avail = False
price = request.form['testprice']
category = request.form['testcategory']
testtype = request.form['testtype']
code = request.form['testcode']
desc = request.form['testdesc']
q_session = Session()
record = Tests(
name=name,
available=avail,
price=price,
category=category,
type=testtype,
code=code,
description=desc
)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Created test with code = ' + code + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_tests'))
else:
session['no-access'] = True
session['tried'] = 'Tests'
return redirect(url_for('login'))
def modify_users():
if session["logged_in"] and ("Read users" in session or "Edit users" in session):
if request.form["submit"] == "save":
roleslist = request.form.getlist("roleslist")
username = request.form["usernameholder"]
q_session = Session()
roles = q_session.query(UserRoles).filter_by(email=username).delete()
q_session.commit()
for role in roleslist:
record = UserRoles(email=username, user_role_id=role)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ": Made changes to roles of " + username + " by " + current_user.email
app.logger.info(msg)
if request.form["submit"] == "delete":
user = request.form["usernameholder"]
q_session = Session()
roles = q_session.query(UserRoles).filter_by(email=user).delete()
q_session.commit()
users = q_session.query(Login).filter_by(email=user).delete()
q_session.commit()
msg = str(datetime.datetime.now()) + ": Removed user " + user + " by " + current_user.email
app.logger.info(msg)
return redirect(url_for(".user_roles"))
else:
session["no-access"] = True
session["tried"] = "Users"
return redirect(url_for("login"))
def create_user():
if session["logged_in"] and ("Read users" in session or "Edit users" in session):
roleslist = request.form.getlist("newuserroles")
user = request.form["username"]
passwd = request.form["passwd"]
inppasswd = bcrypt.generate_password_hash(passwd)
q_session = Session()
userrecord = Login(email=user, passwd=inppasswd, authenticated=True)
q_session.add(userrecord)
q_session.commit()
for role in roleslist:
record = UserRoles(email=user, user_role_id=role)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ": Created user with id = " + user + " by " + current_user.email
app.logger.info(msg)
return redirect(url_for(".user_roles"))
else:
session["no-access"] = True
session["tried"] = "Users"
return redirect(url_for("login"))
def create_patient():
if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
name = request.form['patientname']
category = request.form['patientcategory']
ptype = request.form['patienttype']
age = request.form['patientage']
sex = request.form['patientsex']
contact = request.form['patientcontact']
email = request.form['patientemail']
address = request.form['patientaddress']
reg_no = request.form['patientreg']
ref_no = request.form['patientref']
mlc_no = request.form['patientmlc']
q_session = Session()
record = Patients(
name=name,
category=category,
type=ptype,
age=age,
sex=sex,
contact=contact,
email=email,
address=address,
reg_no=reg_no,
ref_no=ref_no,
mlc_no=mlc_no
)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Created patient with name = ' + name + ' and ref_no = ' + ref_no + \
' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_patients'))
else:
session['no-access'] = True
session['tried'] = 'Patients'
return redirect(url_for('login'))
def create_role():
if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
role = request.form['rolename']
permissionslist = request.form.getlist('rolepermissions')
q_session = Session()
record = Roles(name=role)
q_session.add(record)
q_session.commit()
query = q_session.query(
Roles
).filter(
Roles.name == role
).first()
for permission in permissionslist:
record = RolesPermissions(role_id=query.id, permissions_id=permission)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Created role ' + role + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_roles'))
else:
session['no-access'] = True
session['tried'] = 'Roles'
return redirect(url_for('login'))
def modify_role():
if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
if request.form['submit'] == 'delete':
role_id = request.form['roleid']
q_session = Session()
# Retrieve the role name for logging
role = q_session.query(
Roles
).filter_by(
id=role_id
).first()
rolename = role.name
# Delete the role
roles = q_session.query(
Roles
).filter_by(
id=role_id
).delete()
# delete permissions associated with the role
permissions = q_session.query(
RolesPermissions
).filter(
RolesPermissions.role_id == role_id
).delete()
# delete user role map for the said role
user_roles = q_session.query(
UserRoles
).filter(
UserRoles.user_role_id == role_id
).delete()
q_session.commit()
msg = str(datetime.datetime.now()) + ': Deleted role ' + rolename + ' by ' + current_user.email
app.logger.info(msg)
if request.form['submit'] == 'save':
role_id = request.form['roleid']
rolename = request.form['rolename']
q_session = Session()
# delete all existing permissions for this role
permissions = q_session.query(
RolesPermissions
).filter(
RolesPermissions.role_id == role_id
).delete()
q_session.commit()
permissionslist = request.form.getlist('rolepermissions')
# get system wide permissions
all_permissions = all_permission_names()
# find permissions to remove from session
permissions_to_remove_from_session = list(set(all_permissions).difference(set(read_user_permissions())))
# remove the permissions from session
for permission_to_remove in permissions_to_remove_from_session:
session.pop(permission_to_remove, None)
# set all new permissions in session
permission_names = q_session.query(
Permissions.name
).filter(
Permissions.id.in_(permissionslist)
).all()
for each_permission in permission_names:
session[each_permission[0]] = True
# add new role permissions
for permission in permissionslist:
record = RolesPermissions(role_id=role_id, permissions_id=permission)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Modified role ' + rolename + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_roles'))
else:
session['no-access'] = True
session['tried'] = 'Roles'
return redirect(url_for('login'))