def get_queryset(cls, queryset, user):
queryset = cls.filter_queryset(queryset)
if isinstance(user, ResolveInfo):
user = user.context.user
if settings.ROW_SECURITY and user.is_anonymous:
return queryset.filter(id=None)
if settings.ROW_SECURITY:
dist = UserDistrict.get_user_districts(user._u)
return queryset.filter(
locations__parent__parent_id__in=[l.location_id for l in dist])
return queryset
def hf_scope_check(self, claim_submit):
from location.models import UserDistrict, HealthFacility
dist = UserDistrict.get_user_districts(self.user._u)
hf = HealthFacility.filter_queryset()\
.filter(code=claim_submit.health_facility_code)\
.filter(location_id__in=[l.location_id for l in dist])\
.first()
if not hf:
raise ClaimSubmitError(
"Invalid health facility code or health facility not allowed for user"
)
def get_queryset(cls, queryset, user):
queryset = cls.filter_queryset(queryset)
# GraphQL calls with an info object while Rest calls with the user itself
if isinstance(user, ResolveInfo):
user = user.context.user
if settings.ROW_SECURITY and user.is_anonymous:
return queryset.filter(id=-1)
if settings.ROW_SECURITY:
dist = UserDistrict.get_user_districts(user._u)
return queryset.filter(
health_facility__location_id__in=[l.location_id for l in dist])
return queryset
def get_queryset(cls, queryset, user):
queryset = Claim.filter_queryset(queryset)
# GraphQL calls with an info object while Rest calls with the user itself
if isinstance(user, ResolveInfo):
user = user.context.user
if settings.ROW_SECURITY and user.is_anonymous:
return queryset.filter(id=-1)
if settings.ROW_SECURITY:
# TechnicalUsers don't have health_facility_id attribute
if hasattr(user._u,
'health_facility_id') and user._u.health_facility_id:
return queryset.filter(
health_facility_id=user._u.health_facility_id)
else:
dist = UserDistrict.get_user_districts(user._u)
return queryset.filter(health_facility__location_id__in=[
l.location_id for l in dist
])
return queryset
def attach(request):
queryset = ClaimAttachment.objects.filter(*core.filter_validity())
if settings.ROW_SECURITY:
from location.models import UserDistrict
dist = UserDistrict.get_user_districts(request.user._u)
queryset = queryset.select_related("claim")\
.filter(
claim__health_facility__location__id__in=[
l.location_id for l in dist]
)
attachment = queryset\
.filter(id=request.GET['id'])\
.first()
if not attachment:
raise PermissionDenied(_("unauthorized"))
if ClaimConfig.claim_attachments_root_path and attachment.url is None:
response = HttpResponse(status=404)
return response
if not ClaimConfig.claim_attachments_root_path and attachment.document is None:
response = HttpResponse(status=404)
return response
response = HttpResponse(content_type=(
"application/x-binary" if attachment.mime is None else attachment.mime
))
response[
'Content-Disposition'] = 'attachment; filename=%s' % attachment.filename
if ClaimConfig.claim_attachments_root_path:
f = open(
'%s/%s' %
(ClaimConfig.claim_attachments_root_path, attachment.url), "r")
response.write(f.read())
f.close()
else:
response.write(base64.b64decode(attachment.document))
return response
def fetch(self, uuid):
from .models import Claim
queryset = Claim.objects.filter(*core.filter_validity())
if settings.ROW_SECURITY:
from location.models import UserDistrict
dist = UserDistrict.get_user_districts(self.user._u)
queryset = queryset.filter(health_facility__location__id__in=[
l.location_id for l in dist
])
claim = queryset\
.select_related('health_facility') \
.select_related('insuree') \
.filter(uuid=uuid)\
.first()
if not claim:
raise PermissionDenied(_("unauthorized"))
return {
"code": claim.code,
"visitDateFrom":
claim.date_from.isoformat() if claim.date_from else None,
"visitDateTo":
claim.date_to.isoformat() if claim.date_to else None,
"claimDate":
claim.date_claimed.isoformat() if claim.date_claimed else None,
"healthFacility": str(claim.health_facility),
"insuree": str(claim.insuree),
"claimAdmin": str(claim.admin) if claim.admin else None,
"icd": str(claim.icd),
"icd1": str(claim.icd1) if claim.icd_1 else None,
"icd2": str(claim.icd1) if claim.icd_2 else None,
"icd3": str(claim.icd1) if claim.icd_3 else None,
"icd4": str(claim.icd1) if claim.icd_4 else None,
"guarantee": claim.guarantee_id,
"visitType": claim.visit_type,
"claimed": claim.claimed,
"services": [formatClaimService(s) for s in claim.services.all()],
"items": [formatClaimItem(i) for i in claim.items.all()],
}