def read(request, resource_type, id):
"""
Read FHIR Interaction
Example client use in curl:
curl -X GET http://127.0.0.1:8000/fhir/Practitioner/1234
"""
interaction_type = 'read'
cx = get_crosswalk(request.user)
# cx will be the crosswalk record or None
rr = get_resourcerouter(cx)
# Check if this interaction type and resource type combo is allowed.
deny = check_access_interaction_and_resource_type(resource_type,
interaction_type, rr)
if deny:
# If not allowed, return a 4xx error.
return deny
od = OrderedDict()
od['request_method'] = request.method
od['interaction_type'] = interaction_type
od['resource_type'] = resource_type
od['id'] = id
od['note'] = 'This is only a stub for future implementation'
return HttpResponse(json.dumps(od, indent=4),
content_type='application/json')
def history(request, resource_type, id):
interaction_type = '_history'
cx = get_crosswalk(request.user)
# cx will be the crosswalk record or None
rr = get_resourcerouter(cx)
# Check if this interaction type and resource type combo is allowed.
deny = check_access_interaction_and_resource_type(resource_type,
interaction_type,
rr)
if deny:
# If not allowed, return a 4xx error.
return deny
# Read Search Interaction
# Example client use in curl:
# curl -X GET http://127.0.0.1:8000/fhir/Practitioner/12345/_history
if request.method != 'GET':
msg = 'HTTP method %s not supported at this URL.' % (request.method)
return kickout_400(msg)
# testing direct response
# return FHIR_BACKEND.history(request, resource_type, id)
od = OrderedDict()
od['request_method'] = request.method
od['interaction_type'] = '_history'
od['resource_type'] = resource_type
od['id'] = id
od['note'] = 'This is only a stub for future implementation'
return HttpResponse(json.dumps(od, indent=4),
content_type='application/json')
def update(request, resource_type, id):
"""
Update FHIR Interaction
Example client use in curl:
curl -X PUT -H 'Content-Type: application/json' \
--data @test.json http://127.0.0.1:8000/fhir/Practitioner/12345
"""
interaction_type = 'update'
cx = get_crosswalk(request.user)
# cx will be the crosswalk record or None
rr = get_resourcerouter(cx)
# Check if this interaction type and resource type combo is allowed.
deny = check_access_interaction_and_resource_type(resource_type,
interaction_type, rr)
if deny:
# If not allowed, return a 4xx error.
return deny
od = update_mongo_fhir(
json.loads(request.body, object_pairs_hook=OrderedDict), 'fhir',
resource_type, id)
if od['code'] == 200:
return HttpResponse(json.dumps(od['result'], indent=4),
status=od['code'],
content_type='application/json')
else:
oo = OrderedDict()
oo['resourceType'] = 'OperationOutcome'
oo['issue'] = []
issue = OrderedDict()
if od['code'] == 500:
issue['severity'] = 'fatal'
issue['code'] = 'exception'
issue['details'] = od['details']
if od['code'] == 400:
issue['severity'] = 'fatal'
issue['code'] = 'invalid'
issue['details'] = od['details']
oo['issue'].append(issue)
return HttpResponse(json.dumps(oo, indent=4),
status=od['code'],
content_type='application/json')
def check_resource_permission(self, request, resource_type, resource_id,
**kwargs):
crosswalk = get_crosswalk(request.resource_owner)
# If the user isn't matched to a backend ID, they have no permissions
if crosswalk is None:
logger.info('Crosswalk for %s does not exist' % request.user)
raise exceptions.PermissionDenied(
'No access information was found for the authenticated user')
if resource_type == 'Patient':
# Error out in advance for non-matching Patient records.
# Other records must hit backend to check permissions.
if resource_id != crosswalk.fhir_id:
raise exceptions.PermissionDenied(
'You do not have permission to access data on the requested patient'
)
return crosswalk
def check_resource_permission(self, request, *args, **kwargs):
crosswalk = get_crosswalk(request.resource_owner)
# If the user isn't matched to a backend ID, they have no permissions
if crosswalk is None:
logger.info('Crosswalk for %s does not exist' % request.user)
raise exceptions.PermissionDenied(
'No access information was found for the authenticated user')
patient_id = crosswalk.fhir_id
if 'patient' in request.GET and request.GET['patient'] != patient_id:
raise exceptions.PermissionDenied(
'You do not have permission to access the requested patient\'s data'
)
if 'beneficiary' in request.GET and patient_id not in request.GET[
'beneficiary']:
raise exceptions.PermissionDenied(
'You do not have permission to access the requested patient\'s data'
)
return crosswalk
def rebuild_fhir_search(request):
""" Rebuild the Search String
We will start to use a session variable
We received:
http://localhost:8000/cmsblue/fhir/v1
?_getpages=61c6e2d1-2b7c-49c3-a083-3d5b3874d4ff&_getpagesoffset=10
&_count=10&_format=json&_pretty=true&_bundletype=searchset
Session Variables will be storing:
- FHIR Target URL/Resource
- _getpages value
- expires datetime
Construct FHIR_Target_URL + search parameters
"""
# now = str(datetime.now())
ikey = ''
if '_getpages' in request.GET:
ikey = request.GET['_getpages']
sn_vr = read_session(request, ikey, skey=SESSION_KEY)
# logger.debug("Session info:%s" % sn_vr)
if sn_vr == {}:
# Nothing returned from Session Variables
# Key could be expired or not matched
return authenticated_home(request)
url_call = sn_vr['fhir_to']
url_call += '/?' + request.META['QUERY_STRING']
rewrite_url_list = sn_vr['rwrt_list']
resource_type = sn_vr['res_type']
interaction_type = sn_vr['intn_type']
key = sn_vr['key']
vid = sn_vr['vid']
cx = get_crosswalk(request.user)
# logger.debug("Calling:%s" % url_call)
r = request_call(request, url_call, cx,
reverse_lazy('authenticated_home'))
host_path = get_host_url(request, '?')
# get 'xml' 'json' or ''
fmt = get_search_param_format(request.META['QUERY_STRING'])
text_out = post_process_request(request, fmt, host_path, r,
rewrite_url_list)
od = build_output_dict(request, OrderedDict(), resource_type, key, vid,
interaction_type, fmt, text_out)
if fmt == 'xml':
# logger.debug('We got xml back in od')
return HttpResponse(r.text, content_type='application/%s' % fmt)
# return HttpResponse( tostring(dict_to_xml('content', od)),
# content_type='application/%s' % fmt)
elif fmt == 'json':
# logger.debug('We got json back in od')
return HttpResponse(pretty_json(od),
content_type='application/%s' % fmt)
# logger.debug('We got a different format:%s' % fmt)
return render(
request,
'bluebutton/default.html',
{
'content': pretty_json(od),
'output': od
},
)
return authenticated_home(request)
def read_search(request,
interaction_type,
resource_type,
id=None,
vid=None,
*args,
**kwargs):
"""
Read from remote FHIR Server
:param request:
:param interaction_type:
:param resource_type:
:param id:
:param vid:
:param args:
:param kwargs:
:return:
# Example client use in curl:
# curl -X GET http://127.0.0.1:8000/fhir/Practitioner/1234?_format=json
"""
logger.debug('\n========================\n'
'INTERACTION_TYPE: %s' % interaction_type)
# Get the users crosswalk
cx = get_crosswalk(request.user)
# cx will be the crosswalk record or None
rr = get_resourcerouter(cx)
# Check if this interaction type and resource type combo is allowed.
deny = check_access_interaction_and_resource_type(resource_type,
interaction_type, rr)
if deny:
# if not allowed, return a 4xx error.
return deny
srtc = check_rt_controls(resource_type, rr)
# We get back a Supported ResourceType Control record or None
# with earlier if deny step we should have a valid srtc.
if srtc.secure_access and request.user.is_anonymous():
return kickout_403('Error 403: %s Resource access is controlled.'
' Login is required:'
'%s' % (resource_type, request.user.is_anonymous()))
# logger.debug('srtc: %s' % srtc)
if (cx is None and srtc is not None):
# There is a srtc record so we need to check override_search
if srtc.override_search:
# If user is not in Crosswalk and srtc has search_override = True
# We need to prevent search to avoid data leakage.
return kickout_403('Error 403: %s Resource is access controlled.'
' No records are linked to user:'******'%s' % (resource_type, request.user))
################################################
#
# Now we should have sorted out all the bounces
# Now to structure the call to the back-end
#
################################################
# construct the server address, path and release
# Get the crosswalk.fhir_source = ResourceRouter
# Build url from rr.server_address + rr.server_path + rr.server_release
target_url = rr.fhir_url
# add resource_type + '/'
target_url += srtc.resourceType
target_url += "/"
# Analyze the _format parameter
# Sve the display _format
input_parameters = request.GET
# requested_format = 'json' | 'xml' | 'html'
requested_format = save_request_format(input_parameters)
format_mode = eval_format_type(requested_format)
# prepare the back-end _format setting
back_end_format = set_fhir_format(format_mode)
# remove the oauth parameters
payload = strip_oauth(request.GET)
# Get payload with oauth parameters removed
# Add the format for back-end
payload['_format'] = back_end_format
# remove the srtc.search_block parameters
payload = block_params(payload, srtc)
# print("id:%s" % str(id))
# move resource_id to _id=resource_id
id_dict = set_resource_id(srtc, id, cx.fhir_id)
# id_dict['query_mode'] = 'search' | 'read'
# id_dict['url_id'] = '' | id
# id_dict['_id'] = id | ''
# id_dict['patient'] = patient_id | ''
# resource_id = id_dict['url_id']
# Add the srtc.search_add parameters
# added_params = add_params(srtc,
# patient_id=id_dict['patient'],
# key=id_dict['url_id'])
# print("Added Params:%s" % added_params)
params_list = search_add_to_list(srtc.search_add)
# print("Params_List:%s" % params_list)
payload = payload_additions(payload, params_list)
# print('id_dict:%s' % id_dict)
# print("what have we got?:%s" % id_dict)
if id_dict['_id']:
# add rt_id into the search parameters
if id_dict['_id'] is not None:
payload['_id'] = id_dict['_id']
if resource_type.lower() == 'patient':
# print("Working resource:%s" % resource_type)
payload['_id'] = id_dict['patient']
if payload['patient']:
del payload['patient']
for pyld_k, pyld_v in payload.items():
if pyld_v is None:
pass
elif '%PATIENT%' in pyld_v:
# replace %PATIENT% with cx.fhir_id
payload = payload_var_replace(payload,
pyld_k,
new_value=id_dict['patient'],
old_value='%PATIENT%')
# print("post futzing:%s" % id_dict)
# add the _format setting
payload['_format'] = back_end_format
# Make the request_call
r = request_get_with_parms(request,
target_url,
json.loads(json.dumps(payload)),
cx,
reverse_lazy('home'),
timeout=settings.REQUEST_CALL_TIMEOUT)
################################################
#
# Now we process the response from the back-end
#
################################################
# if 'status_code' in r:
# r_status_code = r.status_code
# else:
# r_status_code = 500
rewrite_list = build_rewrite_list(cx)
host_path = get_host_url(request, resource_type)[:-1]
try:
text_in = r.text
except:
text_in = ""
text_out = post_process_request(request, back_end_format, host_path,
text_in, rewrite_list)
if resource_type.lower() == 'patient':
display_key = id_dict['patient']
else:
display_key = id
od = build_output_dict(request, OrderedDict(), resource_type, display_key,
vid, interaction_type, requested_format, text_out)
################################################
#
# Now display the result
#
################################################
ikey = ''
try:
ikey = find_ikey(r.text)
except:
ikey = ''
if ikey is not '':
save_url = get_target_url(target_url, resource_type)
# print("Store target_url:%s but only: %s" % (target_url,save_url))
content = {
'fhir_to': save_url,
'rwrt_list': rewrite_list,
'res_type': resource_type,
'intn_type': interaction_type,
'key': display_key,
'vid': vid,
'resource_router': rr.id
}
sesn_var = write_session(request, ikey, content, skey=SESSION_KEY)
if sesn_var:
logger.debug("Problem writing session variables."
" Returned %s" % sesn_var)
if format_mode == 'xml':
# logger.debug('We got xml back in od')
return HttpResponse(r.text,
content_type='application/%s' % requested_format)
# return HttpResponse(tostring(dict_to_xml('content', od)),
# content_type='application/%s' % requested_format)
elif format_mode == 'json':
# logger.debug('We got json back in od')
return HttpResponse(pretty_json(od['bundle']),
content_type='application/%s' % requested_format)
query_string = build_querystring(request.GET.copy())
if "xml" in requested_format:
# logger.debug("Sending text_out for display: %s" % text_out[0:100])
div_text = get_div_from_xml(text_out)
# print("DIV TEXT returned:[%s]%s" % (type(div_text), div_text))
return render(
request, 'bluebutton/default_xml.html', {
'output': text_out,
'content': {
'parameters': query_string,
'resource_type': resource_type,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': [
div_text,
],
'source': cx.fhir_source.name
}
})
else:
text_out = pretty_json(od['bundle'])
div_text = get_div_from_json(od['bundle'])
# logger.debug('We got a different format:%s' % requested_format)
return render(
request, 'bluebutton/default.html', {
'output': text_out,
'content': {
'parameters': query_string,
'resource_type': resource_type,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': div_text,
'source': cx.fhir_source.name
}
})
def get_fhir_claim(request, claim_number):
""" Search for Claim Number in FHIR Backend
Sample Search Specification:
http://bluebuttonhapi-test.hhsdevcloud.us/baseDstu2/
ExplanationOfBenefit
?identifier=CCW_PTA_FACT.CLM_ID|542612281109054
Nothing found result:
{"resourceType":"Bundle",
"id":"62fe7fe3-9dca-4114-b753-6d7e874c34c5",
"meta":{"lastUpdated":"2016-07-07T13:43:55.066+00:00"},
"type":"searchset",
"total":0,
"link":[{"relation":"self",
"url":"http://bluebuttonhapi-test.hhsdevcloud.us:80/baseDstu2/
ExplanationOfBenefit
?identifier=CCW_PTA_FACT.CLM_ID%7C542612281109055"}]}
Sample EOB Records
{
"fullUrl":"http://bluebuttonhapi-test.hhsdevcloud.us:80/baseDstu2/ExplanationOfBenefit/10",
"resource":{
"resourceType":"ExplanationOfBenefit",
"id":"10",
"extension":[
{
"url":"http://bluebutton.cms.hhs.gov/extensions#claimType",
"valueCoding":{
"system":"http://bluebutton.cms.hhs.gov/coding#claimType",
"code":"40",
"display":"Outpatient claim"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#attendingPhysician",
"valueReference":{
"reference":"Practitioner/12"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#operatingPhysician",
"valueReference":{
"reference":"Practitioner/13"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#otherPhysician",
"valueReference":{
"reference":"Practitioner/14"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#admittingDiagnosis",
"valueCoding":{
"system":"http://hl7.org/fhir/sid/icd-9-cm/diagnosis"
}
}
],
"meta":{
"versionId":"1",
"lastUpdated":"2016-03-28T03:14:40.898+00:00"
},
"identifier":[
{
"system":"CCW_PTA_FACT.CLM_ID",
"value":"542612281109054"
}
],
"billablePeriod":{
"start":"2008-11-15T00:00:00+00:00",
"end":"2008-11-15T00:00:00+00:00"
},
"provider":{
"reference":"Practitioner/11"
},
"diagnosis":[
{
"sequence":0,
"diagnosis":{
"system":"http://hl7.org/fhir/sid/icd-9-cm/diagnosis",
"code":"7137"
}
},
{
"sequence":1,
"diagnosis":{
"system":"http://hl7.org/fhir/sid/icd-9-cm/diagnosis",
"code":"72190"
}
}
],
"patient":{
"reference":"Patient/1"
},
"coverage":{
"coverage":{
"reference":"Coverage/4"
}
},
"item":[
{
"type":{
"system":"http://hl7.org/fhir/ValueSet/v3-ActInvoiceGroupCode",
"code":"CSPINV"
},
"adjudication":[
{
"category":{
"system":"CMS Adjudications",
"code":"Line NCH Payment Amount"
},
"amount":{
"value":10.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Primary Payer Claim Paid Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Beneficiary Blood Deductible Liability Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Beneficiary Part B Deductible Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Beneficiary Part B Coinsurance Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
}
],
"detail":[
{
"extension":[
{
"url":"http://bluebutton.cms.hhs.gov/extensions#diagnosisLinkId",
"valueInteger":0
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#diagnosisLinkId",
"valueInteger":1
}
],
"sequence":1,
"type":{
"system":"http://hl7.org/fhir/ValueSet/v3-ActInvoiceGroupCode",
"code":"CSPINV"
},
"service":{
"system":"HCPCS",
"code":"73564"
}
}
]
}
]
},
"search":{
"mode":"match"
}
},
{
"fullUrl":"http://bluebuttonhapi-test.hhsdevcloud.us:80/baseDstu2/ExplanationOfBenefit/15",
"resource":{
"resourceType":"ExplanationOfBenefit",
"id":"15",
"extension":[
{
"url":"http://bluebutton.cms.hhs.gov/extensions#claimType",
"valueCoding":{
"system":"http://bluebutton.cms.hhs.gov/coding#claimType",
"code":"40",
"display":"Outpatient claim"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#attendingPhysician",
"valueReference":{
"reference":"Practitioner/17"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#operatingPhysician",
"valueReference":{
"reference":"Practitioner/18"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#otherPhysician",
"valueReference":{
"reference":"Practitioner/19"
}
},
{
"url":"http://bluebutton.cms.hhs.gov/extensions#admittingDiagnosis",
"valueCoding":{
"system":"http://hl7.org/fhir/sid/icd-9-cm/diagnosis"
}
}
],
"meta":{
"versionId":"1",
"lastUpdated":"2016-03-28T03:14:40.898+00:00"
},
"identifier":[
{
"system":"CCW_PTA_FACT.CLM_ID",
"value":"542062281310767"
}
],
"billablePeriod":{
"start":"2009-02-02T00:00:00+00:00",
"end":"2009-02-02T00:00:00+00:00"
},
"provider":{
"reference":"Practitioner/16"
},
"diagnosis":[
{
"sequence":0,
"diagnosis":{
"system":"http://hl7.org/fhir/sid/icd-9-cm/diagnosis",
"code":"49321"
}
}
],
"patient":{
"reference":"Patient/1"
},
"coverage":{
"coverage":{
"reference":"Coverage/4"
}
},
"item":[
{
"type":{
"system":"http://hl7.org/fhir/ValueSet/v3-ActInvoiceGroupCode",
"code":"CSPINV"
},
"adjudication":[
{
"category":{
"system":"CMS Adjudications",
"code":"Line NCH Payment Amount"
},
"amount":{
"value":900.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Primary Payer Claim Paid Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Beneficiary Blood Deductible Liability Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Beneficiary Part B Deductible Amount"
},
"amount":{
"value":0.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
},
{
"category":{
"system":"CMS Adjudications",
"code":"NCH Beneficiary Part B Coinsurance Amount"
},
"amount":{
"value":20.00,
"system":"urn:std:iso:4217",
"code":"USD"
}
}
],
"detail":[
{
"extension":[
{
"url":"http://bluebutton.cms.hhs.gov/extensions#diagnosisLinkId",
"valueInteger":0
}
],
"sequence":1,
"type":{
"system":"http://hl7.org/fhir/ValueSet/v3-ActInvoiceGroupCode",
"code":"CSPINV"
},
"service":{
"system":"HCPCS",
"code":"99214"
}
}
]
}
]
},
"search":{
"mode":"match"
}
},
"""
# We need the crosswalk to check client auth for the server
cx = get_crosswalk(request.user)
# Get the FHIR Server URL
# Construct the Search for ExplanationOfBenefit / PatientClaimSummary
search_base = FhirServerUrl() + "ExplanationOfBenefit"
# FHIR_URL + PATH + RELEASE + ExplanationOfBenefit?
# claimIdentifier=claim_number
# &_format=json
# http://bluebuttonhapi-test.hhsdevcloud.us/baseDstu2/
# ExplanationOfBenefit?identifier=CCW_PTA_FACT.CLM_ID|542882280967266
search_base += "?_format=json&identifier=" # CCW_PTA_FACT.CLM_ID|"
fhir_claim = {}
fhir_claim['claimNumber'] = claim_number
fhir_claim['found'] = False
search_base += claim_number
# logger.debug('Calling request_call with %s' % search_base)
r = request_call(request, search_base, cx)
# logger.debug("returned with %s" % r.text)
bundle = json.loads(r.text, object_pairs_hook=OrderedDict)
resource = {}
if bundle['total'] > 0:
resource = bundle['entry'][0]['resource']
# If claim is found:
fhir_claim['found'] = True
fhir_claim['claimIdentifier'] = resource['identifier'][0]['value']
fhir_claim['identifier'] = resource['id']
fhir_claim['provider'] = resource['provider']['reference']
fhir_claim['patient'] = resource['patient']['reference']
if 'billablePeriod' in resource:
if isinstance(resource['billablePeriod'], dict):
fhir_claim['timingPeriod'] = dict(resource['billablePeriod'])
else:
fhir_claim['timingPeriod'] = resource['billablePeriod']
# fhir_claim['claimIdentifier'] = ExplanationOfBenefit.claimIdentifier
# fhir_claim['identifier'] = ExplanationOfBenefit.identifier
# fhir_claim['provider'] = ExplanationOfBenefit.providerIdentifier
# fhir_claim['patient'] = ExplanationOfBenefit.patientIdentifier
# fhir_claim['timingPeriod'] = ExplanationOfBenefit.timingPeriod
print("\nSearch for claim:", claim_number)
print("\Resources:", resource)
print("\nFound:", fhir_claim)
# logger.debug('fhir_claim: %s' % fhir_claim)
return fhir_claim
def generic_read(request,
interaction_type,
resource_type,
id=None,
vid=None,
*args,
**kwargs):
"""
Read from remote FHIR Server
:param request:
:param interaction_type:
:param resource_type:
:param id:
:param vid:
:param args:
:param kwargs:
:return:
# Example client use in curl:
# curl -X GET http://127.0.0.1:8000/fhir/Practitioner/1234
Process flow:
Is it a valid request?
Get the target server info
Get the request modifiers
Construct the call
Make the call
Check result for errors
Deliver the formatted result
"""
# DONE: Fix to allow url_id in url for non-key resources.
# eg. Patient is key resource so replace url if override_url_id is True
# if override_url_id is not set allow url_id to be applied and check
# if search_override is True.
# interaction_type = 'read' or '_history' or 'vread' or 'search'
logger.debug('\n========================\n'
'INTERACTION_TYPE: %s' % interaction_type)
# Get the users crosswalk
cx = get_crosswalk(request.user)
# cx will be the crosswalk record or None
rr = get_resourcerouter(cx)
# Check if this interaction type and resource type combo is allowed.
deny = check_access_interaction_and_resource_type(resource_type,
interaction_type, rr)
if deny:
# if not allowed, return a 4xx error.
return deny
srtc = check_rt_controls(resource_type, rr)
# We get back a Supported ResourceType Control record or None
# with earlier if deny step we should have a valid srtc.
if srtc.secure_access and request.user.is_anonymous():
return kickout_403('Error 403: %s Resource access is controlled.'
' Login is required:'
'%s' % (resource_type, request.user.is_anonymous()))
# logger.debug('srtc: %s' % srtc)
if cx is None:
logger.debug('Crosswalk for %s does not exist' % request.user)
if (cx is None and srtc is not None):
# There is a srtc record so we need to check override_search
if srtc.override_search:
# If user is not in Crosswalk and srtc has search_override = True
# We need to prevent search to avoid data leakage.
return kickout_403('Error 403: %s Resource is access controlled.'
' No records are linked to user:'******'%s' % (resource_type, request.user))
# Need to check if user is logged in.
# request.user.is_anonymous()
#
# if request.user.is_anonymous():
# Request.user = user
# interaction_type = read | _history | vread
# resource_type = 'Patient | Practitioner | ExplanationOfBenefit ...'
# id = fhir_id (potentially masked)
# vid = Version Id
# Check the resource_type to see if it has a url
# Check the resource_type to see if masking is required
# Get the FHIR_Server (from crosswalk via request.user)
# if masked get the fhir_id from crosswalk
# if search_override strip search items (search_block)
# if search_override add search keys
fhir_url = ''
# change source of default_url to ResourceRouter
default_path = get_default_path(srtc.resource_name, cx=cx)
# get the default path for resource with ending "/"
# You need to add resource_type + "/" for full url
if srtc:
# logger.debug('SRTC:%s' % srtc)
fhir_url = default_path + resource_type + '/'
if srtc.override_url_id:
fhir_url += cx.fhir_id + "/"
# logger.debug('fhir_url:%s' % fhir_url)
else:
logger.debug('CX:%s' % cx)
if cx:
fhir_url = cx.get_fhir_resource_url(resource_type)
else:
# logger.debug('FHIRServer:%s' % FhirServerUrl())
fhir_url = FhirServerUrl() + resource_type + '/'
# #### SEARCH
if interaction_type == 'search':
key = None
else:
key = masked_id(resource_type, cx, srtc, id, slash=False)
print("\nMasked_id-key:%s from r_id:%s "
"and cx-fhir_id:%s\n" % (key, id, cx.fhir_id))
# add key to fhir_url unless already in place.
fhir_url = add_key_to_fhir_url(fhir_url, key)
logger.debug('FHIR URL with key:%s' % fhir_url)
###########################
# Now we get to process the API Call.
# Internal handling format is json
# Remove the oauth elements from the GET
pass_params = strip_oauth(request.GET)
# Let's store the inbound requested format
# We need to simplify the format call to the backend
# so that we get data we can manipulate
requested_format = request_format(pass_params)
# now we simplify the format/_format request for the back-end
pass_params = strip_format_for_back_end(pass_params)
if "_format" in pass_params:
back_end_format = pass_params['_format']
else:
back_end_format = "json"
# #### SEARCH
if interaction_type == 'search':
if cx is not None:
# logger.debug("cx.fhir_id=%s" % cx.fhir_id)
if cx.fhir_id.__contains__('/'):
id = cx.fhir_id.split('/')[1]
else:
id = cx.fhir_id
# logger.debug("Patient Id:%s" % r_id)
if resource_type.lower() == "patient":
key = cx.fhir_id
else:
key = id
pass_params = build_params(pass_params, srtc, key, patient_id=cx.fhir_id)
# Add the call type ( READ = nothing, VREAD, _HISTORY)
# Before we add an identifier key
pass_to = fhir_call_type(interaction_type, fhir_url, vid)
logger.debug('\nHere is the URL to send, %s now add '
'GET parameters %s' % (pass_to, pass_params))
if pass_params is not '':
pass_to += pass_params
logger.debug("\nMaking request:%s" % pass_to)
###############################################
###############################################
# Now make the call to the backend API
if interaction_type == "search":
r = request_call(request,
pass_to,
cx,
reverse_lazy('home'),
timeout=settings.REQUEST_CALL_TIMEOUT)
else:
r = request_call(request, pass_to, cx, reverse_lazy('home'))
# BACK FROM THE CALL TO BACKEND
###############################################
###############################################
# logger.debug("r returned: %s" % r)
# Check for Error here
try:
error_check = r.text
logger.debug("We got r.text back:%s" % r.text[:200] + "...")
except:
error_check = "HttpResponse status_code=502"
logger.debug("Something went wrong with call to %s" % pass_to)
logger.debug("Checking for errors:%s" % error_check[:200] + "...")
if 'status_code' in error_check:
# logger.debug("We have a status code to check: %s" % r)
if r.status_code in ERROR_CODE_LIST:
logger.debug("\nError Status Code:%s" % r.status_code)
return error_status(r, r.status_code)
elif 'status_code=302' in error_check:
return error_status(r, 302)
elif 'status_code=502' in error_check:
return error_status(r, 502)
else:
logger.debug("Status Code:%s " "in:%s" % (r.status_code, r))
# We should have a 200 - good record to deal with
# We can occasionaly get a 200 with a Connection Error. eg. Timeout
try:
if "ConnectionError" in r.text:
logger.debug("Error:%s" % r.text)
return error_status(r, 502)
except:
pass
text_out = ''
# if 'text' in r:
# logger.debug('r:%s' % r.text)
# logger_debug.debug('r:%s' % r.text)
# else:
# logger.debug("r not returning text:%s" % r)
# logger_debug.debug("r not returning text:%s" % r)
# logger.debug("r.json: %s" % json.dumps(r.json))
# logger.debug('Rewrite List:%s' % rewrite_url_list)
host_path = get_host_url(request, resource_type)[:-1]
# logger.debug('host path:%s' % host_path)
# Add default FHIR Server URL to re-write
rewrite_url_list = build_rewrite_list(cx)
# print("Starting Rewrite_list:%s" % rewrite_url_list)
# ct_detail = get_content_type(r)
# logger.debug('Content-Type:%s \n work with %s' % (ct_detail,
# back_end_format))
try:
text_in = r.text
except:
text_in = ""
text_out = post_process_request(request, back_end_format, host_path,
text_in, rewrite_url_list)
od = build_output_dict(request, OrderedDict(), resource_type, key, vid,
interaction_type, requested_format, text_out)
# write session variables if _getpages was found
ikey = ''
try:
ikey = find_ikey(r.text)
except:
ikey = ''
if ikey is not '':
save_url = get_target_url(fhir_url, resource_type)
# print("Store fhir_url:%s but only: %s" % (fhir_url,save_url))
content = {
'fhir_to': save_url,
'rwrt_list': rewrite_url_list,
'res_type': resource_type,
'intn_type': interaction_type,
'key': key,
'vid': vid,
'resource_router': rr.id
}
sesn_var = write_session(request, ikey, content, skey=SESSION_KEY)
if sesn_var:
logger.debug("Problem writing session variables."
" Returned %s" % sesn_var)
if requested_format == 'xml':
# logger.debug('We got xml back in od')
return HttpResponse(r.text,
content_type='application/%s' % requested_format)
# return HttpResponse(tostring(dict_to_xml('content', od)),
# content_type='application/%s' % requested_format)
elif requested_format == 'json':
# logger.debug('We got json back in od')
return HttpResponse(pretty_json(od['bundle']),
content_type='application/%s' % requested_format)
query_string = build_querystring(request.GET.copy())
if "xml" in requested_format:
# logger.debug("Sending text_out for display: %s" % text_out[0:100])
div_text = get_div_from_xml(text_out)
# print("DIV TEXT returned:[%s]%s" % (type(div_text), div_text))
return render(
request, 'bluebutton/default_xml.html', {
'output': text_out,
'content': {
'parameters': query_string,
'resource_type': resource_type,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': [
div_text,
],
'source': cx.fhir_source.name
}
})
else:
text_out = pretty_json(od['bundle'])
div_text = get_div_from_json(od['bundle'])
# logger.debug('We got a different format:%s' % requested_format)
return render(
request, 'bluebutton/default.html', {
'output': text_out,
'content': {
'parameters': query_string,
'resource_type': resource_type,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': div_text,
'source': cx.fhir_source.name
}
})
def generic_read(request,
interaction_type,
resource_type,
id=None,
via_oauth=False,
vid=None,
*args,
**kwargs):
"""
Read from remote FHIR Server
:param request:
:param interaction_type:
:param resource_type:
:param id:
:param vid:
:param args:
:param kwargs:
:return:
# Example client use in curl:
# curl -X GET http://127.0.0.1:8000/fhir/Practitioner/1234
Process flow:
Is it a valid request?
Get the target server info
Get the request modifiers
- change url_id
- remove unwanted search parameters
- add search parameters
Construct the call
Make the call
Check result for errors
Deliver the formatted result
"""
# DONE: Fix to allow url_id in url for non-key resources.
# eg. Patient is key resource so replace url if override_url_id is True
# if override_url_id is not set allow id to be applied and check
# if search_override is True.
# interaction_type = 'read' or '_history' or 'vread' or 'search'
logger.debug('\n========================\n'
'INTERACTION_TYPE: %s - Via Oauth:%s' %
(interaction_type, via_oauth))
# if via_oauth we need to call crosswalk with
if via_oauth:
# get crosswalk from the resource_owner
cx = get_crosswalk(request.resource_owner)
else:
# Get the users crosswalk
cx = get_crosswalk(request.user)
# cx will be the crosswalk record or None
rr = get_resourcerouter(cx)
# Check if this interaction type and resource type combo is allowed.
deny = check_access_interaction_and_resource_type(resource_type,
interaction_type, rr)
if deny:
# if not allowed, return a 4xx error.
return deny
srtc = check_rt_controls(resource_type, rr)
# We get back a Supported ResourceType Control record or None
# with earlier if deny step we should have a valid srtc.
if not via_oauth:
# we don't need to check if user is anonymous if coming via_oauth
if srtc.secure_access and request.user.is_anonymous():
return kickout_403('Error 403: %s Resource access is controlled.'
' Login is required:'
'%s' %
(resource_type, request.user.is_anonymous()))
# logger.debug('srtc: %s' % srtc)
if cx is None:
logger.debug('Crosswalk for %s does not exist' % request.user)
if (cx is None and srtc is not None):
# There is a srtc record so we need to check override_search
if srtc.override_search:
# If user is not in Crosswalk and srtc has search_override = True
# We need to prevent search to avoid data leakage.
return kickout_403('Error 403: %s Resource is access controlled.'
' No records are linked to user:'******'%s' % (resource_type, request.user))
# TODO: Compare id to cx.fhir_id and return 403 if they don't match for
# Resource Type - Patient
fhir_url = ''
# change source of default_url to ResourceRouter
default_path = get_default_path(srtc.resource_name, cx=cx)
# get the default path for resource with ending "/"
# You need to add resource_type + "/" for full url
if srtc:
# logger.debug('SRTC:%s' % srtc)
fhir_url = default_path + resource_type + '/'
if srtc.override_url_id:
fhir_url += get_fhir_id(cx) + "/"
# logger.debug('fhir_url:%s' % fhir_url)
else:
fhir_url += id + "/"
else:
logger.debug('CX:%s' % cx)
if cx:
fhir_url = cx.get_fhir_resource_url(resource_type)
else:
# logger.debug('FHIRServer:%s' % FhirServerUrl())
fhir_url = FhirServerUrl() + resource_type + '/'
# #### SEARCH
if interaction_type == 'search':
key = None
else:
key = masked_id(resource_type, cx, srtc, id, slash=False)
# print("\nMasked_id-key:%s from r_id:%s "
# "and cx-fhir_id:%s\n" % (key, id, cx.fhir_id))
# add key to fhir_url unless already in place.
fhir_url = add_key_to_fhir_url(fhir_url, key)
logger.debug('FHIR URL with key:%s' % fhir_url)
###########################
# Now we get to process the API Call.
# Internal handling format is json
# Remove the oauth elements from the GET
pass_params = request.GET
# Let's store the inbound requested format
# We need to simplify the format call to the backend
# so that we get data we can manipulate
# if format is not defined and we come in via_oauth
# then default to json for format
requested_format = request_format(pass_params)
if requested_format == "html" and via_oauth:
requested_format = "json"
# now we simplify the format/_format request for the back-end
pass_params = strip_format_for_back_end(pass_params)
if "_format" in pass_params:
back_end_format = pass_params['_format']
else:
back_end_format = "json"
# #### SEARCH
if interaction_type == 'search':
if cx is not None:
# logger.debug("cx.fhir_id=%s" % cx.fhir_id)
if cx.fhir_id.__contains__('/'):
id = get_fhir_id(cx).split('/')[1]
else:
id = get_fhir_id(cx)
# logger.debug("Patient Id:%s" % r_id)
if resource_type.lower() == "patient":
key = get_fhir_id(cx)
else:
key = id
pass_params = build_params(pass_params,
srtc,
key,
patient_id=get_fhir_id(cx))
# Add the call type ( READ = nothing, VREAD, _HISTORY)
# Before we add an identifier key
pass_to = fhir_call_type(interaction_type, fhir_url, vid)
logger.debug('\nHere is the URL to send, %s now add '
'GET parameters %s' % (pass_to, pass_params))
if pass_params is not '':
pass_to += pass_params
logger.debug("\nMaking request:%s" % pass_to)
query_string = build_querystring(request.GET.copy())
###############################################
###############################################
# Now make the call to the backend API
if interaction_type == "search":
r = request_call(request,
pass_to,
cx,
reverse_lazy('home'),
timeout=rr.wait_time)
else:
r = request_call(request, pass_to, cx, reverse_lazy('home'))
# BACK FROM THE CALL TO BACKEND
###############################################
###############################################
# logger.debug("r returned: %s" % r)
# Check for Error here
# logger.debug("what is in r:\n#######\n%s\n##########\n" % dir(r))
logger.debug("status: %s/%s" % (r.status_code, r._status_code))
# logger.debug("text: %s\n#############\n" % (r.text))
if r.status_code in ERROR_CODE_LIST:
logger.debug("We have an error code to deal with: %s" % r.status_code)
if 'html' in requested_format.lower():
return render(
request, 'bluebutton/default.html', {
'output': pretty_json(r._content, indent=4),
'fhir_id': get_fhir_id(cx),
'content': {
'parameters': query_string,
'resource_type': resource_type,
'id': id,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': "",
'source': get_fhir_source_name(cx)
}
})
else:
return HttpResponse(json.dumps(r._content, indent=4),
status=r.status_code,
content_type='application/json')
text_out = ''
host_path = get_host_url(request, resource_type)[:-1]
# logger.debug('host path:%s' % host_path)
# Add default FHIR Server URL to re-write
rewrite_url_list = build_rewrite_list(cx)
# print("Starting Rewrite_list:%s" % rewrite_url_list)
# ct_detail = get_content_type(r)
# logger.debug('Content-Type:%s \n work with %s' % (ct_detail,
# back_end_format))
text_in = get_response_text(fhir_response=r)
text_out = post_process_request(request, back_end_format, host_path,
text_in, rewrite_url_list)
od = build_output_dict(request, OrderedDict(), resource_type, key, vid,
interaction_type, requested_format, text_out)
# write session variables if _getpages was found
ikey = ''
try:
ikey = find_ikey(r.text)
except Exception:
ikey = ''
if ikey is not '':
save_url = get_target_url(fhir_url, resource_type)
# print("Store fhir_url:%s but only: %s" % (fhir_url,save_url))
content = {
'fhir_to': save_url,
'rwrt_list': rewrite_url_list,
'res_type': resource_type,
'intn_type': interaction_type,
'key': key,
'vid': vid,
'resource_router': rr.id
}
sesn_var = write_session(request, ikey, content, skey=SESSION_KEY)
if sesn_var:
logger.debug("Problem writing session variables."
" Returned %s" % sesn_var)
if requested_format == 'xml':
# logger.debug('We got xml back in od')
return HttpResponse(r.text,
content_type='application/%s' % requested_format)
# return HttpResponse(tostring(dict_to_xml('content', od)),
# content_type='application/%s' % requested_format)
elif requested_format == 'json':
# logger.debug('We got json back in od')
return HttpResponse(pretty_json(od['bundle']),
content_type='application/%s' % requested_format)
# define query string further up before request_call
# query_string = build_querystring(request.GET.copy())
if "xml" in requested_format:
# logger.debug("Sending text_out for display: %s" % text_out[0:100])
div_text = get_div_from_xml(text_out)
# print("DIV TEXT returned:[%s]%s" % (type(div_text), div_text))
return render(
request, 'bluebutton/default_xml.html', {
'output': text_out,
'fhir_id': get_fhir_id(cx),
'content': {
'parameters': query_string,
'resource_type': resource_type,
'id': id,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': [
div_text,
],
'source': get_fhir_source_name(cx)
}
})
else:
text_out = pretty_json(od['bundle'])
div_text = get_div_from_json(od['bundle'])
# logger.debug('We got a different format:%s' % requested_format)
logger.debug('id or key: %s/%s' % (id, key))
return render(
request, 'bluebutton/default.html', {
'output': text_out,
'fhir_id': cx.fhir_id,
'content': {
'parameters': query_string,
'resource_type': resource_type,
'id': id,
'request_method': "GET",
'interaction_type': interaction_type,
'div_texts': div_text,
'source': get_fhir_source_name(cx)
}
})