def audit_query(request, query_options, record=None): """ Select Audit Objects via the Query API Interface. Accepts any argument specified by the :doc:`/query-api`, and filters available audit objects by the arguments. Will return :http:statuscode:`200` with XML containing individual or aggregated audit records on succes, :http:statuscode:`400` if any of the arguments to the query interface are invalid. """ query_filters = copy.copy(query_options["filters"]) if record: # Careful: security hole here. # /records/abc/audits/?record_id=bcd is dangerous # Eliminate that possibility if query_filters.has_key("record_id") and query_filters["record_id"] is not record.id: return HttpResponseBadRequest("Cannot make Audit queries over records not in the request url") query_filters["record_id"] = record.id query_options["filters"] = query_filters query_options["status"] = None # ignore status for audits q = FactQuery(Audit, AUDIT_FILTERS, query_options, record=None, carenet=None) try: # Don't display record_id in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key("record_id") and not query_options["filters"].has_key("record_id"): del q.query_filters["record_id"] return q.render(AUDIT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _measurement_list(request, query_options, lab_code, record=None, carenet=None): """ List the measurement objects matching the passed query parameters. See :doc:`/query-api` for a listing of valid parameters. Will return :http:statuscode:`200` with a list of measurements on success, :http:statuscode:`400` if any invalid query parameters were passed. """ # lab_code comes in as part of the url if lab_code: query_options['filters']['lab_code'] = lab_code q = FactQuery(Measurement, MEASUREMENT_FILTERS, query_options, record, carenet) try: # hack, so we don't display lab_code in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key('lab_code') and not query_options[ 'filters'].has_key('lab_code'): del q.query_filters['lab_code'] return q.render(MEASUREMENT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _measurement_list(request, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, filters, lab_code, record=None, carenet=None): """ List the measurement objects matching the passed query parameters. See :doc:`/query-api` for a listing of valid parameters. Will return :http:statuscode:`200` with a list of measurements on success, :http:statuscode:`400` if any invalid query parameters were passed. """ query_filters = copy.copy(filters) if lab_code: query_filters['lab_code'] = lab_code q = FactQuery(Measurement, MEASUREMENT_FILTERS, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, query_filters, record, carenet) try: # hack, so we don't display lab_code in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key('lab_code') and not filters.has_key('lab_code'): del q.query_filters['lab_code'] return q.render(MEASUREMENT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _measurement_list(request, query_options, lab_code, record=None, carenet=None): """ List the measurement objects matching the passed query parameters. See :doc:`/query-api` for a listing of valid parameters. Will return :http:statuscode:`200` with a list of measurements on success, :http:statuscode:`400` if any invalid query parameters were passed. """ # lab_code comes in as part of the url if lab_code: query_options['filters']['lab_code'] = lab_code q = FactQuery(Measurement, MEASUREMENT_FILTERS, query_options, record, carenet) try: # hack, so we don't display lab_code in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key('lab_code') and not query_options['filters'].has_key('lab_code'): del q.query_filters['lab_code'] return q.render(MEASUREMENT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _generic_list(request, query_options, data_model, record=None, carenet=None, response_format=None): """ List the Model objects matching the passed query parameters. See :doc:`/query-api` for a listing of valid parameters. Will return :http:statuscode:`200` with a list of Models or AggregateReports on success, :http:statuscode:`400` if any invalid query parameters were passed. """ # check requested format if not response_format: response_format = request.GET.get("response_format", 'application/json') if not SERIALIZATION_FORMAT_MAP.has_key(response_format): # unsupported format return HttpResponseBadRequest("format not supported---") # look up model model_class = get_model('indivo', data_model) if model_class is None: # model not found raise Http404 # build query model_filters = model_class.filter_fields # TODO: possible to make a lazy class property? query = FactQuery(model_class, model_filters, query_options, record, carenet) try: query.execute() data = serialize(model_class, response_format, query, record, carenet) return HttpResponse(data, mimetype=response_format) except ValueError as e: return HttpResponseBadRequest(str(e))
def smart_allergies(request, record): """ SMART allergy list, serialized as RDF/XML. A bit more complicated than the generic list view, since we have to serialize AllergyExclusions as well. """ default_query_args = get_default_query_args() allergies_query = FactQuery(Allergy, Allergy.filter_fields, default_query_args, record, None) exclusions_query = FactQuery(AllergyExclusion, AllergyExclusion.filter_fields, default_query_args, record, None) try: allergies_query.execute() exclusions_query.execute() except ValueError as e: return HttpResponseBadRequest(str(e)) graph = PatientGraph(record) graph.addAllergyList(allergies_query.results.iterator()) graph.addAllergyExclusions(exclusions_query.results.iterator()) return HttpResponse(graph.toRDF(), mimetype='application/rdf+xml')
def audit_query(request, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, filters, record=None): """ Select Audit Objects via the Query API Interface. Accepts any argument specified by the :doc:`/query-api`, and filters available audit objects by the arguments. Will return :http:statuscode:`200` with XML containing individual or aggregated audit records on succes, :http:statuscode:`400` if any of the arguments to the query interface are invalid. """ query_filters = copy.copy(filters) if record: # Careful: security hole here. # /records/abc/audits/?record_id=bcd is dangerous # Eliminate that possibility if filters.has_key('record_id') and filters['record_id'] is not record.id: return HttpResponseBadRequest('Cannot make Audit queries over records not in the request url') query_filters['record_id'] = record.id q = FactQuery(Audit, AUDIT_FILTERS, group_by, date_group, aggregate_by, limit, offset, order_by, None, date_range, query_filters, # ignore status for audits record=None, carenet=None) try: # Don't display record_id in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key('record_id') and not filters.has_key('record_id'): del q.query_filters['record_id'] return q.render(AUDIT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _measurement_list(request, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, filters, lab_code, record=None, carenet=None): query_filters = copy.copy(filters) if lab_code: query_filters['lab_code'] = lab_code q = FactQuery(Measurement, MEASUREMENT_FILTERS, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, query_filters, record, carenet) try: # hack, so we don't display lab_code in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key('lab_code') and not filters.has_key('lab_code'): del q.query_filters['lab_code'] return q.render(MEASUREMENT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _measurement_list(request, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, filters, lab_code, record=None, carenet=None): """ List the measurement objects matching the passed query parameters. See :doc:`/query-api` for a listing of valid parameters. Will return :http:statuscode:`200` with a list of measurements on success, :http:statuscode:`400` if any invalid query parameters were passed. """ query_filters = copy.copy(filters) if lab_code: query_filters['lab_code'] = lab_code q = FactQuery(Measurement, MEASUREMENT_FILTERS, group_by, date_group, aggregate_by, limit, offset, order_by, status, date_range, query_filters, record, carenet) try: # hack, so we don't display lab_code in the output if it wasn't in the query string. q.execute() if q.query_filters.has_key( 'lab_code') and not filters.has_key('lab_code'): del q.query_filters['lab_code'] return q.render(MEASUREMENT_TEMPLATE) except ValueError as e: return HttpResponseBadRequest(str(e))
def _generic_list(request, query_options, data_model, record=None, carenet=None, response_format=None): """ List the Model objects matching the passed query parameters. See :doc:`/query-api` for a listing of valid parameters. Will return :http:statuscode:`200` with a list of Models or AggregateReports on success, :http:statuscode:`400` if any invalid query parameters were passed. """ # check requested format if not response_format: response_format = request.GET.get("response_format", 'application/xml') if not SERIALIZATION_FORMAT_MAP.has_key(response_format): # unsupported format return HttpResponseBadRequest("format not supported") # look up model model_class = get_model('indivo', data_model) if model_class is None: # model not found raise Http404 # build query model_filters = model_class.filter_fields # TODO: possible to make a lazy class property? query = FactQuery(model_class, model_filters, query_options, record, carenet) try: query.execute() data = serialize(model_class, response_format, query, record, carenet) return HttpResponse(data, mimetype=response_format) except ValueError as e: return HttpResponseBadRequest(str(e))
def carenet_pha_placement(request, record, carenet, data_model): """ Place a document into a given carenet. Will return :http:statuscode:`200` on success, :http:statuscode:`404` if *document_id* doesn't exist or if *document_id* has a nevershare set on it. """ query_params = { 'status': 'active', } query_options = query_params response_format = request.GET.get("response_format", 'application/json') #data_model = pha.email.split("@")[0] model_class = get_model('indivo', data_model) if model_class is None: # model not found raise Http404 limit = 100 offset = 0 active_status = StatusName.objects.get(name='active') #status = request.GET.get('status', 'archived') query_params = { 'limit': 200, 'offset': 0, 'order_by': None, 'status': active_status, 'aggregate_by': None, 'date_range': None, 'date_group': None, 'group_by': None, 'filters': {}, } carenetNone = None model_filters = model_class.filter_fields # TODO: possible to make a lazy class property? query = FactQuery(model_class, model_filters, query_params, record, carenetNone) try: query.execute() data = serialize(model_class, response_format, query, record, carenetNone) # return HttpResponse(data, mimetype=response_format) except ValueError as e: return HttpResponseBadRequest(str(e)) r = simplejson.loads(data) documents_ids = [] for i in r: documents_ids.append(i['__documentid__']) test = "" for document_id in documents_ids: # test+=j+"," document = _get_document(document_id=document_id, record=record) # don't allow this for nevershare documents if not document or document.nevershare: raise Http404 CarenetDocument.objects.get_or_create(carenet=carenet, document=document) doc_share, created_p = CarenetDocument.objects.get_or_create( document=document, carenet=carenet, defaults={'share_p': True}) doc_share.share_p = True doc_share.save() return DONE
def carenet_pha_delete(request, record, carenet, data_model): """ Unshare all documents from a given carenet. If there is an autoshare of *document_id*'s type into *carenet*, this call creates an exception for *document_id* in *carenet*. If *document_id* was shared individually into *carenet*, this call removes it. If *document_id* is not shared in *carenet* at all, this call does nothing immediately. In all cases, this call exempts *document_id* from any future autoshares into this carenet. Will return :http:statuscode:`200` on success, :http:statuscode:`404` if *document_id* doesn't exist or if *document_id* or *carenet* don't belong to *record*. """ response_format = request.GET.get("response_format", 'application/json') #data_model = pha.email.split("@")[0] model_class = get_model('indivo', data_model) if model_class is None: # model not found raise Http404 limit = 100 offset = 0 active_status = StatusName.objects.get(name='active') #status = request.GET.get('status', 'archived') query_params = { 'limit': 200, 'offset': 0, 'order_by': None, 'status': active_status, 'aggregate_by': None, 'date_range': None, 'date_group': None, 'group_by': None, 'filters': {}, } # carenetNone=None model_filters = model_class.filter_fields # TODO: possible to make a lazy class property? query = FactQuery(model_class, model_filters, query_params, record, carenet) try: query.execute() data = serialize(model_class, response_format, query, record, carenet) # return HttpResponse(data, mimetype=response_format) except ValueError as e: return HttpResponseBadRequest(str(e)) r = simplejson.loads(data) documents_ids = [] for i in r: documents_ids.append(i['__documentid__']) test = "" for document_id in documents_ids: document = _get_document(document_id=document_id, record=record) # this is always permission denied, so we can just handle it here # not in the access control system if not document or document.record != carenet.record: raise Http404 doc_share, created_p = CarenetDocument.objects.get_or_create( document=document, carenet=carenet, defaults={'share_p': False}) if not created_p: #and doc_share.share_p: doc_share.share_p = False doc_share.save() return DONE