def change_pswd():
if session['logged_in']:
if request.method == 'GET':
return render_template('changepassword.html')
if request.method == 'POST':
oldpswd = request.form['oldpasswd']
newpswd = request.form['newpasswd']
inppasswd = bcrypt.generate_password_hash(newpswd)
q_session = Session()
query1 = q_session.query(
Login
).filter(
Login.email == current_user.email
).first()
if bcrypt.check_password_hash(query1.passwd, oldpswd):
query2 = q_session.query(
Login
).filter(
Login.email == current_user.email
).update(
{
'passwd': inppasswd
}
)
q_session.commit()
return redirect(url_for('.home'))
else:
errormsg = 'Old password does not match.'
return render_template('changepassword.html', error=errormsg)
else:
return redirect(url_for('login'))
def signin():
useremail = request.form['email']
passwd = request.form['pwd']
q_session = Session()
query = q_session.query(
Login
).filter(
Login.email == useremail
).first()
if query and bcrypt.check_password_hash(query.passwd, passwd):
user = query
user.authenticated = True
q_session.commit()
login_user(user, remember=True)
msg = str(datetime.datetime.now()) + ": Successful login " + str(query.email)
app.logger.info(msg)
user_roles = q_session.query(
UserRoles.user_role_id
).filter(
UserRoles.email == user.email
).all()
session['logged_in'] = True
session['has_roles'] = user_roles
return redirect(url_for('home'))
else:
msg = str(datetime.datetime.now()) + ": Login failure " + str(useremail)
app.logger.info(msg)
error = "Invalid usernme or password."
return error_login(error)
def read_roles():
q_session = Session()
query = q_session.query(Roles).all()
result = {}
for i in range(0, len(query)):
result[query[i].id] = query[i].name
return result
def create_test():
if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
name = request.form['testname']
if len(request.form.getlist('testavail')) > 0:
avail = True
else:
avail = False
price = request.form['testprice']
category = request.form['testcategory']
testtype = request.form['testtype']
code = request.form['testcode']
desc = request.form['testdesc']
q_session = Session()
record = Tests(
name=name,
available=avail,
price=price,
category=category,
type=testtype,
code=code,
description=desc
)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Created test with code = ' + code + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_tests'))
else:
session['no-access'] = True
session['tried'] = 'Tests'
return redirect(url_for('login'))
def all_permission_names():
q_session = Session()
permissions = []
query = q_session.query(
Permissions.name
).all()
for permission in query:
permissions.append(permission[0])
return permissions
def read_rolepermissions():
q_session = Session()
query = q_session.query(
Roles.name,
Roles.id,
func.array_agg(RolesPermissions.permissions_id),
).join(
RolesPermissions, Roles.id == RolesPermissions.role_id
).group_by(
Roles.id
).order_by(
asc(Roles.name)
).all()
return query
def modify_patients():
if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
if request.form['submit'] == 'save':
patid = request.form['patientid']
name = request.form['patientname']
category = request.form['patientcategory']
pattype = request.form['patienttype']
age = request.form['patientage']
sex = request.form['patientsex']
contact = request.form['patientcontact']
email = request.form['patientemail']
address = request.form['patientaddress']
reg_no = request.form['patientreg']
ref_no = request.form['patientref']
mlc_no = request.form['patientmlc']
q_session = Session()
query = q_session.query(
Patients
).filter(
Patients.id == patid
).update(
{
'name': name,
'category': category,
'type': pattype,
'age': age,
'sex': sex,
'contact': contact,
'email': email,
'address': address,
'reg_no': reg_no,
'ref_no': ref_no,
'mlc_no': mlc_no
}
)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Modified patient with id = ' + patid + ' and name = ' + name + \
' by ' + current_user.email
app.logger.info(msg)
if request.form['submit'] == 'delete':
patid = request.form['patientid']
name = request.form['patientname']
q_session = Session()
query = q_session.query(
Patients
).filter(
Patients.id == patid
).delete()
q_session.commit()
msg = str(datetime.datetime.now()) + ': Deleted patient with id = ' + patid + ' and name = ' + name + \
' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_patients'))
else:
session['no-access'] = True
session['tried'] = 'Patients'
return redirect(url_for('login'))
def list_tests():
if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
q_session = Session()
tests = q_session.query(
Tests
).order_by(
asc(Tests.name)
).all()
if tests:
return render_template('managetests.html', tests=tests)
else:
errormsg = "No tests found. Please add a test."
return render_template('managetests.html', error=errormsg)
else:
session['no-access'] = True
session['tried'] = 'Tests'
return redirect(url_for('login'))
def list_patients():
if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
q_session = Session()
query = q_session.query(
Patients
).order_by(
asc(Patients.name)
).all()
if query:
return render_template('managepatients.html', patients=query)
else:
errormsg = 'No patient found. Please add a patient.'
return render_template('managepatients.html', error=errormsg)
else:
session['no-access'] = True
session['tried'] = 'Patients'
return redirect(url_for('login'))
def user_roles():
if session["logged_in"] and ("Read users" in session or "Edit users" in session):
roles = read_roles()
q_session = Session()
query = (
q_session.query(UserRoles.email, func.array_agg(UserRoles.user_role_id))
.group_by(UserRoles.email)
.order_by(asc(UserRoles.email))
.all()
)
if query:
return render_template("manageusers.html", roles=roles, usersandroles=query)
else:
errormsg = "No roles found. Please add roles and assign them to users."
return render_template("manageusers.html", error=errormsg)
else:
session["no-access"] = True
session["tried"] = "Users"
return redirect(url_for("login"))
def read_user_permissions():
q_session = Session()
roles = q_session.query(
UserRoles.user_role_id,
).filter(
UserRoles.email == current_user.email
).all()
permissions = q_session.query(
RolesPermissions.permissions_id
).filter(
RolesPermissions.role_id.in_(roles)
).all()
permission_names = q_session.query(
Permissions.name
).filter(
Permissions.id.in_(permissions)
).all()
user_permissions = []
for permission_name in permission_names:
user_permissions.append(permission_name[0])
return user_permissions
def modify_tests():
if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
if request.form['submit'] == 'save':
name = request.form['testname']
if len(request.form.getlist('testavail')) > 0:
avail = True
else:
avail = False
price = request.form['testprice']
category = request.form['testcategory']
testtype = request.form['testtype']
code = request.form['testcode']
desc = request.form['testdesc']
q_session = Session()
query = q_session.query(
Tests
).filter(
Tests.code == code
).update(
{
'name': name,
'available': avail,
'price': price,
'category': category,
'code': code,
'type': testtype,
'description': desc
}
)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Modified test with code = ' + code + ' by ' + current_user.email
app.logger.info(msg)
if request.form['submit'] == 'delete':
code = request.form['testcode']
q_session = Session()
query = q_session.query(
Tests
).filter(
Tests.code == code
).delete()
q_session.commit()
msg = str(datetime.datetime.now()) + ': Deleted test with code = ' + code + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_tests'))
else:
session['no-access'] = True
session['tried'] = 'Tests'
return redirect(url_for('login'))
def create_patient():
if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
name = request.form['patientname']
category = request.form['patientcategory']
ptype = request.form['patienttype']
age = request.form['patientage']
sex = request.form['patientsex']
contact = request.form['patientcontact']
email = request.form['patientemail']
address = request.form['patientaddress']
reg_no = request.form['patientreg']
ref_no = request.form['patientref']
mlc_no = request.form['patientmlc']
q_session = Session()
record = Patients(
name=name,
category=category,
type=ptype,
age=age,
sex=sex,
contact=contact,
email=email,
address=address,
reg_no=reg_no,
ref_no=ref_no,
mlc_no=mlc_no
)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Created patient with name = ' + name + ' and ref_no = ' + ref_no + \
' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_patients'))
else:
session['no-access'] = True
session['tried'] = 'Patients'
return redirect(url_for('login'))
def create_role():
if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
role = request.form['rolename']
permissionslist = request.form.getlist('rolepermissions')
q_session = Session()
record = Roles(name=role)
q_session.add(record)
q_session.commit()
query = q_session.query(
Roles
).filter(
Roles.name == role
).first()
for permission in permissionslist:
record = RolesPermissions(role_id=query.id, permissions_id=permission)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Created role ' + role + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_roles'))
else:
session['no-access'] = True
session['tried'] = 'Roles'
return redirect(url_for('login'))
def create_user():
if session["logged_in"] and ("Read users" in session or "Edit users" in session):
roleslist = request.form.getlist("newuserroles")
user = request.form["username"]
passwd = request.form["passwd"]
inppasswd = bcrypt.generate_password_hash(passwd)
q_session = Session()
userrecord = Login(email=user, passwd=inppasswd, authenticated=True)
q_session.add(userrecord)
q_session.commit()
for role in roleslist:
record = UserRoles(email=user, user_role_id=role)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ": Created user with id = " + user + " by " + current_user.email
app.logger.info(msg)
return redirect(url_for(".user_roles"))
else:
session["no-access"] = True
session["tried"] = "Users"
return redirect(url_for("login"))
def modify_role():
if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
if request.form['submit'] == 'delete':
role_id = request.form['roleid']
q_session = Session()
# Retrieve the role name for logging
role = q_session.query(
Roles
).filter_by(
id=role_id
).first()
rolename = role.name
# Delete the role
roles = q_session.query(
Roles
).filter_by(
id=role_id
).delete()
# delete permissions associated with the role
permissions = q_session.query(
RolesPermissions
).filter(
RolesPermissions.role_id == role_id
).delete()
# delete user role map for the said role
user_roles = q_session.query(
UserRoles
).filter(
UserRoles.user_role_id == role_id
).delete()
q_session.commit()
msg = str(datetime.datetime.now()) + ': Deleted role ' + rolename + ' by ' + current_user.email
app.logger.info(msg)
if request.form['submit'] == 'save':
role_id = request.form['roleid']
rolename = request.form['rolename']
q_session = Session()
# delete all existing permissions for this role
permissions = q_session.query(
RolesPermissions
).filter(
RolesPermissions.role_id == role_id
).delete()
q_session.commit()
permissionslist = request.form.getlist('rolepermissions')
# get system wide permissions
all_permissions = all_permission_names()
# find permissions to remove from session
permissions_to_remove_from_session = list(set(all_permissions).difference(set(read_user_permissions())))
# remove the permissions from session
for permission_to_remove in permissions_to_remove_from_session:
session.pop(permission_to_remove, None)
# set all new permissions in session
permission_names = q_session.query(
Permissions.name
).filter(
Permissions.id.in_(permissionslist)
).all()
for each_permission in permission_names:
session[each_permission[0]] = True
# add new role permissions
for permission in permissionslist:
record = RolesPermissions(role_id=role_id, permissions_id=permission)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ': Modified role ' + rolename + ' by ' + current_user.email
app.logger.info(msg)
return redirect(url_for('.list_roles'))
else:
session['no-access'] = True
session['tried'] = 'Roles'
return redirect(url_for('login'))
def user_loader(user_id):
q_session = Session()
return q_session.query(Login).filter(Login.email == user_id).first()
def modify_users():
if session["logged_in"] and ("Read users" in session or "Edit users" in session):
if request.form["submit"] == "save":
roleslist = request.form.getlist("roleslist")
username = request.form["usernameholder"]
q_session = Session()
roles = q_session.query(UserRoles).filter_by(email=username).delete()
q_session.commit()
for role in roleslist:
record = UserRoles(email=username, user_role_id=role)
q_session.add(record)
q_session.commit()
msg = str(datetime.datetime.now()) + ": Made changes to roles of " + username + " by " + current_user.email
app.logger.info(msg)
if request.form["submit"] == "delete":
user = request.form["usernameholder"]
q_session = Session()
roles = q_session.query(UserRoles).filter_by(email=user).delete()
q_session.commit()
users = q_session.query(Login).filter_by(email=user).delete()
q_session.commit()
msg = str(datetime.datetime.now()) + ": Removed user " + user + " by " + current_user.email
app.logger.info(msg)
return redirect(url_for(".user_roles"))
else:
session["no-access"] = True
session["tried"] = "Users"
return redirect(url_for("login"))