def viewAppointment(request, username, pk): if request.user.is_authenticated(): hnuser = User.objects.get(username=username).healthnetuser appointment = Appointment.objects.get(pk=pk) patientContact = Contact.objects.get(relation='se', user=appointment.patient) if request.user.username == username: if hnuser.accountType == 'P': if appointment.patient == hnuser.patient: createLogEvent(request.user.username, username, 19, "User viewed an appointment") hnuser = hnuser.patient return render(request, 'appointments/viewappointment.html', {'appointment': appointment, 'hnuser': hnuser, 'patientContact': patientContact}) else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 11, "User attempted to view an appointment without permission") return HttpResponseRedirect("/") else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 11, "User attempted to view an appointment without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 11, "Someone attempted to view an appointment without being logged in") return HttpResponseRedirect("/")
def cancelAppointment(request, username, pk): if request.user.is_authenticated(): appointment = Appointment.objects.get(pk=pk) hnuser = User.objects.get(username=username).healthnetuser if request.user.username == username: if hnuser.accountType == 'P': if appointment.patient == hnuser.patient: appointment.delete() createLogEvent(request.user.username, username, 17, "User cancelled an appointment") return HttpResponseRedirect("/appointments/" + username) else: message = "You do not have permission to do that." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 14, "User attempted to cancel an appointment without permission") return HttpResponseRedirect("/") else: message = "You do not have permission to do that." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 14, "User attempted to cancel an appointment without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 14, "Someone attempted to cancel an appointment without being logged in") return HttpResponseRedirect("/")
def deleteContact(request, username, pk): if request.user.is_authenticated(): if request.user.username == username: contact = Contact.objects.get(pk=pk) if contact.user_id == User.objects.get(username=request.user.username).healthnetuser.pk: contactName = contact.firstName contact.delete() message = "Contact \'" + contactName + "\' successfully deleted." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 9, "User deleted a contact") return HttpResponseRedirect("/profiles/" + username + "/contacts") else: message = "You do not have permission to do that." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 14, "User attempted to delete a user contact without permission") return HttpResponseRedirect("/") else: message = "You do not have permission to do that." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 14, "User attempted to delete a user contact without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 14, "Someone attempted to delete a user contact without being logged in") return HttpResponseRedirect("/")
def register(request): if request.method == 'POST': authUser = User() try: authUser.username = validateUser(request.POST['username']) except InvalidInput as ii: messages.add_message(request, messages.INFO, ii.args[0]) createLogEvent("n/a", "view: register", 1, "Tried to register with an existing username") return HttpResponseRedirect("/") try: authUser.email = validateEmail(request.POST['email']) except InvalidInput as ii: messages.add_message(request, messages.INFO, ii.args[0]) createLogEvent("n/a", "view: register", 1, "Given email failed validation") return HttpResponseRedirect("/") try: authUser.set_password(validatePass(request.POST['password'])) except InvalidInput as ii: messages.add_message(request, messages.INFO, ii.args[0]) createLogEvent("n/a", "view: register", 1, "Given password failed validation") return HttpResponseRedirect("/") authUser.first_name = "" authUser.last_name = "" authUser.is_active = True authUser.is_staff = False authUser.is_superuser = False authUser.save() newUser = Patient() newUser.user = authUser newUser.isNew = True newUser.accountType = 'P' newUser.birthDate = "1993-08-21" newUser.heightFeet = 5 newUser.heightInches = 11 newUser.weight = 150 newUser.insuranceCompany = "" newUser.insuranceId = "" newUser.allergies = "None" newUser.conditions = "None" newUser.prescriptions = "None" newUser.hospitalPref = "" newUser.save() createLogEvent(request.POST['username'], "view: register", 0, "Successful registration") user = authenticate(username=request.POST['username'], password=request.POST['password']) auth_login(request, user) patientForm = NewPatientForm() contactForm = UserContactForm() return render(request, 'profiles/newpatient.html', {'username': request.POST['username'], 'patientForm': patientForm, 'contactForm': contactForm})
def editAppointment(request, username, pk): if request.user.is_authenticated(): hnuser = User.objects.get(username=username).healthnetuser appointment = Appointment.objects.get(pk=pk) if request.user.username == username: if hnuser.accountType == 'P': if appointment.patient == hnuser.patient: if request.method == 'POST': appointment.title = request.POST['title'] appointment.startDate = request.POST['startDate'] appointment.startTime = request.POST['startTime'] appointment.endDate = request.POST['endDate'] appointment.endTime = request.POST['endTime'] appointment.hospital = request.POST['hospital'] appointment.room = request.POST['room'] appointment.reason = request.POST['reason'] appointment.patient = hnuser.patient appointment.doctor = request.POST['doctor'] appointment.save() createLogEvent(request.user.username, username, 16, "User edited appointment") return HttpResponseRedirect("/appointments/" + username + "/" + pk) else: startDate = appointment.startDate startTime = appointment.startTime endDate = appointment.endDate endTime = appointment.endTime if hnuser.accountType == 'P': template = 'appointments/editappointmentpatient.html' form = PatientAppointmentForm(instance=appointment) hnuser = hnuser.patient return render(request, template, {'form': form, 'appointment': appointment, 'startDate': startDate, 'startTime': startTime, 'endDate': endDate, 'endTime': endTime, 'username': username, 'pk': pk, 'hnuser': hnuser}) else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 12, "User attempted to edit an appointment without permission") return HttpResponseRedirect("/") else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 12, "User attempted to edit an appointment without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 12, "Someone attempted to edit an appointment without being logged in") return HttpResponseRedirect("/")
def editContact(request, username, pk): if request.user.is_authenticated(): if request.user.username == username: contact = Contact.objects.get(pk=pk) if contact.user_id == User.objects.get(username=request.user.username).healthnetuser.pk: if request.method == 'POST': contact.street = request.POST['street'] contact.city = request.POST['city'] contact.state = request.POST['state'] contact.zipcode = request.POST['zipcode'] contact.firstName = request.POST['firstName'] contact.lastName = request.POST['lastName'] contact.middleInitial = request.POST['middleInitial'] contact.phoneNumber = request.POST['phoneNumber'] contact.relation = request.POST['relation'] contact.save() createLogEvent(request.user.username, username, 8, "User edited a contact") return HttpResponseRedirect("/profiles/" + username) else: data = { 'street': contact.street, 'city': contact.city, 'state': contact.state, 'zipcode': contact.zipcode, 'firstName': contact.firstName, 'lastName': contact.lastName, 'middleInitial': contact.middleInitial, 'phoneNumber': contact.phoneNumber, 'relation': contact.relation, } form = ContactForm(data, no_self=True) user = User.objects.get(username=request.user.username).healthnetuser.patient return render(request, 'profiles/editcontact.html', {'form': form, 'username': username, 'pk': pk, 'hnuser': user}) else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 12, "User attempted to edit a user contact without permission") return HttpResponseRedirect("/") else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 12, "User attempted to edit a user contact without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 12, "Someone attempted to edit a user contact without being logged in") return HttpResponseRedirect("/")
def editProfile(request, username): if request.user.is_authenticated(): if request.user.username == username: user = User.objects.get(username=username).healthnetuser if user.accountType == 'P': if request.method == 'POST': patient = Patient.objects.get(healthnetuser_ptr=user) form = EditPatientForm(request.POST, instance=patient) form.save() return HttpResponseRedirect("/profiles/" + username) else: patient = Patient.objects.get(healthnetuser_ptr=user) birthDate = patient.birthDate form = EditPatientForm(instance=patient) return render(request, 'profiles/editpatientprofile.html', {'form': form, 'username': username, 'hnuser': user, 'birthDate': birthDate}) createLogEvent(request.user.username, username, 10, "User edited profile information") else: message = "Account type not yet implemented." messages.add_message(request, messages.INFO, message) return HttpResponseRedirect("/") else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 12, "User attempted to edit a profile without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 12, "Someone attempted to edit a profile without being logged in") return HttpResponseRedirect("/")
def login(request): user = authenticate(username=request.POST['username'], password=request.POST['password']) if user is not None: # The password verified for the user if user.check_password(request.POST['password']): if user.is_active: auth_login(request, user) createLogEvent(request.POST['username'], "view: login", 2, "Successful login") user = User.objects.get(username=request.user.username).healthnetuser if user.isNew: patientForm = NewPatientForm() contactForm = UserContactForm() return render(request, 'profiles/newpatient.html', {'username': request.POST['username'], 'patientForm': patientForm, 'contactForm': contactForm}) else: return HttpResponseRedirect("/profiles/" + request.POST['username']) else: message = "This account has been disabled." messages.add_message(request, messages.INFO, message) createLogEvent(request.POST['username'], "view: login", 3, "The account trying to be accessed has been disabled") return HttpResponseRedirect("/") else: message = "Incorrect password..." messages.add_message(request, messages.INFO, message) createLogEvent(request.POST['username'], "view: login", 3, "Input wrong password for the given account") return HttpResponseRedirect("/") else: # The authentication system was unable to verify the username and password message = "Username and/or password not recognized!" messages.add_message(request, messages.INFO, message) createLogEvent(request.POST['username'], "view: login", 3, "Given credentials not recognized by system") return HttpResponseRedirect("/")
def viewContacts(request, username): if request.user.is_authenticated(): if request.user.username == username: user = User.objects.get(username=request.user.username).healthnetuser.patient contacts = Contact.objects.filter(user_id=user.id).exclude(relation='se') createLogEvent(request.user.username, username, 6, "User viewed a list of contacts") return render(request, 'profiles/viewcontacts.html', {'username': username, 'hnuser': user, 'contacts': contacts}) else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 11, "User attempted to view a user's contacts without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 11, "Someone attempted to view a user's contacts without being logged in") return HttpResponseRedirect("/")
def addContact(request, username): if request.user.is_authenticated(): if request.user.username == username: form = ContactForm(no_self=True) if request.method == 'POST': contact = Contact() contact.street = request.POST['street'] contact.city = request.POST['city'] contact.state = request.POST['state'] contact.zipcode = request.POST['zipcode'] contact.firstName = request.POST['firstName'] contact.lastName = request.POST['lastName'] contact.middleInitial = request.POST['middleInitial'] contact.phoneNumber = request.POST['phoneNumber'] contact.relation = request.POST['relation'] contact.healthnetuser = User.objects.get(username=request.user.username).healthnetuser contact.user_id = User.objects.get(username=username).healthnetuser.pk contact.save() createLogEvent(request.user.username, username, 7, "User added a new contact") return HttpResponseRedirect("/profiles/" + username + "/contacts") else: user = User.objects.get(username=request.user.username).healthnetuser.patient return render(request, 'profiles/addcontact.html', {'form': form, 'username': username, 'hnuser': user}) else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 13, "User attempted to create a user contact without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 13, "Someone attempted to create a user contact without being logged in") return HttpResponseRedirect("/")
def viewProfile(request, username): if request.user.is_authenticated(): if request.user.username == username: hnuser = User.objects.get(username=username).healthnetuser if hnuser.accountType == 'P': hnuser = hnuser.patient if request.method == 'POST': contact = Contact() contact.street = request.POST['street'] contact.city = request.POST['city'] contact.state = request.POST['state'] contact.zipcode = request.POST['zipcode'] contact.firstName = request.POST['firstName'] contact.lastName = request.POST['lastName'] contact.middleInitial = request.POST['middleInitial'] contact.phoneNumber = request.POST['phoneNumber'] contact.relation = 'se' contact.healthnetuser = hnuser contact.user_id = hnuser.pk contact.save() hnuser.birthDate = request.POST['birthDate'] hnuser.heightFeet = request.POST['heightFeet'] hnuser.heightInches = request.POST['heightInches'] hnuser.weight = request.POST['weight'] hnuser.insuranceCompany = request.POST['insuranceCompany'] hnuser.insuranceId = request.POST['insuranceId'] hnuser.hospitalPref = request.POST['hospitalPref'] hnuser.isNew = False hnuser.save() createLogEvent(request.user.username, username, 10, "User profile information was edited") return HttpResponseRedirect("/profiles/" + username) else: createLogEvent(request.user.username, username, 5, "User viewed a profile") try: contacts = Contact.objects.filter(user_id=hnuser.id).exclude(relation='se') thiscontact = Contact.objects.get(relation='se', user_id=hnuser.id) except (KeyError, Contact.DoesNotExist): form = ContactForm() return render(request, 'profiles/addcontact.html', {'form': form, 'username': username}) else: return render(request, 'profiles/patientprofile.html', {'hnuser': hnuser, 'contacts': contacts, 'thiscontact': thiscontact}) else: message = "Account type not yet implemented." messages.add_message(request, messages.INFO, message) return HttpResponseRedirect("/") else: message = "You do not have permission to view the requested page." messages.add_message(request, messages.INFO, message) createLogEvent(request.user.username, username, 11, "User attempted to view a profile without permission") return HttpResponseRedirect("/") else: message = "You must login to do that!" messages.add_message(request, messages.INFO, message) createLogEvent("n/a", username, 11, "Someone attempted to view a profile without being logged in") return HttpResponseRedirect("/")
def logout(request): createLogEvent(request.user.username, "view: logout", 4, "User logged out") auth_logout(request) message = "Successfully logged out!" messages.add_message(request, messages.INFO, message) return HttpResponseRedirect("/")