Exemplo n.º 1
0
Arquivo: main.py Projeto: takwas/HMS
def change_pswd():
    if session['logged_in']:
        if request.method == 'GET':
            return render_template('changepassword.html')
        if request.method == 'POST':
            oldpswd = request.form['oldpasswd']
            newpswd = request.form['newpasswd']
            inppasswd = bcrypt.generate_password_hash(newpswd)
            q_session = Session()
            query1 = q_session.query(
                Login
            ).filter(
                Login.email == current_user.email
            ).first()
            if bcrypt.check_password_hash(query1.passwd, oldpswd):
                query2 = q_session.query(
                    Login
                ).filter(
                    Login.email == current_user.email
                ).update(
                    {
                        'passwd': inppasswd
                    }
                )
                q_session.commit()
                return redirect(url_for('.home'))
            else:
                errormsg = 'Old password does not match.'
                return render_template('changepassword.html', error=errormsg)
    else:
        return redirect(url_for('login'))
Exemplo n.º 2
0
Arquivo: main.py Projeto: takwas/HMS
def signin():
    useremail = request.form['email']
    passwd = request.form['pwd']
    q_session = Session()
    query = q_session.query(
        Login
    ).filter(
        Login.email == useremail
    ).first()
    if query and bcrypt.check_password_hash(query.passwd, passwd):
        user = query
        user.authenticated = True
        q_session.commit()
        login_user(user, remember=True)
        msg = str(datetime.datetime.now()) + ": Successful login " + str(query.email)
        app.logger.info(msg)
        user_roles = q_session.query(
            UserRoles.user_role_id
        ).filter(
            UserRoles.email == user.email
        ).all()
        session['logged_in'] = True
        session['has_roles'] = user_roles
        return redirect(url_for('home'))
    else:
        msg = str(datetime.datetime.now()) + ": Login failure " + str(useremail)
        app.logger.info(msg)
        error = "Invalid usernme or password."
        return error_login(error)
Exemplo n.º 3
0
def read_roles():
    q_session = Session()
    query = q_session.query(Roles).all()
    result = {}
    for i in range(0, len(query)):
        result[query[i].id] = query[i].name
    return result
Exemplo n.º 4
0
def create_test():
    if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
        name = request.form['testname']
        if len(request.form.getlist('testavail')) > 0:
            avail = True
        else:
            avail = False
        price = request.form['testprice']
        category = request.form['testcategory']
        testtype = request.form['testtype']
        code = request.form['testcode']
        desc = request.form['testdesc']
        q_session = Session()
        record = Tests(
            name=name,
            available=avail,
            price=price,
            category=category,
            type=testtype,
            code=code,
            description=desc
        )
        q_session.add(record)
        q_session.commit()
        msg = str(datetime.datetime.now()) + ': Created test with code = ' + code + ' by ' + current_user.email
        app.logger.info(msg)
        return redirect(url_for('.list_tests'))
    else:
        session['no-access'] = True
        session['tried'] = 'Tests'
        return redirect(url_for('login'))
Exemplo n.º 5
0
def all_permission_names():
    q_session = Session()
    permissions = []
    query = q_session.query(
        Permissions.name
    ).all()
    for permission in query:
        permissions.append(permission[0])
    return permissions
Exemplo n.º 6
0
def read_rolepermissions():
    q_session = Session()
    query = q_session.query(
        Roles.name,
        Roles.id,
        func.array_agg(RolesPermissions.permissions_id),
    ).join(
        RolesPermissions, Roles.id == RolesPermissions.role_id
    ).group_by(
        Roles.id
    ).order_by(
        asc(Roles.name)
    ).all()
    return query
Exemplo n.º 7
0
def modify_patients():
    if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
        if request.form['submit'] == 'save':
            patid = request.form['patientid']
            name = request.form['patientname']
            category = request.form['patientcategory']
            pattype = request.form['patienttype']
            age = request.form['patientage']
            sex = request.form['patientsex']
            contact = request.form['patientcontact']
            email = request.form['patientemail']
            address = request.form['patientaddress']
            reg_no = request.form['patientreg']
            ref_no = request.form['patientref']
            mlc_no = request.form['patientmlc']
            q_session = Session()
            query = q_session.query(
                Patients
            ).filter(
                Patients.id == patid
            ).update(
                {
                    'name': name,
                    'category': category,
                    'type': pattype,
                    'age': age,
                    'sex': sex,
                    'contact': contact,
                    'email': email,
                    'address': address,
                    'reg_no': reg_no,
                    'ref_no': ref_no,
                    'mlc_no': mlc_no
                }
            )
            q_session.commit()
            msg = str(datetime.datetime.now()) + ': Modified patient with id = ' + patid + ' and name = ' + name + \
                ' by ' + current_user.email
            app.logger.info(msg)
        if request.form['submit'] == 'delete':
            patid = request.form['patientid']
            name = request.form['patientname']
            q_session = Session()
            query = q_session.query(
                Patients
            ).filter(
                Patients.id == patid
            ).delete()
            q_session.commit()
            msg = str(datetime.datetime.now()) + ': Deleted patient with id = ' + patid + ' and name = ' + name + \
                ' by ' + current_user.email
            app.logger.info(msg)

        return redirect(url_for('.list_patients'))
    else:
        session['no-access'] = True
        session['tried'] = 'Patients'
        return redirect(url_for('login'))
Exemplo n.º 8
0
def list_tests():
    if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
        q_session = Session()
        tests = q_session.query(
            Tests
        ).order_by(
            asc(Tests.name)
        ).all()
        if tests:
            return render_template('managetests.html', tests=tests)
        else:
            errormsg = "No tests found. Please add a test."
            return render_template('managetests.html', error=errormsg)
    else:
        session['no-access'] = True
        session['tried'] = 'Tests'
        return redirect(url_for('login'))
Exemplo n.º 9
0
def list_patients():
    if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
        q_session = Session()
        query = q_session.query(
            Patients
        ).order_by(
            asc(Patients.name)
        ).all()
        if query:
            return render_template('managepatients.html', patients=query)
        else:
            errormsg = 'No patient found. Please add a patient.'
            return render_template('managepatients.html', error=errormsg)
    else:
        session['no-access'] = True
        session['tried'] = 'Patients'
        return redirect(url_for('login'))
Exemplo n.º 10
0
def user_roles():
    if session["logged_in"] and ("Read users" in session or "Edit users" in session):
        roles = read_roles()
        q_session = Session()
        query = (
            q_session.query(UserRoles.email, func.array_agg(UserRoles.user_role_id))
            .group_by(UserRoles.email)
            .order_by(asc(UserRoles.email))
            .all()
        )
        if query:
            return render_template("manageusers.html", roles=roles, usersandroles=query)
        else:
            errormsg = "No roles found. Please add roles and assign them to users."
            return render_template("manageusers.html", error=errormsg)
    else:
        session["no-access"] = True
        session["tried"] = "Users"
        return redirect(url_for("login"))
Exemplo n.º 11
0
def read_user_permissions():
    q_session = Session()
    roles = q_session.query(
        UserRoles.user_role_id,
    ).filter(
        UserRoles.email == current_user.email
    ).all()
    permissions = q_session.query(
        RolesPermissions.permissions_id
    ).filter(
        RolesPermissions.role_id.in_(roles)
    ).all()
    permission_names = q_session.query(
        Permissions.name
    ).filter(
        Permissions.id.in_(permissions)
    ).all()
    user_permissions = []
    for permission_name in permission_names:
        user_permissions.append(permission_name[0])
    return user_permissions
Exemplo n.º 12
0
def modify_tests():
    if session['logged_in'] and ('Read tests' in session or 'Edit tests' in session):
        if request.form['submit'] == 'save':
            name = request.form['testname']
            if len(request.form.getlist('testavail')) > 0:
                avail = True
            else:
                avail = False
            price = request.form['testprice']
            category = request.form['testcategory']
            testtype = request.form['testtype']
            code = request.form['testcode']
            desc = request.form['testdesc']
            q_session = Session()
            query = q_session.query(
                Tests
            ).filter(
                Tests.code == code
            ).update(
                {
                    'name': name,
                    'available': avail,
                    'price': price,
                    'category': category,
                    'code': code,
                    'type': testtype,
                    'description': desc
                }
            )
            q_session.commit()
            msg = str(datetime.datetime.now()) + ': Modified test with code = ' + code + ' by ' + current_user.email
            app.logger.info(msg)
        if request.form['submit'] == 'delete':
            code = request.form['testcode']
            q_session = Session()
            query = q_session.query(
                Tests
            ).filter(
                Tests.code == code
            ).delete()
            q_session.commit()
            msg = str(datetime.datetime.now()) + ': Deleted test with code = ' + code + ' by ' + current_user.email
            app.logger.info(msg)
        return redirect(url_for('.list_tests'))
    else:
        session['no-access'] = True
        session['tried'] = 'Tests'
        return redirect(url_for('login'))
Exemplo n.º 13
0
def create_patient():
    if session['logged_in'] and ('Read patients' in session or 'Edit patients' in session):
        name = request.form['patientname']
        category = request.form['patientcategory']
        ptype = request.form['patienttype']
        age = request.form['patientage']
        sex = request.form['patientsex']
        contact = request.form['patientcontact']
        email = request.form['patientemail']
        address = request.form['patientaddress']
        reg_no = request.form['patientreg']
        ref_no = request.form['patientref']
        mlc_no = request.form['patientmlc']
        q_session = Session()
        record = Patients(
            name=name,
            category=category,
            type=ptype,
            age=age,
            sex=sex,
            contact=contact,
            email=email,
            address=address,
            reg_no=reg_no,
            ref_no=ref_no,
            mlc_no=mlc_no
        )
        q_session.add(record)
        q_session.commit()
        msg = str(datetime.datetime.now()) + ': Created patient with name = ' + name + ' and ref_no = ' + ref_no + \
            ' by ' + current_user.email
        app.logger.info(msg)
        return redirect(url_for('.list_patients'))
    else:
        session['no-access'] = True
        session['tried'] = 'Patients'
        return redirect(url_for('login'))
Exemplo n.º 14
0
def create_role():
    if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
        role = request.form['rolename']
        permissionslist = request.form.getlist('rolepermissions')
        q_session = Session()
        record = Roles(name=role)
        q_session.add(record)
        q_session.commit()
        query = q_session.query(
            Roles
        ).filter(
            Roles.name == role
        ).first()
        for permission in permissionslist:
            record = RolesPermissions(role_id=query.id, permissions_id=permission)
            q_session.add(record)
            q_session.commit()
        msg = str(datetime.datetime.now()) + ': Created role ' + role + ' by ' + current_user.email
        app.logger.info(msg)
        return redirect(url_for('.list_roles'))
    else:
        session['no-access'] = True
        session['tried'] = 'Roles'
        return redirect(url_for('login'))
Exemplo n.º 15
0
def create_user():
    if session["logged_in"] and ("Read users" in session or "Edit users" in session):
        roleslist = request.form.getlist("newuserroles")
        user = request.form["username"]
        passwd = request.form["passwd"]
        inppasswd = bcrypt.generate_password_hash(passwd)
        q_session = Session()
        userrecord = Login(email=user, passwd=inppasswd, authenticated=True)
        q_session.add(userrecord)
        q_session.commit()
        for role in roleslist:
            record = UserRoles(email=user, user_role_id=role)
            q_session.add(record)
            q_session.commit()
        msg = str(datetime.datetime.now()) + ": Created user with id = " + user + " by " + current_user.email
        app.logger.info(msg)
        return redirect(url_for(".user_roles"))
    else:
        session["no-access"] = True
        session["tried"] = "Users"
        return redirect(url_for("login"))
Exemplo n.º 16
0
def modify_role():
    if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
        if request.form['submit'] == 'delete':
            role_id = request.form['roleid']
            q_session = Session()
            # Retrieve the role name for logging
            role = q_session.query(
                Roles
            ).filter_by(
                id=role_id
            ).first()
            rolename = role.name
            # Delete the role
            roles = q_session.query(
                Roles
            ).filter_by(
                id=role_id
            ).delete()
            # delete permissions associated with the role
            permissions = q_session.query(
                RolesPermissions
            ).filter(
                RolesPermissions.role_id == role_id
            ).delete()
            # delete user role map for the said role
            user_roles = q_session.query(
                UserRoles
            ).filter(
                UserRoles.user_role_id == role_id
            ).delete()
            q_session.commit()
            msg = str(datetime.datetime.now()) + ': Deleted role ' + rolename + ' by ' + current_user.email
            app.logger.info(msg)
        if request.form['submit'] == 'save':
            role_id = request.form['roleid']
            rolename = request.form['rolename']
            q_session = Session()

            # delete all existing permissions for this role
            permissions = q_session.query(
                RolesPermissions
            ).filter(
                RolesPermissions.role_id == role_id
            ).delete()
            q_session.commit()
            permissionslist = request.form.getlist('rolepermissions')

            # get system wide permissions
            all_permissions = all_permission_names()

            # find permissions to remove from session
            permissions_to_remove_from_session = list(set(all_permissions).difference(set(read_user_permissions())))

            # remove the permissions from session
            for permission_to_remove in permissions_to_remove_from_session:
                session.pop(permission_to_remove, None)

            # set all new permissions in session
            permission_names = q_session.query(
                Permissions.name
            ).filter(
                Permissions.id.in_(permissionslist)
            ).all()

            for each_permission in permission_names:
                session[each_permission[0]] = True

            # add new role permissions
            for permission in permissionslist:
                record = RolesPermissions(role_id=role_id, permissions_id=permission)
                q_session.add(record)
                q_session.commit()
            msg = str(datetime.datetime.now()) + ': Modified role ' + rolename + ' by ' + current_user.email
            app.logger.info(msg)
        return redirect(url_for('.list_roles'))
    else:
        session['no-access'] = True
        session['tried'] = 'Roles'
        return redirect(url_for('login'))
Exemplo n.º 17
0
Arquivo: main.py Projeto: takwas/HMS
def user_loader(user_id):
    q_session = Session()
    return q_session.query(Login).filter(Login.email == user_id).first()
Exemplo n.º 18
0
def modify_users():
    if session["logged_in"] and ("Read users" in session or "Edit users" in session):
        if request.form["submit"] == "save":
            roleslist = request.form.getlist("roleslist")
            username = request.form["usernameholder"]
            q_session = Session()
            roles = q_session.query(UserRoles).filter_by(email=username).delete()
            q_session.commit()
            for role in roleslist:
                record = UserRoles(email=username, user_role_id=role)
                q_session.add(record)
                q_session.commit()
            msg = str(datetime.datetime.now()) + ": Made changes to roles of " + username + " by " + current_user.email
            app.logger.info(msg)

        if request.form["submit"] == "delete":
            user = request.form["usernameholder"]
            q_session = Session()
            roles = q_session.query(UserRoles).filter_by(email=user).delete()
            q_session.commit()
            users = q_session.query(Login).filter_by(email=user).delete()
            q_session.commit()
            msg = str(datetime.datetime.now()) + ": Removed user " + user + " by " + current_user.email
            app.logger.info(msg)

        return redirect(url_for(".user_roles"))
    else:
        session["no-access"] = True
        session["tried"] = "Users"
        return redirect(url_for("login"))