def get_queryset(cls, queryset, user):
     queryset = cls.filter_queryset(queryset)
     if isinstance(user, ResolveInfo):
         user = user.context.user
     if settings.ROW_SECURITY and user.is_anonymous:
         return queryset.filter(id=None)
     if settings.ROW_SECURITY:
         dist = UserDistrict.get_user_districts(user._u)
         return queryset.filter(
             locations__parent__parent_id__in=[l.location_id for l in dist])
     return queryset
Пример #2
0
 def hf_scope_check(self, claim_submit):
     from location.models import UserDistrict, HealthFacility
     dist = UserDistrict.get_user_districts(self.user._u)
     hf = HealthFacility.filter_queryset()\
         .filter(code=claim_submit.health_facility_code)\
         .filter(location_id__in=[l.location_id for l in dist])\
         .first()
     if not hf:
         raise ClaimSubmitError(
             "Invalid health facility code or health facility not allowed for user"
         )
Пример #3
0
 def get_queryset(cls, queryset, user):
     queryset = cls.filter_queryset(queryset)
     # GraphQL calls with an info object while Rest calls with the user itself
     if isinstance(user, ResolveInfo):
         user = user.context.user
     if settings.ROW_SECURITY and user.is_anonymous:
         return queryset.filter(id=-1)
     if settings.ROW_SECURITY:
         dist = UserDistrict.get_user_districts(user._u)
         return queryset.filter(
             health_facility__location_id__in=[l.location_id for l in dist])
     return queryset
Пример #4
0
 def get_queryset(cls, queryset, user):
     queryset = Claim.filter_queryset(queryset)
     # GraphQL calls with an info object while Rest calls with the user itself
     if isinstance(user, ResolveInfo):
         user = user.context.user
     if settings.ROW_SECURITY and user.is_anonymous:
         return queryset.filter(id=-1)
     if settings.ROW_SECURITY:
         # TechnicalUsers don't have health_facility_id attribute
         if hasattr(user._u,
                    'health_facility_id') and user._u.health_facility_id:
             return queryset.filter(
                 health_facility_id=user._u.health_facility_id)
         else:
             dist = UserDistrict.get_user_districts(user._u)
             return queryset.filter(health_facility__location_id__in=[
                 l.location_id for l in dist
             ])
     return queryset
Пример #5
0
def attach(request):
    queryset = ClaimAttachment.objects.filter(*core.filter_validity())
    if settings.ROW_SECURITY:
        from location.models import UserDistrict
        dist = UserDistrict.get_user_districts(request.user._u)
        queryset = queryset.select_related("claim")\
            .filter(
            claim__health_facility__location__id__in=[
                l.location_id for l in dist]
        )
    attachment = queryset\
        .filter(id=request.GET['id'])\
        .first()
    if not attachment:
        raise PermissionDenied(_("unauthorized"))

    if ClaimConfig.claim_attachments_root_path and attachment.url is None:
        response = HttpResponse(status=404)
        return response

    if not ClaimConfig.claim_attachments_root_path and attachment.document is None:
        response = HttpResponse(status=404)
        return response

    response = HttpResponse(content_type=(
        "application/x-binary" if attachment.mime is None else attachment.mime
    ))
    response[
        'Content-Disposition'] = 'attachment; filename=%s' % attachment.filename
    if ClaimConfig.claim_attachments_root_path:
        f = open(
            '%s/%s' %
            (ClaimConfig.claim_attachments_root_path, attachment.url), "r")
        response.write(f.read())
        f.close()
    else:
        response.write(base64.b64decode(attachment.document))
    return response
Пример #6
0
 def fetch(self, uuid):
     from .models import Claim
     queryset = Claim.objects.filter(*core.filter_validity())
     if settings.ROW_SECURITY:
         from location.models import UserDistrict
         dist = UserDistrict.get_user_districts(self.user._u)
         queryset = queryset.filter(health_facility__location__id__in=[
             l.location_id for l in dist
         ])
     claim = queryset\
         .select_related('health_facility') \
         .select_related('insuree') \
         .filter(uuid=uuid)\
         .first()
     if not claim:
         raise PermissionDenied(_("unauthorized"))
     return {
         "code": claim.code,
         "visitDateFrom":
         claim.date_from.isoformat() if claim.date_from else None,
         "visitDateTo":
         claim.date_to.isoformat() if claim.date_to else None,
         "claimDate":
         claim.date_claimed.isoformat() if claim.date_claimed else None,
         "healthFacility": str(claim.health_facility),
         "insuree": str(claim.insuree),
         "claimAdmin": str(claim.admin) if claim.admin else None,
         "icd": str(claim.icd),
         "icd1": str(claim.icd1) if claim.icd_1 else None,
         "icd2": str(claim.icd1) if claim.icd_2 else None,
         "icd3": str(claim.icd1) if claim.icd_3 else None,
         "icd4": str(claim.icd1) if claim.icd_4 else None,
         "guarantee": claim.guarantee_id,
         "visitType": claim.visit_type,
         "claimed": claim.claimed,
         "services": [formatClaimService(s) for s in claim.services.all()],
         "items": [formatClaimItem(i) for i in claim.items.all()],
     }