def check_access_interaction_and_resource_type(resource_type, intn_type, rr): """ usage is deny = check_access_interaction_and_resource_type() :param resource_type: resource intn_type: interaction type rr: ResourceRouter """ try: rt = SupportedResourceType.objects.get(resourceType=resource_type, fhir_source=rr) # force comparison to lower case to make case insensitive check if intn_type.lower() not in map(str.lower, rt.get_supported_interaction_types()): msg = 'The interaction: %s is not permitted on %s FHIR ' \ 'resources on this FHIR sever.' % (intn_type, resource_type) logger_debug.debug(msg="%s:%s" % ("403", msg)) return kickout_403(msg) except SupportedResourceType.DoesNotExist: msg = '%s is not a supported resource ' \ 'type on this FHIR server.' % resource_type logger_debug.debug(msg="%s:%s" % ("404", msg)) return kickout_404(msg) return False
def check_access_interaction_and_resource_type(resource_type, interaction_type): try: rt = SupportedResourceType.objects.get(resource_name=resource_type) if interaction_type not in rt.get_supported_interaction_types(): msg = 'The interaction {} is not permitted on {} FHIR resources on this FHIR sever.'.format( interaction_type, resource_type ) return kickout_403(msg) except SupportedResourceType.DoesNotExist: msg = '{} is not a supported resource type on this FHIR server.'.format(resource_type) return kickout_404(msg) return False
def check_access_interaction_and_resource_type(resource_type, intn_type): """ usage is deny = check_access_interaction_and_resource_type() """ try: rt = SupportedResourceType.objects.get(resource_name=resource_type) # force comparison to lower case to make case insensitive check if intn_type.lower() not in map(str.lower, rt.get_supported_interaction_types()): msg = 'The interaction: %s is not permitted on %s FHIR ' \ 'resources on this FHIR sever.' % (intn_type, resource_type) return kickout_403(msg) except SupportedResourceType.DoesNotExist: msg = '%s is not a supported resource ' \ 'type on this FHIR server.' % resource_type return kickout_404(msg) return False
def create(request, resource_type): """ Create FHIR Interaction Example client use in curl: curl -H 'Content-Type: application/json' --data @test.json http://127.0.0.1:8000/fhir/Practitioner We need to deal with possible multiple resourceType or filter by FHIRServer from Crosswalk """ # TODO: Filter by FHIRServer interaction_type = 'create' # re-route to hello if no resource type is given: if not resource_type: return hello(request) try: rt = SupportedResourceType.objects.get(resourceType=resource_type) if interaction_type not in rt.get_supported_interaction_types( ) and request.method == 'GET': # GET means that this is a search so re-route return search(request, resource_type) elif interaction_type not in rt.get_supported_interaction_types(): msg = 'The interaction %s is not permitted on %s FHIR resources on this FHIR sever.' % ( interaction_type, resource_type, ) return kickout_403(msg) except SupportedResourceType.DoesNotExist: msg = '%s is not a supported resource type on this FHIR server.' % ( resource_type) return kickout_404(msg) # Catch all for GETs to re-direct to search if CREATE permission is valid if request.method == 'GET': return search(request, resource_type) if request.method == 'POST': # Check if request body is JSON ------------------------ try: j = json.loads(request.body.decode('utf-8'), object_pairs_hook=OrderedDict) if not isinstance(j, dict): kickout_400( 'The request body did not contain a JSON object i.e. {}.') except: return kickout_400("The request body did not contain valid JSON.") # if j.has_key('id'): # throws error if id not in OrderedDict if 'id' in j: return kickout_400( "Create cannot have an id. Perhaps you meant to perform an update?" ) # Check json_schema is valid try: json_schema = json.loads(rt.json_schema, object_pairs_hook=OrderedDict) except: return kickout_500( 'The JSON Schema on the server did not contain valid JSON.') # Check jsonschema if json_schema: try: validate(j, json_schema) except ValidationError: msg = 'JSON Schema Conformance Error. %s' % (str( sys.exc_info()[1][0])) return kickout_400(msg) # write_to_mongo - TBD response = OrderedDict() response['id'] = str(uuid.uuid4()) meta = OrderedDict() if j.get('meta').get('versionId'): meta['versionId'] = j.get('meta').get('versionId') else: meta['versionId'] = 1 if j.get('meta').get('lastUpdated'): meta['lastUpdated'] = j.get('meta').get('lastUpdated') else: meta['lastUpdated'] = '%sZ' % ( datetime.datetime.utcnow().isoformat()) meta['id'] = response['id'] response['meta'] = meta hr = HttpResponse(json.dumps(response, indent=4), status=201, content_type='application/json') hr['Location'] = '%s/%s/%s/_history/%s' % ( 'http://127.0.0.1:8000/fhir', resource_type, meta['id'], meta['versionId'], ) return hr # This is something other than GET or POST (i.e. a GET) if request.method not in ('GET', 'POST'): od = OrderedDict() od['request_method'] = request.method od['interaction_type'] = 'create' od['resource_type'] = resource_type od['note'] = 'Perform an HTTP POST to this URL with the JSON resource as the request body.' return HttpResponse(json.dumps(od, indent=4), content_type='application/json')
def create(request, resource_type): """ Create FHIR Interaction Example client use in curl: curl -H 'Content-Type: application/json' --data @test.json http://127.0.0.1:8000/fhir/Practitioner """ interaction_type = 'create' # re-route to hello if no resource type is given: if not resource_type: return hello(request) try: rt = SupportedResourceType.objects.get(resource_name=resource_type) if interaction_type not in rt.get_supported_interaction_types() and request.method == 'GET': # GET means that this is a search so re-route return search(request, resource_type) elif interaction_type not in rt.get_supported_interaction_types(): msg = 'The interaction %s is not permitted on %s FHIR resources on this FHIR sever.' % ( interaction_type, resource_type, ) return kickout_403(msg) except SupportedResourceType.DoesNotExist: msg = '%s is not a supported resource type on this FHIR server.' % (resource_type) return kickout_404(msg) # Catch all for GETs to re-direct to search if CREATE permission is valid if request.method == 'GET': return search(request, resource_type) if request.method == 'POST': # Check if request body is JSON ------------------------ try: j = json.loads(request.body.decode('utf-8'), object_pairs_hook=OrderedDict) if not isinstance(j, dict): kickout_400('The request body did not contain a JSON object i.e. {}.') except: return kickout_400("The request body did not contain valid JSON.") # if j.has_key('id'): # throws error if id not in OrderedDict if 'id' in j: return kickout_400("Create cannot have an id. Perhaps you meant to perform an update?") # Check json_schema is valid try: json_schema = json.loads(rt.json_schema, object_pairs_hook=OrderedDict) except: return kickout_500('The JSON Schema on the server did not contain valid JSON.') # Check jsonschema if json_schema: try: validate(j, json_schema) except ValidationError: msg = 'JSON Schema Conformance Error. %s' % (str(sys.exc_info()[1][0])) return kickout_400(msg) # write_to_mongo - TBD response = OrderedDict() response['id'] = str(uuid.uuid4()) meta = OrderedDict() if j.get('meta').get('versionId'): meta['versionId'] = j.get('meta').get('versionId') else: meta['versionId'] = 1 if j.get('meta').get('lastUpdated'): meta['lastUpdated'] = j.get('meta').get('lastUpdated') else: meta['lastUpdated'] = '%sZ' % (datetime.datetime.utcnow().isoformat()) meta['id'] = response['id'] response['meta'] = meta hr = HttpResponse(json.dumps(response, indent=4), status=201, content_type='application/json') hr['Location'] = '%s/%s/%s/_history/%s' % ( 'http://127.0.0.1:8000/fhir', resource_type, meta['id'], meta['versionId'], ) return hr # This is something other than GET or POST (i.e. a GET) if request.method not in ('GET', 'POST'): od = OrderedDict() od['request_method'] = request.method od['interaction_type'] = 'create' od['resource_type'] = resource_type od['note'] = 'Perform an HTTP POST to this URL with the JSON resource as the request body.' return HttpResponse(json.dumps(od, indent=4), content_type='application/json')