feat(user): added nurse role

ohcnetwork · Dec 8, 2023 · aa1eade · aa1eade
1 parent 0869c46
commit aa1eade
Show file tree

Hide file tree

Showing 26 changed files with 248 additions and 205 deletions.
diff --git a/care/facility/api/serializers/patient_sample.py b/care/facility/api/serializers/patient_sample.py
@@ -12,6 +12,7 @@
     PatientSampleFlow,
 )
 from care.users.api.serializers.user import UserBaseMinimumSerializer
+from care.users.models import User
 from care.utils.serializer.external_id_field import ExternalIdSerializerField
 from config.serializers import ChoiceField
 
@@ -103,7 +104,12 @@ class PatientSamplePatchSerializer(PatientSampleSerializer):
     notes = serializers.CharField(required=False)
 
     def update(self, instance, validated_data):
-        instance.last_edited_by = self.context["request"].user
+        user = self.context["request"].user
+        if user.user_type < User.TYPE_VALUE_MAP["Doctor"]:
+            raise ValidationError(
+                {"status": ["User is not allowed to update sample details"]}
+            )
+        instance.last_edited_by = user
         try:
             is_completed = validated_data.get("result") in [1, 2]
             new_status = validated_data.get(

diff --git a/care/facility/api/viewsets/bed.py b/care/facility/api/viewsets/bed.py
@@ -2,6 +2,7 @@
 from django.db.models import OuterRef, Subquery
 from django_filters import rest_framework as filters
 from drf_spectacular.utils import extend_schema, extend_schema_view
+from dry_rest_permissions.generics import DRYPermissions
 from rest_framework import filters as drf_filters
 from rest_framework import status
 from rest_framework.exceptions import PermissionDenied
@@ -55,7 +56,7 @@ class BedViewSet(
     serializer_class = BedSerializer
     lookup_field = "external_id"
     filter_backends = (filters.DjangoFilterBackend, drf_filters.SearchFilter)
-    permission_classes = [IsAuthenticated]
+    permission_classes = (IsAuthenticated,)
     search_fields = ["name"]
     filterset_class = BedFilter
 
@@ -215,6 +216,7 @@ class ConsultationBedViewSet(
         .order_by("-created_date")
     )
     serializer_class = ConsultationBedSerializer
+    permission_classes = (DRYPermissions,)
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = ConsultationBedFilter
     lookup_field = "external_id"

diff --git a/care/facility/api/viewsets/file_upload.py b/care/facility/api/viewsets/file_upload.py
@@ -1,4 +1,5 @@
 from django_filters import rest_framework as filters
+from dry_rest_permissions.generics import DRYPermissions
 from rest_framework.exceptions import ValidationError
 from rest_framework.mixins import (
     CreateModelMixin,
@@ -36,20 +37,23 @@ class FileUploadViewSet(
     queryset = (
         FileUpload.objects.all().select_related("uploaded_by").order_by("-created_date")
     )
-    permission_classes = [IsAuthenticated]
+    permission_classes = (
+        IsAuthenticated,
+        DRYPermissions,
+    )
     lookup_field = "external_id"
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = FileUploadFilter
+    serializer_class = FileUploadUpdateSerializer
 
     def get_serializer_class(self):
         if self.action == "retrieve":
             return FileUploadRetrieveSerializer
-        elif self.action == "list":
+        if self.action == "list":
             return FileUploadListSerializer
-        elif self.action == "create":
+        if self.action == "create":
             return FileUploadCreateSerializer
-        else:
-            return FileUploadUpdateSerializer
+        return super().get_serializer_class()
 
     def get_queryset(self):
         if "file_type" not in self.request.GET:

diff --git a/care/facility/api/viewsets/notification.py b/care/facility/api/viewsets/notification.py
@@ -13,6 +13,7 @@
 
 from care.facility.api.serializers.notification import NotificationSerializer
 from care.facility.models.notification import Notification
+from care.users.models import User
 from care.utils.filters.choicefilter import CareChoiceFilter, inverse_choices
 from care.utils.notification_handler import NotificationGenerator
 from care.utils.queryset.facility import get_facility_queryset
@@ -71,6 +72,10 @@ def notify(self, request, *args, **kwargs):
             raise ValidationError({"facility": "is required"})
         if "message" not in request.data or request.data["message"] == "":
             raise ValidationError({"message": "is required"})
+        if user.user_type < User.TYPE_VALUE_MAP["Doctor"] and request.data["facility"]:
+            raise ValidationError(
+                {"user": "You are not allowed to notify other hospitals"}
+            )
         facilities = get_facility_queryset(user)
         facility = get_object_or_404(
             facilities.filter(external_id=request.data["facility"])

diff --git a/care/facility/api/viewsets/patient_external_test.py b/care/facility/api/viewsets/patient_external_test.py
@@ -6,6 +6,7 @@
 from django_filters.filters import DateFromToRangeFilter
 from djqscsv import render_to_csv_response
 from drf_spectacular.utils import extend_schema
+from dry_rest_permissions.generics import DRYPermissions
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied, ValidationError
@@ -77,7 +78,10 @@ class PatientExternalTestViewSet(
         .all()
         .order_by("-id")
     )
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (
+        IsAuthenticated,
+        DRYPermissions,
+    )
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = PatientExternalTestFilter
     parser_classes = (MultiPartParser, FormParser, JSONParser)

diff --git a/care/facility/api/viewsets/patient_investigation.py b/care/facility/api/viewsets/patient_investigation.py
@@ -6,6 +6,7 @@
 from django_filters import Filter
 from django_filters import rest_framework as filters
 from drf_spectacular.utils import extend_schema
+from dry_rest_permissions.generics import DRYPermissions
 from rest_framework import mixins, status, viewsets
 from rest_framework.decorators import action
 from rest_framework.exceptions import ValidationError
@@ -82,7 +83,7 @@ class PatientInvestigationViewSet(
     pagination_class = InvestigationResultsSetPagination
 
 
-class PatientInvestigationFilter(filters.FilterSet):
+class PatientInvestigationSummaryFilter(filters.FilterSet):
     created_date = filters.DateFromToRangeFilter(field_name="created_date")
     modified_date = filters.DateFromToRangeFilter(field_name="modified_date")
     investigation = filters.CharFilter(field_name="investigation__external_id")
@@ -102,7 +103,7 @@ class PatientInvestigationSummaryViewSet(
     queryset = InvestigationValue.objects.all()
     lookup_field = "external_id"
     permission_classes = (IsAuthenticated,)
-    filterset_class = PatientInvestigationFilter
+    filterset_class = PatientInvestigationSummaryFilter
     filter_backends = (filters.DjangoFilterBackend,)
     pagination_class = InvestigationSummaryResultsSetPagination
     SESSION_PER_PAGE = 5
@@ -124,16 +125,19 @@ def get_queryset(self):
                 * self.SESSION_PER_PAGE
             ]
         )
-        if not sessions.exists():
+        if (
+            not sessions.exists()
+            or self.request.user.user_type < User.TYPE_VALUE_MAP["Nurse"]
+        ):
             return self.queryset.none()
         queryset = queryset.filter(session_id__in=sessions.values("session_id"))
         if self.request.user.is_superuser:
             return queryset
-        elif self.request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
+        if self.request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
             return queryset.filter(
                 consultation__patient__facility__state=self.request.user.state
             )
-        elif self.request.user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]:
+        if self.request.user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]:
             return queryset.filter(
                 consultation__patient__facility__district=self.request.user.district
             )
@@ -157,7 +161,10 @@ class InvestigationValueViewSet(
     serializer_class = InvestigationValueSerializer
     queryset = InvestigationValue.objects.all()
     lookup_field = "external_id"
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (
+        IsAuthenticated,
+        DRYPermissions,
+    )
     filterset_class = PatientInvestigationFilter
     filter_backends = (filters.DjangoFilterBackend,)
     pagination_class = InvestigationValueSetPagination
@@ -173,11 +180,11 @@ def get_queryset(self):
         )
         if self.request.user.is_superuser:
             return queryset
-        elif self.request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
+        if self.request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
             return queryset.filter(
                 consultation__patient__facility__state=self.request.user.state
             )
-        elif self.request.user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]:
+        if self.request.user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]:
             return queryset.filter(
                 consultation__patient__facility__district=self.request.user.district
             )

diff --git a/care/facility/api/viewsets/patient_sample.py b/care/facility/api/viewsets/patient_sample.py
@@ -88,12 +88,11 @@ class PatientSampleViewSet(
     http_method_names = ["get", "post", "patch", "delete"]
 
     def get_serializer_class(self):
-        serializer_class = self.serializer_class
         if self.action == "retrieve":
-            serializer_class = PatientSampleDetailSerializer
-        elif self.action == "partial_update":
-            serializer_class = PatientSamplePatchSerializer
-        return serializer_class
+            return PatientSampleDetailSerializer
+        if self.action == "partial_update":
+            return PatientSamplePatchSerializer
+        return super().get_serializer_class()
 
     def get_queryset(self):
         queryset = super(PatientSampleViewSet, self).get_queryset()

diff --git a/care/facility/api/viewsets/shifting.py b/care/facility/api/viewsets/shifting.py
@@ -122,7 +122,10 @@ class ShiftingViewSet(
     )
     ordering_fields = ["id", "created_date", "modified_date", "emergency"]
 
-    permission_classes = (IsAuthenticated, DRYPermissions)
+    permission_classes = (
+        IsAuthenticated,
+        DRYPermissions,
+    )
     filter_backends = (
         ShiftingFilterBackend,
         filters.DjangoFilterBackend,
@@ -131,10 +134,9 @@ class ShiftingViewSet(
     filterset_class = ShiftingFilterSet
 
     def get_serializer_class(self):
-        serializer_class = self.serializer_class
         if self.action == "retrieve":
-            serializer_class = ShiftingDetailSerializer
-        return serializer_class
+            return ShiftingDetailSerializer
+        return super().get_serializer_class()
 
     @extend_schema(tags=["shift"])
     @action(detail=True, methods=["POST"])

diff --git a/care/facility/models/base.py b/care/facility/models/base.py
@@ -2,8 +2,9 @@
 from care.utils.models.base import BaseModel
 
 READ_ONLY_USER_TYPES = [
-    User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"],
     User.TYPE_VALUE_MAP["StateReadOnlyAdmin"],
+    User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"],
+    User.TYPE_VALUE_MAP["NurseReadOnly"],
     User.TYPE_VALUE_MAP["StaffReadOnly"],
 ]
 

diff --git a/care/facility/models/bed.py b/care/facility/models/bed.py
@@ -10,6 +10,7 @@
 
 from care.facility.models.asset import Asset, AssetLocation
 from care.facility.models.facility import Facility
+from care.facility.models.mixins.permissions.facility import FacilityUserPermissionMixin
 from care.facility.models.patient_base import BedType, BedTypeChoices
 from care.facility.models.patient_consultation import PatientConsultation
 from care.utils.models.base import BaseModel
@@ -65,7 +66,7 @@ def __str__(self):
         return f"{self.asset.name} - {self.bed.name}"
 
 
-class ConsultationBed(BaseModel):
+class ConsultationBed(BaseModel, FacilityUserPermissionMixin):
     consultation = models.ForeignKey(
         PatientConsultation, on_delete=models.PROTECT, null=False, blank=False
     )

diff --git a/care/facility/models/daily_round.py b/care/facility/models/daily_round.py
@@ -12,7 +12,7 @@
     COVID_CATEGORY_CHOICES,
     PatientBaseModel,
 )
-from care.facility.models.base import covert_choice_dict
+from care.facility.models.base import READ_ONLY_USER_TYPES, covert_choice_dict
 from care.facility.models.bed import AssetBed
 from care.facility.models.json_schema.daily_round import (
     BLOOD_PRESSURE,
@@ -521,11 +521,9 @@ def save(self, *args, **kwargs):
     @staticmethod
     def has_write_permission(request):
         if "/analyse" not in request.get_full_path():
-            if (
-                request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
-                or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
-                or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
-            ):
+            if request.user.user_type in READ_ONLY_USER_TYPES:
+                return False
+            if request.user.user_type < User.TYPE_VALUE_MAP["Nurse"]:
                 return False
         return DailyRound.has_read_permission(request)
 
@@ -581,11 +579,9 @@ def has_object_read_permission(self, request):
         )
 
     def has_object_write_permission(self, request):
-        if (
-            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
-        ):
+        if request.user.user_type in READ_ONLY_USER_TYPES:
+            return False
+        if request.user.user_type < User.TYPE_VALUE_MAP["Nurse"]:
             return False
         return (
             request.user.is_superuser

diff --git a/care/facility/models/file_upload.py b/care/facility/models/file_upload.py
@@ -7,11 +7,12 @@
 from django.db import models
 
 from care.facility.models import FacilityBaseModel
+from care.facility.models.mixins.permissions.facility import FacilityPermissionMixin
 from care.users.models import User
 from care.utils.csp import config as cs_provider
 
 
-class FileUpload(FacilityBaseModel):
+class FileUpload(FacilityBaseModel, FacilityPermissionMixin):
     """
     Stores data about all file uploads
     the file can belong to any type ie Patient , Consultation , Daily Round and so on ...

diff --git a/care/facility/models/mixins/permissions/asset.py b/care/facility/models/mixins/permissions/asset.py
@@ -1,7 +1,7 @@
 from dry_rest_permissions.generics import DRYPermissions
 
+from care.facility.models.base import READ_ONLY_USER_TYPES
 from care.facility.models.mixins.permissions.base import BasePermissionMixin
-from care.users.models import User
 
 
 class IsAssetUser:
@@ -30,11 +30,7 @@ def has_object_read_permission(self, request):
         return True
 
     def has_object_write_permission(self, request):
-        if (
-            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
-        ):
+        if request.user.user_type in READ_ONLY_USER_TYPES:
             return False
 
         return True

diff --git a/care/facility/models/mixins/permissions/base.py b/care/facility/models/mixins/permissions/base.py
@@ -1,3 +1,4 @@
+from care.facility.models.base import READ_ONLY_USER_TYPES
 from care.users.models import User
 
 
@@ -8,11 +9,7 @@ def has_read_permission(request):
 
     @staticmethod
     def has_write_permission(request):
-        if (
-            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
-        ):
+        if request.user.user_type in READ_ONLY_USER_TYPES:
             return False
         return (
             request.user.is_superuser
@@ -36,11 +33,7 @@ def has_object_read_permission(self, request):
         )
 
     def has_object_update_permission(self, request):
-        if (
-            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
-        ):
+        if request.user.user_type in READ_ONLY_USER_TYPES:
             return False
         return (request.user.is_superuser) or (
             (hasattr(self, "created_by") and request.user == self.created_by)
@@ -57,11 +50,7 @@ def has_object_update_permission(self, request):
         )
 
     def has_object_destroy_permission(self, request):
-        if (
-            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
-            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
-        ):
+        if request.user.user_type in READ_ONLY_USER_TYPES:
             return False
         return request.user.is_superuser or (
             hasattr(self, "created_by") and request.user == self.created_by