Feature: Lock asset & Patient privacy & Boundary based validation

care/facility/api/viewsets/asset.py

@@ -15,7 +15,7 @@
 from rest_framework import filters as drf_filters
 from rest_framework import status
 from rest_framework.decorators import action
-from rest_framework.exceptions import APIException, ValidationError
+from rest_framework.exceptions import APIException, PermissionDenied, ValidationError
 from rest_framework.mixins import (
     CreateModelMixin,
     DestroyModelMixin,
@@ -385,9 +385,23 @@
                     "middleware_hostname": middleware_hostname,
                 }
             )
-            result = asset_class.handle_action(action)
+            asset_class.validate_action(action)
+            result = asset_class.handle_action(
+                action,
+                username=request.user.username,
+                asset_id=asset.external_id,
+                method_name="operate_assets",
+            )
+
             return Response({"result": result}, status=status.HTTP_200_OK)
 
+        except PermissionDenied as e:
+            return Response(
+                {
+                    "detail": e.detail.get("message", None),
+                },
+                status=status.HTTP_409_CONFLICT,
+            )
         except ValidationError as e:
             return Response({"detail": e.detail}, status=status.HTTP_400_BAD_REQUEST)
 

care/facility/api/viewsets/bed.py

@@ -3,8 +3,10 @@
 from django.db.models import OuterRef, Subquery
 from django_filters import rest_framework as filters
 from drf_spectacular.utils import extend_schema, extend_schema_view
+from dry_rest_permissions.generics import DRYPermissions
 from rest_framework import filters as drf_filters
 from rest_framework import status
+from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.exceptions import ValidationError as DRFValidationError
 from rest_framework.fields import get_error_detail
@@ -226,6 +228,10 @@
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = ConsultationBedFilter
     lookup_field = "external_id"
+    permission_classes = (
+        IsAuthenticated,
+        DRYPermissions,
+    )
 
     def get_queryset(self):
         user = self.request.user
@@ -240,3 +246,50 @@
             allowed_facilities = get_accessible_facilities(user)
             queryset = queryset.filter(bed__facility__id__in=allowed_facilities)
         return queryset
+
+    @extend_schema(
+        description="Toggle patient privacy",
+        responses={status.HTTP_200_OK: None},
+        request=None,
+        tags=["consultationbed"],
+    )
+    @action(detail=True, methods=["POST"])
+    def patient_privacy(self, request, **kwargs):
+        instance = self.get_object()
+        if instance.privacy:
+            return Response(
+                {
+                    "status": "failed",
+                    "message": "Asset already locked",
+                    "locked_by": instance.meta["locked_by"],
+                },
+                status=status.HTTP_409_CONFLICT,
+            )
+
+        instance.privacy = True
+        instance.meta["locked_by"] = request.user.username
+        instance.save()
+        return Response(
+            {"status": "success"},
+            status=status.HTTP_200_OK,
+        )
+
+    @patient_privacy.mapping.delete
+    def disable_patient_privacy(self, request, **kwargs):
+        instance = self.get_object()
+        if not instance.privacy:
+            return Response(
+                {"status": "failure", "message": "Asset not locked"},
+                status=status.HTTP_409_CONFLICT,
+            )
+
+        if instance.meta["locked_by"] != request.user.username:
+            raise PermissionDenied("You do not have permission to unlock this asset")
+
+        instance.privacy = False
+        del instance.meta["locked_by"]
+        instance.save()
+        return Response(
+            {"status": "success", "privacy": instance.privacy},
+            status=status.HTTP_200_OK,
+        )

care/facility/migrations/0415_consultationbed_privacy_alter_notification_event.py

@@ -0,0 +1,44 @@
+# Generated by Django 4.2.10 on 2024-02-17 18:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("facility", "0414_remove_bed_old_name"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="consultationbed",
+            name="privacy",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name="notification",
+            name="event",
+            field=models.IntegerField(
+                choices=[
+                    (0, "MESSAGE"),
+                    (10, "ASSET_UNLOCKED"),
+                    (20, "PATIENT_CREATED"),
+                    (30, "PATIENT_UPDATED"),
+                    (40, "PATIENT_DELETED"),
+                    (50, "PATIENT_CONSULTATION_CREATED"),
+                    (60, "PATIENT_CONSULTATION_UPDATED"),
+                    (70, "PATIENT_CONSULTATION_DELETED"),
+                    (80, "INVESTIGATION_SESSION_CREATED"),
+                    (90, "INVESTIGATION_UPDATED"),
+                    (100, "PATIENT_FILE_UPLOAD_CREATED"),
+                    (110, "CONSULTATION_FILE_UPLOAD_CREATED"),
+                    (120, "PATIENT_CONSULTATION_UPDATE_CREATED"),
+                    (130, "PATIENT_CONSULTATION_UPDATE_UPDATED"),
+                    (140, "PATIENT_CONSULTATION_ASSIGNMENT"),
+                    (200, "SHIFTING_UPDATED"),
+                    (210, "PATIENT_NOTE_ADDED"),
+                    (220, "PUSH_MESSAGE"),
+                ],
+                default=0,
+            ),
+        ),
+    ]

care/facility/models/bed.py

@@ -11,8 +11,12 @@
 
 from care.facility.models.asset import Asset, AssetLocation
 from care.facility.models.facility import Facility
+from care.facility.models.mixins.permissions.patient import (
+    ConsultationRelatedPermissionMixin,
+)
 from care.facility.models.patient_base import BedType, BedTypeChoices
 from care.facility.models.patient_consultation import PatientConsultation
+from care.users.models import User
 from care.utils.models.base import BaseModel
 
 
@@ -75,18 +79,67 @@ def __str__(self):
         return f"{self.asset.name} - {self.bed.name}"
 
 
-class ConsultationBed(BaseModel):
+class ConsultationBed(BaseModel, ConsultationRelatedPermissionMixin):
     consultation = models.ForeignKey(
         PatientConsultation, on_delete=models.PROTECT, null=False, blank=False
     )
     bed = models.ForeignKey(Bed, on_delete=models.PROTECT, null=False, blank=False)
     start_date = models.DateTimeField(null=False, blank=False)
     end_date = models.DateTimeField(null=True, blank=True, default=None)
+    privacy = models.BooleanField(default=False)
     meta = JSONField(default=dict, blank=True)
     assets = models.ManyToManyField(
         Asset, through="ConsultationBedAsset", related_name="assigned_consultation_beds"
     )
 
+    @staticmethod
+    def has_patient_privacy_permission(request, **kwargs):
+        permission_mixin = ConsultationRelatedPermissionMixin()
+        return permission_mixin.has_object_update_permission(request)
+
+    def has_object_patient_privacy_permission(self, request, **kwargs):
+        user = request.user
+        return (
+            user.user_type == User.TYPE_VALUE_MAP["WardAdmin"]
+            or user.user_type == User.TYPE_VALUE_MAP["LocalBodyAdmin"]
+            or user.user_type == User.TYPE_VALUE_MAP["DistrictAdmin"]
+            or user.user_type == User.TYPE_VALUE_MAP["StateAdmin"]
+            or (
+                user.user_type == User.TYPE_VALUE_MAP["Doctor"]
+                and user.home_facility.external_id
+                == self.consultation.facility.external_id
+            )
+            or (
+                user.user_type == User.TYPE_VALUE_MAP["Staff"]
+                and user.home_facility.external_id
+                == self.consultation.facility.external_id
+            )
+        )
+
+    @staticmethod
+    def has_disable_patient_privacy_permission(request, **kwargs):
+        permission_mixin = ConsultationRelatedPermissionMixin()
+        return permission_mixin.has_object_update_permission(request)
+
+    def has_object_disable_patient_privacy_permission(self, request, **kwargs):
+        user = request.user
+        return (
+            user.user_type == User.TYPE_VALUE_MAP["WardAdmin"]
+            or user.user_type == User.TYPE_VALUE_MAP["LocalBodyAdmin"]
+            or user.user_type == User.TYPE_VALUE_MAP["DistrictAdmin"]
+            or user.user_type == User.TYPE_VALUE_MAP["StateAdmin"]
+            or (
+                user.user_type == User.TYPE_VALUE_MAP["Doctor"]
+                and user.home_facility.external_id
+                == self.consultation.facility.external_id
+            )
+            or (
+                user.user_type == User.TYPE_VALUE_MAP["Staff"]
+                and user.home_facility.external_id
+                == self.consultation.facility.external_id
+            )
+        )
+
 
 class ConsultationBedAsset(BaseModel):
     consultation_bed = models.ForeignKey(

care/facility/models/notification.py

@@ -23,6 +23,7 @@ class Medium(enum.Enum):
 
     class Event(enum.Enum):
         MESSAGE = 0
+        ASSET_UNLOCKED = 10
         PATIENT_CREATED = 20
         PATIENT_UPDATED = 30
         PATIENT_DELETED = 40

care/facility/tests/test_asset_operate_api.py

@@ -0,0 +1,142 @@
+from unittest.mock import MagicMock, patch
+
+from rest_framework import status
+from rest_framework.response import Response
+from rest_framework.test import APITestCase
+
+from care.facility.models import AssetBed
+from care.utils.tests.test_utils import TestUtils
+
+
+class AssetViewSetTestCase(TestUtils, APITestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.state = cls.create_state()
+        cls.district = cls.create_district(state=cls.state)
+        cls.local_body = cls.create_local_body(cls.district)
+        cls.user = cls.create_user(district=cls.district, username="test user")
+        cls.facility = cls.create_facility(
+            district=cls.district, local_body=cls.local_body, user=cls.user
+        )
+        cls.asset1_location = cls.create_asset_location(facility=cls.facility)
+
+        # depends upon the operational dev camera config
+        cls.onvif_meta = {
+            "asset_type": "CAMERA",
+            "local_ip_address": "192.168.1.64",
+            "camera_access_key": "remote_user:2jCkrCRSeahzKEU:d5694af2-21e2-4a39-9bad-2fb98d9818bd",
+            "middleware_hostname": "mock_middleware",
+        }
+        cls.hl7monitor_meta = {}
+        cls.ventilator_meta = {}
+        cls.bed = cls.create_bed(
+            facility=cls.facility, location=cls.asset1_location, meta={}
+        )
+        cls.asset = cls.create_asset(location=cls.asset1_location)
+
+    @patch("care.facility.api.viewsets.asset.AssetViewSet.operate_assets")
+    def test_onvif_relative_move(self, mock_asset):
+        # Set up your mock Asset instance
+        asset_instance = MagicMock()
+        asset_instance.meta = {"middleware_hostname": "mock_hostname"}
+        asset_instance.current_location.middleware_address = "mock_middleware_address"
+        mock_asset.objects.get.return_value = asset_instance
+
+        def validate_action(data):
+            boundary_range = boundary_asset_bed.meta.get("range", None)
+            camera_state = data["action"]["data"]["camera_state"]
+            action_data = data["action"]["data"]
+
+            if (
+                (camera_state["x"] + action_data["x"] < boundary_range["min_x"])
+                or (camera_state["x"] + action_data["x"] > boundary_range["max_x"])
+                or (camera_state["y"] + action_data["y"] < boundary_range["min_y"])
+                or (camera_state["y"] + action_data["y"] > boundary_range["max_y"])
+            ):
+                mock_asset.return_value = Response(
+                    {
+                        "result": "mock_result",
+                        "message": {"action": {"code": "invalid"}},
+                    },
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+            else:
+                mock_asset.return_value = Response(
+                    {"result": "mock_result"}, status=status.HTTP_200_OK
+                )
+
+        self.asset.asset_class = "ONVIF"
+        self.asset.meta = self.onvif_meta
+        self.asset.save()
+        boundary_asset_bed = AssetBed.objects.create(
+            asset=self.asset,
+            bed=self.bed,
+            meta={
+                "range": {
+                    "max_x": 2,
+                    "min_x": -2,
+                    "max_y": 2,
+                    "min_y": -2,
+                }
+            },
+        )
+
+        sample_data = {
+            "action": {
+                "type": "relative_move",
+                "data": {
+                    "x": 0.1,
+                    "y": 0.1,
+                    "zoom": 0.1,
+                    "camera_state": {"x": 1.5, "y": 1.5, "zoom": 0},
+                    "id": boundary_asset_bed.external_id,
+                },
+            }
+        }
+
+        validate_action(sample_data)
+        response = self.client.post(
+            f"/api/v1/asset/{self.asset.external_id}/operate_assets/",
+            sample_data,
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        sample_data_invald = {
+            "action": {
+                "type": "relative_move",
+                "data": {
+                    "x": 0.6,
+                    "y": 0.1,
+                    "zoom": 0.1,
+                    "camera_state": {"x": 1.5, "y": 1.5, "zoom": 0},
+                    "id": boundary_asset_bed.external_id,
+                },
+            }
+        }
+
+        validate_action(sample_data_invald)
+        response_invalid = self.client.post(
+            f"/api/v1/asset/{self.asset.external_id}/operate_assets/",
+            sample_data_invald,
+            "json",
+        )
+
+        self.assertEqual(response_invalid.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(
+            response_invalid.data.get("message", {}).get("action", {})["code"],
+            "invalid",
+        )
+
+    def test_hl7monitor(self):
+        self.asset.asset_class = "HL7MONITOR"
+        self.asset.meta = self.hl7monitor_meta
+        self.asset.save()
+        pass
+
+    def test_ventilator(self):
+        self.asset.asset_class = "VENTILATOR"
+        self.asset.meta = self.ventilator_meta
+        self.asset.save()
+        pass