Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed permission issue bug in symptom and diagnosis #2722

Closed
wants to merge 7 commits into from
Closed

fixed permission issue bug in symptom and diagnosis #2722

Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6f8948d
fixed permission issue bug in symptom and diagnosis
DraKen0009 Jan 9, 2025
83fbd79
code rabbit suggestions
DraKen0009 Jan 9, 2025
8636b5a
updated how validation is done
DraKen0009 Jan 9, 2025
3489b5c
fixed the error with mixin
DraKen0009 Jan 9, 2025
a301b45
Merge branch 'develop' into fixing-authz-of-symptom-and-diagnosis
DraKen0009 Jan 9, 2025
3664143
Merge branch 'develop' into fixing-authz-of-symptom-and-diagnosis
DraKen0009 Jan 9, 2025
1174e0b
Merge branch 'develop' into fixing-authz-of-symptom-and-diagnosis
DraKen0009 Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 11 additions & 15 deletions care/emr/api/viewsets/condition.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from django_filters import CharFilter, FilterSet, UUIDFilter
from django_filters.rest_framework import DjangoFilterBackend
from rest_framework.exceptions import PermissionDenied
from rest_framework.exceptions import ValidationError

from care.emr.api.viewsets.base import EMRModelViewSet, EMRQuestionnaireResponseMixin
from care.emr.api.viewsets.encounter_authz_base import EncounterBasedAuthorizationBase
Expand Down Expand Up @@ -42,16 +42,14 @@ class SymptomViewSet(
questionnaire_subject_type = SubjectType.patient.value

def perform_create(self, instance):
encounter = Encounter.objects.get(external_id=instance.encounter.external_id)
DraKen0009 marked this conversation as resolved.
Show resolved Hide resolved
if str(encounter.patient.external_id) != self.kwargs["patient_external_id"]:
err = "Patient external ID mismatch with encounter's patient"
raise ValidationError(err)

instance.category = CategoryChoices.problem_list_item.value
super().perform_create(instance)

def authorize_create(self, instance: ConditionSpec):
encounter = Encounter.objects.get(external_id=instance.encounter)
if str(encounter.patient.external_id) != self.kwargs["patient_external_id"]:
err = "Malformed request"
raise PermissionDenied(err)
# Check if the user has access to the patient and write access to the encounter

def get_queryset(self):
# Check if the user has read access to the patient and their EMR Data
self.authorize_read_encounter()
Expand Down Expand Up @@ -85,16 +83,14 @@ class DiagnosisViewSet(
questionnaire_subject_type = SubjectType.patient.value

def perform_create(self, instance):
encounter = Encounter.objects.get(external_id=instance.encounter.external_id)
if str(encounter.patient.external_id) != self.kwargs["patient_external_id"]:
err = "Patient external ID mismatch with encounter's patient"
raise ValidationError(err)

instance.category = CategoryChoices.encounter_diagnosis.value
super().perform_create(instance)

def authorize_create(self, instance: ConditionSpec):
encounter = Encounter.objects.get(external_id=instance.encounter)
if str(encounter.patient.external_id) != self.kwargs["patient_external_id"]:
err = "Malformed request"
raise PermissionDenied(err)
# Check if the user has access to the patient and write access to the encounter

def get_queryset(self):
# Check if the user has read access to the patient and their EMR Data
self.authorize_read_encounter()
Expand Down