Add new patient access route, add new db connection for data_access DB, add security to notification apis, create new patient access apis (get, add, update), update patient queue api to remove access and revoke date

2024-11-06 10:43:07 +02:00
parent cad6f01b08
commit 1262d22a30
5 changed files with 290 additions and 103 deletions
--- a/backend/database/dbConnection.py
+++ b/backend/database/dbConnection.py
@@ -15,6 +15,15 @@ def dbAppDataConnect():
        passwd="C@rtoon1995",
        database="app_data"
    )
+
+def dbDataAccessConnect():
+    return mysql.connector.connect(
+        host="mysqldb",
+        user="root",
+        passwd="C@rtoon1995",
+        database="data_access"
+    )
+
 def dbAllConnect():
    return mysql.connector.connect(
        host="mysqldb",
--- a/backend/main.py
+++ b/backend/main.py
@@ -13,7 +13,7 @@ import routers.medicine as medicine
 import routers.business_user as business_user
 import routers.business as business
 import routers.access_request as access_request
-
+import routers.patient_access as patient_access
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.middleware import Middleware
 from supertokens_python import get_all_cors_headers
@@ -79,6 +79,7 @@ app.include_router(patients_files.router)
 app.include_router(patients_notes.router)
 app.include_router(patients_queue.router)
 app.include_router(access_request.router)
+app.include_router(patient_access.router)
 app.include_router(users.router)
 app.include_router(fileStorage.router)
 app.include_router(medicine.router)
--- a/backend/routers/notifications.py
+++ b/backend/routers/notifications.py
@@ -42,7 +42,7 @@ class notificationInsertRequest(BaseModel):

 # Get Notifications By app ID
@router.get("/notifications/{app_id}", tags=["Notifications"])
-async def read_notifications_By_app_ID(app_id: str, amount: int): # , session: SessionContainer = Depends(verify_session())
+async def read_notifications_By_app_ID(app_id: str, amount: int, session: SessionContainer = Depends(verify_session())): # , session: SessionContainer = Depends(verify_session())
    db = database.dbConnection.dbAppDataConnect()
    cursor = db.cursor()
    #query = "SELECT * FROM patients"
@@ -102,7 +102,7 @@ async def insert_Patient(itemRequest : notificationInsertRequest, session: Sessi

 # Update Patient on table
@router.put("/notifications/update/{notification_id}", tags=["Notifications"])
-async def Update_Patient(notification_id : str): #, session: SessionContainer = Depends(verify_session())
+async def Update_Patient(notification_id : str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
    db = database.dbConnection.dbAppDataConnect()
    cursor = db.cursor()
    query = "update notifications "
--- a/backend/routers/patient_access.py
+++ b/backend/routers/patient_access.py
@@ -0,0 +1,212 @@
+import mysql.connector
+from fastapi import APIRouter, HTTPException
+from pydantic import BaseModel
+#from ..database import dbConnection
+import database
+from datetime import date, datetime, timedelta
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
+
+router = APIRouter()
+
+class accessRequestInsertRequest(BaseModel):
+    business_id: str
+    app_id: str
+    type: str
+    requested_by: str
+
+class accessRequestUpdateRequest(BaseModel):
+    business_id: str
+    app_id: str
+    status: str
+    approved_by: str
+
+@router.get("/access-requests/{access_type}/check/{business_id}", tags=["Patient Access"])
+async def check_business_id_has_access(access_type: str,business_id: str, app_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbPatientManagerConnect()
+    cursor = db.cursor()
+    query = "select "
+    query += "patient_business_access.business_id, business.Name, "
+    query += "patient_business_access.app_id, users.fname, users.lname, "
+    query += "patients.id_no, "
+    query += "patient_business_access.type, patient_business_access.status, "
+    query += "patient_business_access.approved_by, patient_business_access.approved_on, "
+    query += "patient_business_access.requested_by, patient_business_access.requested_on "
+    query += "from data_access.patient_business_access "
+    query += "join app_data.business "
+    query += "on patient_business_access.business_id = business.business_id "
+    query += "join app_data.users "
+    query += "on patient_business_access.app_id = users.app_id "
+    query += "join patient_manager.patients "
+    query += "on patient_business_access.app_id = patients.app_id "
+    query += "where patient_business_access.type=%s and patient_business_access.business_id=%s and patient_business_access.app_id=%s"
+    cursor.execute(query, (access_type,
+                           business_id,
+                           app_id,
+                           ))
+    items = [
+        {
+            "business_id": item[0],
+            "business_name": item[1],
+            "app_id": item[2],
+            "fname": item[3],
+            "lname": item[4],
+            "id_no": item[5],
+            "type": item[6],
+            "status": item[7],
+            "approved_by": item[8],
+            "approved_on": item[9],
+            "requested_by": item[10],
+            "requested_on": item[11],
+        }
+        for item in cursor.fetchall()
+    ]
+    cursor.close()
+    db.close()
+    return items
+
+@router.get("/access-requests/business/{access_type}/{business_id}", tags=["Patient Access"])
+async def read_all_patient_access_by_business_id(access_type: str,business_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbPatientManagerConnect()
+    cursor = db.cursor()
+    query = "select "
+    query += "patient_business_access.business_id, business.Name, "
+    query += "patient_business_access.app_id, users.fname, users.lname, "
+    query += "patients.id_no, "
+    query += "patient_business_access.type, patient_business_access.status, "
+    query += "patient_business_access.approved_by, patient_business_access.approved_on, "
+    query += "patient_business_access.requested_by, patient_business_access.requested_on "
+    query += "from data_access.patient_business_access "
+    query += "join app_data.business "
+    query += "on patient_business_access.business_id = business.business_id "
+    query += "join app_data.users "
+    query += "on patient_business_access.app_id = users.app_id "
+    query += "join patient_manager.patients "
+    query += "on patient_business_access.app_id = patients.app_id "
+    query += "where patient_business_access.type=%s and patient_business_access.business_id=%s"
+    cursor.execute(query, (access_type,
+                           business_id,))
+    items = [
+        {
+            "business_id": item[0],
+            "business_name": item[1],
+            "app_id": item[2],
+            "fname": item[3],
+            "lname": item[4],
+            "id_no": item[5],
+            "type": item[6],
+            "status": item[7],
+            "approved_by": item[8],
+            "approved_on": item[9],
+            "requested_by": item[10],
+            "requested_on": item[11],
+        }
+        for item in cursor.fetchall()
+    ]
+    cursor.close()
+    db.close()
+    return items
+
+@router.get("/access-requests/personal/{access_type}/{app_id}", tags=["Patient Access"])
+async def read_all_patient_access_by_app_id(access_type: str,app_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbPatientManagerConnect()
+    cursor = db.cursor()
+    query = "select "
+    query += "patient_business_access.business_id, business.Name, "
+    query += "patient_business_access.app_id, users.fname, users.lname, "
+    query += "patients.id_no, "
+    query += "patient_business_access.type, patient_business_access.status, "
+    query += "patient_business_access.approved_by, patient_business_access.approved_on, "
+    query += "patient_business_access.requested_by, patient_business_access.requested_on "
+    query += "from data_access.patient_business_access "
+    query += "join app_data.business "
+    query += "on patient_business_access.business_id = business.business_id "
+    query += "join app_data.users "
+    query += "on patient_business_access.app_id = users.app_id "
+    query += "join patient_manager.patients "
+    query += "on patient_business_access.app_id = patients.app_id "
+    query += "where patient_business_access.type=%s and patient_business_access.app_id=%s"
+    cursor.execute(query, (access_type,
+                           app_id,))
+    items = [
+        {
+            "business_id": item[0],
+            "business_name": item[1],
+            "app_id": item[2],
+            "fname": item[3],
+            "lname": item[4],
+            "id_no": item[5],
+            "type": item[6],
+            "status": item[7],
+            "approved_by": item[8],
+            "approved_on": item[9],
+            "requested_by": item[10],
+            "requested_on": item[11],
+        }
+        for item in cursor.fetchall()
+    ]
+    cursor.close()
+    db.close()
+    return items
+
+# Insert Patient into table
+@router.post("/access-requests/insert/", tags=["Patient Access"], status_code=201)
+async def insert_Patient_access(itemRequest : accessRequestInsertRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbDataAccessConnect()
+    now = datetime.now() + timedelta(hours=2)
+    notificationDateTime = now.strftime("%Y-%m-%d %H:%M:%S")
+    print(notificationDateTime)
+    cursor = db.cursor()
+    query = "insert into patient_business_access "
+    query += "(business_id, app_id, type, status, approved_by, approved_on, requested_by, requested_on) "
+    query += "values (%s, %s, %s, %s, %s, %s, %s, %s)"
+    patientData = (
+                   itemRequest.business_id,
+                   itemRequest.app_id,
+                   itemRequest.type,
+                   "pending",
+                   "",
+                   "9999-01-01 00:00:00",
+                   itemRequest.requested_by,
+                   now,
+                   )
+    try:
+       cursor.execute(query, patientData) 
+    except Exception as error:
+        print(error)
+        raise HTTPException(status_code=404, detail="Failed to Create Record")
+        # return {"message": error}
+    db.commit()
+    cursor.close()
+    db.close()
+    return {"message": "Successfully Created Record"}
+
+# Update Patient on table
+@router.put("/access-requests/update/permission/", tags=["Patient Access"])
+async def Update_Patient_access(itemRequest: accessRequestUpdateRequest): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbDataAccessConnect()
+    now = datetime.now() + timedelta(hours=2)
+    notificationDateTime = now.strftime("%Y-%m-%d %H:%M:%S")
+    print(notificationDateTime)
+    cursor = db.cursor()
+    query = "update patient_business_access "
+    query += "set status=%s, approved_by=%s, approved_on=%s "
+    query += "where business_id=%s and app_id=%s"
+    patientData = (itemRequest.status, 
+                   itemRequest.approved_by,
+                   now,
+                   itemRequest.business_id,
+                   itemRequest.app_id,
+                   )
+    try:
+       cursor.execute(query, patientData) 
+    except Exception as error:
+        print(error)
+        raise HTTPException(status_code=404, detail="Failed to Update Record")
+        #return {"query": query, "message": error}
+    db.commit()
+    cursor.close()
+    db.close()
+    return {"message": "Successfully Updated Record"}
--- a/backend/routers/patients_queue.py
+++ b/backend/routers/patients_queue.py
@@ -19,42 +19,23 @@ class queueInsertRequest(BaseModel):
    app_id: str
    date: str
    time: str
-    access: str

 class queueUpdateRequest(BaseModel):
    idpatient_queue: int
    date: str
    time: str

-# # Get List of all files
-# @router.get("/files/patients/", tags="patients_files")
-# async def read_all_files(session: SessionContainer = Depends(verify_session())):
-#     db = database.dbConnection.dbPatientManagerConnect()
-#     cursor = db.cursor()
-#     query = "SELECT * FROM patient_files"
-#     cursor.execute(query)
-#     items = [
-#         {
-#             "idpatient_files": item[0],
-#             "file_path": item[1],
-#             "file_name": item[2],
-#             "patient_id": item[3],
-#             "insert_date": item[4],
-#         }
-#         for item in cursor.fetchall()
-#     ]
-#     cursor.close()
-#     db.close()
-#     return items
+class queueDeleteRequest(BaseModel):
+    idpatient_queue: int

 # Get List of all files by patient
-@router.get("/queue/patients/{business_id}", tags=["Patients Queue"])
+@router.get("/queue/appointments/business/{business_id}", tags=["Patients Queue"])
 async def read_all_patient_queue_by_business_id(business_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
    db = database.dbConnection.dbPatientManagerConnect()
    cursor = db.cursor()
    query = "SELECT patient_queue.idpatient_queue, patient_queue.business_id, "
-    query += "patient_queue.app_id, patient_queue.date_time, patient_queue.access, "
-    query += "patients.id_no, patients.first_name, patients.last_name, patients.medical_aid_no, patient_queue.revoke_date "
+    query += "patient_queue.app_id, patient_queue.date_time, "
+    query += "patients.id_no, patients.first_name, patients.last_name, patients.medical_aid_no "
    query += "from patient_manager.patient_queue "
    query += "inner join patient_manager.patients "
    query += "on patient_queue.app_id = patients.app_id "
@@ -66,12 +47,10 @@ async def read_all_patient_queue_by_business_id(business_id: str, session: Sessi
            "business_id": item[1],
            "app_id": item[2],
            "date_time": item[3],
-            "access": item[4],
-            "id_no": item[5],
-            "first_name": item[6],
-            "last_name": item[7],
-            "medical_aid_no": item[8],
-            "revoke_date": item[9],
+            "id_no": item[4],
+            "first_name": item[5],
+            "last_name": item[6],
+            "medical_aid_no": item[7],
        }
        for item in cursor.fetchall()
    ]
@@ -79,74 +58,49 @@ async def read_all_patient_queue_by_business_id(business_id: str, session: Sessi
    db.close()
    return items

-# # Get List of all files by patient & DocOffice
-# @router.get("/files/patients-docOffice/", tags="patients_files")
-# async def read_all_files_by_patient(itemRequest: fileRequest, session: SessionContainer = Depends(verify_session())):
-#     db = database.dbConnection.dbPatientManagerConnect()
-#     cursor = db.cursor()
-#     query = "select patient_files.idpatient_files, patient_files.file_path, patient_files.file_name, patient_files.patient_id, patient_files.insert_date, patients.doc_office_id "
-#     query += "from patient_manager.patient_files "
-#     query += "inner join patient_manager.patients "
-#     query += "on patient_files.patient_id = patients.idpatients "
-#     query += "where patient_files.patient_id = %s and patients.doc_office_id = %s"
-#     cursor.execute(query, (itemRequest.patientID, itemRequest.DocOfficeID,))
-    
-#     items = [
-#         {
-#             "idpatient_files": item[0],
-#             "file_path": item[1],
-#             "file_name": item[2],
-#             "patient_id": item[3],
-#             "insert_date": item[4],
-#             "doc_office_id": item[5]
-#         }
-#         for item in cursor.fetchall()
-#     ]
-#     cursor.close()
-#     db.close()
-#     return items
-
-# Delete Patient note on table
-# @router.delete("/files/delete/", tags=["Patients Files"])
-# async def Delete_Patient_File(itemRequest : fileDeleteRequest, session: SessionContainer = Depends(verify_session())): #session: SessionContainer = Depends(verify_session())
-#     # today = date.today()
-#     db = database.dbConnection.dbPatientManagerConnect()
-#     cursor = db.cursor()
-#     query = "delete from patient_files "
-#     query += "where idpatient_files=%s"
-#     # notetData = (itemRequest.idpatient_notes)
-#     try:
-#        cursor.execute(query, (str(itemRequest.idpatient_files),)) 
-#     except Exception as error:
-#         raise HTTPException(status_code=404, detail="Failed to Delete Record")
-#         #return {"query": query, "message": error}
-#     db.commit()
-#     cursor.close()
-#     db.close()
-#     return {"message": "Successfully deleted Record"}
+# Get List of all files by patient
+@router.get("/queue/appointments/personal/{app_id}", tags=["Patients Queue"])
+async def read_all_patient_queue_by_business_id(app_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbPatientManagerConnect()
+    cursor = db.cursor()
+    query = "SELECT patient_queue.idpatient_queue, patient_queue.business_id, "
+    query += "patient_queue.app_id, patient_queue.date_time, "
+    query += "patients.id_no, patients.first_name, patients.last_name, patients.medical_aid_no "
+    query += "from patient_manager.patient_queue "
+    query += "inner join patient_manager.patients "
+    query += "on patient_queue.app_id = patients.app_id "
+    query += "where app_id = %s ORDER BY date_time ASC"
+    cursor.execute(query, (app_id,))
+    items = [
+        {
+            "idpatient_queue": item[0],
+            "business_id": item[1],
+            "app_id": item[2],
+            "date_time": item[3],
+            "id_no": item[4],
+            "first_name": item[5],
+            "last_name": item[6],
+            "medical_aid_no": item[7],
+        }
+        for item in cursor.fetchall()
+    ]
+    cursor.close()
+    db.close()
+    return items

 # Insert Patient note into table
-@router.post("/queue/insert/", tags=["Patients Queue"], status_code=201)
+@router.post("/queue/appointment/insert/", tags=["Patients Queue"], status_code=201)
 async def insert_Patient_Files(itemRequest : queueInsertRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
    date_time = itemRequest.date + " " + itemRequest.time + ":00"
-    year = itemRequest.date[0:4]
-    month = itemRequest.date[5:7]
-    day = itemRequest.date[8:10]
-    hour = itemRequest.time[0:2]
-    minutes = itemRequest.time[3:5]
-
-    revDate = datetime(int(year), int(month), int(day), int(hour),int( minutes))
-    newRevDate = revDate + timedelta(days=7)
    db = database.dbConnection.dbPatientManagerConnect()
    cursor = db.cursor()
    query = "insert into patient_queue "
-    query += "(business_id, app_id, date_time, access, revoke_date) "
-    query += "values (%s, %s, %s, %s, %s)"
+    query += "(business_id, app_id, date_time) "
+    query += "values (%s, %s, %s)"
    notetData = (itemRequest.business_id, 
                   itemRequest.app_id,
                   date_time,
-                   itemRequest.access,
-                   newRevDate)
+                   )
    try:
       cursor.execute(query, notetData) 
    except Exception as error:
@@ -158,25 +112,17 @@ async def insert_Patient_Files(itemRequest : queueInsertRequest, session: Sessio
    return {"message": "Successfully Created file Record"}

 # Update Patient on table
-@router.put("/queue/update/", tags=["Patients Queue"])
-async def Update_Queue(itemRequest : queueUpdateRequest): #, session: SessionContainer = Depends(verify_session())
+@router.put("/queue/appointment/update/", tags=["Patients Queue"])
+async def Update_Queue(itemRequest : queueUpdateRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
    
    date_time = itemRequest.date + " " + itemRequest.time + ":00"
-    year = itemRequest.date[0:4]
-    month = itemRequest.date[5:7]
-    day = itemRequest.date[8:10]
-    hour = itemRequest.time[0:2]
-    minutes = itemRequest.time[3:5]

-    revDate = datetime(int(year), int(month), int(day), int(hour),int( minutes))
-    newRevDate = revDate + timedelta(days=7)
    db = database.dbConnection.dbPatientManagerConnect()
    cursor = db.cursor()
    query = "update patient_queue "
-    query += "set date_time=%s, revoke_date=%s, access='pending' "
+    query += "set date_time=%s "
    query += "where idpatient_queue=%s"
    patientData = (date_time, 
-                   newRevDate,
                   itemRequest.idpatient_queue)
    try:
       cursor.execute(query, patientData) 
@@ -187,4 +133,23 @@ async def Update_Queue(itemRequest : queueUpdateRequest): #, session: SessionCon
    db.commit()
    cursor.close()
    db.close()
-    return {"message": "Successfully Updated Record"}
+    return {"message": "Successfully Updated Record"}
+
+# Update Patient on table
+@router.delete("/queue/appointment/delete/", tags=["Patients Queue"])
+async def Delete_Queue(itemRequest : queueDeleteRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session())
+    db = database.dbConnection.dbPatientManagerConnect()
+    cursor = db.cursor()
+    query = "delete from patient_queue "
+    query += "where idpatient_queue=%s"
+    try:
+       cursor.execute(query, (str(itemRequest.idpatient_queue),)) 
+    except Exception as error:
+        print(error)
+        raise HTTPException(status_code=404, detail="Failed to Delete Appointment")
+        #return {"query": query, "message": error}
+    db.commit()
+    cursor.close()
+    db.close()
+    return {"message": "Successfully deleted Appointment"}
+