From 1262d22a30dc0d0f2551b232714b651be4edc127 Mon Sep 17 00:00:00 2001 From: yaso Date: Wed, 6 Nov 2024 10:43:07 +0200 Subject: [PATCH] Add new patient access route, add new db connection for data_access DB, add security to notification apis, create new patient access apis (get, add, update), update patient queue api to remove access and revoke date --- backend/database/dbConnection.py | 9 ++ backend/main.py | 3 +- backend/routers/notifications.py | 4 +- backend/routers/patient_access.py | 212 ++++++++++++++++++++++++++++++ backend/routers/patients_queue.py | 165 +++++++++-------------- 5 files changed, 290 insertions(+), 103 deletions(-) create mode 100644 backend/routers/patient_access.py diff --git a/backend/database/dbConnection.py b/backend/database/dbConnection.py index a828bc97..fb1405fb 100644 --- a/backend/database/dbConnection.py +++ b/backend/database/dbConnection.py @@ -15,6 +15,15 @@ def dbAppDataConnect(): passwd="C@rtoon1995", database="app_data" ) + +def dbDataAccessConnect(): + return mysql.connector.connect( + host="mysqldb", + user="root", + passwd="C@rtoon1995", + database="data_access" + ) + def dbAllConnect(): return mysql.connector.connect( host="mysqldb", diff --git a/backend/main.py b/backend/main.py index 1d191af1..7f5886cd 100644 --- a/backend/main.py +++ b/backend/main.py @@ -13,7 +13,7 @@ import routers.medicine as medicine import routers.business_user as business_user import routers.business as business import routers.access_request as access_request - +import routers.patient_access as patient_access from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware import Middleware from supertokens_python import get_all_cors_headers @@ -79,6 +79,7 @@ app.include_router(patients_files.router) app.include_router(patients_notes.router) app.include_router(patients_queue.router) app.include_router(access_request.router) +app.include_router(patient_access.router) app.include_router(users.router) app.include_router(fileStorage.router) app.include_router(medicine.router) diff --git a/backend/routers/notifications.py b/backend/routers/notifications.py index bdbd4bb4..fbf7f732 100644 --- a/backend/routers/notifications.py +++ b/backend/routers/notifications.py @@ -42,7 +42,7 @@ class notificationInsertRequest(BaseModel): # Get Notifications By app ID @router.get("/notifications/{app_id}", tags=["Notifications"]) -async def read_notifications_By_app_ID(app_id: str, amount: int): # , session: SessionContainer = Depends(verify_session()) +async def read_notifications_By_app_ID(app_id: str, amount: int, session: SessionContainer = Depends(verify_session())): # , session: SessionContainer = Depends(verify_session()) db = database.dbConnection.dbAppDataConnect() cursor = db.cursor() #query = "SELECT * FROM patients" @@ -102,7 +102,7 @@ async def insert_Patient(itemRequest : notificationInsertRequest, session: Sessi # Update Patient on table @router.put("/notifications/update/{notification_id}", tags=["Notifications"]) -async def Update_Patient(notification_id : str): #, session: SessionContainer = Depends(verify_session()) +async def Update_Patient(notification_id : str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) db = database.dbConnection.dbAppDataConnect() cursor = db.cursor() query = "update notifications " diff --git a/backend/routers/patient_access.py b/backend/routers/patient_access.py new file mode 100644 index 00000000..550e7528 --- /dev/null +++ b/backend/routers/patient_access.py @@ -0,0 +1,212 @@ +import mysql.connector +from fastapi import APIRouter, HTTPException +from pydantic import BaseModel +#from ..database import dbConnection +import database +from datetime import date, datetime, timedelta +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends + +router = APIRouter() + +class accessRequestInsertRequest(BaseModel): + business_id: str + app_id: str + type: str + requested_by: str + +class accessRequestUpdateRequest(BaseModel): + business_id: str + app_id: str + status: str + approved_by: str + +@router.get("/access-requests/{access_type}/check/{business_id}", tags=["Patient Access"]) +async def check_business_id_has_access(access_type: str,business_id: str, app_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbPatientManagerConnect() + cursor = db.cursor() + query = "select " + query += "patient_business_access.business_id, business.Name, " + query += "patient_business_access.app_id, users.fname, users.lname, " + query += "patients.id_no, " + query += "patient_business_access.type, patient_business_access.status, " + query += "patient_business_access.approved_by, patient_business_access.approved_on, " + query += "patient_business_access.requested_by, patient_business_access.requested_on " + query += "from data_access.patient_business_access " + query += "join app_data.business " + query += "on patient_business_access.business_id = business.business_id " + query += "join app_data.users " + query += "on patient_business_access.app_id = users.app_id " + query += "join patient_manager.patients " + query += "on patient_business_access.app_id = patients.app_id " + query += "where patient_business_access.type=%s and patient_business_access.business_id=%s and patient_business_access.app_id=%s" + cursor.execute(query, (access_type, + business_id, + app_id, + )) + items = [ + { + "business_id": item[0], + "business_name": item[1], + "app_id": item[2], + "fname": item[3], + "lname": item[4], + "id_no": item[5], + "type": item[6], + "status": item[7], + "approved_by": item[8], + "approved_on": item[9], + "requested_by": item[10], + "requested_on": item[11], + } + for item in cursor.fetchall() + ] + cursor.close() + db.close() + return items + +@router.get("/access-requests/business/{access_type}/{business_id}", tags=["Patient Access"]) +async def read_all_patient_access_by_business_id(access_type: str,business_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbPatientManagerConnect() + cursor = db.cursor() + query = "select " + query += "patient_business_access.business_id, business.Name, " + query += "patient_business_access.app_id, users.fname, users.lname, " + query += "patients.id_no, " + query += "patient_business_access.type, patient_business_access.status, " + query += "patient_business_access.approved_by, patient_business_access.approved_on, " + query += "patient_business_access.requested_by, patient_business_access.requested_on " + query += "from data_access.patient_business_access " + query += "join app_data.business " + query += "on patient_business_access.business_id = business.business_id " + query += "join app_data.users " + query += "on patient_business_access.app_id = users.app_id " + query += "join patient_manager.patients " + query += "on patient_business_access.app_id = patients.app_id " + query += "where patient_business_access.type=%s and patient_business_access.business_id=%s" + cursor.execute(query, (access_type, + business_id,)) + items = [ + { + "business_id": item[0], + "business_name": item[1], + "app_id": item[2], + "fname": item[3], + "lname": item[4], + "id_no": item[5], + "type": item[6], + "status": item[7], + "approved_by": item[8], + "approved_on": item[9], + "requested_by": item[10], + "requested_on": item[11], + } + for item in cursor.fetchall() + ] + cursor.close() + db.close() + return items + +@router.get("/access-requests/personal/{access_type}/{app_id}", tags=["Patient Access"]) +async def read_all_patient_access_by_app_id(access_type: str,app_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbPatientManagerConnect() + cursor = db.cursor() + query = "select " + query += "patient_business_access.business_id, business.Name, " + query += "patient_business_access.app_id, users.fname, users.lname, " + query += "patients.id_no, " + query += "patient_business_access.type, patient_business_access.status, " + query += "patient_business_access.approved_by, patient_business_access.approved_on, " + query += "patient_business_access.requested_by, patient_business_access.requested_on " + query += "from data_access.patient_business_access " + query += "join app_data.business " + query += "on patient_business_access.business_id = business.business_id " + query += "join app_data.users " + query += "on patient_business_access.app_id = users.app_id " + query += "join patient_manager.patients " + query += "on patient_business_access.app_id = patients.app_id " + query += "where patient_business_access.type=%s and patient_business_access.app_id=%s" + cursor.execute(query, (access_type, + app_id,)) + items = [ + { + "business_id": item[0], + "business_name": item[1], + "app_id": item[2], + "fname": item[3], + "lname": item[4], + "id_no": item[5], + "type": item[6], + "status": item[7], + "approved_by": item[8], + "approved_on": item[9], + "requested_by": item[10], + "requested_on": item[11], + } + for item in cursor.fetchall() + ] + cursor.close() + db.close() + return items + +# Insert Patient into table +@router.post("/access-requests/insert/", tags=["Patient Access"], status_code=201) +async def insert_Patient_access(itemRequest : accessRequestInsertRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbDataAccessConnect() + now = datetime.now() + timedelta(hours=2) + notificationDateTime = now.strftime("%Y-%m-%d %H:%M:%S") + print(notificationDateTime) + cursor = db.cursor() + query = "insert into patient_business_access " + query += "(business_id, app_id, type, status, approved_by, approved_on, requested_by, requested_on) " + query += "values (%s, %s, %s, %s, %s, %s, %s, %s)" + patientData = ( + itemRequest.business_id, + itemRequest.app_id, + itemRequest.type, + "pending", + "", + "9999-01-01 00:00:00", + itemRequest.requested_by, + now, + ) + try: + cursor.execute(query, patientData) + except Exception as error: + print(error) + raise HTTPException(status_code=404, detail="Failed to Create Record") + # return {"message": error} + db.commit() + cursor.close() + db.close() + return {"message": "Successfully Created Record"} + +# Update Patient on table +@router.put("/access-requests/update/permission/", tags=["Patient Access"]) +async def Update_Patient_access(itemRequest: accessRequestUpdateRequest): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbDataAccessConnect() + now = datetime.now() + timedelta(hours=2) + notificationDateTime = now.strftime("%Y-%m-%d %H:%M:%S") + print(notificationDateTime) + cursor = db.cursor() + query = "update patient_business_access " + query += "set status=%s, approved_by=%s, approved_on=%s " + query += "where business_id=%s and app_id=%s" + patientData = (itemRequest.status, + itemRequest.approved_by, + now, + itemRequest.business_id, + itemRequest.app_id, + ) + try: + cursor.execute(query, patientData) + except Exception as error: + print(error) + raise HTTPException(status_code=404, detail="Failed to Update Record") + #return {"query": query, "message": error} + db.commit() + cursor.close() + db.close() + return {"message": "Successfully Updated Record"} \ No newline at end of file diff --git a/backend/routers/patients_queue.py b/backend/routers/patients_queue.py index c07e755e..ce58c637 100644 --- a/backend/routers/patients_queue.py +++ b/backend/routers/patients_queue.py @@ -19,42 +19,23 @@ class queueInsertRequest(BaseModel): app_id: str date: str time: str - access: str class queueUpdateRequest(BaseModel): idpatient_queue: int date: str time: str -# # Get List of all files -# @router.get("/files/patients/", tags="patients_files") -# async def read_all_files(session: SessionContainer = Depends(verify_session())): -# db = database.dbConnection.dbPatientManagerConnect() -# cursor = db.cursor() -# query = "SELECT * FROM patient_files" -# cursor.execute(query) -# items = [ -# { -# "idpatient_files": item[0], -# "file_path": item[1], -# "file_name": item[2], -# "patient_id": item[3], -# "insert_date": item[4], -# } -# for item in cursor.fetchall() -# ] -# cursor.close() -# db.close() -# return items +class queueDeleteRequest(BaseModel): + idpatient_queue: int # Get List of all files by patient -@router.get("/queue/patients/{business_id}", tags=["Patients Queue"]) +@router.get("/queue/appointments/business/{business_id}", tags=["Patients Queue"]) async def read_all_patient_queue_by_business_id(business_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) db = database.dbConnection.dbPatientManagerConnect() cursor = db.cursor() query = "SELECT patient_queue.idpatient_queue, patient_queue.business_id, " - query += "patient_queue.app_id, patient_queue.date_time, patient_queue.access, " - query += "patients.id_no, patients.first_name, patients.last_name, patients.medical_aid_no, patient_queue.revoke_date " + query += "patient_queue.app_id, patient_queue.date_time, " + query += "patients.id_no, patients.first_name, patients.last_name, patients.medical_aid_no " query += "from patient_manager.patient_queue " query += "inner join patient_manager.patients " query += "on patient_queue.app_id = patients.app_id " @@ -66,12 +47,10 @@ async def read_all_patient_queue_by_business_id(business_id: str, session: Sessi "business_id": item[1], "app_id": item[2], "date_time": item[3], - "access": item[4], - "id_no": item[5], - "first_name": item[6], - "last_name": item[7], - "medical_aid_no": item[8], - "revoke_date": item[9], + "id_no": item[4], + "first_name": item[5], + "last_name": item[6], + "medical_aid_no": item[7], } for item in cursor.fetchall() ] @@ -79,74 +58,49 @@ async def read_all_patient_queue_by_business_id(business_id: str, session: Sessi db.close() return items -# # Get List of all files by patient & DocOffice -# @router.get("/files/patients-docOffice/", tags="patients_files") -# async def read_all_files_by_patient(itemRequest: fileRequest, session: SessionContainer = Depends(verify_session())): -# db = database.dbConnection.dbPatientManagerConnect() -# cursor = db.cursor() -# query = "select patient_files.idpatient_files, patient_files.file_path, patient_files.file_name, patient_files.patient_id, patient_files.insert_date, patients.doc_office_id " -# query += "from patient_manager.patient_files " -# query += "inner join patient_manager.patients " -# query += "on patient_files.patient_id = patients.idpatients " -# query += "where patient_files.patient_id = %s and patients.doc_office_id = %s" -# cursor.execute(query, (itemRequest.patientID, itemRequest.DocOfficeID,)) - -# items = [ -# { -# "idpatient_files": item[0], -# "file_path": item[1], -# "file_name": item[2], -# "patient_id": item[3], -# "insert_date": item[4], -# "doc_office_id": item[5] -# } -# for item in cursor.fetchall() -# ] -# cursor.close() -# db.close() -# return items - -# Delete Patient note on table -# @router.delete("/files/delete/", tags=["Patients Files"]) -# async def Delete_Patient_File(itemRequest : fileDeleteRequest, session: SessionContainer = Depends(verify_session())): #session: SessionContainer = Depends(verify_session()) -# # today = date.today() -# db = database.dbConnection.dbPatientManagerConnect() -# cursor = db.cursor() -# query = "delete from patient_files " -# query += "where idpatient_files=%s" -# # notetData = (itemRequest.idpatient_notes) -# try: -# cursor.execute(query, (str(itemRequest.idpatient_files),)) -# except Exception as error: -# raise HTTPException(status_code=404, detail="Failed to Delete Record") -# #return {"query": query, "message": error} -# db.commit() -# cursor.close() -# db.close() -# return {"message": "Successfully deleted Record"} +# Get List of all files by patient +@router.get("/queue/appointments/personal/{app_id}", tags=["Patients Queue"]) +async def read_all_patient_queue_by_business_id(app_id: str, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbPatientManagerConnect() + cursor = db.cursor() + query = "SELECT patient_queue.idpatient_queue, patient_queue.business_id, " + query += "patient_queue.app_id, patient_queue.date_time, " + query += "patients.id_no, patients.first_name, patients.last_name, patients.medical_aid_no " + query += "from patient_manager.patient_queue " + query += "inner join patient_manager.patients " + query += "on patient_queue.app_id = patients.app_id " + query += "where app_id = %s ORDER BY date_time ASC" + cursor.execute(query, (app_id,)) + items = [ + { + "idpatient_queue": item[0], + "business_id": item[1], + "app_id": item[2], + "date_time": item[3], + "id_no": item[4], + "first_name": item[5], + "last_name": item[6], + "medical_aid_no": item[7], + } + for item in cursor.fetchall() + ] + cursor.close() + db.close() + return items # Insert Patient note into table -@router.post("/queue/insert/", tags=["Patients Queue"], status_code=201) +@router.post("/queue/appointment/insert/", tags=["Patients Queue"], status_code=201) async def insert_Patient_Files(itemRequest : queueInsertRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) date_time = itemRequest.date + " " + itemRequest.time + ":00" - year = itemRequest.date[0:4] - month = itemRequest.date[5:7] - day = itemRequest.date[8:10] - hour = itemRequest.time[0:2] - minutes = itemRequest.time[3:5] - - revDate = datetime(int(year), int(month), int(day), int(hour),int( minutes)) - newRevDate = revDate + timedelta(days=7) db = database.dbConnection.dbPatientManagerConnect() cursor = db.cursor() query = "insert into patient_queue " - query += "(business_id, app_id, date_time, access, revoke_date) " - query += "values (%s, %s, %s, %s, %s)" + query += "(business_id, app_id, date_time) " + query += "values (%s, %s, %s)" notetData = (itemRequest.business_id, itemRequest.app_id, date_time, - itemRequest.access, - newRevDate) + ) try: cursor.execute(query, notetData) except Exception as error: @@ -158,25 +112,17 @@ async def insert_Patient_Files(itemRequest : queueInsertRequest, session: Sessio return {"message": "Successfully Created file Record"} # Update Patient on table -@router.put("/queue/update/", tags=["Patients Queue"]) -async def Update_Queue(itemRequest : queueUpdateRequest): #, session: SessionContainer = Depends(verify_session()) +@router.put("/queue/appointment/update/", tags=["Patients Queue"]) +async def Update_Queue(itemRequest : queueUpdateRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) date_time = itemRequest.date + " " + itemRequest.time + ":00" - year = itemRequest.date[0:4] - month = itemRequest.date[5:7] - day = itemRequest.date[8:10] - hour = itemRequest.time[0:2] - minutes = itemRequest.time[3:5] - revDate = datetime(int(year), int(month), int(day), int(hour),int( minutes)) - newRevDate = revDate + timedelta(days=7) db = database.dbConnection.dbPatientManagerConnect() cursor = db.cursor() query = "update patient_queue " - query += "set date_time=%s, revoke_date=%s, access='pending' " + query += "set date_time=%s " query += "where idpatient_queue=%s" patientData = (date_time, - newRevDate, itemRequest.idpatient_queue) try: cursor.execute(query, patientData) @@ -187,4 +133,23 @@ async def Update_Queue(itemRequest : queueUpdateRequest): #, session: SessionCon db.commit() cursor.close() db.close() - return {"message": "Successfully Updated Record"} \ No newline at end of file + return {"message": "Successfully Updated Record"} + +# Update Patient on table +@router.delete("/queue/appointment/delete/", tags=["Patients Queue"]) +async def Delete_Queue(itemRequest : queueDeleteRequest, session: SessionContainer = Depends(verify_session())): #, session: SessionContainer = Depends(verify_session()) + db = database.dbConnection.dbPatientManagerConnect() + cursor = db.cursor() + query = "delete from patient_queue " + query += "where idpatient_queue=%s" + try: + cursor.execute(query, (str(itemRequest.idpatient_queue),)) + except Exception as error: + print(error) + raise HTTPException(status_code=404, detail="Failed to Delete Appointment") + #return {"query": query, "message": error} + db.commit() + cursor.close() + db.close() + return {"message": "Successfully deleted Appointment"} + \ No newline at end of file