NEW: Privacy Policy and TOS Popup

backend/main.py

@@ -18,6 +18,7 @@ import routers.access_request as access_request
 import routers.patient_access as patient_access
 import routers.mzansi_wallet as mzansi_wallet
 import routers.mzansi_directory as mzansi_directory
+import routers.user_consent as user_consent
 import routers.icd10_codes as icd10_codes
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.middleware import Middleware
@@ -94,6 +95,7 @@ app.include_router(business.router)
 app.include_router(notifications.router)
 app.include_router(mzansi_wallet.router)
 app.include_router(mzansi_directory.router)
+app.include_router(user_consent.router)
 app.include_router(icd10_codes.router)
 app.include_router(appointments.router)
 

backend/mih_database/mihDbObjects.py

@@ -1,4 +1,4 @@
-from sqlalchemy import DateTime, Column, Integer, String
+from sqlalchemy import DateTime, Column, Integer, String, text
 from sqlalchemy.orm import declarative_base
 Base = declarative_base()
 
@@ -81,4 +81,20 @@ class BookmarkedBusiness(Base):
         return (
             f"<BusinessRating(idbookmarked_businesses={self.idbookmarked_businesses}, app_id='{self.app_id}', "
             f"business_id='{self.business_id}', created_date='{self.created_date}')>"
+        )
+
+class UserConsent(Base):
+    __tablename__ = 'user_consent'
+    __table_args__ = {'schema': 'app_data'}
+    iduser_consent = Column(Integer, primary_key=True) 
+    app_id = Column(String(128), nullable=False,server_default=text("''"))
+    privacy_policy_accepted = Column(DateTime, nullable=True)
+    terms_of_services_accepted = Column(DateTime, nullable=True)
+
+    def __repr__(self):
+        return (
+            f"<UserConsent(iduser_consent={self.iduser_consent}, "
+            f"app_id='{self.app_id}', "
+            f"privacy_policy_accepted='{self.privacy_policy_accepted}', "
+            f"terms_of_services_accepted='{self.terms_of_services_accepted}')>"
         )

backend/routers/user_consent.py

@@ -0,0 +1,138 @@
+from fastapi import APIRouter, HTTPException, status
+from pydantic import BaseModel
+#from ..mih_database import dbConnection
+import mih_database
+import mih_database.mihDbConnections
+from mih_database.mihDbObjects import UserConsent
+from sqlalchemy import desc, or_
+from sqlalchemy.orm import Session
+from sqlalchemy.sql import func
+from sqlalchemy.exc import IntegrityError, SQLAlchemyError
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
+from datetime import datetime
+import uuid
+
+router = APIRouter()
+
+class userConsentInsertRequest(BaseModel):
+    app_id: str
+    privacy_policy_accepted: datetime
+    terms_of_services_accepted: datetime
+
+class userConsentUpdateRequest(BaseModel):
+    app_id: str
+    privacy_policy_accepted: datetime
+    terms_of_services_accepted: datetime
+
+@router.get("/user-consent/user/{app_id}", tags=["User Consent"])
+async def get_user_consent(app_id: str, session: SessionContainer = Depends(verify_session())):
+    dbEngine = mih_database.mihDbConnections.dbAllConnect()
+    dbSession = Session(dbEngine)
+    try:
+        queryResults = dbSession.query(UserConsent).\
+        filter(UserConsent.app_id == app_id).\
+        first()
+        if queryResults:
+            return {
+                "idUserConsent": queryResults.iduser_consent,
+                "app_id": queryResults.app_id,
+                "privacy_policy_accepted": queryResults.privacy_policy_accepted,
+                "terms_of_services_accepted": queryResults.terms_of_services_accepted
+            }
+        else:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User Consent not found")
+    except HTTPException as http_exc:
+        # Re-raise HTTPException directly if it was raised within the try block
+        raise http_exc
+    except Exception as e:
+        print(f"An error occurred during the ORM query: {e}")
+        if dbSession.is_active:
+            dbSession.rollback()
+        raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail="Failed to retrieve records due to an internal server error."
+            )
+    finally:
+        dbSession.close()
+
+@router.post("/user-consent/insert/",
+             tags=["User Consent"],
+             status_code=status.HTTP_201_CREATED)
+async def insert_user_consent(itemRequest: userConsentInsertRequest,
+                              session: SessionContainer = Depends(verify_session())):
+    dbEngine = mih_database.mihDbConnections.dbAllConnect()
+    dbSession = Session(dbEngine)
+    try:
+        newUserConsent = UserConsent(
+            app_id = itemRequest.app_id,
+            privacy_policy_accepted = itemRequest.privacy_policy_accepted,
+            terms_of_services_accepted = itemRequest.terms_of_services_accepted,
+        )
+        dbSession.add(newUserConsent)
+        dbSession.commit()
+        dbSession.refresh(newUserConsent)
+        return {"message": "Successfully Created file Record"}
+    except IntegrityError as e:
+        dbSession.rollback()
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT, # 409 Conflict is often suitable for constraint errors
+            detail=f"Data integrity error: The provided data violates a database constraint. Details: {e.orig}"
+        ) from e
+    except SQLAlchemyError as e:
+        dbSession.rollback()
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"A database error occurred during insertion. Details: {e.orig}"
+        ) from e
+    except Exception as e:
+        dbSession.rollback()
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"An unexpected error occurred: {e}"
+        ) from e
+    finally:
+        dbSession.close()
+
+@router.put("/user-consent/update/", tags=["User Consent"])
+async def update_user_consent(itemRequest: userConsentUpdateRequest,
+                                session: SessionContainer = Depends(verify_session())):
+        dbEngine = mih_database.mihDbConnections.dbAllConnect()
+        dbSession = Session(dbEngine)
+        # pp_accepted_dt = datetime.strptime(itemRequest.privacy_policy_accepted, "%Y-%m-%d %H:%M:%S")
+        # tos_accepted_dt = datetime.strptime(itemRequest.terms_of_services_accepted, "%Y-%m-%d %H:%M:%S")
+        try:
+            existing_consent = dbSession.query(UserConsent).filter(UserConsent.app_id == itemRequest.app_id).first()
+            if not existing_consent:
+                raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User Consent not found")
+            
+            existing_consent.privacy_policy_accepted = itemRequest.privacy_policy_accepted
+            existing_consent.terms_of_services_accepted = itemRequest.terms_of_services_accepted
+            
+            dbSession.commit()
+            return {"message": "Successfully Updated User Consent Record"}
+        except HTTPException as http_exc:
+            # Re-raise HTTPException directly if it was raised within the try block
+            raise http_exc
+        except IntegrityError as e:
+            dbSession.rollback()
+            raise HTTPException(
+                status_code=status.HTTP_409_CONFLICT,
+                detail=f"Data integrity error: The provided data violates a database constraint. Details: {e.orig}"
+            ) from e
+        except SQLAlchemyError as e:
+            dbSession.rollback()
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail=f"A database error occurred during update. Details: {e.orig}"
+            ) from e
+        except Exception as e:
+            dbSession.rollback()
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail=f"An unexpected error occurred: {e}"
+            ) from e
+        finally:
+            dbSession.close()