223 lines
7.6 KiB
Python
223 lines
7.6 KiB
Python
"""
|
|
Organizations views and viewsets
|
|
"""
|
|
from rest_framework import viewsets
|
|
from rest_framework.permissions import IsAuthenticated
|
|
|
|
from apps.accounts.permissions import CanAccessDepartmentData, CanAccessHospitalData, IsPXAdminOrHospitalAdmin
|
|
|
|
from .models import Department, Employee, Hospital, Patient, Physician
|
|
from .serializers import (
|
|
DepartmentSerializer,
|
|
EmployeeSerializer,
|
|
HospitalSerializer,
|
|
PatientListSerializer,
|
|
PatientSerializer,
|
|
PhysicianSerializer,
|
|
)
|
|
|
|
|
|
class HospitalViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
ViewSet for Hospital model.
|
|
|
|
Permissions:
|
|
- PX Admins and Hospital Admins can manage hospitals
|
|
- Others can view hospitals they belong to
|
|
"""
|
|
queryset = Hospital.objects.all()
|
|
serializer_class = HospitalSerializer
|
|
permission_classes = [IsAuthenticated, CanAccessHospitalData]
|
|
filterset_fields = ['status', 'city']
|
|
search_fields = ['name', 'name_ar', 'code', 'city']
|
|
ordering_fields = ['name', 'created_at']
|
|
ordering = ['name']
|
|
|
|
def get_queryset(self):
|
|
"""Filter hospitals based on user role"""
|
|
queryset = super().get_queryset()
|
|
user = self.request.user
|
|
|
|
# PX Admins see all hospitals
|
|
if user.is_px_admin():
|
|
return queryset
|
|
|
|
# Hospital Admins see their hospital
|
|
if user.is_hospital_admin() and user.hospital:
|
|
return queryset.filter(id=user.hospital.id)
|
|
|
|
# Department Managers see their hospital
|
|
if user.is_department_manager() and user.hospital:
|
|
return queryset.filter(id=user.hospital.id)
|
|
|
|
# Others see hospitals they're associated with
|
|
if user.hospital:
|
|
return queryset.filter(id=user.hospital.id)
|
|
|
|
return queryset.none()
|
|
|
|
|
|
class DepartmentViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
ViewSet for Department model.
|
|
|
|
Permissions:
|
|
- PX Admins and Hospital Admins can manage departments
|
|
- Department Managers can view their department
|
|
"""
|
|
queryset = Department.objects.all()
|
|
serializer_class = DepartmentSerializer
|
|
permission_classes = [IsAuthenticated, CanAccessDepartmentData]
|
|
filterset_fields = ['status', 'hospital', 'parent']
|
|
search_fields = ['name', 'name_ar', 'code']
|
|
ordering_fields = ['name', 'created_at']
|
|
ordering = ['hospital', 'name']
|
|
|
|
def get_queryset(self):
|
|
"""Filter departments based on user role"""
|
|
queryset = super().get_queryset().select_related('hospital', 'parent', 'manager')
|
|
user = self.request.user
|
|
|
|
# PX Admins see all departments
|
|
if user.is_px_admin():
|
|
return queryset
|
|
|
|
# Hospital Admins see departments in their hospital
|
|
if user.is_hospital_admin() and user.hospital:
|
|
return queryset.filter(hospital=user.hospital)
|
|
|
|
# Department Managers see their department and sub-departments
|
|
if user.is_department_manager() and user.department:
|
|
return queryset.filter(
|
|
hospital=user.hospital
|
|
).filter(
|
|
models.Q(id=user.department.id) | models.Q(parent=user.department)
|
|
)
|
|
|
|
# Others see departments in their hospital
|
|
if user.hospital:
|
|
return queryset.filter(hospital=user.hospital)
|
|
|
|
return queryset.none()
|
|
|
|
|
|
class PhysicianViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
ViewSet for Physician model.
|
|
|
|
Permissions:
|
|
- PX Admins and Hospital Admins can manage physicians
|
|
- Others can view physicians
|
|
"""
|
|
queryset = Physician.objects.all()
|
|
serializer_class = PhysicianSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
filterset_fields = ['status', 'hospital', 'department', 'specialization']
|
|
search_fields = ['first_name', 'last_name', 'first_name_ar', 'last_name_ar', 'license_number']
|
|
ordering_fields = ['last_name', 'created_at']
|
|
ordering = ['last_name', 'first_name']
|
|
|
|
def get_queryset(self):
|
|
"""Filter physicians based on user role"""
|
|
queryset = super().get_queryset().select_related('hospital', 'department', 'user')
|
|
user = self.request.user
|
|
|
|
# PX Admins see all physicians
|
|
if user.is_px_admin():
|
|
return queryset
|
|
|
|
# Hospital Admins see physicians in their hospital
|
|
if user.is_hospital_admin() and user.hospital:
|
|
return queryset.filter(hospital=user.hospital)
|
|
|
|
# Department Managers see physicians in their department
|
|
if user.is_department_manager() and user.department:
|
|
return queryset.filter(department=user.department)
|
|
|
|
# Others see physicians in their hospital
|
|
if user.hospital:
|
|
return queryset.filter(hospital=user.hospital)
|
|
|
|
return queryset.none()
|
|
|
|
|
|
class EmployeeViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
ViewSet for Employee model.
|
|
|
|
Permissions:
|
|
- PX Admins and Hospital Admins can manage employees
|
|
- Others can view employees
|
|
"""
|
|
queryset = Employee.objects.all()
|
|
serializer_class = EmployeeSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
filterset_fields = ['status', 'hospital', 'department', 'job_title']
|
|
search_fields = ['employee_id', 'job_title', 'user__first_name', 'user__last_name', 'user__email']
|
|
ordering_fields = ['user__last_name', 'created_at']
|
|
ordering = ['user__last_name', 'user__first_name']
|
|
|
|
def get_queryset(self):
|
|
"""Filter employees based on user role"""
|
|
queryset = super().get_queryset().select_related('user', 'hospital', 'department')
|
|
user = self.request.user
|
|
|
|
# PX Admins see all employees
|
|
if user.is_px_admin():
|
|
return queryset
|
|
|
|
# Hospital Admins see employees in their hospital
|
|
if user.is_hospital_admin() and user.hospital:
|
|
return queryset.filter(hospital=user.hospital)
|
|
|
|
# Department Managers see employees in their department
|
|
if user.is_department_manager() and user.department:
|
|
return queryset.filter(department=user.department)
|
|
|
|
# Others see employees in their hospital
|
|
if user.hospital:
|
|
return queryset.filter(hospital=user.hospital)
|
|
|
|
return queryset.none()
|
|
|
|
|
|
class PatientViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
ViewSet for Patient model.
|
|
|
|
Permissions:
|
|
- All authenticated users can view patients
|
|
- PX Admins and Hospital Admins can manage patients
|
|
"""
|
|
queryset = Patient.objects.all()
|
|
permission_classes = [IsAuthenticated]
|
|
filterset_fields = ['status', 'gender', 'primary_hospital', 'city']
|
|
search_fields = ['mrn', 'national_id', 'first_name', 'last_name', 'phone', 'email']
|
|
ordering_fields = ['last_name', 'created_at']
|
|
ordering = ['last_name', 'first_name']
|
|
|
|
def get_serializer_class(self):
|
|
"""Use simplified serializer for list view"""
|
|
if self.action == 'list':
|
|
return PatientListSerializer
|
|
return PatientSerializer
|
|
|
|
def get_queryset(self):
|
|
"""Filter patients based on user role"""
|
|
queryset = super().get_queryset().select_related('primary_hospital')
|
|
user = self.request.user
|
|
|
|
# PX Admins see all patients
|
|
if user.is_px_admin():
|
|
return queryset
|
|
|
|
# Hospital Admins see patients in their hospital
|
|
if user.is_hospital_admin() and user.hospital:
|
|
return queryset.filter(primary_hospital=user.hospital)
|
|
|
|
# Others see patients in their hospital
|
|
if user.hospital:
|
|
return queryset.filter(primary_hospital=user.hospital)
|
|
|
|
return queryset
|