Merge pull request #2727 from ohcnetwork/develop

Release to Staging

Pipfile

@@ -6,7 +6,7 @@ name = "pypi"
 [packages]
 argon2-cffi = "==23.1.0"
 authlib = "==1.4.0"
-boto3 = "==1.35.90"
+boto3 = "==1.35.93"
 celery = "==5.4.0"
 django = "==5.1.3"
 django-environ = "==0.11.2"
@@ -28,7 +28,7 @@ gunicorn = "==23.0.0"
 healthy-django = "==0.1.0"
 json-fingerprint = "==0.14.0"
 jsonschema = "==4.23.0"
-newrelic = "==10.2.0"
+newrelic = "==10.4.0"
 pillow = "==11.0.0"
 psycopg = { extras = ["c"], version = "==3.2.3" }
 pydantic = "==2.9.2"
@@ -45,15 +45,15 @@ django-anymail = {extras = ["amazon-ses"], version = "*"}
 
 [dev-packages]
 boto3-stubs = { extras = ["s3", "boto3"], version = "*" }
-coverage = "==7.6.4"
+coverage = "==7.6.10"
 debugpy = "==1.8.11"
 django-coverage-plugin = "==3.1.0"
 django-extensions = "==3.2.3"
 django-silk = "==5.3.2"
-djangorestframework-stubs = "==3.15.1"
+djangorestframework-stubs = "==3.15.2"
 factory-boy = "==3.3.1"
 freezegun = "==1.5.1"
-ipython = "==8.29.0"
+ipython = "==8.31.0"
 mypy = "==1.13.0"
 pre-commit = "==4.0.1"
 requests-mock = "==1.12.1"

aws/backend.json

@@ -275,18 +275,6 @@
           "valueFrom": "/care/backend/ABDM_CLIENT_SECRET",
           "name": "ABDM_CLIENT_SECRET"
         },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_HOST",
-          "name": "PLAUSIBLE_HOST"
-        },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_SITE_ID",
-          "name": "PLAUSIBLE_SITE_ID"
-        },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_AUTH_TOKEN",
-          "name": "PLAUSIBLE_AUTH_TOKEN"
-        },
         {
           "valueFrom": "/care/backend/JWKS_BASE64",
           "name": "JWKS_BASE64"

aws/celery.json

@@ -250,18 +250,6 @@
           "valueFrom": "/care/backend/HCX_CERT_URL",
           "name": "HCX_CERT_URL"
         },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_HOST",
-          "name": "PLAUSIBLE_HOST"
-        },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_SITE_ID",
-          "name": "PLAUSIBLE_SITE_ID"
-        },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_AUTH_TOKEN",
-          "name": "PLAUSIBLE_AUTH_TOKEN"
-        },
         {
           "valueFrom": "/care/backend/ABDM_CLIENT_ID",
           "name": "ABDM_CLIENT_ID"
@@ -525,18 +513,6 @@
           "valueFrom": "/care/backend/HCX_CERT_URL",
           "name": "HCX_CERT_URL"
         },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_HOST",
-          "name": "PLAUSIBLE_HOST"
-        },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_SITE_ID",
-          "name": "PLAUSIBLE_SITE_ID"
-        },
-        {
-          "valueFrom": "/care/backend/PLAUSIBLE_AUTH_TOKEN",
-          "name": "PLAUSIBLE_AUTH_TOKEN"
-        },
         {
           "valueFrom": "/care/backend/ABDM_CLIENT_ID",
           "name": "ABDM_CLIENT_ID"

care/emr/api/otp_viewsets/slot.py

@@ -1,6 +1,7 @@
-from pydantic import UUID4
+from pydantic import UUID4, BaseModel
 from rest_framework.decorators import action
 from rest_framework.exceptions import ValidationError
+from rest_framework.generics import get_object_or_404
 from rest_framework.response import Response
 
 from care.emr.api.viewsets.base import EMRBaseViewSet, EMRRetrieveMixin
@@ -9,9 +10,11 @@
     SlotsForDayRequestSpec,
     SlotViewSet,
 )
+from care.emr.api.viewsets.scheduling.booking import TokenBookingViewSet
 from care.emr.models.patient import Patient
 from care.emr.models.scheduling import TokenBooking, TokenSlot
 from care.emr.resources.scheduling.slot.spec import (
+    BookingStatusChoices,
     TokenBookingReadSpec,
     TokenSlotBaseSpec,
 )
@@ -25,6 +28,11 @@ class SlotsForDayRequestSpec(SlotsForDayRequestSpec):
     facility: UUID4
 
 
+class CancelAppointmentSpec(BaseModel):
+    patient: UUID4
+    appointment: UUID4
+
+
 class OTPSlotViewSet(EMRRetrieveMixin, EMRBaseViewSet):
     authentication_classes = [JWTTokenPatientAuthentication]
     permission_classes = [OTPAuthenticatedPermission]
@@ -44,11 +52,26 @@ def create_appointment(self, request, *args, **kwargs):
         if not Patient.objects.filter(
             external_id=request_data.patient, phone_number=request.user.phone_number
         ).exists():
-            raise ValidationError("Patient not allowed ")
+            raise ValidationError("Patient not allowed")
         return SlotViewSet.create_appointment_handler(
             self.get_object(), request.data, None
         )
 
+    @action(detail=False, methods=["POST"])
+    def cancel_appointment(self, request, *args, **kwargs):
+        request_data = CancelAppointmentSpec(**request.data)
+        patient = get_object_or_404(
+            Patient,
+            external_id=request_data.patient,
+            phone_number=request.user.phone_number,
+        )
+        token_booking = get_object_or_404(
+            TokenBooking, external_id=request_data.appointment, patient=patient
+        )
+        return TokenBookingViewSet.cancel_appointment_handler(
+            token_booking, {"reason": BookingStatusChoices.cancelled}, None
+        )
+
     @action(detail=False, methods=["GET"])
     def get_appointments(self, request, *args, **kwargs):
         appointments = TokenBooking.objects.filter(

care/emr/api/viewsets/base.py

@@ -174,18 +174,18 @@ def handle_update(self, instance, request_data):
         return self.get_retrieve_pydantic_model().serialize(model_instance).to_json()
 
 
-class EMRDeleteMixin:
-    def authorize_delete(self, instance):
+class EMRDestroyMixin:
+    def authorize_destroy(self, instance):
         pass
 
-    def perform_delete(self, instance):
+    def perform_destroy(self, instance):
         instance.deleted = True
         instance.save(update_fields=["deleted"])
 
-    def delete(self, request, *args, **kwargs):
+    def destroy(self, request, *args, **kwargs):
         instance = self.get_object()
-        self.authorize_delete(instance)
-        self.perform_delete(instance)
+        self.authorize_destroy(instance)
+        self.perform_destroy(instance)
         return Response(status=204)
 
 
@@ -271,7 +271,7 @@ class EMRModelViewSet(
     EMRRetrieveMixin,
     EMRUpdateMixin,
     EMRListMixin,
-    EMRDeleteMixin,
+    EMRDestroyMixin,
     EMRBaseViewSet,
     EMRUpsertMixin,
 ):

care/emr/api/viewsets/encounter_authz_base.py

@@ -24,7 +24,7 @@ def authorize_create(self, instance):
         ):
             raise PermissionDenied("You do not have permission to update encounter")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         if not AuthorizationController.call(
             "can_update_encounter_obj", self.request.user, instance.encounter
         ):

care/emr/api/viewsets/facility.py

@@ -70,7 +70,7 @@ def authorize_update(self, request_obj, model_instance):
         ):
             raise PermissionDenied("You do not have permission to create Facilities")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         if not self.request.user.is_superuser:
             raise PermissionDenied("Only Super Admins can delete Facilities")
 
@@ -108,9 +108,15 @@ def get_queryset(self):
         )
 
 
+class FacilityUserFilter(FilterSet):
+    username = CharFilter(field_name="username", lookup_expr="icontains")
+
+
 class FacilityUsersViewSet(EMRModelReadOnlyViewSet):
     database_model = User
     pydantic_read_model = UserSpec
+    filterset_class = FacilityUserFilter
+    filter_backends = [DjangoFilterBackend]
 
     def get_queryset(self):
         return User.objects.filter(

care/emr/api/viewsets/facility_organization.py

@@ -65,7 +65,7 @@ def validate_data(self, instance, model_obj=None):
         ):
             raise ValidationError("Organization already exists with same name")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         if instance.type == "root":
             raise PermissionDenied("Cannot delete root organization")
 
@@ -189,7 +189,7 @@ def validate_data(self, instance, model_obj=None):
         if queryset.exists():
             raise ValidationError("User association already exists")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         organization = self.get_organization_obj()
         if not AuthorizationController.call(
             "can_manage_facility_organization_users_obj",

care/emr/api/viewsets/file_upload.py

@@ -103,6 +103,7 @@ def get_queryset(self):
                 .filter(
                     file_type=self.request.GET.get("file_type"),
                     associating_id=self.request.GET.get("associating_id"),
+                    upload_completed=True,
                 )
             )
         obj = get_object_or_404(FileUpload, external_id=self.kwargs["external_id"])

care/emr/api/viewsets/organization.py

@@ -78,7 +78,7 @@ def validate_data(self, instance, model_obj=None):
         ):
             raise ValidationError("Organization already exists with same name")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         if Organization.objects.filter(parent=instance).exists():
             raise PermissionDenied("Cannot delete organization with children")
 
@@ -246,7 +246,7 @@ def authorize_update(self, request_obj, model_instance):
         ):
             raise PermissionDenied("User does not have permission for this action")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         organization = self.get_organization_obj()
         if not AuthorizationController.call(
             "can_manage_organization_users_obj",

care/emr/api/viewsets/patient.py

@@ -46,7 +46,7 @@ def authorize_create(self, request_obj):
         if not AuthorizationController.call("can_create_patient", self.request.user):
             raise PermissionDenied("Cannot Create Patient")
 
-    def authorize_delete(self, instance):
+    def authorize_destroy(self, instance):
         if not self.request.user.is_superuser:
             raise PermissionDenied("Cannot delete patient")