From b61fe2d572a197e8750736daddf2455c4a2e5e6a Mon Sep 17 00:00:00 2001
From: Aakash Singh <mail@singhaakash.dev>
Date: Thu, 8 Feb 2024 20:24:24 +0530
Subject: [PATCH] fix queryset filters for asset daily rounds

---
 care/facility/api/serializers/daily_round.py | 32 +++++++-------------
 care/facility/api/viewsets/daily_round.py    | 22 ++++++++------
 care/utils/queryset/consultation.py          |  6 ++--
 care/utils/queryset/facility.py              |  4 +++
 4 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/care/facility/api/serializers/daily_round.py b/care/facility/api/serializers/daily_round.py
index e272f5cbf3..da8475b840 100644
--- a/care/facility/api/serializers/daily_round.py
+++ b/care/facility/api/serializers/daily_round.py
@@ -6,7 +6,6 @@
 from django.utils.timezone import localtime, now
 from rest_framework import serializers
 from rest_framework.exceptions import ValidationError
-from rest_framework.generics import get_object_or_404
 
 # from care.facility.api.serializers.bed import BedSerializer
 from care.facility.models import (
@@ -22,9 +21,9 @@
     SYMPTOM_CHOICES,
     SuggestionChoices,
 )
+from care.facility.models.patient_consultation import PatientConsultation
 from care.users.api.serializers.user import UserBaseMinimumSerializer
 from care.utils.notification_handler import NotificationGenerator
-from care.utils.queryset.consultation import get_consultation_queryset
 from care.utils.queryset.facility import get_home_facility_queryset
 from config.serializers import ChoiceField
 
@@ -105,6 +104,7 @@ class Meta:
             "glasgow_total_calculated",
             "total_intake_calculated",
             "total_output_calculated",
+            "consultation",
         )
         exclude = ("deleted",)
 
@@ -165,30 +165,19 @@ def update_last_daily_round(self, daily_round_obj):
         ).generate()
 
     def create(self, validated_data):
+        consultation: PatientConsultation = validated_data["consultation"]
         # Authorisation Checks
-
-        # Skip check for asset user
-        if self.context["request"].user.asset_id is None:
-            allowed_facilities = get_home_facility_queryset(
-                self.context["request"].user
+        if (
+            not get_home_facility_queryset(self.context["request"].user)
+            .filter(id=consultation.facility_id)
+            .exists()
+        ):
+            raise ValidationError(
+                {"facility": "Daily Round creates are only allowed in home facility"}
             )
-            if not allowed_facilities.filter(
-                id=self.validated_data["consultation"].facility.id
-            ).exists():
-                raise ValidationError(
-                    {
-                        "facility": "Daily Round creates are only allowed in home facility"
-                    }
-                )
-
         # Authorisation Checks End
 
         with transaction.atomic():
-            consultation = get_object_or_404(
-                get_consultation_queryset(self.context["request"].user).filter(
-                    id=validated_data["consultation"].id
-                )
-            )
             if (
                 validated_data.get("rounds_type")
                 == DailyRound.RoundsType.TELEMEDICINE.value
@@ -307,6 +296,7 @@ def create(self, validated_data):
 
     def validate(self, attrs):
         validated = super().validate(attrs)
+        validated["consultation"] = self.context["consultation"]
 
         if validated["consultation"].discharge_date:
             raise ValidationError(
diff --git a/care/facility/api/viewsets/daily_round.py b/care/facility/api/viewsets/daily_round.py
index 7162c7734f..96257fd410 100644
--- a/care/facility/api/viewsets/daily_round.py
+++ b/care/facility/api/viewsets/daily_round.py
@@ -12,7 +12,6 @@
 from care.facility.api.serializers.daily_round import DailyRoundSerializer
 from care.facility.api.viewsets.mixins.access import AssetUserAccessMixin
 from care.facility.models.daily_round import DailyRound
-from care.facility.models.patient_consultation import PatientConsultation
 from care.utils.queryset.consultation import get_consultation_queryset
 
 DailyRoundAttributes = [f.name for f in DailyRound._meta.get_fields()]
@@ -57,16 +56,21 @@ class DailyRoundsViewSet(
     PAGE_SIZE = 36  # One Round Per Hour
 
     def get_queryset(self):
-        return self.queryset.filter(
-            consultation__external_id=self.kwargs["consultation_external_id"]
-        ).order_by("-taken_at")
+        consultation = get_object_or_404(
+            get_consultation_queryset(self.request.user).filter(
+                external_id=self.kwargs["consultation_external_id"]
+            )
+        )
+        return self.queryset.filter(consultation=consultation).order_by("-taken_at")
 
-    def get_serializer(self, *args, **kwargs):
-        if "data" in kwargs:
-            kwargs["data"]["consultation"] = PatientConsultation.objects.get(
+    def get_serializer_context(self):
+        context = super().get_serializer_context()
+        context["consultation"] = get_object_or_404(
+            get_consultation_queryset(self.request.user).filter(
                 external_id=self.kwargs["consultation_external_id"]
-            ).id
-        return super().get_serializer(*args, **kwargs)
+            )
+        )
+        return context
 
     @extend_schema(tags=["daily_rounds"])
     @action(methods=["POST"], detail=False)
diff --git a/care/utils/queryset/consultation.py b/care/utils/queryset/consultation.py
index 3be2b2c54b..49dc632d77 100644
--- a/care/utils/queryset/consultation.py
+++ b/care/utils/queryset/consultation.py
@@ -8,8 +8,10 @@
 def get_consultation_queryset(user):
     queryset = PatientConsultation.objects.all()
     if user.is_superuser:
-        return queryset
-    if user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
+        pass
+    elif hasattr(user, "asset") and user.asset is not None:
+        queryset = queryset.filter(facility=user.asset.current_location.facility_id)
+    elif user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
         q_filters = Q(facility__state=user.state)
         q_filters |= Q(patient__facility__state=user.state)
         queryset = queryset.filter(q_filters)
diff --git a/care/utils/queryset/facility.py b/care/utils/queryset/facility.py
index 3a299a957f..fbe62e8cb2 100644
--- a/care/utils/queryset/facility.py
+++ b/care/utils/queryset/facility.py
@@ -7,6 +7,8 @@ def get_facility_queryset(user):
     queryset = Facility.objects.all()
     if user.is_superuser:
         pass
+    elif hasattr(user, "asset") and user.asset is not None:
+        queryset = queryset.filter(id=user.asset.current_location.facility_id)
     elif user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
         queryset = queryset.filter(state=user.state)
     elif user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]:
@@ -21,6 +23,8 @@ def get_home_facility_queryset(user):
     queryset = Facility.objects.all()
     if user.is_superuser:
         pass
+    elif hasattr(user, "asset") and user.asset is not None:
+        queryset = queryset.filter(id=user.asset.current_location.facility_id)
     elif user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
         queryset = queryset.filter(state=user.state)
     elif user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]: