Skip to content

Commit

Permalink
Restrict Unauthorized Users from Accessing Facility's Patient Registr…
Browse files Browse the repository at this point in the history
…ation (#7498)

* add auth checks

* remove merge conflict

* Update ManagePatients.tsx

* fix linting

* add error notification

* fix lint

* fix lint

* fix codes

* fix bug

* fix bug

* dont allow null home facility users to add patient
  • Loading branch information
AshrafMd-1 authored May 14, 2024
1 parent 3180682 commit fafe692
Show file tree
Hide file tree
Showing 5 changed files with 92 additions and 7 deletions.
3 changes: 3 additions & 0 deletions src/Components/Common/FacilitySelect.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ interface FacilitySelectProps {
multiple?: boolean;
facilityType?: number;
district?: string;
state?: string;
showAll?: boolean;
showNOptions?: number;
freeText?: boolean;
Expand All @@ -33,6 +34,7 @@ export const FacilitySelect = (props: FacilitySelectProps) => {
className = "",
facilityType,
district,
state,
freeText = false,
errors = "",
} = props;
Expand All @@ -47,6 +49,7 @@ export const FacilitySelect = (props: FacilitySelectProps) => {
facility_type: facilityType,
exclude_user: exclude_user,
district,
state,
};

const { data } = await request(
Expand Down
12 changes: 12 additions & 0 deletions src/Components/ExternalResult/FacilitiesSelectDialogue.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import DialogModal from "../Common/Dialog";
import { FacilitySelect } from "../Common/FacilitySelect";
import { FacilityModel } from "../Facility/models";
import { useTranslation } from "react-i18next";
import useAuthUser from "../../Common/hooks/useAuthUser";

interface Props {
show: boolean;
Expand All @@ -15,6 +16,7 @@ interface Props {
const FacilitiesSelectDialog = (props: Props) => {
const { show, handleOk, handleCancel, selectedFacility, setSelected } = props;
const { t } = useTranslation();
const authUser = useAuthUser();

return (
<DialogModal
Expand All @@ -29,6 +31,16 @@ const FacilitiesSelectDialog = (props: Props) => {
errors=""
showAll={false}
multiple={false}
district={
authUser?.user_type === "DistrictAdmin"
? authUser?.district?.toString()
: undefined
}
state={
authUser?.user_type === "StateAdmin"
? authUser?.state?.toString()
: undefined
}
/>
<div className="mt-4 flex flex-col gap-2 sm:flex-row sm:justify-end">
<Cancel onClick={handleCancel} />
Expand Down
30 changes: 28 additions & 2 deletions src/Components/Patient/ManagePatients.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -755,10 +755,36 @@ export const PatientManager = () => {
<ButtonV2
id="add-patient-details"
onClick={() => {
if (qParams.facility)
const showAllFacilityUsers = ["DistrictAdmin", "StateAdmin"];
if (
qParams.facility &&
showAllFacilityUsers.includes(authUser.user_type)
)
navigate(`/facility/${qParams.facility}/patient`);
else if (onlyAccessibleFacility)
else if (
qParams.facility &&
!showAllFacilityUsers.includes(authUser.user_type) &&
authUser.home_facility_object?.id !== qParams.facility
)
Notification.Error({
msg: "Oops! Non-Home facility users don't have permission to perform this action.",
});
else if (
!showAllFacilityUsers.includes(authUser.user_type) &&
authUser.home_facility_object?.id
) {
navigate(
`/facility/${authUser.home_facility_object.id}/patient`,
);
} else if (onlyAccessibleFacility)
navigate(`/facility/${onlyAccessibleFacility.id}/patient`);
else if (
!showAllFacilityUsers.includes(authUser.user_type) &&
!authUser.home_facility_object?.id
)
Notification.Error({
msg: "Oops! No home facility found",
});
else setShowDialog("create");
}}
className="w-full lg:w-fit"
Expand Down
25 changes: 20 additions & 5 deletions src/Components/Patient/PatientHome.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -678,11 +678,25 @@ export const PatientHome = (props: any) => {
className="mt-4 w-full"
disabled={!patientData.is_active}
authorizeFor={NonReadOnlyUsers}
onClick={() =>
navigate(
`/facility/${patientData?.facility}/patient/${id}/update`,
)
}
onClick={() => {
const showAllFacilityUsers = [
"DistrictAdmin",
"StateAdmin",
];
if (
!showAllFacilityUsers.includes(authUser.user_type) &&
authUser.home_facility_object?.id !==
patientData.facility
) {
Notification.Error({
msg: "Oops! Non-Home facility users don't have permission to perform this action.",
});
} else {
navigate(
`/facility/${patientData?.facility}/patient/${id}/update`,
);
}
}}
>
<CareIcon icon="l-edit-alt" className="text-lg" />
Update Details
Expand Down Expand Up @@ -844,6 +858,7 @@ export const PatientHome = (props: any) => {
</div>
</dl>
</div>

<div className="mt-2 flex">
<ButtonV2
className="mr-2 w-full bg-white hover:bg-gray-100"
Expand Down
29 changes: 29 additions & 0 deletions src/Components/Patient/PatientRegister.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ import useAuthUser from "../../Common/hooks/useAuthUser.js";
import useQuery from "../../Utils/request/useQuery.js";
import routes from "../../Redux/api.js";
import request from "../../Utils/request/request.js";
import Error404 from "../ErrorPages/404";
import SelectMenuV2 from "../Form/SelectMenuV2.js";
import Checkbox from "../Common/components/CheckBox.js";
import _ from "lodash";
Expand Down Expand Up @@ -1096,6 +1097,34 @@ export const PatientRegister = (props: PatientRegisterProps) => {
return <Loading />;
}

const PatientRegisterAuth = () => {
const showAllFacilityUsers = ["DistrictAdmin", "StateAdmin"];
if (
!showAllFacilityUsers.includes(authUser.user_type) &&
authUser.home_facility_object?.id === facilityId
) {
return true;
}
if (
authUser.user_type === "DistrictAdmin" &&
authUser.district === facilityObject?.district
) {
return true;
}
if (
authUser.user_type === "StateAdmin" &&
authUser.state === facilityObject?.state
) {
return true;
}

return false;
};

if (!isLoading && facilityId && facilityObject && !PatientRegisterAuth()) {
return <Error404 />;
}

return (
<div className="px-2 pb-2">
{statusDialog.show && (
Expand Down

0 comments on commit fafe692

Please sign in to comment.