Beispiel #1
0
 public static ExaminationRequestViewModel GetViewModel(ExaminationRequest examRequest, Func <DateTime, DateTime> toLocal)
 {
     return(new ExaminationRequestViewModel()
     {
         Id = examRequest.Id,
         PatientId = examRequest.PatientId,
         Notes = examRequest.Text,
         MedicalProcedureName = examRequest.MedicalProcedureName,
         MedicalProcedureCode = examRequest.MedicalProcedureCode,
         RequestDate = toLocal(examRequest.RequestDate),
     });
 }
Beispiel #2
0
        public ActionResult Edit(ExaminationRequestViewModel[] examRequests)
        {
            var formModel = examRequests.Single();

            ExaminationRequest dbObject;

            if (formModel.Id == null)
            {
                Debug.Assert(formModel.PatientId != null, "formModel.PatientId != null");
                dbObject = new ExaminationRequest
                {
                    CreatedOn  = this.GetUtcNow(),
                    PatientId  = formModel.PatientId.Value,
                    PracticeId = this.DbUser.PracticeId,
                };

                this.db.ExaminationRequests.AddObject(dbObject);
            }
            else
            {
                dbObject = this.db.ExaminationRequests.FirstOrDefault(r => r.Id == formModel.Id);

                // If modelObj is null, we must tell the user that this object does not exist.
                if (dbObject == null)
                {
                    return(View("NotFound", formModel));
                }

                // Security issue... must check current user practice against the practice of the edited objects.
                if (this.DbUser.Practice.Id != dbObject.Patient.Doctor.Users.FirstOrDefault().PracticeId)
                {
                    return(View("NotFound", formModel));
                }
            }

            if (this.ModelState.IsValid)
            {
                dbObject.Patient.IsBackedUp = false;
                dbObject.Text = formModel.Notes;
                dbObject.MedicalProcedureCode = formModel.MedicalProcedureId.HasValue
                    ? this.db.SYS_MedicalProcedure.Where(mp => mp.Id == formModel.MedicalProcedureId).Select(mp => mp.Code).FirstOrDefault()
                    : formModel.MedicalProcedureCode;

                dbObject.MedicalProcedureName = formModel.MedicalProcedureName;
                dbObject.RequestDate          = this.ConvertToUtcDateTime(formModel.RequestDate.Value);

                this.db.SaveChanges();

                return(this.View("Details", GetViewModel(dbObject, this.GetToLocalDateTimeConverter())));
            }

            return(this.View("Edit", formModel));
        }
Beispiel #3
0
        public void Delete_WhenTheresAnExamRequest()
        {
            PatientsController controller;
            int     patientId;
            Patient patient;

            try
            {
                var doctor = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
                var mr     = new MockRepository(true);
                controller = mr.CreateController <PatientsController>();
                Firestarter.CreateFakePatients(doctor, this.db, 1);

                // we now have 1 patient
                patient = this.db.Patients.FirstOrDefault();
                Assert.IsNotNull(patient);

                patientId = patient.Id;

                var examRequest = new ExaminationRequest()
                {
                    MedicalProcedureCode = "mcode",
                    MedicalProcedureName = "mname",
                    PatientId            = patientId,
                    CreatedOn            = DateTime.UtcNow,
                    PracticeId           = doctor.PracticeId,
                };

                this.db.SYS_MedicalProcedure.AddObject(
                    new SYS_MedicalProcedure()
                {
                    Code = "mcode",
                    Name = "mname"
                });

                this.db.ExaminationRequests.AddObject(examRequest);

                this.db.SaveChanges();
            }
            catch
            {
                Assert.Inconclusive("Test initialization has failed.");
                return;
            }

            controller.Delete(patientId);

            // this patient must have been deleted
            patient = this.db.Patients.FirstOrDefault(p => p.Id == patientId);
            Assert.IsNull(patient);
        }
        public void Delete_3_ExamFromAnotherPractice()
        {
            ExamsController    controller;
            ExaminationRequest examRequest;
            var isDbChangesSaved = false;
            var localNow         = new DateTime(2012, 08, 16);

            try
            {
                var drandre         = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
                var dramarta        = Firestarter.Create_CrmMg_Psiquiatria_DraMarta_Marta(this.db);
                var patientDraMarta = Firestarter.CreateFakePatients(dramarta, this.db).First();

                var mr = new MockRepository(true);
                controller = mr.CreateController <ExamsController>(
                    setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
                Debug.Assert(drandre != null, "drandre must not be null");
                var utcNow = PracticeController.ConvertToUtcDateTime(drandre.Users.First().Practice, localNow);
                controller.UtcNowGetter = () => utcNow;

                // saving the object that will be edited
                var medicalProc0 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.03.04.36-1");
                examRequest = new ExaminationRequest
                {
                    CreatedOn            = utcNow,
                    PatientId            = patientDraMarta.Id,
                    Text                 = "Old text",
                    MedicalProcedureCode = medicalProc0.Code,
                    MedicalProcedureName = medicalProc0.Name,
                    PracticeId           = dramarta.PracticeId,
                };
                this.db.ExaminationRequests.AddObject(examRequest);
                this.db.SaveChanges();

                // Define André as the logged user, he cannot edit Marta's patients.
                mr.SetCurrentUser_Andre_CorrectPassword();
            }
            catch (Exception ex)
            {
                InconclusiveInit(ex);
                return;
            }

            // Editing an examination request that does not belong to the current user's practice.
            // This is not allowed and must throw an exception.
            // note: this is not a validation error, this is a malicious attack...
            var jsonResult = controller.Delete(examRequest.Id);

            // Verifying the ActionResult.
            Assert.IsNotNull(jsonResult, "The result of the controller method is null.");
            var jsonDelete = (JsonDeleteMessage)jsonResult.Data;

            Assert.IsFalse(jsonDelete.success, "Deletion should not succed.");
            Assert.IsNotNull(jsonDelete.text, "Deletion should fail with a message.");

            // Verifying the controller model-state.
            Assert.IsTrue(controller.ModelState.IsValid, "ModelState is not valid.");

            // Verifying the database: cannot save the changes.
            Assert.IsFalse(isDbChangesSaved, "Database changes were saved, but they should not.");
        }
        public void Delete_1_HappyPath()
        {
            ExamsController    controller;
            Patient            patient;
            ExaminationRequest examRequest;
            var isDbChangesSaved = false;
            var localNow         = new DateTime(2012, 08, 16);

            try
            {
                using (var db2 = DbTestBase.CreateNewCerebelloEntities())
                {
                    var drandre = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(db2);
                    patient = Firestarter.CreateFakePatients(drandre, db2).First();

                    var mr = new MockRepository(true);
                    controller = mr.CreateController <ExamsController>(
                        setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
                    Debug.Assert(drandre != null, "drandre must not be null");
                    var utcNow = PracticeController.ConvertToUtcDateTime(drandre.Users.First().Practice, localNow);
                    controller.UtcNowGetter = () => utcNow;

                    // saving the object that will be edited
                    var medicalProc1 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.01.03.55-2");

                    examRequest = new ExaminationRequest
                    {
                        PracticeId           = patient.PracticeId,
                        CreatedOn            = utcNow,
                        PatientId            = patient.Id,
                        Text                 = "Old text",
                        MedicalProcedureCode = medicalProc1.Code,
                        MedicalProcedureName = medicalProc1.Name
                    };

                    db2.ExaminationRequests.AddObject(examRequest);
                    db2.SaveChanges();

                    // Define André as the logged user, he cannot edit Marta's patients.
                    mr.SetCurrentUser_Andre_CorrectPassword();
                }
            }
            catch (Exception ex)
            {
                InconclusiveInit(ex);
                return;
            }

            // Editing an examination request that does not belong to the current user's practice.
            // This is not allowed and must throw an exception.
            // note: this is not a validation error, this is a malicious attack...
            ActionResult actionResult = controller.Delete(examRequest.Id);

            // Verifying the ActionResult.
            Assert.IsNotNull(actionResult, "The result of the controller method is null.");

            // Verifying the controller model-state.
            Assert.IsTrue(controller.ModelState.IsValid, "ModelState is not valid.");

            // Verifying the database: cannot save the changes.
            Assert.IsTrue(isDbChangesSaved, "Database changes were not saved, but they should.");

            // Verifying the database.
            using (var db2 = DbTestBase.CreateNewCerebelloEntities())
            {
                var obj = db2.ExaminationRequests.FirstOrDefault(x => x.PatientId == patient.Id);
                Assert.IsNull(obj, "Database record was not deleted.");
            }
        }
        public void Edit_4_EditExamThatDoesNotExist()
        {
            ExamsController             controller;
            ExaminationRequestViewModel viewModel;
            var isDbChangesSaved = false;
            var localNow         = new DateTime(2012, 08, 16);

            try
            {
                var drandre = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
                var patient = Firestarter.CreateFakePatients(drandre, this.db).First();

                var mr = new MockRepository(true);
                controller = mr.CreateController <ExamsController>(
                    setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
                Debug.Assert(drandre != null, "drandre must not be null");
                var utcNow = PracticeController.ConvertToUtcDateTime(drandre.Users.First().Practice, localNow);
                controller.UtcNowGetter = () => utcNow;

                // saving the object that will be edited
                var medicalProc0 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.03.04.36-1");
                var examRequest  = new ExaminationRequest
                {
                    CreatedOn            = utcNow,
                    PatientId            = patient.Id,
                    Text                 = "Old text",
                    MedicalProcedureCode = medicalProc0.Code,
                    MedicalProcedureName = medicalProc0.Name,
                    PracticeId           = drandre.PracticeId,
                };
                this.db.ExaminationRequests.AddObject(examRequest);
                this.db.SaveChanges();

                // Define André as the logged user.
                mr.SetCurrentUser_Andre_CorrectPassword();

                // Creating view-model and setting up controller ModelState based on the view-model.
                var medicalProc1 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.01.03.23-4");
                viewModel = new ExaminationRequestViewModel
                {
                    Id                   = 19837,
                    PatientId            = patient.Id,
                    Notes                = "New text",
                    MedicalProcedureCode = medicalProc1.Code,
                    MedicalProcedureName = medicalProc1.Name,
                };

                Mvc3TestHelper.SetModelStateErrors(controller, viewModel);
            }
            catch (Exception ex)
            {
                InconclusiveInit(ex);
                return;
            }

            // Editing an examination request that does not belong to the current user's practice.
            // This is not allowed and must throw an exception.
            // note: this is not a validation error, this is a malicious attack...
            ActionResult actionResult = controller.Edit(new[] { viewModel });

            // Verifying the ActionResult, and the DB.
            // - The result must be a ViewResult, with the name "Edit".
            // - The controller ModelState must have one validation message.
            Assert.IsNotNull(actionResult, "The result of the controller method is null.");
            Assert.IsInstanceOfType(actionResult, typeof(ViewResult));
            var viewResult = (ViewResult)actionResult;

            Assert.AreEqual("NotFound", viewResult.ViewName);

            // Verifying the database: cannot save the changes.
            Assert.IsFalse(isDbChangesSaved, "Database changes were saved, but they should not.");
        }
        public void Edit_2_WithoutMedicalProcedure()
        {
            ExamsController    controller;
            Patient            patient;
            ExaminationRequest examRequest;
            var isDbChangesSaved = false;
            var localNow         = new DateTime(2012, 08, 16);

            try
            {
                var doctor = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
                patient = Firestarter.CreateFakePatients(doctor, this.db).First();
                var mr = new MockRepository(true);
                controller = mr.CreateController <ExamsController>(
                    setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
                Debug.Assert(doctor != null, "doctor must not be null");
                var utcNow = PracticeController.ConvertToUtcDateTime(doctor.Users.First().Practice, localNow);
                controller.UtcNowGetter = () => utcNow;

                // saving the object that will be edited
                examRequest = new ExaminationRequest
                {
                    CreatedOn            = utcNow,
                    PatientId            = patient.Id,
                    Text                 = "Old text",
                    PracticeId           = doctor.PracticeId,
                    MedicalProcedureName = "Hemoglobina (eletroforese ou HPLC)",
                    MedicalProcedureCode = "4.03.04.35-3",
                };
                this.db.ExaminationRequests.AddObject(examRequest);
                this.db.SaveChanges();
            }
            catch (Exception ex)
            {
                InconclusiveInit(ex);
                return;
            }

            // Creating a new examination request without the text.
            // This is not allowed and must generate a model state validation message.
            ActionResult actionResult;
            ExaminationRequestViewModel viewModel;

            {
                viewModel = new ExaminationRequestViewModel
                {
                    Id        = examRequest.Id,
                    PatientId = patient.Id,
                };

                Mvc3TestHelper.SetModelStateErrors(controller, viewModel);

                actionResult = controller.Edit(new[] { viewModel });
            }

            // Verifying the ActionResult, and the DB.
            // - The result must be a ViewResult, with the name "Edit".
            // - The controller ModelState must have one validation message.
            Assert.IsNotNull(actionResult, "The result of the controller method is null.");
            Assert.IsInstanceOfType(actionResult, typeof(ViewResult));
            var viewResult = (ViewResult)actionResult;

            Assert.AreEqual("edit", viewResult.ViewName, true);
            Assert.IsFalse(controller.ModelState.IsValid, "ModelState should not be valid.");
            Assert.AreEqual(
                1,
                controller.ModelState.GetPropertyErrors(() => viewModel.MedicalProcedureName).Count(),
                "ModelState should contain one validation message.");

            // Verifying the database: cannot save the changes.
            Assert.IsFalse(isDbChangesSaved, "Database changes were saved, but they should not.");
        }
        public void Edit_1_HappyPath()
        {
            ExamsController    controller;
            Patient            patient;
            ExaminationRequest examRequest;
            DateTime           utcNow;
            var localNow = new DateTime(2012, 08, 16);

            try
            {
                var doctor = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
                patient = Firestarter.CreateFakePatients(doctor, this.db).First();

                var mr = new MockRepository(true);
                controller = mr.CreateController <ExamsController>();
                Debug.Assert(doctor != null, "doctor must not be null");
                utcNow = PracticeController.ConvertToUtcDateTime(doctor.Users.First().Practice, localNow);
                controller.UtcNowGetter = () => utcNow;

                // saving the object that will be edited
                var medicalProc = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.03.04.36-1");
                examRequest = new ExaminationRequest
                {
                    CreatedOn            = utcNow,
                    PatientId            = patient.Id,
                    Text                 = "Old text",
                    MedicalProcedureCode = medicalProc.Code,
                    MedicalProcedureName = medicalProc.Name,
                    PracticeId           = doctor.PracticeId,
                };
                this.db.ExaminationRequests.AddObject(examRequest);
                this.db.SaveChanges();
            }
            catch (Exception ex)
            {
                InconclusiveInit(ex);
                return;
            }

            // Creating a new examination request.
            ActionResult actionResult;

            {
                var medicalProc = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.01.03.23-4");
                var viewModel   = new ExaminationRequestViewModel
                {
                    Id                   = examRequest.Id,
                    PatientId            = patient.Id,
                    Notes                = "Any text",
                    MedicalProcedureId   = medicalProc.Id, // editing value: old = "4.03.04.36-1"; new = "4.01.03.23-4"
                    MedicalProcedureName = "Eletrencefalograma em vigília, e sono espontâneo ou induzido",
                };

                Mvc3TestHelper.SetModelStateErrors(controller, viewModel);

                actionResult = controller.Edit(new[] { viewModel });
            }

            // Verifying the ActionResult.
            Assert.IsNotNull(actionResult, "The result of the controller method is null.");

            // Verifying the controller model-state.
            Assert.IsTrue(controller.ModelState.IsValid, "ModelState is not valid.");

            // Verifying the database.
            using (var db2 = DbTestBase.CreateNewCerebelloEntities())
            {
                var obj = db2.ExaminationRequests.FirstOrDefault(x => x.PatientId == patient.Id);
                Assert.IsNotNull(obj, "Database record was not saved.");
                Assert.AreEqual("Any text", obj.Text);
                Assert.AreEqual(utcNow, obj.CreatedOn);
                Assert.AreEqual("4.01.03.23-4", obj.MedicalProcedureCode);
                Assert.AreEqual("Eletrencefalograma em vigília, e sono espontâneo ou induzido", obj.MedicalProcedureName);
            }
        }