public static ExaminationRequestViewModel GetViewModel(ExaminationRequest examRequest, Func <DateTime, DateTime> toLocal)
{
return(new ExaminationRequestViewModel()
{
Id = examRequest.Id,
PatientId = examRequest.PatientId,
Notes = examRequest.Text,
MedicalProcedureName = examRequest.MedicalProcedureName,
MedicalProcedureCode = examRequest.MedicalProcedureCode,
RequestDate = toLocal(examRequest.RequestDate),
});
}
public ActionResult Edit(ExaminationRequestViewModel[] examRequests)
{
var formModel = examRequests.Single();
ExaminationRequest dbObject;
if (formModel.Id == null)
{
Debug.Assert(formModel.PatientId != null, "formModel.PatientId != null");
dbObject = new ExaminationRequest
{
CreatedOn = this.GetUtcNow(),
PatientId = formModel.PatientId.Value,
PracticeId = this.DbUser.PracticeId,
};
this.db.ExaminationRequests.AddObject(dbObject);
}
else
{
dbObject = this.db.ExaminationRequests.FirstOrDefault(r => r.Id == formModel.Id);
// If modelObj is null, we must tell the user that this object does not exist.
if (dbObject == null)
{
return(View("NotFound", formModel));
}
// Security issue... must check current user practice against the practice of the edited objects.
if (this.DbUser.Practice.Id != dbObject.Patient.Doctor.Users.FirstOrDefault().PracticeId)
{
return(View("NotFound", formModel));
}
}
if (this.ModelState.IsValid)
{
dbObject.Patient.IsBackedUp = false;
dbObject.Text = formModel.Notes;
dbObject.MedicalProcedureCode = formModel.MedicalProcedureId.HasValue
? this.db.SYS_MedicalProcedure.Where(mp => mp.Id == formModel.MedicalProcedureId).Select(mp => mp.Code).FirstOrDefault()
: formModel.MedicalProcedureCode;
dbObject.MedicalProcedureName = formModel.MedicalProcedureName;
dbObject.RequestDate = this.ConvertToUtcDateTime(formModel.RequestDate.Value);
this.db.SaveChanges();
return(this.View("Details", GetViewModel(dbObject, this.GetToLocalDateTimeConverter())));
}
return(this.View("Edit", formModel));
}
public void Delete_WhenTheresAnExamRequest()
{
PatientsController controller;
int patientId;
Patient patient;
try
{
var doctor = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
var mr = new MockRepository(true);
controller = mr.CreateController <PatientsController>();
Firestarter.CreateFakePatients(doctor, this.db, 1);
// we now have 1 patient
patient = this.db.Patients.FirstOrDefault();
Assert.IsNotNull(patient);
patientId = patient.Id;
var examRequest = new ExaminationRequest()
{
MedicalProcedureCode = "mcode",
MedicalProcedureName = "mname",
PatientId = patientId,
CreatedOn = DateTime.UtcNow,
PracticeId = doctor.PracticeId,
};
this.db.SYS_MedicalProcedure.AddObject(
new SYS_MedicalProcedure()
{
Code = "mcode",
Name = "mname"
});
this.db.ExaminationRequests.AddObject(examRequest);
this.db.SaveChanges();
}
catch
{
Assert.Inconclusive("Test initialization has failed.");
return;
}
controller.Delete(patientId);
// this patient must have been deleted
patient = this.db.Patients.FirstOrDefault(p => p.Id == patientId);
Assert.IsNull(patient);
}
public void Delete_3_ExamFromAnotherPractice()
{
ExamsController controller;
ExaminationRequest examRequest;
var isDbChangesSaved = false;
var localNow = new DateTime(2012, 08, 16);
try
{
var drandre = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
var dramarta = Firestarter.Create_CrmMg_Psiquiatria_DraMarta_Marta(this.db);
var patientDraMarta = Firestarter.CreateFakePatients(dramarta, this.db).First();
var mr = new MockRepository(true);
controller = mr.CreateController <ExamsController>(
setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
Debug.Assert(drandre != null, "drandre must not be null");
var utcNow = PracticeController.ConvertToUtcDateTime(drandre.Users.First().Practice, localNow);
controller.UtcNowGetter = () => utcNow;
// saving the object that will be edited
var medicalProc0 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.03.04.36-1");
examRequest = new ExaminationRequest
{
CreatedOn = utcNow,
PatientId = patientDraMarta.Id,
Text = "Old text",
MedicalProcedureCode = medicalProc0.Code,
MedicalProcedureName = medicalProc0.Name,
PracticeId = dramarta.PracticeId,
};
this.db.ExaminationRequests.AddObject(examRequest);
this.db.SaveChanges();
// Define André as the logged user, he cannot edit Marta's patients.
mr.SetCurrentUser_Andre_CorrectPassword();
}
catch (Exception ex)
{
InconclusiveInit(ex);
return;
}
// Editing an examination request that does not belong to the current user's practice.
// This is not allowed and must throw an exception.
// note: this is not a validation error, this is a malicious attack...
var jsonResult = controller.Delete(examRequest.Id);
// Verifying the ActionResult.
Assert.IsNotNull(jsonResult, "The result of the controller method is null.");
var jsonDelete = (JsonDeleteMessage)jsonResult.Data;
Assert.IsFalse(jsonDelete.success, "Deletion should not succed.");
Assert.IsNotNull(jsonDelete.text, "Deletion should fail with a message.");
// Verifying the controller model-state.
Assert.IsTrue(controller.ModelState.IsValid, "ModelState is not valid.");
// Verifying the database: cannot save the changes.
Assert.IsFalse(isDbChangesSaved, "Database changes were saved, but they should not.");
}
public void Delete_1_HappyPath()
{
ExamsController controller;
Patient patient;
ExaminationRequest examRequest;
var isDbChangesSaved = false;
var localNow = new DateTime(2012, 08, 16);
try
{
using (var db2 = DbTestBase.CreateNewCerebelloEntities())
{
var drandre = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(db2);
patient = Firestarter.CreateFakePatients(drandre, db2).First();
var mr = new MockRepository(true);
controller = mr.CreateController <ExamsController>(
setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
Debug.Assert(drandre != null, "drandre must not be null");
var utcNow = PracticeController.ConvertToUtcDateTime(drandre.Users.First().Practice, localNow);
controller.UtcNowGetter = () => utcNow;
// saving the object that will be edited
var medicalProc1 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.01.03.55-2");
examRequest = new ExaminationRequest
{
PracticeId = patient.PracticeId,
CreatedOn = utcNow,
PatientId = patient.Id,
Text = "Old text",
MedicalProcedureCode = medicalProc1.Code,
MedicalProcedureName = medicalProc1.Name
};
db2.ExaminationRequests.AddObject(examRequest);
db2.SaveChanges();
// Define André as the logged user, he cannot edit Marta's patients.
mr.SetCurrentUser_Andre_CorrectPassword();
}
}
catch (Exception ex)
{
InconclusiveInit(ex);
return;
}
// Editing an examination request that does not belong to the current user's practice.
// This is not allowed and must throw an exception.
// note: this is not a validation error, this is a malicious attack...
ActionResult actionResult = controller.Delete(examRequest.Id);
// Verifying the ActionResult.
Assert.IsNotNull(actionResult, "The result of the controller method is null.");
// Verifying the controller model-state.
Assert.IsTrue(controller.ModelState.IsValid, "ModelState is not valid.");
// Verifying the database: cannot save the changes.
Assert.IsTrue(isDbChangesSaved, "Database changes were not saved, but they should.");
// Verifying the database.
using (var db2 = DbTestBase.CreateNewCerebelloEntities())
{
var obj = db2.ExaminationRequests.FirstOrDefault(x => x.PatientId == patient.Id);
Assert.IsNull(obj, "Database record was not deleted.");
}
}
public void Edit_4_EditExamThatDoesNotExist()
{
ExamsController controller;
ExaminationRequestViewModel viewModel;
var isDbChangesSaved = false;
var localNow = new DateTime(2012, 08, 16);
try
{
var drandre = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
var patient = Firestarter.CreateFakePatients(drandre, this.db).First();
var mr = new MockRepository(true);
controller = mr.CreateController <ExamsController>(
setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
Debug.Assert(drandre != null, "drandre must not be null");
var utcNow = PracticeController.ConvertToUtcDateTime(drandre.Users.First().Practice, localNow);
controller.UtcNowGetter = () => utcNow;
// saving the object that will be edited
var medicalProc0 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.03.04.36-1");
var examRequest = new ExaminationRequest
{
CreatedOn = utcNow,
PatientId = patient.Id,
Text = "Old text",
MedicalProcedureCode = medicalProc0.Code,
MedicalProcedureName = medicalProc0.Name,
PracticeId = drandre.PracticeId,
};
this.db.ExaminationRequests.AddObject(examRequest);
this.db.SaveChanges();
// Define André as the logged user.
mr.SetCurrentUser_Andre_CorrectPassword();
// Creating view-model and setting up controller ModelState based on the view-model.
var medicalProc1 = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.01.03.23-4");
viewModel = new ExaminationRequestViewModel
{
Id = 19837,
PatientId = patient.Id,
Notes = "New text",
MedicalProcedureCode = medicalProc1.Code,
MedicalProcedureName = medicalProc1.Name,
};
Mvc3TestHelper.SetModelStateErrors(controller, viewModel);
}
catch (Exception ex)
{
InconclusiveInit(ex);
return;
}
// Editing an examination request that does not belong to the current user's practice.
// This is not allowed and must throw an exception.
// note: this is not a validation error, this is a malicious attack...
ActionResult actionResult = controller.Edit(new[] { viewModel });
// Verifying the ActionResult, and the DB.
// - The result must be a ViewResult, with the name "Edit".
// - The controller ModelState must have one validation message.
Assert.IsNotNull(actionResult, "The result of the controller method is null.");
Assert.IsInstanceOfType(actionResult, typeof(ViewResult));
var viewResult = (ViewResult)actionResult;
Assert.AreEqual("NotFound", viewResult.ViewName);
// Verifying the database: cannot save the changes.
Assert.IsFalse(isDbChangesSaved, "Database changes were saved, but they should not.");
}
public void Edit_2_WithoutMedicalProcedure()
{
ExamsController controller;
Patient patient;
ExaminationRequest examRequest;
var isDbChangesSaved = false;
var localNow = new DateTime(2012, 08, 16);
try
{
var doctor = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
patient = Firestarter.CreateFakePatients(doctor, this.db).First();
var mr = new MockRepository(true);
controller = mr.CreateController <ExamsController>(
setupNewDb: db => db.SavingChanges += (s, e) => { isDbChangesSaved = true; });
Debug.Assert(doctor != null, "doctor must not be null");
var utcNow = PracticeController.ConvertToUtcDateTime(doctor.Users.First().Practice, localNow);
controller.UtcNowGetter = () => utcNow;
// saving the object that will be edited
examRequest = new ExaminationRequest
{
CreatedOn = utcNow,
PatientId = patient.Id,
Text = "Old text",
PracticeId = doctor.PracticeId,
MedicalProcedureName = "Hemoglobina (eletroforese ou HPLC)",
MedicalProcedureCode = "4.03.04.35-3",
};
this.db.ExaminationRequests.AddObject(examRequest);
this.db.SaveChanges();
}
catch (Exception ex)
{
InconclusiveInit(ex);
return;
}
// Creating a new examination request without the text.
// This is not allowed and must generate a model state validation message.
ActionResult actionResult;
ExaminationRequestViewModel viewModel;
{
viewModel = new ExaminationRequestViewModel
{
Id = examRequest.Id,
PatientId = patient.Id,
};
Mvc3TestHelper.SetModelStateErrors(controller, viewModel);
actionResult = controller.Edit(new[] { viewModel });
}
// Verifying the ActionResult, and the DB.
// - The result must be a ViewResult, with the name "Edit".
// - The controller ModelState must have one validation message.
Assert.IsNotNull(actionResult, "The result of the controller method is null.");
Assert.IsInstanceOfType(actionResult, typeof(ViewResult));
var viewResult = (ViewResult)actionResult;
Assert.AreEqual("edit", viewResult.ViewName, true);
Assert.IsFalse(controller.ModelState.IsValid, "ModelState should not be valid.");
Assert.AreEqual(
1,
controller.ModelState.GetPropertyErrors(() => viewModel.MedicalProcedureName).Count(),
"ModelState should contain one validation message.");
// Verifying the database: cannot save the changes.
Assert.IsFalse(isDbChangesSaved, "Database changes were saved, but they should not.");
}
public void Edit_1_HappyPath()
{
ExamsController controller;
Patient patient;
ExaminationRequest examRequest;
DateTime utcNow;
var localNow = new DateTime(2012, 08, 16);
try
{
var doctor = Firestarter.Create_CrmMg_Psiquiatria_DrHouse_Andre(this.db);
patient = Firestarter.CreateFakePatients(doctor, this.db).First();
var mr = new MockRepository(true);
controller = mr.CreateController <ExamsController>();
Debug.Assert(doctor != null, "doctor must not be null");
utcNow = PracticeController.ConvertToUtcDateTime(doctor.Users.First().Practice, localNow);
controller.UtcNowGetter = () => utcNow;
// saving the object that will be edited
var medicalProc = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.03.04.36-1");
examRequest = new ExaminationRequest
{
CreatedOn = utcNow,
PatientId = patient.Id,
Text = "Old text",
MedicalProcedureCode = medicalProc.Code,
MedicalProcedureName = medicalProc.Name,
PracticeId = doctor.PracticeId,
};
this.db.ExaminationRequests.AddObject(examRequest);
this.db.SaveChanges();
}
catch (Exception ex)
{
InconclusiveInit(ex);
return;
}
// Creating a new examination request.
ActionResult actionResult;
{
var medicalProc = this.db.SYS_MedicalProcedure.Single(x => x.Code == "4.01.03.23-4");
var viewModel = new ExaminationRequestViewModel
{
Id = examRequest.Id,
PatientId = patient.Id,
Notes = "Any text",
MedicalProcedureId = medicalProc.Id, // editing value: old = "4.03.04.36-1"; new = "4.01.03.23-4"
MedicalProcedureName = "Eletrencefalograma em vigília, e sono espontâneo ou induzido",
};
Mvc3TestHelper.SetModelStateErrors(controller, viewModel);
actionResult = controller.Edit(new[] { viewModel });
}
// Verifying the ActionResult.
Assert.IsNotNull(actionResult, "The result of the controller method is null.");
// Verifying the controller model-state.
Assert.IsTrue(controller.ModelState.IsValid, "ModelState is not valid.");
// Verifying the database.
using (var db2 = DbTestBase.CreateNewCerebelloEntities())
{
var obj = db2.ExaminationRequests.FirstOrDefault(x => x.PatientId == patient.Id);
Assert.IsNotNull(obj, "Database record was not saved.");
Assert.AreEqual("Any text", obj.Text);
Assert.AreEqual(utcNow, obj.CreatedOn);
Assert.AreEqual("4.01.03.23-4", obj.MedicalProcedureCode);
Assert.AreEqual("Eletrencefalograma em vigília, e sono espontâneo ou induzido", obj.MedicalProcedureName);
}
}
