internal static DdrFiler buildAddRecordQuery(AbstractConnection cxn, RemoteApplicationRecord rec, CallBackFileRecord subrec) { DdrFiler query = new DdrFiler(cxn); query.Operation = "ADD"; ArrayList lst = new ArrayList(7); VistaField f = rec.Fields["NAME"]; lst.Add(FILE_NUMBER + "^" + f.VistaNumber + "^+1,^" + f.VistaValue); f = rec.Fields["CONTEXTOPTION"]; VistaUserDao dao = new VistaUserDao(cxn); lst.Add(FILE_NUMBER + "^" + f.VistaNumber + "^+1,^" + dao.getOptionIen(f.VistaValue)); f = rec.Fields["APPLICATIONCODE"]; lst.Add(FILE_NUMBER + "^" + f.VistaNumber + "^+1,^" + f.VistaValue); f = subrec.Fields["CALLBACKTYPE"]; lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue); f = subrec.Fields["CALLBACKPORT"]; lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue); f = subrec.Fields["CALLBACKSERVER"]; lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue); f = subrec.Fields["URLSTRING"]; lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue); query.Args = (string[])lst.ToArray(typeof(string)); return(query); }
//internal void setVisitorContext(AbstractPermission requestedContext, string DUZ) //{ // try // { // setContext(requestedContext); // return; // } // catch (UnauthorizedAccessException uae) // { // addContextInVista(DUZ, requestedContext); // setContext(requestedContext); // } // catch (Exception e) // { // throw; // } //} // This is how the visitor gets the requested context - typically // OR CPRS GUI CHART. The visitor comes back from VistA with CAPRI // context only. internal void addContextInVista(string duz, AbstractPermission requestedContext) { if (Permissions.ContainsKey(requestedContext.Name)) { return; } VistaUserDao dao = new VistaUserDao(Cxn); // try/catch should fix: http://trac.medora.va.gov/web/ticket/2288 try { setContext(requestedContext); } catch (Exception) { try { // will get CONTEXT HAS NOT BEEN CREATED if we don't set this again after failed attempt setContext(new MenuOption(VistaConstants.DDR_CONTEXT)); dao.addPermission(duz, requestedContext); setContext(requestedContext); } catch (Exception) { throw; } } }
//internal void setVisitorContext(AbstractPermission requestedContext, string DUZ) //{ // try // { // setContext(requestedContext); // return; // } // catch (UnauthorizedAccessException uae) // { // addContextInVista(DUZ, requestedContext); // setContext(requestedContext); // } // catch (Exception e) // { // throw; // } //} // This is how the visitor gets the requested context - typically // OR CPRS GUI CHART. The visitor comes back from VistA with CAPRI // context only. internal void addContextInVista(string duz, AbstractPermission requestedContext) { //if (!Permissions.ContainsKey(VistaConstants.MDWS_CONTEXT) && !Permissions.ContainsKey(VistaConstants.DDR_CONTEXT)) //{ // throw new ArgumentException("User does not have correct menu options to add new context"); //} if (hasPermission(this.Cxn.Account.Permissions, requestedContext)) { return; } //setContext(Permissions[VistaConstants.DDR_CONTEXT]); // tbd - needed? i think this is superfluous VistaUserDao dao = new VistaUserDao(Cxn); // try/catch should fix: http://trac.medora.va.gov/web/ticket/2288 try { setContext(requestedContext); } catch (Exception) { try { // will get CONTEXT HAS NOT BEEN CREATED if we don't set this again after failed attempt setContext(new MenuOption(VistaConstants.DDR_CONTEXT)); dao.addPermission(duz, requestedContext); setContext(requestedContext); } catch (Exception) { throw; } } }
internal void doTheAuthorize(AbstractCredentials credentials, AbstractPermission permission) { //// if we are requesting CPRS context with a visit and user does not have it - add it to their account if (permission.Name == VistaConstants.CPRS_CONTEXT && !Cxn.Account.Permissions.ContainsKey(VistaConstants.CPRS_CONTEXT) && !Cxn.Account.AuthenticationMethod.Equals(VistaConstants.LOGIN_CREDENTIALS)) { addContextInVista(Cxn.Uid, permission); } else { setContext(permission); } if (String.IsNullOrEmpty(Cxn.Uid)) { if (String.IsNullOrEmpty(credentials.FederatedUid)) { throw new MdoException("Missing federated UID, cannot get local UID"); } VistaUserDao dao = new VistaUserDao(Cxn); Cxn.Uid = dao.getUserIdBySsn(credentials.FederatedUid); if (String.IsNullOrEmpty(Cxn.Uid)) { throw new MdoException("Unable to get local UID for federated ID " + credentials.FederatedUid); } } if (!credentials.Complete) { VistaUserDao dao = new VistaUserDao(Cxn); dao.addVisitorInfo(credentials); } }
public override bool success(string[] flds) { AbstractPermission ddrContext = new MenuOption(VistaConstants.DDR_CONTEXT); acct.setContext(ddrContext); VistaUserDao dao = new VistaUserDao(cxn); cxn.Uid = dao.getUserIdBySsn(creds.FederatedUid); return(true); }
public override bool success(string[] flds) { // Set DDR context in order to add the requested context AbstractPermission ddrContext = new MenuOption(VistaConstants.DDR_CONTEXT); acct.setContext(ddrContext); // Get the UID while we have DDR context set anyway VistaUserDao dao = new VistaUserDao(cxn); cxn.Uid = dao.getUserIdBySsn(creds.FederatedUid); // Add the requested context to the user's account //acct.addContextInVista(cxn.Uid, acct.PrimaryPermission); return(true); }
public string isRpcAvailable(string target, string context, string localRemote, string version) { if (!isRpcAvailableAtSite(target, localRemote, version)) { return("Not installed at site"); } KeyValuePair <string, string>[] rpcList = getRpcList(target); string rpcIEN = rpcList[0].Key; VistaUserDao userDao = new VistaUserDao(cxn); string optIEN = userDao.getOptionIen(context); if (!StringUtils.isNumeric(optIEN)) { return("Error getting context IEN: " + optIEN); } DdrLister query = buildGetOptionRpcsQuery(optIEN); string[] optRpcs = query.execute(); if (!isRpcIenPresent(optRpcs, rpcIEN)) { return("RPC not in context"); } return("YES"); }
public FhieUserDao(AbstractConnection cxn) { vistaDao = new VistaUserDao(cxn); }
public Order discontinueOrder(String patientId, string orderIen, string providerDuz, String locationIen, string reasonIen) { if (String.IsNullOrEmpty(orderIen)) { throw new ArgumentException("No order ID"); } if (String.IsNullOrEmpty(providerDuz)) { throw new ArgumentException("No user ID"); } if (String.IsNullOrEmpty(locationIen)) { throw new ArgumentException("No location ID"); } if (String.IsNullOrEmpty(reasonIen)) { throw new ArgumentException("No reason ID"); } String userId = cxn.Uid; VistaUserDao userDao = new VistaUserDao(cxn); bool providerHasProvider = userDao.hasPermission(providerDuz, new SecurityKey("", "PROVIDER")); if (!providerHasProvider) { throw new ArgumentException("The account with the DUZ specified does not hold the PROVIDER key"); } VistaOrdersDao orderDao = new VistaOrdersDao(cxn); Order order = orderDao.getOrder(orderIen); if (order == null) { throw new MdoException("No such order"); } string msg = orderDao.validateOrderActionNature(order.Id, "DC", providerDuz, ""); // TBD - orderIen -> order.Id?? if (msg != "OK") { throw new MdoException(msg); } msg = orderDao.getComplexOrderMsg(order.Id); // TBD - orderIen -> order.Id?? if (msg != "") { throw new MdoException(msg); } if (!orderDao.lockOrdersForPatient(patientId)) { throw new MdoException("Unable to lock orders for patient"); } msg = orderDao.lockOrder(order.Id); if (msg != "OK") { orderDao.unlockOrdersForPatient(); throw new MdoException(msg); } Order canceledOrder = cancelOrder(order.Id, providerDuz, locationIen, reasonIen); orderDao.unlockOrder(canceledOrder.Id); orderDao.unlockOrdersForPatient(patientId); return(canceledOrder); }
public void signOrder(String orderId, String providerDuz, String locationIen, String eSig) { if (String.IsNullOrEmpty(orderId) || String.IsNullOrEmpty(providerDuz) || String.IsNullOrEmpty(locationIen) || String.IsNullOrEmpty(eSig)) { throw new ArgumentException("Must supply all arguments!"); } VistaOrdersDao orderDao = new VistaOrdersDao(this.cxn); Order order = orderDao.getOrder(orderId); if (order == null) { throw new ArgumentException("Invalid order IEN"); } VistaUserDao userDao = new VistaUserDao(cxn); bool providerHasProvider = userDao.hasPermission(providerDuz, new SecurityKey("", "PROVIDER")); if (!providerHasProvider) { throw new MdoException("Provider DUZ specified does not have PROVIDER key"); } if (!userDao.isValidEsig(eSig)) { throw new MdoException("Invalid signature code"); } // NOTE:: these are the SAME business rules as found in discontinueAndSign above - must change them BOTH PLACES if they need updated!!! String userId = cxn.Uid; bool userHasProvider = String.Equals(userId, providerDuz) ? providerHasProvider : userDao.hasPermission(userId, new SecurityKey("", "PROVIDER")); bool userHasOremas = userDao.hasPermission(userId, new SecurityKey("", "OREMAS")); // need this for some decisions so fetch even if user holds superceding PROVIDER key bool usingWrittenOnChart = false; bool okToDcAndSign = false; //using this to simplify logic and skip checks // allow this to be configurable bool okToCancelOrderFromOtherProvider = false; Boolean.TryParse(ConfigurationManager.AppSettings["AllowOrderDcFromOtherProvider"], out okToCancelOrderFromOtherProvider); String originalOrderProvider = order.Provider.Uid; if (String.Equals(originalOrderProvider, userId)) { okToDcAndSign = true; } if (!okToDcAndSign) { if (!String.Equals(originalOrderProvider, userId) && userHasProvider) { if (okToCancelOrderFromOtherProvider) { okToDcAndSign = true; } else { throw new ArgumentException("Providers may not sign another provider's order."); } } } if (!okToDcAndSign) { if (!userHasProvider) { if (!userHasOremas) { throw new UnauthorizedAccessException("User does not have appropriate keys for sign"); } } } if (!okToDcAndSign) { if (!userHasProvider && userHasOremas) { okToDcAndSign = usingWrittenOnChart = true; } } orderDao.lockOrder(orderId); orderDao.signOrder(orderId, providerDuz, locationIen, eSig, true, usingWrittenOnChart); orderDao.unlockOrder(orderId); }
public Order discontinueAndSignOrder(String patientId, string orderIen, string providerDuz, String locationIen, string reasonIen, String eSig) { if (String.IsNullOrEmpty(orderIen)) { throw new ArgumentException("No order ID"); } if (String.IsNullOrEmpty(providerDuz)) { throw new ArgumentException("No user ID"); } if (String.IsNullOrEmpty(locationIen)) { throw new ArgumentException("No location ID"); } if (String.IsNullOrEmpty(reasonIen)) { throw new ArgumentException("No reason ID"); } if (String.IsNullOrEmpty(eSig)) { throw new ArgumentException("No electronic signature code"); } String userId = cxn.Uid; VistaUserDao userDao = new VistaUserDao(cxn); bool providerHasProvider = userDao.hasPermission(providerDuz, new SecurityKey("", "PROVIDER")); if (!providerHasProvider) { throw new ArgumentException("The account with the DUZ specified does not hold the PROVIDER key"); } if (!userDao.isValidEsig(eSig)) { throw new MdoException("Invalid signature code"); } VistaOrdersDao orderDao = new VistaOrdersDao(cxn); Order order = orderDao.getOrder(orderIen); if (order == null) { throw new MdoException("No such order"); } if (String.Equals(order.Status, "DISCONTINUED", StringComparison.CurrentCultureIgnoreCase)) { throw new ArgumentException("Order is already discontinued"); } bool userHasProvider = String.Equals(userId, providerDuz) ? providerHasProvider : userDao.hasPermission(userId, new SecurityKey("", "PROVIDER")); bool userHasOremas = userDao.hasPermission(userId, new SecurityKey("", "OREMAS")); // need this for some decisions so fetch even if user holds superceding PROVIDER key bool usingWrittenOnChart = false; bool okToDcAndSign = false; //using this to simplify logic and skip checks // allow this to be configurable bool okToCancelOrderFromOtherProvider = false; Boolean.TryParse(ConfigurationManager.AppSettings["AllowOrderDcFromOtherProvider"], out okToCancelOrderFromOtherProvider); String originalOrderProvider = order.Provider.Uid; //.Provider.Id; if (String.Equals(originalOrderProvider, userId)) { okToDcAndSign = true; } if (!okToDcAndSign) { if (!String.Equals(originalOrderProvider, userId) && userHasProvider) { if (okToCancelOrderFromOtherProvider) { okToDcAndSign = true; } else { throw new ArgumentException("Providers may not sign discontinue order request for another provider's order. Use discontinue order without signature"); } } } if (!okToDcAndSign) { if (!userHasProvider && !userHasOremas) { throw new UnauthorizedAccessException("User does not have appropriate keys for cancel and sign"); } } if (!okToDcAndSign) { if (!userHasProvider && userHasOremas) { okToDcAndSign = usingWrittenOnChart = true; } } string msg = orderDao.validateOrderActionNature(order.Id, "DC", providerDuz, ""); // TBD - orderIen -> order.Id?? if (msg != "OK") { throw new MdoException(msg); } msg = orderDao.getComplexOrderMsg(order.Id); // TBD - orderIen -> order.Id?? if (msg != "") { throw new MdoException(msg); } if (!orderDao.lockOrdersForPatient(patientId)) { throw new MdoException("Unable to lock orders for patient"); } msg = orderDao.lockOrder(order.Id); if (msg != "OK") { orderDao.unlockOrdersForPatient(); throw new MdoException(msg); } Order canceledOrder = cancelOrder(order.Id, providerDuz, locationIen, reasonIen); orderDao.signOrder(patientId, canceledOrder.Id, providerDuz, locationIen, eSig, true, usingWrittenOnChart); orderDao.unlockOrder(canceledOrder.Id); orderDao.unlockOrdersForPatient(patientId); return(canceledOrder); }
public FhieUserDao(AbstractConnection cxn) { vistaDao = new VistaUserDao(cxn); }