internal static DdrFiler buildAddRecordQuery(AbstractConnection cxn, RemoteApplicationRecord rec, CallBackFileRecord subrec)
{
DdrFiler query = new DdrFiler(cxn);
query.Operation = "ADD";
ArrayList lst = new ArrayList(7);
VistaField f = rec.Fields["NAME"];
lst.Add(FILE_NUMBER + "^" + f.VistaNumber + "^+1,^" + f.VistaValue);
f = rec.Fields["CONTEXTOPTION"];
VistaUserDao dao = new VistaUserDao(cxn);
lst.Add(FILE_NUMBER + "^" + f.VistaNumber + "^+1,^" + dao.getOptionIen(f.VistaValue));
f = rec.Fields["APPLICATIONCODE"];
lst.Add(FILE_NUMBER + "^" + f.VistaNumber + "^+1,^" + f.VistaValue);
f = subrec.Fields["CALLBACKTYPE"];
lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue);
f = subrec.Fields["CALLBACKPORT"];
lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue);
f = subrec.Fields["CALLBACKSERVER"];
lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue);
f = subrec.Fields["URLSTRING"];
lst.Add(CALLBACK_FILE_NUMBER + "^" + f.VistaNumber + "^+2,+1^" + f.VistaValue);
query.Args = (string[])lst.ToArray(typeof(string));
return(query);
}
//internal void setVisitorContext(AbstractPermission requestedContext, string DUZ)
//{
// try
// {
// setContext(requestedContext);
// return;
// }
// catch (UnauthorizedAccessException uae)
// {
// addContextInVista(DUZ, requestedContext);
// setContext(requestedContext);
// }
// catch (Exception e)
// {
// throw;
// }
//}
// This is how the visitor gets the requested context - typically
// OR CPRS GUI CHART. The visitor comes back from VistA with CAPRI
// context only.
internal void addContextInVista(string duz, AbstractPermission requestedContext)
{
if (Permissions.ContainsKey(requestedContext.Name))
{
return;
}
VistaUserDao dao = new VistaUserDao(Cxn);
// try/catch should fix: http://trac.medora.va.gov/web/ticket/2288
try
{
setContext(requestedContext);
}
catch (Exception)
{
try
{
// will get CONTEXT HAS NOT BEEN CREATED if we don't set this again after failed attempt
setContext(new MenuOption(VistaConstants.DDR_CONTEXT));
dao.addPermission(duz, requestedContext);
setContext(requestedContext);
}
catch (Exception)
{
throw;
}
}
}
//internal void setVisitorContext(AbstractPermission requestedContext, string DUZ)
//{
// try
// {
// setContext(requestedContext);
// return;
// }
// catch (UnauthorizedAccessException uae)
// {
// addContextInVista(DUZ, requestedContext);
// setContext(requestedContext);
// }
// catch (Exception e)
// {
// throw;
// }
//}
// This is how the visitor gets the requested context - typically
// OR CPRS GUI CHART. The visitor comes back from VistA with CAPRI
// context only.
internal void addContextInVista(string duz, AbstractPermission requestedContext)
{
//if (!Permissions.ContainsKey(VistaConstants.MDWS_CONTEXT) && !Permissions.ContainsKey(VistaConstants.DDR_CONTEXT))
//{
// throw new ArgumentException("User does not have correct menu options to add new context");
//}
if (hasPermission(this.Cxn.Account.Permissions, requestedContext))
{
return;
}
//setContext(Permissions[VistaConstants.DDR_CONTEXT]); // tbd - needed? i think this is superfluous
VistaUserDao dao = new VistaUserDao(Cxn);
// try/catch should fix: http://trac.medora.va.gov/web/ticket/2288
try
{
setContext(requestedContext);
}
catch (Exception)
{
try
{
// will get CONTEXT HAS NOT BEEN CREATED if we don't set this again after failed attempt
setContext(new MenuOption(VistaConstants.DDR_CONTEXT));
dao.addPermission(duz, requestedContext);
setContext(requestedContext);
}
catch (Exception)
{
throw;
}
}
}
internal void doTheAuthorize(AbstractCredentials credentials, AbstractPermission permission)
{
//// if we are requesting CPRS context with a visit and user does not have it - add it to their account
if (permission.Name == VistaConstants.CPRS_CONTEXT &&
!Cxn.Account.Permissions.ContainsKey(VistaConstants.CPRS_CONTEXT) &&
!Cxn.Account.AuthenticationMethod.Equals(VistaConstants.LOGIN_CREDENTIALS))
{
addContextInVista(Cxn.Uid, permission);
}
else
{
setContext(permission);
}
if (String.IsNullOrEmpty(Cxn.Uid))
{
if (String.IsNullOrEmpty(credentials.FederatedUid))
{
throw new MdoException("Missing federated UID, cannot get local UID");
}
VistaUserDao dao = new VistaUserDao(Cxn);
Cxn.Uid = dao.getUserIdBySsn(credentials.FederatedUid);
if (String.IsNullOrEmpty(Cxn.Uid))
{
throw new MdoException("Unable to get local UID for federated ID " + credentials.FederatedUid);
}
}
if (!credentials.Complete)
{
VistaUserDao dao = new VistaUserDao(Cxn);
dao.addVisitorInfo(credentials);
}
}
public override bool success(string[] flds)
{
AbstractPermission ddrContext = new MenuOption(VistaConstants.DDR_CONTEXT);
acct.setContext(ddrContext);
VistaUserDao dao = new VistaUserDao(cxn);
cxn.Uid = dao.getUserIdBySsn(creds.FederatedUid);
return(true);
}
public override bool success(string[] flds)
{
// Set DDR context in order to add the requested context
AbstractPermission ddrContext = new MenuOption(VistaConstants.DDR_CONTEXT);
acct.setContext(ddrContext);
// Get the UID while we have DDR context set anyway
VistaUserDao dao = new VistaUserDao(cxn);
cxn.Uid = dao.getUserIdBySsn(creds.FederatedUid);
// Add the requested context to the user's account
//acct.addContextInVista(cxn.Uid, acct.PrimaryPermission);
return(true);
}
public string isRpcAvailable(string target, string context, string localRemote, string version)
{
if (!isRpcAvailableAtSite(target, localRemote, version))
{
return("Not installed at site");
}
KeyValuePair <string, string>[] rpcList = getRpcList(target);
string rpcIEN = rpcList[0].Key;
VistaUserDao userDao = new VistaUserDao(cxn);
string optIEN = userDao.getOptionIen(context);
if (!StringUtils.isNumeric(optIEN))
{
return("Error getting context IEN: " + optIEN);
}
DdrLister query = buildGetOptionRpcsQuery(optIEN);
string[] optRpcs = query.execute();
if (!isRpcIenPresent(optRpcs, rpcIEN))
{
return("RPC not in context");
}
return("YES");
}
public FhieUserDao(AbstractConnection cxn)
{
vistaDao = new VistaUserDao(cxn);
}
public Order discontinueOrder(String patientId, string orderIen, string providerDuz, String locationIen, string reasonIen)
{
if (String.IsNullOrEmpty(orderIen))
{
throw new ArgumentException("No order ID");
}
if (String.IsNullOrEmpty(providerDuz))
{
throw new ArgumentException("No user ID");
}
if (String.IsNullOrEmpty(locationIen))
{
throw new ArgumentException("No location ID");
}
if (String.IsNullOrEmpty(reasonIen))
{
throw new ArgumentException("No reason ID");
}
String userId = cxn.Uid;
VistaUserDao userDao = new VistaUserDao(cxn);
bool providerHasProvider = userDao.hasPermission(providerDuz, new SecurityKey("", "PROVIDER"));
if (!providerHasProvider)
{
throw new ArgumentException("The account with the DUZ specified does not hold the PROVIDER key");
}
VistaOrdersDao orderDao = new VistaOrdersDao(cxn);
Order order = orderDao.getOrder(orderIen);
if (order == null)
{
throw new MdoException("No such order");
}
string msg = orderDao.validateOrderActionNature(order.Id, "DC", providerDuz, ""); // TBD - orderIen -> order.Id??
if (msg != "OK")
{
throw new MdoException(msg);
}
msg = orderDao.getComplexOrderMsg(order.Id); // TBD - orderIen -> order.Id??
if (msg != "")
{
throw new MdoException(msg);
}
if (!orderDao.lockOrdersForPatient(patientId))
{
throw new MdoException("Unable to lock orders for patient");
}
msg = orderDao.lockOrder(order.Id);
if (msg != "OK")
{
orderDao.unlockOrdersForPatient();
throw new MdoException(msg);
}
Order canceledOrder = cancelOrder(order.Id, providerDuz, locationIen, reasonIen);
orderDao.unlockOrder(canceledOrder.Id);
orderDao.unlockOrdersForPatient(patientId);
return(canceledOrder);
}
public void signOrder(String orderId, String providerDuz, String locationIen, String eSig)
{
if (String.IsNullOrEmpty(orderId) || String.IsNullOrEmpty(providerDuz) || String.IsNullOrEmpty(locationIen) || String.IsNullOrEmpty(eSig))
{
throw new ArgumentException("Must supply all arguments!");
}
VistaOrdersDao orderDao = new VistaOrdersDao(this.cxn);
Order order = orderDao.getOrder(orderId);
if (order == null)
{
throw new ArgumentException("Invalid order IEN");
}
VistaUserDao userDao = new VistaUserDao(cxn);
bool providerHasProvider = userDao.hasPermission(providerDuz, new SecurityKey("", "PROVIDER"));
if (!providerHasProvider)
{
throw new MdoException("Provider DUZ specified does not have PROVIDER key");
}
if (!userDao.isValidEsig(eSig))
{
throw new MdoException("Invalid signature code");
}
// NOTE:: these are the SAME business rules as found in discontinueAndSign above - must change them BOTH PLACES if they need updated!!!
String userId = cxn.Uid;
bool userHasProvider = String.Equals(userId, providerDuz) ? providerHasProvider : userDao.hasPermission(userId, new SecurityKey("", "PROVIDER"));
bool userHasOremas = userDao.hasPermission(userId, new SecurityKey("", "OREMAS")); // need this for some decisions so fetch even if user holds superceding PROVIDER key
bool usingWrittenOnChart = false;
bool okToDcAndSign = false; //using this to simplify logic and skip checks
// allow this to be configurable
bool okToCancelOrderFromOtherProvider = false;
Boolean.TryParse(ConfigurationManager.AppSettings["AllowOrderDcFromOtherProvider"], out okToCancelOrderFromOtherProvider);
String originalOrderProvider = order.Provider.Uid;
if (String.Equals(originalOrderProvider, userId))
{
okToDcAndSign = true;
}
if (!okToDcAndSign)
{
if (!String.Equals(originalOrderProvider, userId) && userHasProvider)
{
if (okToCancelOrderFromOtherProvider)
{
okToDcAndSign = true;
}
else
{
throw new ArgumentException("Providers may not sign another provider's order.");
}
}
}
if (!okToDcAndSign)
{
if (!userHasProvider)
{
if (!userHasOremas)
{
throw new UnauthorizedAccessException("User does not have appropriate keys for sign");
}
}
}
if (!okToDcAndSign)
{
if (!userHasProvider && userHasOremas)
{
okToDcAndSign = usingWrittenOnChart = true;
}
}
orderDao.lockOrder(orderId);
orderDao.signOrder(orderId, providerDuz, locationIen, eSig, true, usingWrittenOnChart);
orderDao.unlockOrder(orderId);
}
public Order discontinueAndSignOrder(String patientId, string orderIen, string providerDuz, String locationIen, string reasonIen, String eSig)
{
if (String.IsNullOrEmpty(orderIen))
{
throw new ArgumentException("No order ID");
}
if (String.IsNullOrEmpty(providerDuz))
{
throw new ArgumentException("No user ID");
}
if (String.IsNullOrEmpty(locationIen))
{
throw new ArgumentException("No location ID");
}
if (String.IsNullOrEmpty(reasonIen))
{
throw new ArgumentException("No reason ID");
}
if (String.IsNullOrEmpty(eSig))
{
throw new ArgumentException("No electronic signature code");
}
String userId = cxn.Uid;
VistaUserDao userDao = new VistaUserDao(cxn);
bool providerHasProvider = userDao.hasPermission(providerDuz, new SecurityKey("", "PROVIDER"));
if (!providerHasProvider)
{
throw new ArgumentException("The account with the DUZ specified does not hold the PROVIDER key");
}
if (!userDao.isValidEsig(eSig))
{
throw new MdoException("Invalid signature code");
}
VistaOrdersDao orderDao = new VistaOrdersDao(cxn);
Order order = orderDao.getOrder(orderIen);
if (order == null)
{
throw new MdoException("No such order");
}
if (String.Equals(order.Status, "DISCONTINUED", StringComparison.CurrentCultureIgnoreCase))
{
throw new ArgumentException("Order is already discontinued");
}
bool userHasProvider = String.Equals(userId, providerDuz) ? providerHasProvider : userDao.hasPermission(userId, new SecurityKey("", "PROVIDER"));
bool userHasOremas = userDao.hasPermission(userId, new SecurityKey("", "OREMAS")); // need this for some decisions so fetch even if user holds superceding PROVIDER key
bool usingWrittenOnChart = false;
bool okToDcAndSign = false; //using this to simplify logic and skip checks
// allow this to be configurable
bool okToCancelOrderFromOtherProvider = false;
Boolean.TryParse(ConfigurationManager.AppSettings["AllowOrderDcFromOtherProvider"], out okToCancelOrderFromOtherProvider);
String originalOrderProvider = order.Provider.Uid; //.Provider.Id;
if (String.Equals(originalOrderProvider, userId))
{
okToDcAndSign = true;
}
if (!okToDcAndSign)
{
if (!String.Equals(originalOrderProvider, userId) && userHasProvider)
{
if (okToCancelOrderFromOtherProvider)
{
okToDcAndSign = true;
}
else
{
throw new ArgumentException("Providers may not sign discontinue order request for another provider's order. Use discontinue order without signature");
}
}
}
if (!okToDcAndSign)
{
if (!userHasProvider && !userHasOremas)
{
throw new UnauthorizedAccessException("User does not have appropriate keys for cancel and sign");
}
}
if (!okToDcAndSign)
{
if (!userHasProvider && userHasOremas)
{
okToDcAndSign = usingWrittenOnChart = true;
}
}
string msg = orderDao.validateOrderActionNature(order.Id, "DC", providerDuz, ""); // TBD - orderIen -> order.Id??
if (msg != "OK")
{
throw new MdoException(msg);
}
msg = orderDao.getComplexOrderMsg(order.Id); // TBD - orderIen -> order.Id??
if (msg != "")
{
throw new MdoException(msg);
}
if (!orderDao.lockOrdersForPatient(patientId))
{
throw new MdoException("Unable to lock orders for patient");
}
msg = orderDao.lockOrder(order.Id);
if (msg != "OK")
{
orderDao.unlockOrdersForPatient();
throw new MdoException(msg);
}
Order canceledOrder = cancelOrder(order.Id, providerDuz, locationIen, reasonIen);
orderDao.signOrder(patientId, canceledOrder.Id, providerDuz, locationIen, eSig, true, usingWrittenOnChart);
orderDao.unlockOrder(canceledOrder.Id);
orderDao.unlockOrdersForPatient(patientId);
return(canceledOrder);
}
public FhieUserDao(AbstractConnection cxn)
{
vistaDao = new VistaUserDao(cxn);
}
