public MemberMedical GetMedical(Guid id, bool showSensitive = false, string reason = "")
{
if (!(Permissions.IsUser || Permissions.IsSelf(id)))
{
ThrowAuthError();
}
var data = db.Members.Where(f => f.Id == id).Select(f => f.MedicalInfo).SingleOrDefault();
var contacts = db.Members.Where(f => f.Id == id).SelectMany(f => f.EmergencyContacts).ToArray();
if (showSensitive)
{
if (!Permissions.IsSelf(id))
{
if (string.IsNullOrWhiteSpace(reason))
{
ThrowSubmitErrors(new[] { new Web.Model.SubmitError {
Error = "Reason not specified", Property = "reason"
} });
}
Model.SensitiveInfoAccess infoAccess = new Model.SensitiveInfoAccess
{
Owner = db.Members.Single(f => f.Id == id),
Action = "Read Medical Information",
Actor = (Permissions.UserId == Guid.Empty) ? User.Identity.Name : db.Members.Single(f => f.Id == Permissions.UserId).FullName,
Reason = reason,
Timestamp = DateTime.Now,
};
db.SensitiveInfoLog.Add(infoAccess);
db.SaveChanges();
}
}
return(new MemberMedical
{
IsSensitive = showSensitive,
Allergies = data == null ? null : HiddenOrDecrypted(showSensitive, data.EncryptedAllergies),
Medications = data == null ? null : HiddenOrDecrypted(showSensitive, data.EncryptedMedications),
Disclosure = data == null ? null : HiddenOrDecrypted(showSensitive, data.EncryptedDisclosures),
Contacts = contacts.Select(f =>
{
if (showSensitive)
{
var contact = JsonConvert.DeserializeObject <Kcsar.Database.Model.EmergencyContactData>(EncryptionService.Unprotect(EncryptionService.MEMBER_SENSITIVE, f.EncryptedData));
return new EmergencyContact
{
IsSensitive = true,
Name = contact.Name,
Relation = contact.Relation,
Type = contact.Type,
Number = contact.Number,
Id = f.Id
};
}
else
{
return new EmergencyContact
{
IsSensitive = false,
Name = Strings.SensitiveText,
Type = null,
};
}
})
});
}
/// <summary>Appends sensitive info access to log. Does not call SaveChanges</summary>
/// <param name="record"></param>
public void RecordSensitiveAccess(SensitiveInfoAccess record)
{
this.SensitiveInfoLog.Add(record);
}
public MemberMedical GetMedical(Guid id, bool showSensitive = false, string reason = "")
{
if (!(Permissions.IsUser || Permissions.IsSelf(id))) ThrowAuthError();
var data = db.Members.Where(f => f.Id == id).Select(f => f.MedicalInfo).SingleOrDefault();
var contacts = db.Members.Where(f => f.Id == id).SelectMany(f => f.EmergencyContacts).ToArray();
if (showSensitive)
{
if (!Permissions.IsSelf(id))
{
if (string.IsNullOrWhiteSpace(reason)) ThrowSubmitErrors(new[] { new Web.Model.SubmitError { Error = "Reason not specified", Property = "reason" } });
Model.SensitiveInfoAccess infoAccess = new Model.SensitiveInfoAccess
{
Owner = db.Members.Single(f => f.Id == id),
Action = "Read Medical Information",
Actor = (Permissions.UserId == Guid.Empty) ? User.Identity.Name : db.Members.Single(f => f.Id == Permissions.UserId).FullName,
Reason = reason,
Timestamp = DateTime.Now,
};
db.SensitiveInfoLog.Add(infoAccess);
db.SaveChanges();
}
}
return new MemberMedical
{
IsSensitive = showSensitive,
Allergies = data == null ? null : HiddenOrDecrypted(showSensitive, data.EncryptedAllergies),
Medications = data == null ? null : HiddenOrDecrypted(showSensitive, data.EncryptedMedications),
Disclosure = data == null ? null : HiddenOrDecrypted(showSensitive, data.EncryptedDisclosures),
Contacts = contacts.Select(f =>
{
if (showSensitive)
{
var contact = JsonConvert.DeserializeObject<Kcsar.Database.Model.EmergencyContactData>(EncryptionService.Unprotect(EncryptionService.MEMBER_SENSITIVE, f.EncryptedData));
return new EmergencyContact
{
IsSensitive = true,
Name = contact.Name,
Relation = contact.Relation,
Type = contact.Type,
Number = contact.Number,
Id = f.Id
};
}
else
{
return new EmergencyContact
{
IsSensitive = false,
Name = Strings.SensitiveText,
Type = null,
};
}
})
};
}
