add perms mixin for healthcare service and facility location

care/emr/resources/healthcare_service/spec.py

@@ -11,6 +11,7 @@
     HEALTHCARE_SERVICE_TYPE_CODE_VALUESET,
 )
 from care.emr.resources.location.spec import FacilityLocationListSpec
+from care.emr.resources.permissions import HealthcareServicePermissionsMixin
 from care.emr.utils.valueset_coding_type import ValueSetBoundCoding
 from care.utils.shortcuts import get_object_or_404
 
@@ -62,7 +63,9 @@ def perform_extra_serialization(cls, mapping, obj):
         mapping["id"] = obj.external_id
 
 
-class HealthcareServiceRetrieveSpec(HealthcareServiceReadSpec):
+class HealthcareServiceRetrieveSpec(
+    HealthcareServiceReadSpec, HealthcareServicePermissionsMixin
+):
     """Healthcare service retrieve specification"""
 
     locations: list[dict]

care/emr/resources/location/spec.py

@@ -7,6 +7,7 @@
 from care.emr.models.location import FacilityLocation
 from care.emr.resources.base import EMRResource
 from care.emr.resources.common import Coding
+from care.emr.resources.permissions import FacilityLocationPermissionsMixin
 from care.emr.resources.user.spec import UserSpec
 
 
@@ -149,7 +150,9 @@ def perform_extra_serialization(cls, mapping, obj):
             ).to_json()
 
 
-class FacilityLocationRetrieveSpec(FacilityLocationListSpec):
+class FacilityLocationRetrieveSpec(
+    FacilityLocationListSpec, FacilityLocationPermissionsMixin
+):
     created_by: dict | None = None
     updated_by: dict | None = None
 

care/emr/resources/permissions.py

@@ -1,6 +1,8 @@
 from care.emr.resources.base import EMRResource
 from care.security.authorization.encounter import EncounterAccess
 from care.security.authorization.facility import FacilityAccess
+from care.security.authorization.facility_location import FacilityLocationAccess
+from care.security.authorization.healthcare_service import HealthcareServiceAccess
 from care.security.authorization.patient import PatientAccess
 from care.security.models import RolePermission
 
@@ -63,3 +65,31 @@ def add_permissions(cls, mapping, user, encounter):
                 role_id__in=roles, permission__context__in=["ENCOUNTER", "PATIENT"]
             ).values_list("permission__slug", flat=True)
         )
+
+
+class FacilityLocationPermissionsMixin(PermissionsMixin):
+    @classmethod
+    def add_permissions(cls, mapping, user, facility_location):
+        facility_location_access = FacilityLocationAccess()
+        roles = facility_location_access.find_roles_on_facility_location(
+            user, facility_location
+        )
+        mapping["permissions"] = list(
+            RolePermission.objects.filter(
+                role_id__in=roles, permission__context__in=["FACILITY"]
+            ).values_list("permission__slug", flat=True)
+        )
+
+
+class HealthcareServicePermissionsMixin(PermissionsMixin):
+    @classmethod
+    def add_permissions(cls, mapping, user, healthcare_service):
+        healthcare_service_access = HealthcareServiceAccess()
+        roles = healthcare_service_access.find_roles_on_healthcare_service(
+            user, healthcare_service
+        )
+        mapping["permissions"] = list(
+            RolePermission.objects.filter(
+                role_id__in=roles, permission__context__in=["FACILITY"]
+            ).values_list("permission__slug", flat=True)
+        )

care/security/authorization/facility_location.py

@@ -11,6 +11,12 @@
 
 
 class FacilityLocationAccess(AuthorizationHandler):
+    def find_roles_on_facility_location(self, user, facility_location):
+        roles = FacilityOrganizationUser.objects.filter(
+            organization_id__in=facility_location.facility_organization_cache, user=user
+        ).values_list("role_id", flat=True)
+        return set(roles)
+
     def can_list_facility_location_obj(self, user, facility, location):
         return self.check_permission_in_facility_organization(
             [FacilityLocationPermissions.can_list_facility_locations.name],

care/security/authorization/healthcare_service.py

@@ -1,3 +1,4 @@
+from care.emr.models.organization import FacilityOrganizationUser
 from care.security.authorization.base import (
     AuthorizationController,
     AuthorizationHandler,
@@ -6,6 +7,19 @@
 
 
 class HealthcareServiceAccess(AuthorizationHandler):
+    def find_roles_on_healthcare_service(self, user, healthcare_service):
+        roles = set()
+        if healthcare_service.managing_organization:
+            orgs = [
+                *healthcare_service.managing_organization.parent_cache,
+                healthcare_service.managing_organization.id,
+            ]
+            roles = FacilityOrganizationUser.objects.filter(
+                organization_id__in=orgs,
+                user=user,
+            ).values_list("role_id", flat=True)
+        return set(roles)
+
     def can_list_facility_healthcare_service(self, user, facility):
         """
         Check if the user has permission to view healthcare services in the facility