from typing import Any, List from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.orm import Session from app import crud, models, schemas from app.api import deps router = APIRouter() @router.get("/", response_model=List[schemas.patient.Patient]) def read_patients( db: Session = Depends(deps.get_db), skip: int = 0, limit: int = 100, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Retrieve patients. """ if crud.crud_user.user.is_superuser(current_user): patients = crud.crud_patient.patient.get_multi(db, skip=skip, limit=limit) else: # Regular users can only access their own patient data if current_user.patient: patients = [current_user.patient] else: # If the user is a doctor, we could potentially show all their patients if current_user.doctor: # This would require a more complex query to get all patients that have appointments with this doctor # For simplicity, we'll just return an empty list for now patients = [] else: patients = [] return patients @router.post("/", response_model=schemas.patient.Patient) def create_patient( *, db: Session = Depends(deps.get_db), patient_in: schemas.patient.PatientCreate, current_user: models.User = Depends(deps.get_current_active_superuser), ) -> Any: """ Create new patient. """ # Check if user exists user = crud.crud_user.user.get(db, id=patient_in.user_id) if not user: raise HTTPException( status_code=404, detail="The user with this id does not exist in the system", ) # Check if patient already exists for this user patient = crud.crud_patient.patient.get_by_user_id(db, user_id=patient_in.user_id) if patient: raise HTTPException( status_code=400, detail="The patient with this user_id already exists in the system", ) patient = crud.crud_patient.patient.create(db, obj_in=patient_in) return patient @router.get("/{patient_id}", response_model=schemas.patient.Patient) def read_patient( *, db: Session = Depends(deps.get_db), patient_id: int, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Get patient by ID. """ patient = crud.crud_patient.patient.get(db, id=patient_id) if not patient: raise HTTPException(status_code=404, detail="Patient not found") # Check permissions if not crud.crud_user.user.is_superuser(current_user): # Regular users can only access their own patient data if not current_user.patient or current_user.patient.id != patient_id: # If the user is a doctor, we could potentially allow them to see their patients if current_user.doctor: # For simplicity, we'll allow doctors to see all patients for now # In a real application, you would check if the patient has an appointment with this doctor pass else: raise HTTPException(status_code=403, detail="Not enough permissions") return patient @router.put("/{patient_id}", response_model=schemas.patient.Patient) def update_patient( *, db: Session = Depends(deps.get_db), patient_id: int, patient_in: schemas.patient.PatientUpdate, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Update a patient. """ patient = crud.crud_patient.patient.get(db, id=patient_id) if not patient: raise HTTPException(status_code=404, detail="Patient not found") # Check permissions if not crud.crud_user.user.is_superuser(current_user): # Regular users can only update their own patient data if not current_user.patient or current_user.patient.id != patient_id: raise HTTPException(status_code=403, detail="Not enough permissions") patient = crud.crud_patient.patient.update(db, db_obj=patient, obj_in=patient_in) return patient @router.delete("/{patient_id}", response_model=schemas.patient.Patient) def delete_patient( *, db: Session = Depends(deps.get_db), patient_id: int, current_user: models.User = Depends(deps.get_current_active_superuser), ) -> Any: """ Delete a patient. """ patient = crud.crud_patient.patient.get(db, id=patient_id) if not patient: raise HTTPException(status_code=404, detail="Patient not found") patient = crud.crud_patient.patient.remove(db, id=patient_id) return patient