15.2.212. camcops_server.cc_modules.webview¶

camcops_server/cc_modules/webview.py

Copyright (C) 2012, University of Cambridge, Department of Psychiatry. Created by Rudolf Cardinal (rnc1001@cam.ac.uk).

This file is part of CamCOPS.

CamCOPS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

CamCOPS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with CamCOPS. If not, see <https://www.gnu.org/licenses/>.

Implements the CamCOPS web front end.

Quick tutorial on Pyramid views:

The configurator registers routes, and routes have URLs associated with them. Those URLs can be templatized, e.g. to accept numerical parameters. The configurator associates view callables (“views” for short) with routes, and one method for doing that is an automatic scan via Venusian for views decorated with @view_config().
All views take a Request object and return a Response or raise an exception that Pyramid will translate into a Response.
Having matched a route, Pyramid uses its “view lookup” process to choose one from potentially several views. For example, a single route might be associated with:
```
@view_config(route_name="myroute")
def myroute_default(req: Request) -> Response:
    pass

@view_config(route_name="myroute", request_method="POST")
def myroute_post(req: Request) -> Response:
    pass
```
In this example, POST requests will go to the second; everything else will go to the first. Pyramid’s view lookup rule is essentially: if multiple views match, choose the one with the most specifiers.

Specifiers include:

route_name=ROUTENAME

    the route

request_method="POST"

    requires HTTP GET, POST, etc.

request_param="XXX"

    ... requires the presence of a GET/POST variable with this name in
    the request.params dictionary

request_param="XXX=YYY"

    ... requires the presence of a GET/POST variable called XXX whose
    value is YYY, in the request.params dictionary

match_param="XXX=YYY"

    .. requires the presence of this key/value pair in
    request.matchdict, which contains parameters from the URL

https://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.add_view # noqa

Getting parameters

request.params

    ... parameters from HTTP GET or POST, including both the query
    string (as in https://somewhere/path?key=value) and the body (e.g.
    POST).

request.matchdict

    ... parameters from the URL, via URL dispatch; see
    https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/urldispatch.html#urldispatch-chapter  # noqa

Regarding rendering:

There might be some simplicity benefits from converting to a template system like Mako. On the downside, that would entail a bit more work; likely a minor performance hit (relative to plain Python string rendering); and a loss of type checking. The type checking is also why we prefer:
```
html = " ... {param_blah} ...".format(param_blah=PARAM.BLAH)
```
to
```
html = " ... {PARAM.BLAH} ...".format(PARAM=PARAM)
```
as in the first situation, PyCharm will check that “BLAH” is present in “PARAM”, and in the second it won’t. Automatic checking is worth a lot.

class camcops_server.cc_modules.webview.AddPatientView(request: CamcopsRequest)[source]¶

View to add a patient (for task scheduling).

dispatch() → pyramid.response.Response[source]¶

Try to dispatch to the right HTTP method (e.g. GET, POST). If a method doesn’t exist, defer to the error handler. Also defer to the error handler if the request method isn’t on the approved list.

Specifically, this ends up calling self.get() or self.post() or self.http_method_not_allowed().

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditServerCreatedPatientForm

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

save_object(appstruct: Dict[str, Any]) → None[source]¶: Saves the object in the database, from data provided via the form.

class camcops_server.cc_modules.webview.AddTaskScheduleItemView(request: CamcopsRequest)[source]¶

Django-style view class to add a task schedule item.

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

get_form_values() → Dict[source]¶: Reads form values from the object (or provides an empty dictionary if there is no object yet). Returns a form dictionary.

class camcops_server.cc_modules.webview.AddTaskScheduleView(request: CamcopsRequest)[source]¶

Django-style view class to add a task schedule.

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

class camcops_server.cc_modules.webview.ChangeOtherPasswordView(*args, **kwargs)[source]¶

View to change the password for another user.

get() → pyramid.response.Response[source]¶: Handle GET requests: instantiate a blank version of the form and render it.

get_first_step() → str[source]¶: Returns the first step to be used when the form is first loaded.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

set_object_properties(appstruct: Dict[str, Any]) → None[source]¶: Sets properties of the object, from form data.

set_password(appstruct: Dict[str, Any]) → None[source]¶: Success; change the password for the other user.

class camcops_server.cc_modules.webview.ChangeOwnPasswordView(*args, **kwargs)[source]¶

View to change one’s own password.

If MFA is enabled, you need to (re-)authenticate via MFA to do so. Then, you need to supply your own password to change it (regardless). Sequence is therefore (1) MFA, optionally; (2) change password.

Most documentation in superclass.

form_valid_process_data(form: Form, appstruct: Dict[str, Any]) → None[source]¶: Called when the form is valid. Saves the associated model.

get() → pyramid.response.Response[source]¶: Handle GET requests: instantiate a blank version of the form and render it.

get_failure_url() → str[source]¶: Return the URL to redirect to on error after processing a valid form. e.g. when a password is of the correct form but is invalid.

get_first_step() → str[source]¶: Returns the first step to be used when the form is first loaded.

get_form_kwargs() → Dict[str, Any][source]¶: Return the keyword arguments for instantiating the form.

get_object() → camcops_server.cc_modules.cc_user.User[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

set_object_properties(appstruct: Dict[str, Any]) → None[source]¶: Sets properties of the object, from form data.

set_password(appstruct: Dict[str, Any]) → None[source]¶: Success; change the user’s password.

class camcops_server.cc_modules.webview.DeleteServerCreatedPatientView(request: CamcopsRequest)[source]¶

View to delete a patient that had been created on the server.

delete() → None[source]¶: Delete the fetched object

form_class¶: alias of camcops_server.cc_modules.cc_forms.DeleteServerCreatedPatientForm

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

get_object() → Any[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

object_class¶: alias of camcops_server.cc_modules.cc_patient.Patient

class camcops_server.cc_modules.webview.DeleteTaskScheduleItemView(request: CamcopsRequest)[source]¶

Django-style view class to delete a task schedule item.

form_class¶: alias of camcops_server.cc_modules.cc_forms.DeleteTaskScheduleItemForm

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

class camcops_server.cc_modules.webview.DeleteTaskScheduleView(request: CamcopsRequest)[source]¶

Django-style view class to delete a task schedule.

form_class¶: alias of camcops_server.cc_modules.cc_forms.DeleteTaskScheduleForm

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

class camcops_server.cc_modules.webview.EditFinalizedPatientView(req: camcops_server.cc_modules.cc_request.CamcopsRequest, task_tablename: Optional[str] = None, task_server_pk: Optional[int] = None)[source]¶

View to edit a finalized patient.

__init__(req: camcops_server.cc_modules.cc_request.CamcopsRequest, task_tablename: Optional[str] = None, task_server_pk: Optional[int] = None) → None[source]¶: The two additional parameters are for returning the user to the task from which editing was initiated.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditFinalizedPatientForm

get_object() → Any[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: We got here by editing a patient from an uploaded task, so that’s our return point.

class camcops_server.cc_modules.webview.EditGroupView(request: CamcopsRequest)[source]¶

Django-style view to edit a CamCOPS group.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditGroupForm

get_form_kwargs() → Dict[str, Any][source]¶: Return the keyword arguments for instantiating the form.

get_form_values() → Dict[source]¶: Reads form values from the object (or provides an empty dictionary if there is no object yet). Returns a form dictionary.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

object_class¶: alias of camcops_server.cc_modules.cc_group.Group

save_object(appstruct: Dict[str, Any]) → None[source]¶: Saves the object in the database, from data provided via the form.

class camcops_server.cc_modules.webview.EditOtherUserMfaView(*args, **kwargs)[source]¶

View to edit the MFA method for another user. Only permits disabling of MFA. (If MFA is mandatory, that will require the other user to set their MFA method at next logon.)

get() → pyramid.response.Response[source]¶: Handle GET requests: instantiate a blank version of the form and render it.

get_first_step() → str[source]¶: Returns the first step to be used when the form is first loaded.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

maybe_disable_mfa(appstruct: Dict[str, Any]) → None[source]¶: If our user asked for it, disable MFA for the user being edited.

set_object_properties(appstruct: Dict[str, Any]) → None[source]¶: Sets properties of the object, from form data.

class camcops_server.cc_modules.webview.EditOwnUserMfaView(*args, **kwargs)[source]¶

View to edit your own MFA method.

The inheritance (as of 2021-10-06) illustrates a typical situation:

SPECIMEN VIEW CLASS:

webview.EditOwnUserMfaView
- webview.LoggedInUserMfaMixin
  - webview.MfaMixin
    - cc_view_classes.FormWizardMixin – with typehint for FormMixin – implements state.
- cc_view_classes.UpdateView
  - cc_view_classes.TemplateResponseMixin
  - cc_view_classes.BaseUpdateView
    - cc_view_classes.ModelFormMixin – implements form_valid() –> save_object() > set_object_properties()
      - cc_view_classes.FormMixin – implements form_valid(), get_context_data(), etc.
        
        cc_view_classes.ContextMixin
      - cc_view_classes.SingleObjectMixin – implements get_object() etc.
        
        cc_view_classes.ContextMixin
    - cc_view_classes.ProcessFormView – implements get(), post()
      - cc_view_classes.View – owns request, implements dispatch() (which calls get(), post()).

SPECIMEN FORM WITHIN THAT VIEW:

cc_forms.MfaMethodForm
- cc_forms.InformativeNonceForm
  - cc_forms.InformativeForm
    - deform.Form

If you subclass A(B, C), then B’s superclass methods are called before C’s: https://www.python.org/download/releases/2.3/mro/; https://makina-corpus.com/blog/metier/2014/python-tutorial-understanding-python-mro-class-search-path;

get() → pyramid.response.Response[source]¶: Handle GET requests: instantiate a blank version of the form and render it.

get_extra_context() → Dict[str, Any][source]¶: Returns any extra context information (as a dictionary) for the current step.

get_failure_url() → str[source]¶: Return the URL to redirect to on error after processing a valid form. e.g. when a password is of the correct form but is invalid.

get_form_values() → Dict[str, Any][source]¶: Reads form values from the object (or provides an empty dictionary if there is no object yet). Returns a form dictionary.

get_model_form_dict() → Dict[str, Any][source]¶: Returns the dictionary mapping model attribute names to form parameter names.

get_object() → camcops_server.cc_modules.cc_user.User[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

set_object_properties(appstruct: Dict[str, Any]) → None[source]¶: Sets properties of the object, from form data.

class camcops_server.cc_modules.webview.EditPatientBaseView(request: CamcopsRequest)[source]¶

View to edit details for a patient.

get_context_data(**kwargs: Any) → Any[source]¶: Insert the rendered form (as HTML) into the context dict.

get_object() → Any[source]¶: Returns the ORM object being manipulated.

save_object(appstruct: Dict[str, Any]) → None[source]¶: Saves the object in the database, from data provided via the form.

class camcops_server.cc_modules.webview.EditServerCreatedPatientView(request: CamcopsRequest)[source]¶

View to edit a patient created on the server (as part of task scheduling).

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditServerCreatedPatientForm

get_object() → Any[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

class camcops_server.cc_modules.webview.EditTaskScheduleItemMixin[source]¶: Django-style view class to edit a task schedule item.

class camcops_server.cc_modules.webview.EditTaskScheduleItemView(request: CamcopsRequest)[source]¶

Django-style view class to edit a task schedule item.

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

get_form_values() → Dict[source]¶: Reads form values from the object (or provides an empty dictionary if there is no object yet). Returns a form dictionary.

class camcops_server.cc_modules.webview.EditTaskScheduleView(request: CamcopsRequest)[source]¶

Django-style view class to edit a task schedule.

get_extra_context() → Dict[str, Any][source]¶: Override to provide extra context, merged in by get_context_data().

class camcops_server.cc_modules.webview.EditUserAuthenticationView(*args, **kwargs)[source]¶

View to edit aspects of another user.

form_valid_process_data(form: Form, appstruct: Dict[str, Any]) → None[source]¶: Called when the form is valid. Saves the associated model.

get() → pyramid.response.Response[source]¶: Handle GET requests: instantiate a blank version of the form and render it.

get_extra_context() → Dict[str, Any][source]¶: Returns any extra context information (as a dictionary) for the current step.

get_failure_url() → str[source]¶: Return the URL to redirect to on error after processing a valid form. e.g. when a password is of the correct form but is invalid.

get_object() → camcops_server.cc_modules.cc_user.User[source]¶: Returns the ORM object being manipulated.

object_class¶: alias of camcops_server.cc_modules.cc_user.User

class camcops_server.cc_modules.webview.EditUserBaseView(request: CamcopsRequest)[source]¶

Django-style view to edit a user and their groups

get_form_values() → Dict[str, Any][source]¶: Reads form values from the object (or provides an empty dictionary if there is no object yet). Returns a form dictionary.

get_object() → Any[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

object_class¶: alias of camcops_server.cc_modules.cc_user.User

set_object_properties(appstruct: Dict[str, Any]) → None[source]¶: Sets properties of the object, from form data.

class camcops_server.cc_modules.webview.EditUserGroupAdminView(request: CamcopsRequest)[source]¶

For group administrators to edit a user.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditUserGroupAdminForm

class camcops_server.cc_modules.webview.EditUserGroupMembershipBaseView(request: CamcopsRequest)[source]¶

Django-style view to edit a user’s group membership permissions.

get_object() → Any[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

object_class¶: alias of camcops_server.cc_modules.cc_membership.UserGroupMembership

class camcops_server.cc_modules.webview.EditUserGroupMembershipGroupAdminView(request: CamcopsRequest)[source]¶

For group administrators to edit a user’s group memberships.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditUserGroupMembershipGroupAdminForm

class camcops_server.cc_modules.webview.EditUserGroupMembershipSuperUserView(request: CamcopsRequest)[source]¶

For superusers to edit a user’s group memberships.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditUserGroupPermissionsFullForm

get_model_form_dict() → Dict[str, str][source]¶: Returns the dictionary mapping model attribute names to form parameter names.

class camcops_server.cc_modules.webview.EditUserSuperUserView(request: CamcopsRequest)[source]¶

For superusers to edit a user.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditUserFullForm

get_model_form_dict() → Dict[str, Any][source]¶: Returns the dictionary mapping model attribute names to form parameter names.

class camcops_server.cc_modules.webview.EraseTaskBaseView(request: CamcopsRequest)[source]¶

Django-style view to erase a task.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EraseTaskForm

get_cancel_url() → str[source]¶: Return the URL to redirect to when cancelling a form.

get_object() → Any[source]¶: Returns the ORM object being manipulated.

class camcops_server.cc_modules.webview.EraseTaskEntirelyView(request: CamcopsRequest)[source]¶

Django-style view to erase (delete) a task entirely.

delete() → None[source]¶: Delete the fetched object

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

class camcops_server.cc_modules.webview.EraseTaskLeavingPlaceholderView(request: CamcopsRequest)[source]¶

Django-style view to erase data from a task, leaving an empty “placeholder”.

delete() → None[source]¶: Delete the fetched object

get_object() → Any[source]¶: Returns the ORM object being manipulated.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

class camcops_server.cc_modules.webview.LoggedInUserMfaMixin(*args, **kwargs)[source]¶

Handles multi-factor authentication for the currently logged in user (everything except LoginView).

__init__(*args, **kwargs) → None[source]¶

We prevent stale state from messing things up by clearing state when a form sequence starts. Form sequences start with HTTP GET and proceed via HTTP POST. So, if this is a GET request, we clear the state. We do so in the __init__ sequence, as others may wish to write state before the view is dispatched.

An example of stale state: the user sets an MFA method but then that is disallowed on the server whilst they are halfway through login. (That leaves users totally stuffed as they are not properly “logged in” and therefore can’t easily log out.)

There are other examples seen in testing. This method gets round all those. (For example, the worst-case situation is then advising the user to log in again, or start whatever form-based process it was again).

We also reset the state if the stored route name doesn’t match the current route name.

class camcops_server.cc_modules.webview.LoginView(*args, **kwargs)[source]¶

Multi-factor authentication for the login process. Sequences is: (1) password; (2) MFA, if enabled.

Inheritance (as of 2021-10-06):

webview.LoginView
- webview.MfaMixin
  - cc_view_classes.FormWizardMixin
- cc_view_classes.FormView
  - cc_view_classes.TemplateResponseMixin
  - cc_view_classes.BaseFormView
    - cc_view_classes.FormMixin
      - cc_view_classes.ContextMixin
    - cc_view_classes.ProcessFormView – provides get(), post()
      - cc_view_classes.View – owns request, provides dispatch()

__init__(*args, **kwargs) → None[source]¶

We prevent stale state from messing things up by clearing state when a form sequence starts. Form sequences start with HTTP GET and proceed via HTTP POST. So, if this is a GET request, we clear the state. We do so in the __init__ sequence, as others may wish to write state before the view is dispatched.

An example of stale state: the user sets an MFA method but then that is disallowed on the server whilst they are halfway through login. (That leaves users totally stuffed as they are not properly “logged in” and therefore can’t easily log out.)

There are other examples seen in testing. This method gets round all those. (For example, the worst-case situation is then advising the user to log in again, or start whatever form-based process it was again).

We also reset the state if the stored route name doesn’t match the current route name.

fail_locked_out(locked_until: pendulum.datetime.DateTime) → NoReturn[source]¶

Raises a failure because the user is locked out.

Pretends to the type checker that it returns a response, so callers can use return for code safety.

fail_not_authorized() → NoReturn[source]¶

Fail because the user has not logged in correctly or is not authorized to log in.

Pretends to the type checker that it returns a response, so callers can use return for code safety.

form_valid_process_data(form: Form, appstruct: Dict[str, Any]) → None[source]¶

Perform any handling of data from the form.

Override in subclasses or mixins if necessary. Be sure to call the superclass method to ensure all actions are performed.

get_failure_url() → None[source]¶: Return the URL to redirect to on error after processing a valid form. e.g. when a password is of the correct form but is invalid.

get_form_kwargs() → Dict[str, Any][source]¶: Return the keyword arguments for instantiating the form.

get_redirect_url() → str[source]¶: We may be logging in after a timeout, in which case we can redirect the user back to where they were before. Otherwise, they go to the main page.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

property mfa_user: Optional[camcops_server.cc_modules.cc_user.User]¶: The user undergoing authentication.

class camcops_server.cc_modules.webview.MfaMixin(*args, **kwargs)[source]¶

Enhances FormWizardMixin to include a multi-factor authentication step. This must be named “mfa” in the subclass, via the SELF_MFA variable.

This handles:

Timing out
Generating, sending and checking the six-digit code used for authentication

The subclass should:

Set mfa_user on the class to be an instance of the User to be authenticated.
Call handle_authentication_type() in the appropriate step.
Call otp_is_valid() and fail_bad_mfa_code() in the appropriate step.

See LoginView for an example that works with the yet-to-be-logged-in user. See ChangeOwnPasswordView for an example with the logged-in user.

__init__(*args, **kwargs) → None[source]¶

We prevent stale state from messing things up by clearing state when a form sequence starts. Form sequences start with HTTP GET and proceed via HTTP POST. So, if this is a GET request, we clear the state. We do so in the __init__ sequence, as others may wish to write state before the view is dispatched.

An example of stale state: the user sets an MFA method but then that is disallowed on the server whilst they are halfway through login. (That leaves users totally stuffed as they are not properly “logged in” and therefore can’t easily log out.)

There are other examples seen in testing. This method gets round all those. (For example, the worst-case situation is then advising the user to log in again, or start whatever form-based process it was again).

We also reset the state if the stored route name doesn’t match the current route name.

fail_bad_mfa_code() → NoReturn[source]¶: Fail because the code was wrong.

fail_timed_out() → NoReturn[source]¶: Fail because the process timed out.

get_extra_context() → Dict[str, Any][source]¶: Returns any extra context information (as a dictionary) for the current step.

get_hotp_message() → str[source]¶: Return a human-readable message containing an HOTP (HMAC-Based One-Time Password).

get_mfa_icon() → str[source]¶: Returns an icon to let the user know which MFA method is being used.

get_mfa_instructions() → str[source]¶: Return user instructions for the relevant MFA method.

get_mfa_title() → str[source]¶: Returns a title for the page that requests the code itself.

handle_authentication_type() → None[source]¶: Function to be called when we want an MFA code to be created.

property mfa_user: Optional[camcops_server.cc_modules.cc_user.User]¶: The user undergoing authentication.

otp_is_valid(appstruct: Dict[str, Any]) → bool[source]¶: Is the code being offered by the user the right one?

send_authentication_email() → None[source]¶: E-mail the code to the user.

send_authentication_sms() → None[source]¶: Send a code to the user via SMS (text message).

timed_out() → bool[source]¶: Has authentication timed out?

class camcops_server.cc_modules.webview.PatientMixin[source]¶

Mixin for views involving a patient.

object_class¶: alias of camcops_server.cc_modules.cc_patient.Patient

class camcops_server.cc_modules.webview.SendEmailFromPatientListView(*args, **kwargs)[source]¶

Send an e-mail to a patient and return to the patient task schedule list view.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

class camcops_server.cc_modules.webview.SendEmailFromPatientTaskScheduleView(*args, **kwargs)[source]¶

Send an e-mail to a patient and return to the task schedule view for that specific patient.

get_success_url() → str[source]¶: Return the URL to redirect to after processing a valid form.

class camcops_server.cc_modules.webview.SendPatientEmailBaseView(*args, **kwargs)[source]¶

Send an e-mail to a patient (such as: “please download the app and register with this URL/code”).

__init__(*args, **kwargs) → None[source]¶

Parameters: request – a camcops_server.cc_modules.cc_request.CamcopsRequest

dispatch() → pyramid.response.Response[source]¶

Try to dispatch to the right HTTP method (e.g. GET, POST). If a method doesn’t exist, defer to the error handler. Also defer to the error handler if the request method isn’t on the approved list.

Specifically, this ends up calling self.get() or self.post() or self.http_method_not_allowed().

form_class¶: alias of camcops_server.cc_modules.cc_forms.SendEmailForm

form_valid(form: Form, appstruct: Dict[str, Any]) → pyramid.response.Response[source]¶

2021-10-05: separate data handling and the response to return. Why? Because:

returning a response can involve “return response” or “raise HTTPFound”, making flow harder to track;
the Python method resolution order (MRO) makes it harder to be clear on the flow through the combination function.

get_context_data(**kwargs: Any) → Dict[str, Any][source]¶: Insert the rendered form (as HTML) into the context dict.

class camcops_server.cc_modules.webview.TaskScheduleItemMixin[source]¶

Mixin for viewing/editing a task schedule items.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditTaskScheduleItemForm

object_class¶: alias of camcops_server.cc_modules.cc_taskschedule.TaskScheduleItem

class camcops_server.cc_modules.webview.TaskScheduleMixin[source]¶

Mixin for viewing/editing a task schedule.

form_class¶: alias of camcops_server.cc_modules.cc_forms.EditTaskScheduleForm

object_class¶: alias of camcops_server.cc_modules.cc_taskschedule.TaskSchedule

camcops_server.cc_modules.webview.add_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to add a group. Superusers only.

camcops_server.cc_modules.webview.add_id_definition(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to add an ID number definition. Superusers only.

camcops_server.cc_modules.webview.add_patient(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to add a patient.

camcops_server.cc_modules.webview.add_special_note(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶

View to add a special note to a task (after confirmation).

(Note that users can’t add special notes to patients – those get added automatically when a patient is edited. So the context here is always of a task.)

camcops_server.cc_modules.webview.add_task_schedule(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to add a task schedule.

camcops_server.cc_modules.webview.add_task_schedule_item(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to add a task schedule item.

camcops_server.cc_modules.webview.add_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to add a user.

camcops_server.cc_modules.webview.any_records_use_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest, group: camcops_server.cc_modules.cc_group.Group) → bool[source]¶

Do any records in the database refer to the specified group?

(Used when we’re thinking about deleting a group; would it leave broken references? If so, we will prevent deletion; see delete_group().)

camcops_server.cc_modules.webview.any_records_use_iddef(req: camcops_server.cc_modules.cc_request.CamcopsRequest, iddef: camcops_server.cc_modules.cc_idnumdef.IdNumDefinition) → bool[source]¶

Do any records in the database refer to the specified ID number definition?

(Used when we’re thinking about deleting one; would it leave broken references? If so, we will prevent deletion; see delete_id_definition().)

camcops_server.cc_modules.webview.any_records_use_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest, user: camcops_server.cc_modules.cc_user.User) → bool[source]¶

Do any records in the database refer to the specified user?

(Used when we’re thinking about deleting a user; would it leave broken references? If so, we will prevent deletion; see delete_user().)

camcops_server.cc_modules.webview.assert_may_administer_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest, group_id: int) → None[source]¶: Checks that the requesting user (req.user) is allowed to adminster the specified group (specified by group_id). Raises HTTPBadRequest otherwise.

camcops_server.cc_modules.webview.assert_may_edit_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest, user: camcops_server.cc_modules.cc_user.User) → None[source]¶: Checks that the requesting user (req.user) is allowed to edit the other user (user). Raises HTTPBadRequest otherwise.

camcops_server.cc_modules.webview.audit_menu(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Shows the auditing menu.

camcops_server.cc_modules.webview.bad_request(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶

“Bad request” view.

NOTE that this view only gets used from

raise HTTPBadRequest("message")

and not

return HTTPBadRequest("message")

… so always raise it.

camcops_server.cc_modules.webview.change_other_password(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

For administrators, to change another’s password.

GET: offer “change another’s password” view (except that if you’re changing your own password, return change_own_password().
POST/submit: change the password and display success message.

camcops_server.cc_modules.webview.change_own_password(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

For any user: to change their own password.

GET: offer “change own password” view
POST/submit: change the password and display success message.

camcops_server.cc_modules.webview.choose_ctv(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to choose/configure a camcops_server.cc_modules.cc_tracker.ClinicalTextView.

camcops_server.cc_modules.webview.choose_tracker(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to choose/configure a camcops_server.cc_modules.cc_tracker.Tracker.

camcops_server.cc_modules.webview.choose_tracker_or_ctv(req: camcops_server.cc_modules.cc_request.CamcopsRequest, as_ctv: bool) → Dict[str, Any][source]¶

Returns a dictionary for a Mako template to configure a camcops_server.cc_modules.cc_tracker.Tracker or camcops_server.cc_modules.cc_tracker.ClinicalTextView.

Upon success, it redirects to the tracker or CTV view itself, with the tracker’s parameters embedded as URL parameters.

Parameters

req – the camcops_server.cc_modules.cc_request.CamcopsRequest
as_ctv – CTV, rather than tracker?

camcops_server.cc_modules.webview.client_api_signposting(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Patients are likely to enter the /api address into a web browser, especially if it appears as a hyperlink in an email. If so, that will arrive as a GET request. This page will direct them to download the app.

camcops_server.cc_modules.webview.crash(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: A view that deliberately raises an exception.

camcops_server.cc_modules.webview.debug_form_rendering() → None[source]¶

Test code for form rendering.

From the command line:

# Start in the CamCOPS source root directory.
# - Needs the "-f" option to follow forks.
# - "open" doesn't show all files opened. To see what you need, try
#   strace cat /proc/version
# - ... which shows that "openat" is most useful.

strace -f --trace=openat \
    python -c 'from camcops_server.cc_modules.webview import debug_form_rendering; debug_form_rendering()' \
    | grep site-packages \
    | grep -v "\.pyc"

This tells us that the templates are files like:

site-packages/deform/templates/form.pt
site-packages/deform/templates/select.pt
site-packages/deform/templates/textinput.pt

On 2020-06-29 we are interested in why a newer (Docker) installation renders buggy HTML like:

<select name="which_idnum" id="deformField2" class=" form-control " multiple="False">
    <option value="1">CPFT RiO number</option>
    <option value="2">NHS number</option>
    <option value="1000">MyHospital number</option>
</select>

… the bug being that multiple="False" is wrong; an HTML boolean attribute is false when absent, not when set to a certain value (see https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes#Boolean_Attributes). The multiple attribute of <select> is a boolean attribute (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/select).

The select.pt file indicates that this is controlled by tal:attributes syntax. TAL is Template Attribution Language (https://sharptal.readthedocs.io/en/latest/tal.html).

TAL is either provided by Zope (given ZPT files) or Chameleon or both. The tracing suggests Chameleon. So the TAL language reference is https://chameleon.readthedocs.io/en/latest/reference.html.

Chameleon changelog is https://github.com/malthe/chameleon/blob/master/CHANGES.rst.

Multiple sources for tal:attributes syntax say that a null value (presumably: None) is required to omit the attribute, not a false value.

camcops_server.cc_modules.webview.delete_file(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Deletes a file.

camcops_server.cc_modules.webview.delete_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to delete a group. Superusers only.

camcops_server.cc_modules.webview.delete_id_definition(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to delete an ID number definition. Superusers only.

camcops_server.cc_modules.webview.delete_patient(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to delete completely all data for a patient (after confirmation), within a specific group.

camcops_server.cc_modules.webview.delete_server_created_patient(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Page to delete a patient created on the server (as part of task scheduling).

camcops_server.cc_modules.webview.delete_special_note(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to delete a special note (after confirmation).

camcops_server.cc_modules.webview.delete_task_schedule(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to delete a task schedule.

camcops_server.cc_modules.webview.delete_task_schedule_item(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to delete a task schedule item.

camcops_server.cc_modules.webview.delete_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to delete a user (and make it hard work).

camcops_server.cc_modules.webview.developer_page(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Shows the developer menu.

camcops_server.cc_modules.webview.download_area(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Shows the user download area.

camcops_server.cc_modules.webview.download_file(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Downloads a file.

camcops_server.cc_modules.webview.edit_filter(req: camcops_server.cc_modules.cc_request.CamcopsRequest, task_filter: camcops_server.cc_modules.cc_taskfilter.TaskFilter, redirect_url: str) → pyramid.response.Response[source]¶

Edit the task filter for the current user.

Parameters

req – the camcops_server.cc_modules.cc_request.CamcopsRequest
task_filter – the user’s camcops_server.cc_modules.cc_taskfilter.TaskFilter
redirect_url – URL to redirect (back) to upon success

camcops_server.cc_modules.webview.edit_finalized_patient(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit details for a patient.

camcops_server.cc_modules.webview.edit_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit a group. Superusers only.

camcops_server.cc_modules.webview.edit_id_definition(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to edit an ID number definition. Superusers only.

camcops_server.cc_modules.webview.edit_other_user_mfa(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

For administrators, to change another users’s Multi-factor Authentication. Currently it is only possible to disable Multi-factor authentication for a user.

GET: offer “edit another’s MFA” view (except that if you’re changing your own MFA, return edit_own_user_mfa().
POST/submit: edit MFA and display success message.

camcops_server.cc_modules.webview.edit_own_user_mfa(request: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Edit your own MFA method.

camcops_server.cc_modules.webview.edit_server_created_patient(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit details for a patient created on the server (for scheduling tasks).

camcops_server.cc_modules.webview.edit_server_settings(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to edit server settings (like the database title).

camcops_server.cc_modules.webview.edit_task_schedule(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit a task schedule.

camcops_server.cc_modules.webview.edit_task_schedule_item(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit a task schedule item.

camcops_server.cc_modules.webview.edit_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit a user (for administrators).

camcops_server.cc_modules.webview.edit_user_group_membership(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to edit the group memberships of a user (for administrators).

camcops_server.cc_modules.webview.erase_task_entirely(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to erase a task from the database entirely (after confirmation).

camcops_server.cc_modules.webview.erase_task_leaving_placeholder(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

View to wipe all data from a task (after confirmation).

Leaves the task record as a placeholder.

camcops_server.cc_modules.webview.fhir_view_tablename_pk(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Deal with the slightly silly system that just takes a tablename and PK directly. Security is key here!

camcops_server.cc_modules.webview.fhir_view_task(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

Retrieve parameters from a FHIR URL referring back to this server, and serve the relevant task (as HTML).

The “canonical URL” or “business identifier” of a FHIR resource is the reference to the master copy – in this case, our copy. See https://www.hl7.org/fhir/datatypes.html#Identifier; https://www.hl7.org/fhir/resource.html#identifiers.

FHIR identifiers have a “system” (which is a URL) and a “value”. I don’t think that FHIR has a rule for combining the system and value to create a full URL. For some (but by no means all) identifiers that we provide to FHIR servers, the “system” refers to a CamCOPS task (and the value to some attribute of that task, like the answer to a question (value of a field), or a fixed string like “patient”, and so on.

camcops_server.cc_modules.webview.forbidden(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

Generic place that Pyramid comes when permission is denied for a view.

We will offer one of these:

Must change password? Redirect to “change own password” view.
Must agree terms? Redirect to “offer terms” view.
Otherwise: a generic “forbidden” view.

camcops_server.cc_modules.webview.forcibly_finalize(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to force-finalize all live (_era == ERA_NOW) records from a device. Available to group administrators if all those records are within their groups (otherwise, it’s a superuser operation).

camcops_server.cc_modules.webview.format_sql_as_html(sql: str, dialect: str = 'mysql') → Tuple[str, str][source]¶: Formats SQL as HTML with CSS.

camcops_server.cc_modules.webview.get_dump_collection(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → camcops_server.cc_modules.cc_taskcollection.TaskCollection[source]¶: Returns the collection of tasks being requested for a dump operation. Raises an error if the request is bad.

camcops_server.cc_modules.webview.get_group_from_request_group_id_or_raise(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → camcops_server.cc_modules.cc_group.Group[source]¶: Returns the camcops_server.cc_modules.cc_group.Group represented by the request’s ViewParam.GROUP_ID parameter, or raise HTTPBadRequest.

camcops_server.cc_modules.webview.get_iddef_from_request_which_idnum_or_raise(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → camcops_server.cc_modules.cc_idnumdef.IdNumDefinition[source]¶: Returns the camcops_server.cc_modules.cc_idnumdef.IdNumDefinition represented by the request’s ViewParam.WHICH_IDNUM parameter, or raise HTTPBadRequest.

camcops_server.cc_modules.webview.get_user_from_request_user_id_or_raise(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → camcops_server.cc_modules.cc_user.User[source]¶: Returns the camcops_server.cc_modules.cc_user.User represented by the request’s ViewParam.USER_ID parameter, or raise HTTPBadRequest.

camcops_server.cc_modules.webview.login_view(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

Login view.

GET: presents the login screen
POST/submit: attempts to log in (with optional multi-factor authentication);
- failure: returns a login failure view or an account lockout view
- success:
  - redirects to the redirection view if one was specified;
  - redirects to the home view if not.

camcops_server.cc_modules.webview.logout(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Logs a session out, and returns the “logged out” view.

camcops_server.cc_modules.webview.main_menu(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Main CamCOPS menu view.

camcops_server.cc_modules.webview.not_found(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: “Page not found” view.

camcops_server.cc_modules.webview.offer_audit_trail(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to configure how we’ll view the audit trail. Once configured, it redirects to a view that shows the audit trail (with query parameters in the URL).

camcops_server.cc_modules.webview.offer_basic_dump(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to configure a basic research dump. Following submission success, it redirects to a view serving a TSV/ZIP dump.

camcops_server.cc_modules.webview.offer_exported_task_list(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to choose how we’ll view the exported task log.

camcops_server.cc_modules.webview.offer_report(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Offer configuration options for a single report, or (following submission) redirect to serve that report (with configuration parameters in the URL).

camcops_server.cc_modules.webview.offer_sql_dump(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to configure a SQL research dump. Following submission success, it redirects to a view serving the SQL dump.

camcops_server.cc_modules.webview.offer_terms(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

GET: show terms/conditions and request acknowledgement
POST/submit: note the user’s agreement; redirect to the home view.

camcops_server.cc_modules.webview.reports_menu(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶

Offer a menu of reports.

Note: Reports are not group-specific. If you’re authorized to see any, you’ll see the whole menu. (The data you get will be restricted to the group’s you’re authorized to run reports for.)

camcops_server.cc_modules.webview.send_email_from_patient_list(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to send an email to a patient from the list of patients.

camcops_server.cc_modules.webview.send_email_from_patient_task_schedule(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to send an email to a patient from their task schedule page.

camcops_server.cc_modules.webview.serve_basic_dump(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View serving a spreadsheet-style basic research dump.

camcops_server.cc_modules.webview.serve_ctv(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to serve a camcops_server.cc_modules.cc_tracker.ClinicalTextView; see serve_tracker_or_ctv().

camcops_server.cc_modules.webview.serve_report(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Serve a configured report.

camcops_server.cc_modules.webview.serve_task(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View that serves an individual task, in a variety of possible formats (e.g. HTML, PDF, XML).

camcops_server.cc_modules.webview.serve_tracker(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to serve a camcops_server.cc_modules.cc_tracker.Tracker; see serve_tracker_or_ctv().

camcops_server.cc_modules.webview.serve_tracker_or_ctv(req: camcops_server.cc_modules.cc_request.CamcopsRequest, as_ctv: bool) → pyramid.response.Response[source]¶

Returns a response to show a camcops_server.cc_modules.cc_tracker.Tracker or camcops_server.cc_modules.cc_tracker.ClinicalTextView, in a variety of formats (e.g. HTML, PDF, XML).

Parameters

req – the camcops_server.cc_modules.cc_request.CamcopsRequest
as_ctv – CTV, rather than tracker?

camcops_server.cc_modules.webview.set_filters(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to set the task filters for the current user.

camcops_server.cc_modules.webview.set_other_user_upload_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to set the upload group for another user.

camcops_server.cc_modules.webview.set_own_user_upload_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to set the upload group for your own user.

camcops_server.cc_modules.webview.set_user_upload_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest, user: camcops_server.cc_modules.cc_user.User, by_another: bool) → pyramid.response.Response[source]¶

Provides a view to choose which group a user uploads into.

TRUSTS ITS CALLER that this is permitted.

Parameters

req – the camcops_server.cc_modules.cc_request.CamcopsRequest
user – the camcops_server.cc_modules.cc_user.User to edit
by_another – is the current user a superuser/group administrator, i.e. another user? Determines the screen we return to afterwards.

camcops_server.cc_modules.webview.sql_dump(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View serving an SQL dump in the chosen format (e.g. SQLite binary, SQL).

camcops_server.cc_modules.webview.test_nhs_numbers(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: Random Test NHS numbers for testing

camcops_server.cc_modules.webview.test_page_1(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: A public test page with no content.

camcops_server.cc_modules.webview.test_page_2(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: A private test page containing POTENTIALLY SENSITIVE test information, including environment variables, that should only be accessible to superusers.

camcops_server.cc_modules.webview.test_page_3(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: A private test page that tests template inheritance.

camcops_server.cc_modules.webview.test_page_4(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: A private test page that tests Mako filtering.

camcops_server.cc_modules.webview.test_page_private_1(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: A private test page with no informative content, but which should only be accessible to authenticated users.

camcops_server.cc_modules.webview.unlock_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to unlock a locked user account.

camcops_server.cc_modules.webview.view_all_users(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View all users that the current user administers. The view has hyperlinks to edit those users too.

camcops_server.cc_modules.webview.view_audit_trail(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to serve the audit trail.

camcops_server.cc_modules.webview.view_ddl(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶

Inspect table definitions (data definition language, DDL) with field comments.

2021-04-30: restricted to users with “dump” authority – not because this is a vulnerability, as the penetration testers suggested, but just to make it consistent with the menu item for this.

camcops_server.cc_modules.webview.view_email(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_email.Email.

camcops_server.cc_modules.webview.view_export_recipient(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTask.

camcops_server.cc_modules.webview.view_exported_task(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTask.

camcops_server.cc_modules.webview.view_exported_task_email(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTaskEmail.

camcops_server.cc_modules.webview.view_exported_task_fhir(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTaskRedcap.

camcops_server.cc_modules.webview.view_exported_task_fhir_entry(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTaskRedcap.

camcops_server.cc_modules.webview.view_exported_task_file_group(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTaskFileGroup.

camcops_server.cc_modules.webview.view_exported_task_hl7_message(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTaskHL7Message.

camcops_server.cc_modules.webview.view_exported_task_list(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View to serve the exported task log.

camcops_server.cc_modules.webview.view_exported_task_redcap(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → pyramid.response.Response[source]¶: View on an individual camcops_server.cc_modules.cc_exportmodels.ExportedTaskRedcap.

camcops_server.cc_modules.webview.view_fhir_patient_id_system(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶

Placeholder view for FHIR patient identifier “system” types (from the ID that we may have provided to a FHIR server).

Within each system, the “value” is the actual patient’s ID number (not part of what we show here).

camcops_server.cc_modules.webview.view_groups(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to show all groups (with hyperlinks to edit them). Superusers only.

camcops_server.cc_modules.webview.view_id_definitions(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to show all ID number definitions (with hyperlinks to edit them). Superusers only.

camcops_server.cc_modules.webview.view_own_user_info(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to provide information about your own user.

camcops_server.cc_modules.webview.view_patient(req: camcops_server.cc_modules.cc_request.CamcopsRequest, patient_server_pk: int) → pyramid.response.Response[source]¶: Primarily for FHIR views: show just a patient’s details. Must check security carefully for this one.

camcops_server.cc_modules.webview.view_patient_task_schedule(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View scheduled tasks for one patient’s specific task schedule.

camcops_server.cc_modules.webview.view_patient_task_schedules(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View all patients and their assigned schedules (as well as their access keys, etc.).

camcops_server.cc_modules.webview.view_server_info(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to show the server’s ID policies, etc.

camcops_server.cc_modules.webview.view_task_details(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶

View details of a specific task type.

Used also for for FHIR DocumentReference, Observation,and QuestionnaireResponse “system” types. (There’s one system per task. Within each task, the “value” relates to the specific task PK.)

camcops_server.cc_modules.webview.view_task_list(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶

Lists all tasks.

Also the placeholder view for FHIR Questionnaire “system”. There’s only one system – the “value” is the task type.

camcops_server.cc_modules.webview.view_task_schedule_items(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View items within a task schedule.

camcops_server.cc_modules.webview.view_task_schedules(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View whole task schedules.

camcops_server.cc_modules.webview.view_tasks(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: Main view displaying tasks and applicable filters.

camcops_server.cc_modules.webview.view_user(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View to show details of another user, for administrators.

camcops_server.cc_modules.webview.view_user_email_addresses(req: camcops_server.cc_modules.cc_request.CamcopsRequest) → Dict[str, Any][source]¶: View e-mail addresses of all users that the requesting user is authorized to manage.

15.2.212. camcops_server.cc_modules.webview¶

Table of Contents

Previous topic

Next topic

This Page