Digital Rights Management für elektronische Patientenakten
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

views.py 7.4KB

3 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. from django.http import HttpResponseRedirect, HttpResponse
  2. from django.shortcuts import render, get_object_or_404
  3. from health_view.models import License, FolderInfo, Permission, FolderPart
  4. from django.contrib.auth.models import User
  5. from django.views import generic
  6. from datetime import datetime
  7. from health_view.crypto_functions import *
  8. from health_view.forms import CreateLicenseForm
  9. from django.contrib.auth.decorators import login_required
  10. def index(request):
  11. """View function for home page of site."""
  12. num_licenses = License.objects.all().count()
  13. num_user = User.objects.all().count()
  14. context = {
  15. 'num_licenses': num_licenses,
  16. 'num_user': num_user,
  17. }
  18. return render(request, 'index.html', context=context)
  19. class FolderInfoID(generic.ListView):
  20. model = FolderInfo
  21. def get_queryset(self):
  22. return FolderInfo.objects.get(patient=self.request.user)
  23. class LicenseViewGiven(generic.ListView):
  24. model = License
  25. def get_queryset(self):
  26. return License.objects.filter(patient=self.request.user).order_by('patient')
  27. class LicenseViewOwn(generic.ListView):
  28. model = License
  29. def get_queryset(self):
  30. return License.objects.filter(justified=self.request.user).order_by('patient')
  31. @login_required
  32. def get_license_details(request, pk):
  33. model = License
  34. if "own" in request.get_full_path():
  35. if not License.objects.filter(pk=pk, justified=request.user).exists():
  36. return HttpResponseRedirect('/')
  37. license = get_object_or_404(License, pk=pk, justified=request.user)
  38. if "given" in request.get_full_path():
  39. if not License.objects.filter(pk=pk, patient=request.user).exists():
  40. return HttpResponseRedirect('/')
  41. license = get_object_or_404(License, pk=pk, patient=request.user)
  42. exp_date = license.exp_date
  43. permission = license.permissions.all().values_list()
  44. permission_string = ""
  45. for perm in permission:
  46. permission_string += perm[2]
  47. permission_string += ", "
  48. folderparts_string = ""
  49. folderparts = license.folder_parts.all().values_list()
  50. for e in folderparts:
  51. folderparts_string += e[2]
  52. folderparts_string += ", "
  53. key = license.patient.folderinfo.content_key
  54. sig = license.signature
  55. key_split = (key[0:64], key[64:128], key[128:192], key[192:256])
  56. sig_split = (sig[0:64], sig[64:128], sig[128:192], sig[192:256])
  57. license_creator = license.license_creator
  58. patient = license.patient
  59. justified = license.justified
  60. if "own" in request.get_full_path():
  61. license_string = str(patient) + "&" + str(justified) + "&" + str(license_creator.username) + "&" + str(exp_date.replace(" ", ",") ) + "&" + get_string_byanser(permission) + "&" + get_string_byanser(folderparts) + "&" + sig + "&" + key
  62. server_sign = sign(license_string, priv_key_own)
  63. serversign_split = (server_sign[0:64], server_sign[64:128], server_sign[128:192])
  64. else:
  65. serversign_split=0
  66. context = {
  67. 'patient': patient,
  68. 'justified': justified,
  69. 'license_creator': license_creator,
  70. 'exp_date': exp_date,
  71. 'permission': permission_string[:-2],
  72. 'folderparts': folderparts_string[:-2],
  73. 'content_key': key,
  74. 'signature': sig_split,
  75. 'serversign': serversign_split,
  76. 'key_split': key_split}
  77. return render(request, 'health_view/license_detail.html', context)
  78. def get_string_byrequest(index_list, model_call):
  79. objectstring = ""
  80. for i in index_list:
  81. objectstring += str(model_call.objects.get(id=i))
  82. objectstring += ","
  83. return objectstring[:-1]
  84. def check_expiration_date(license):
  85. exp_date = license.exp_date
  86. datetime_object = ""
  87. for fmt in ('%d/%m/%Y %H:%M', '%d-%m-%Y %H:%M', '%d/%m/%Y'):
  88. try:
  89. datetime_object = datetime.strptime(exp_date, fmt)
  90. except ValueError:
  91. pass
  92. try:
  93. return datetime.now() < datetime_object
  94. except Exception:
  95. return False
  96. def get_string_byanser(model_call):
  97. objectstring = ""
  98. for i in model_call:
  99. objectstring += str(i[2])
  100. objectstring += ","
  101. print(objectstring)
  102. return objectstring[:-1]
  103. @login_required
  104. def create_license(request, fid):
  105. model = License
  106. user = get_object_or_404(User, id=fid)
  107. if request.method == 'POST':
  108. post = request.POST.copy() # to make it mutable
  109. pubkey = request.user.folderinfo.pub_key
  110. patient = User.objects.get(id=post['patient'])
  111. justified = User.objects.get(id=post['justified'])
  112. license_creator = request.user
  113. exp_date = post['exp_date']
  114. permission_ground = request.POST.getlist("permissions")
  115. folderparts_ground = request.POST.getlist("folder_parts")
  116. permission = get_string_byrequest(permission_ground, Permission)
  117. folderparts = get_string_byrequest(folderparts_ground, FolderPart)
  118. signature_string = str(patient) + "&" + str(justified) + "&" + str(license_creator.username) + "&" + str(exp_date.replace(" ", ",")) + "&" + permission + "&" + folderparts
  119. signature = post['signature']
  120. new_folder = False
  121. if not verify(signature_string, signature, pubkey):
  122. form = CreateLicenseForm(request.user)
  123. context = {'form': form}
  124. return render(request, 'health_view/create_license.html', context)
  125. if request.user.folderinfo.content_key == "no_key":
  126. request.user.folderinfo.content_key = make_encrypted_key_content_server()
  127. request.user.folderinfo.save()
  128. new_folder = True
  129. new_license = License(patient=patient, justified=justified, exp_date=exp_date, license_creator=license_creator, signature=signature)
  130. new_license.save()
  131. for e in permission_ground:
  132. new_license.permissions.add(Permission.objects.get(id=e))
  133. for i in folderparts_ground:
  134. new_license.folder_parts.add(FolderPart.objects.get(id=i))
  135. new_license.save()
  136. request.POST = post
  137. key = request.user.folderinfo.content_key
  138. key_split = (key[0:64], key[64:128], key[128:192], key[192:256])
  139. sig_split = (signature[0:64], signature[64:128], signature[128:192], signature[192:256])
  140. license_string = signature_string + "&" + new_license.signature + "&" + key
  141. serversign = sign(license_string, priv_key_own)
  142. serversign_split = (serversign[0:64], serversign[64:128], serversign[128:192])
  143. context = {
  144. 'patient': patient,
  145. 'justified': justified,
  146. 'license_creator': license_creator,
  147. 'exp_date': exp_date,
  148. 'permission': permission,
  149. 'folderparts': folderparts,
  150. 'content_key': key,
  151. 'signature': sig_split,
  152. 'key_split': key_split,
  153. 'serversign': serversign_split,
  154. 'new_folder': new_folder}
  155. return render(request, 'health_view/license_detail.html', context)
  156. else:
  157. form = CreateLicenseForm(request.user)
  158. context = {'form': form}
  159. return render(request, 'health_view/create_license.html', context)
  160. def delete_license(request, id):
  161. license = get_object_or_404(License, id=id)
  162. health_view.cron.filter_license_and_delete(license)
  163. return HttpResponseRedirect('/health_view/givenlicenses/')