Privacy consultation bed

care/facility/api/viewsets/asset.py

@@ -20,7 +20,7 @@
 from rest_framework import exceptions, status
 from rest_framework import filters as drf_filters
 from rest_framework.decorators import action
-from rest_framework.exceptions import APIException, ValidationError
+from rest_framework.exceptions import APIException, PermissionDenied, ValidationError
 from rest_framework.mixins import (
     CreateModelMixin,
     DestroyModelMixin,
@@ -395,12 +395,18 @@
                     "middleware_hostname": middleware_hostname,
                 }
             )
-            result = asset_class.handle_action(action)
+            result = asset_class.handle_action(action, request.user)
             return Response({"result": result}, status=status.HTTP_200_OK)
 
         except ValidationError as e:
             return Response({"detail": e.detail}, status=status.HTTP_400_BAD_REQUEST)
 
+        except PermissionDenied as e:
+            return Response(
+                {**e.detail},
+                status=status.HTTP_409_CONFLICT,
+            )
+
         except KeyError as e:
             return Response(
                 {"message": {key: "is required" for key in e.args}},

care/facility/api/viewsets/bed.py

@@ -5,6 +5,7 @@
 from drf_spectacular.utils import extend_schema, extend_schema_view
 from rest_framework import filters as drf_filters
 from rest_framework import status
+from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.exceptions import ValidationError as DRFValidationError
 from rest_framework.fields import get_error_detail
@@ -264,3 +265,27 @@
             allowed_facilities = get_accessible_facilities(user)
             queryset = queryset.filter(bed__facility__id__in=allowed_facilities)
         return queryset
+
+    @action(detail=True, methods=["patch"])
+    def set_privacy(self, request, external_id):
+        consultation_bed: ConsultationBed = self.get_object()
+
+        is_privacy_enabled = request.data.get("is_privacy_enabled")
+
+        if is_privacy_enabled is None:
+            return Response(
+                {"detail": "'is_privacy_enabled' field is required."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        if not consultation_bed.consultation.patient.has_object_update_permission(
+            request
+        ):
+            raise PermissionDenied
+
+        consultation_bed.is_privacy_enabled = is_privacy_enabled
+        consultation_bed.save(update_fields=["is_privacy_enabled"])
+
+        return Response(
+            ConsultationBedSerializer(consultation_bed).data, status=status.HTTP_200_OK
+        )

care/facility/migrations/0466_consultationbed_is_privacy_enabled.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.1.1 on 2024-09-28 17:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('facility', '0465_merge_20240923_1045'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='consultationbed',
+            name='is_privacy_enabled',
+            field=models.BooleanField(default=False),
+        ),
+    ]

care/facility/models/bed.py

@@ -79,6 +79,7 @@ class ConsultationBed(BaseModel):
     bed = models.ForeignKey(Bed, on_delete=models.PROTECT, null=False, blank=False)
     start_date = models.DateTimeField(null=False, blank=False)
     end_date = models.DateTimeField(null=True, blank=True, default=None)
+    is_privacy_enabled = models.BooleanField(default=False)
     meta = JSONField(default=dict, blank=True)
     assets = models.ManyToManyField(
         Asset, through="ConsultationBedAsset", related_name="assigned_consultation_beds"

care/utils/assetintegration/base.py

@@ -19,7 +19,7 @@ def __init__(self, meta):
         self.insecure_connection = self.meta.get("insecure_connection", False)
         self.timeout = settings.MIDDLEWARE_REQUEST_TIMEOUT
 
-    def handle_action(self, action):
+    def handle_action(self, action, user):
         pass
 
     def get_url(self, endpoint):

care/utils/assetintegration/hl7monitor.py

@@ -20,7 +20,7 @@ def __init__(self, meta):
                 {key: f"{key} not found in asset metadata" for key in e.args}
             ) from e
 
-    def handle_action(self, action):
+    def handle_action(self, action, user):
         action_type = action["type"]
 
         if action_type == self.HL7MonitorActions.GET_VITALS.value:

care/utils/assetintegration/onvif.py

@@ -1,8 +1,9 @@
 import enum
 
-from rest_framework.exceptions import ValidationError
+from rest_framework.exceptions import PermissionDenied, ValidationError
 
 from care.utils.assetintegration.base import BaseAssetIntegration
+from care.utils.assetintegration.usage_manager import UsageManager
 
 
 class OnvifAsset(BaseAssetIntegration):
@@ -16,6 +17,11 @@
         RELATIVE_MOVE = "relative_move"
         GET_STREAM_TOKEN = "get_stream_token"
 
+        LOCK_CAMERA = "lock_camera"
+        UNLOCK_CAMERA = "unlock_camera"
+        REQUEST_ACCESS = "request_access"
+        TAKE_CONTROL = "take_control"
+
     def __init__(self, meta):
         try:
             super().__init__(meta)
@@ -27,9 +33,10 @@
                 {key: f"{key} not found in asset metadata" for key in e.args}
             ) from e
 
-    def handle_action(self, action):
+    def handle_action(self, action, user):  # noqa: PLR0911
         action_type = action["type"]
         action_data = action.get("data", {})
+        camera_manager = UsageManager(self.id, user)
 
         request_body = {
             "hostname": self.host,
@@ -40,12 +47,58 @@
             **action_data,
         }
 
+        if action_type == self.OnvifActions.LOCK_CAMERA.value:
+            if camera_manager.lock_camera():
+                return {
+                    "message": "You now have access to the camera controls, the camera is locked for other users",
+                    "camera_user": camera_manager.current_user(),
+                }
+
+            raise PermissionDenied(
+                {
+                    "message": "Camera is currently in used by another user, you have been added to the waiting list for camera controls access",
+                    "camera_user": camera_manager.current_user(),
+                }
+            )
+
+        if action_type == self.OnvifActions.UNLOCK_CAMERA.value:
+            camera_manager.unlock_camera()
+            return {"message": "Camera controls unlocked"}
+
+        if action_type == self.OnvifActions.REQUEST_ACCESS.value:
+            if camera_manager.request_access():
+                return {
+                    "message": "Access to camera camera controls granted",
+                    "camera_user": camera_manager.current_user(),
+                }
+
+            return {
+                "message": "Requested access to camera controls, waiting for current user to release",
+                "camera_user": camera_manager.current_user(),
+            }
+
+        if action_type == self.OnvifActions.GET_STREAM_TOKEN.value:
+            return self.api_post(
+                self.get_url("api/stream/getToken/videoFeed"),
+                {
+                    "stream_id": self.access_key,
+                },
+            )
+
         if action_type == self.OnvifActions.GET_CAMERA_STATUS.value:
             return self.api_get(self.get_url("status"), request_body)
 
         if action_type == self.OnvifActions.GET_PRESETS.value:
             return self.api_get(self.get_url("presets"), request_body)
 
+        if not camera_manager.has_access():
+            raise PermissionDenied(
+                {
+                    "message": "Camera is currently in used by another user, you have been added to the waiting list for camera controls access",
+                    "camera_user": camera_manager.current_user(),
+                }
+            )
+
         if action_type == self.OnvifActions.GOTO_PRESET.value:
             return self.api_post(self.get_url("gotoPreset"), request_body)
 
@@ -55,12 +108,4 @@
         if action_type == self.OnvifActions.RELATIVE_MOVE.value:
             return self.api_post(self.get_url("relativeMove"), request_body)
 
-        if action_type == self.OnvifActions.GET_STREAM_TOKEN.value:
-            return self.api_post(
-                self.get_url("api/stream/getToken/videoFeed"),
-                {
-                    "stream_id": self.access_key,
-                },
-            )
-
         raise ValidationError({"action": "invalid action type"})

care/utils/assetintegration/usage_manager.py

@@ -0,0 +1,132 @@
+import json
+
+from django.core.cache import cache
+
+from care.users.models import User
+
+
+class UsageManager:
+    def __init__(self, asset_id: str, user: User):
+        self.asset = str(asset_id)
+        self.user = user
+        self.waiting_list_cache_key = f"onvif_waiting_list_{asset_id}"
+        self.current_user_cache_key = f"onvif_current_user_{asset_id}"
+
+    def get_waiting_list(self) -> list[User]:
+        asset_queue = cache.get(self.waiting_list_cache_key)
+
+        return list(User.objects.filter(username__in=asset_queue or []))
+
+    def add_to_waiting_list(self) -> int:
+        asset_queue = cache.get(self.waiting_list_cache_key)
+
+        if asset_queue is None:
+            asset_queue = []
+
+        if self.user.username not in asset_queue:
+            asset_queue.append(self.user.username)
+            cache.set(self.waiting_list_cache_key, asset_queue)
+
+        return len(asset_queue)
+
+    def remove_from_waiting_list(self) -> None:
+        asset_queue = cache.get(self.waiting_list_cache_key)
+
+        if asset_queue is None:
+            asset_queue = []
+
+        if self.user.username in asset_queue:
+            asset_queue.remove(self.user.username)
+            cache.set(self.waiting_list_cache_key, asset_queue)
+
+    def clear_waiting_list(self) -> None:
+        cache.delete(self.waiting_list_cache_key)
+
+    def current_user(self) -> dict:
+        from care.facility.api.serializers.asset import UserBaseMinimumSerializer
+
+        current_user = cache.get(self.current_user_cache_key)
+
+        if current_user is None:
+            return None
+
+        user = User.objects.filter(username=current_user).first()
+
+        if user is None:
+            cache.delete(self.current_user_cache_key)
+            return None
+
+        return UserBaseMinimumSerializer(user).data
+
+    def has_access(self) -> bool:
+        current_user = cache.get(self.current_user_cache_key)
+        return current_user is None or current_user == self.user.username
+
+    def notify_waiting_list_on_asset_availabe(self) -> None:
+        from care.utils.notification_handler import send_webpush
+
+        message = json.dumps(
+            {
+                "type": "MESSAGE",
+                "asset_id": self.asset,
+                "message": "Camera is now available",
+                "action": "CAMERA_AVAILABILITY",
+            }
+        )
+
+        for user in self.get_waiting_list():
+            send_webpush(username=user.username, message=message)
+
+    def notify_current_user_on_request_access(self) -> None:
+        from care.utils.notification_handler import send_webpush
+
+        current_user = cache.get(self.current_user_cache_key)
+
+        if current_user is None:
+            return
+
+        requester = User.objects.filter(username=self.user.username).first()
+
+        if requester is None:
+            return
+
+        message = json.dumps(
+            {
+                "type": "MESSAGE",
+                "asset_id": self.asset,
+                "message": f"{User.REVERSE_TYPE_MAP[requester.user_type]}, {requester.full_name} ({requester.username}) has requested access to the camera",
+                "action": "CAMERA_ACCESS_REQUEST",
+            }
+        )
+
+        send_webpush(username=current_user, message=message)
+
+    def lock_camera(self) -> bool:
+        current_user = cache.get(self.current_user_cache_key)
+
+        if current_user is None or current_user == self.user.username:
+            cache.set(self.current_user_cache_key, self.user.username)
+            self.remove_from_waiting_list()
+            return True
+
+        self.add_to_waiting_list()
+        return False
+
+    def unlock_camera(self) -> None:
+        current_user = cache.get(self.current_user_cache_key)
+
+        if current_user == self.user.username:
+            cache.delete(self.current_user_cache_key)
+            self.notify_waiting_list_on_asset_availabe()
+
+        self.remove_from_waiting_list()
+
+    def request_access(self) -> bool:
+        if self.lock_camera():
+            return True
+
+        self.notify_current_user_on_request_access()
+        return False
+
+    def take_control(self):
+        pass

care/utils/assetintegration/ventilator.py

@@ -20,7 +20,7 @@ def __init__(self, meta):
                 {key: f"{key} not found in asset metadata" for key in e.args}
             ) from e
 
-    def handle_action(self, action):
+    def handle_action(self, action, user):
         action_type = action["type"]
 
         if action_type == self.VentilatorActions.GET_VITALS.value: