Merge branch 'release/6.4.x'

composer.json

@@ -61,14 +61,12 @@
     "psr-4": {
       "OE\\concerns\\": "protected/concerns",
       "OE\\factories\\": "protected/factories"
-    },
-    "classmap": [
-      "features/bootstrap/Pages/OpenEyesPage.php"
-    ]
+    }
   },
   "autoload-dev": {
     "classmap": [
-      "vendor/zhuravljov/yii2-debug/Yii2Debug.php"
+      "vendor/zhuravljov/yii2-debug/Yii2Debug.php",
+      "features/bootstrap/Pages/OpenEyesPage.php"
     ]
   },
   "extra": {

cypress/e2e/modules/consent/13352-consent-PIN-sign-setting-toggle.cy.js

@@ -20,6 +20,8 @@ describe('consent esign behaviour', () => {
             cy.consentCompleteAndSave(this.createUrl)
                 .then(() => {
                     cy.get('div.js-signature-wrapper').first().scrollIntoView().should('be.visible');
+                    cy.get('button#et_confirm').click()
+                    cy.get('div.alert-box.success').contains('Consent is confirmed').should('be.visible');
                 });
         });
     });
@@ -34,6 +36,8 @@ describe('consent esign behaviour', () => {
             cy.consentCompleteAndSave(this.createUrl)
                 .then(() => {
                     cy.get('button.js-sign-button').first().scrollIntoView().should('be.visible');
+                    cy.get('button#et_confirm').click()
+                    cy.get('tr#Element_OphTrConsent_Esign_OEModule_OphTrConsent_widgets_EsignUsernamePINField_C button.js-sign-button').scrollIntoView().should('be.visible');
                 });
         });
     });

cypress/e2e/modules/prescription/13352-prescription-PIN-sign-setting-toggle.cy.js

@@ -21,6 +21,22 @@ describe('prescription esign behaviour', () => {
 
         it(`verifies that signature appears`, () => {
             cy.get('div.js-signature-wrapper').scrollIntoView().should('be.visible');
+
+            cy.get('#add-standard-set-btn').click();
+            cy.selectAdderDialogOptionText('Post-op');
+            cy.confirmAdderDialog();
+
+            cy.get('td.route_option_cell > select').each(($el) => {
+                cy.wrap($el).select(1);
+            });
+
+            cy.get('div.js-signature-wrapper').should('be.visible');
+
+            cy.get('button#et_save').click();
+            cy.get('a.button.header-tab').contains('Edit').click();
+            cy.get('button#reason_2').click();
+
+            cy.get('div.js-signature-wrapper').should('be.visible');
         });
     });
 

cypress/support/yii-commands.js

@@ -1,3 +1,26 @@
+Cypress.Commands.add('createUser', (authitems, attributes, username, password) => {
+    let data = {
+        authitems: authitems
+    }
+    if (attributes !== undefined) {
+        data.attributes = attributes
+    }
+    if (username !== undefined) {
+        data.username = username;
+    }
+    if (password !== undefined) {
+        data.password = password;
+    }
+
+    return cy.request({
+        method: 'POST',
+        form: true,
+        url: 'CypressHelper/Default/createUser',
+        body: data
+    })
+    .its('body');
+});
+
 Cypress.Commands.add('login', (username, password) => {
     if (password == undefined) {
         password = 'admin';
@@ -7,6 +30,7 @@ Cypress.Commands.add('login', (username, password) => {
     }
     return cy.request({
         method: 'POST',
+        form: true,
         url: 'CypressHelper/Default/login',
         body: {
             username: username,

protected/assets/js/worklist/worklist.js

@@ -485,6 +485,10 @@ $(function () {
         $(context).addClass('spinner');
         $(context).addClass('as-icon');
 
+        const step_actions = $(ps?.currentPopup).find('.step-actions button');
+        // disable the buttons to avoid racing issue
+        step_actions?.each((i, action) => $(action).prop('disabled', true));
+
         $.ajax({
             url: '/worklist/addComment',
             type: 'POST',
@@ -514,14 +518,6 @@ $(function () {
                     if (!$commentButton.hasClass('comments-added')) {
                         $commentButton.addClass('comments-added');
                     }
-
-                    ps.resetPopup();
-                    ps.requestDetails({
-                        partial: 0,
-                        pathstep_type_id: ps.pathstepTypeId,
-                        pathstep_id: response.step_id,
-                        visit_id: ps.visitID
-                    });
                 } else {
                     let $eventSelector = $(event.target);
                     let $editSelector = $eventSelector.closest('.js-comments-edit');
@@ -537,6 +533,14 @@ $(function () {
                         $commentButton.addClass('comments-added');
                     }
                 }
+                // reset the popup ui and refresh the popup data
+                ps?.resetPopup();
+                ps?.requestDetails({
+                    partial: 0,
+                    pathstep_type_id: ps.pathstepTypeId,
+                    pathstep_id: response.step_id,
+                    visit_id: ps.visitID
+                });
             }
         });
     };

protected/components/actions/GetSignatureByPinAction.php

@@ -57,9 +57,7 @@ protected function getSignatureFile() : void
 
     protected function checkPIN() : void
     {
-        $secretary_can_sign = $this->controller->secretary_can_sign ?? false;
-        if ($this->pin === Yii::app()->params["secretary_pin"] && $secretary_can_sign) {
-            $this->is_secretary_signing = true;
+        if ($this->is_secretary_signing) {
             $this->checkSecretaryPIN();
         } else {
             if(strlen($this->pin) === 0) {
@@ -71,13 +69,17 @@ protected function checkPIN() : void
         }
     }
 
-    private function checkSecretaryPIN()
+    private function checkSecretaryPIN() : void
     {
         if (!Yii::app()->user->checkAccess('SignEvent')) {
             throw new Exception("We're sorry, you are not authorized to sign events. Please contact support.");
         }
     }
 
+    private function checkIsSecretarySigning(): void {
+        $secretary_can_sign = $this->controller->secretary_can_sign ?? false;
+        $this->is_secretary_signing = ($this->pin === Yii::app()->params["secretary_pin"] && $secretary_can_sign);
+    }
 
     /**
      * @inheritDoc
@@ -86,16 +88,28 @@ public function run()
     {
         $this->pin = Yii::app()->request->getPost('pin');
 
-        // \OELog::log(print_r($this->controller, true));
-
         try {
-            // Check if the user has the Prescribe role, if not throw an exception.
-            $can_prescribe = Yii::app()->user->checkAccess('Prescribe');
-            if (!$can_prescribe) {
-                throw new Exception("You do not have the necessary user rights to sign this prescription.");
+            $this->checkIsSecretarySigning();
+
+            if ($this->is_secretary_signing) {
+                $user_id = Yii::app()->request->getPost('user_id');
+                $this->user = User::model()->findByPk($user_id);
+                if (!$this->user) {
+                    throw new Exception("An error occurred while trying to fetch your signature. Please contact support.");
+                }
+            } else {
+                $this->user = SignatureHelper::getUserForSigning();
+            }
+
+            // Check if the user has the necessary permissions to sign this event, if not throw an exception.
+            if (isset($this->controller->required_user_sign_permissions)){
+                foreach ($this->controller->required_user_sign_permissions as $permission)
+                {
+                    if (!Yii::app()->user->checkAccess($permission)) {
+                        throw new Exception("Unable to sign, user does not have necessary permissions.");
+                    }
+                }
             }
-            $this->user = SignatureHelper::getUserForSigning();
-            // $this->getUser();
             $this->checkPIN();
             $this->getSignatureFile();
         } catch (Exception $e) {

protected/config/core/common.php

@@ -803,7 +803,7 @@
         'default_patient_import_subspecialty' => 'GL',
         //        Add elements that need to be excluded from the admin sidebar in settings
         'exclude_admin_structure_param_list' => getenv('OE_EXCLUDE_ADMIN_STRUCT_LIST') ? explode(",", getenv('OE_EXCLUDE_ADMIN_STRUCT_LIST')) : array(''),
-        'oe_version' => '6.4.0',
+        'oe_version' => '6.4.1',
         'gp_label' => !empty(trim(getenv('OE_GP_LABEL'))) ? getenv('OE_GP_LABEL') : null,
         'general_practitioner_label' => !empty(trim(getenv('OE_GENERAL_PRAC_LABEL'))) ? getenv('OE_GENERAL_PRAC_LABEL') : null,
         // allow duplicate entries on an automatic worklist for a patient (default = false)
@@ -1042,7 +1042,7 @@
 $caches = array(
         'cacheBuster' => array(
             'class' => 'CacheBuster',
-            'time' => '20221020155244',
+            'time' => '20221103215419',
         ),
 );
 

protected/controllers/ChangeEventController.php

@@ -238,7 +238,7 @@ function actionUpdateEpisode(){
                         $episode->firm_id = $new_firm->id;
 
                         $action = 'change-firm';
-                        $data = 'Changed from '.$current_firm->name.' to '.\Firm::model()->findByPk($firm_id)->name;
+                        $data = 'Changed from ' . ($current_firm ? $current_firm->name : '') . ' to ' . $new_firm->name;
                     }
                     $episode->last_modified_user_id = Yii::app()->user->id;
                     $episode->last_modified_date = date('Y-m-d H:i:s');

protected/controllers/DicomLogViewerController.php

@@ -148,7 +148,7 @@ public function actionSignatureImageView($id)
         if (!file_exists($filepath)) {
             return false;
         }
-        header('Content-Type: image');
+        header('Content-Type: image/jpeg');
         header('Expires: 0');
         header('Cache-Control: must-revalidate');
         ob_clean();

protected/controllers/WorklistController.php

@@ -546,8 +546,25 @@ public function actionDeleteStep()
             }
         }
         if ($step) {
-            Yii::app()->event->dispatch('step_deleted', ['step' => $step]);
-            $step->delete();
+            $transaction = Yii::app()->db->beginTransaction();
+            try {
+                Yii::app()->event->dispatch('step_deleted', ['step' => $step]);
+
+                if ($step->comment && !$step->comment->delete()) {
+                    OELog::log(print_r($step->comment->getErrors(), true));
+                    throw new RuntimeException('Could not delete step comment');
+                }
+
+                if (!$step->delete()) {
+                    OELog::log(print_r($step->getErrors(), true));
+                    throw new RuntimeException('Could not delete step');
+                };
+                $transaction->commit();
+            } catch(Exception $e) {
+                $transaction->rollback();
+                throw $e;
+            }
+
             $this->renderJSON(
                 array('step_html' => $this->renderPartial('_clinical_pathway', ['visit' => $step->pathway->worklist_patient], true))
             );
@@ -650,6 +667,7 @@ public function actionGetVfPresetData($id)
     public function actionGetPathStep($partial, $pathstep_id, $visit_id, $pathstep_type_id, $red_flag = false, $interactive = 1)
     {
         $wl_patient = WorklistPatient::model()->findByPk($visit_id);
+        $has_permission_to_start = true;
         switch ($pathstep_id) {
             case 'checkin':
                 if ($wl_patient) {
@@ -748,6 +766,11 @@ public function actionGetPathStep($partial, $pathstep_id, $visit_id, $pathstep_t
                     Yii::app()->end();
                 }
 
+                // if the step is for prescription, only prescriber has the permission to start it
+                if (($step instanceof PathwayStep && $step->type->short_name === 'Rx')
+                || ($step instanceof PathwayTypeStep && $step->step_type->short_name === 'Rx')) {
+                    $has_permission_to_start = Yii::app()->user->checkAccess('TaskPrescribe');
+                }
                 if ($step) {
                     $view_file = ($step instanceof PathwayStep ? $step->type->widget_view : $step->step_type->widget_view) ?? 'generic_step';
                     $dom = $this->renderPartial(
@@ -757,7 +780,8 @@ public function actionGetPathStep($partial, $pathstep_id, $visit_id, $pathstep_t
                             'worklist_patient' => $wl_patient,
                             'patient' => $wl_patient->patient,
                             'partial' => $partial,
-                            'red_flag' => $red_flag
+                            'red_flag' => $red_flag,
+                            'has_permission_to_start' => $has_permission_to_start
                         ),
                         true
                     );
@@ -1951,6 +1975,7 @@ public function actionAddComment()
         $comment->comment = $post['comment'];
         $comment->doctor_id = $post['user_id'];
         if ($comment->save()) {
+            $wl_patient->refresh();
             $this->renderJSON(
                 array(
                     'step_html' => $pathway_instanced ? $this->renderPartial('_clinical_pathway', ['visit' => $wl_patient], true) : null,

protected/factories/ModelFactory.php

@@ -334,15 +334,21 @@ protected function persist(array $instances)
         }
 
         foreach ($instances as $instance) {
-            // as a lower level interaction with the models, we assume that the eventual
-            // set of data being created will be valid. Therefore we don't perform validation
-            // during the model saves.
-            if ($instance->isNewRecord && !$instance->save(false)) {
+            if ($instance->isNewRecord && !$this->persistInstance($instance)) {
                 throw new CannotSaveModelException($instance->getErrors(), $instance->getAttributes());
             }
         }
     }
 
+    protected function persistInstance($instance): bool
+    {
+        // as a lower level interaction with the models, we assume that the eventual
+        // set of data being created will be valid. Therefore we don't perform validation
+        // during the model saves. We abstract this though so that specific factories can
+        // validate.
+        return $instance->save(false);
+    }
+
     protected function callAfterMaking(array $instances)
     {
         foreach ($instances as $instance) {

protected/factories/models/UserAuthenticationFactory.php

@@ -29,7 +29,10 @@ public function definition(): array
         return [
             'institution_authentication_id' => ModelFactory::factoryFor(InstitutionAuthentication::class),
             'user_id' => ModelFactory::factoryFor(User::class),
-            'username' => $this->faker->userName()
+            'username' => $this->faker->userName(),
+            // because we validate when saving with this factory, we must provide password
+            'password' => 'password',
+            'password_repeat' => 'password'
         ];
     }
 
@@ -41,4 +44,10 @@ public function forUser($user)
             ];
         });
     }
+
+    public function persistInstance($instance): bool
+    {
+        // need to validate to leverage the before and after validate hooks
+        return $instance->save(true);
+    }
 }