indivo.views package

Subpackages

• indivo.views.documents package
  • Submodules
  • indivo.views.documents.document module
  • indivo.views.documents.document_delete module
  • indivo.views.documents.document_label module
  • indivo.views.documents.document_meta module
  • indivo.views.documents.document_rels module
  • indivo.views.documents.document_status module
  • indivo.views.documents.document_versions module
  • indivo.views.documents.special_documents module
  • Module contents
• indivo.views.reports package
  • Submodules
  • indivo.views.reports.ccr module
  • indivo.views.reports.equipment module
  • indivo.views.reports.generic module
  • indivo.views.reports.measurement module
  • indivo.views.reports.procedure module
  • indivo.views.reports.simple_clinical_notes module
  • indivo.views.reports.smart module
  • Module contents
• indivo.views.shares package
  • Submodules
  • indivo.views.shares.shares_account module
  • indivo.views.shares.shares_autoshare module
  • indivo.views.shares.shares_carenet module
  • indivo.views.shares.shares_document module
  • indivo.views.shares.shares_nevershare module
  • indivo.views.shares.shares_pha module
  • Module contents

Submodules

indivo.views.account module

indivo.views.account._get_prefs_doc(account, pha)

indivo.views.account.account_authsystem_add(*args, **kwargs)

Add a new method of authentication to an account.

Accounts cannot be logged into unless there exists a mechanism for authenticating them. Indivo supports one built-in mechanism, password auth, but is extensible with other mechanisms (i.e., LDAP, etc.). If an external mechanism is used, a UI app is responsible for user authentication, and this call merely registers with indivo server the fact that the UI can handle auth. If password auth is used, this call additionally registers the password with indivo server. Thus, this call can be used to add internal or external auth systems.

request.POST must contain:

• system: The identifier (a short slug) associated with the desired auth system. password identifies the internal password system, and external auth systems will define their own identifiers.
• username: The username that this account will use to authenticate against the new authsystem
• password: The password to pair with the username. ONLY REQUIRED IF THE AUTH SYSTEM IS THE INTERNAL PASSWORD SYSTEM.

Will return 200 OK on success, 403 Forbidden if the indicated auth system doesn’t exist, and 400 Bad Request if the POST data didn’t contain a system and a username (and a password if system was password), or if the account is already registered for the given authsystem, or a different account is already registered for the given authsystem with the same username.

indivo.views.account.account_check_secrets(request, account, primary_secret)

Validate an account’s primary and secondary secrets.

If the secondary secret is to be validated, request.GET must contain:

• secondary_secret: The account’s secondary secret.

This call will validate the prmary secret, and the secondary secret if passed.

Will return 200 OK on success, 403 Forbidden if either validation fails.

indivo.views.account.account_create(*args, **kwargs)

Create a new account, and send out initialization emails.

request.POST holds the creation arguments.

In Demo Mode, this call automatically creates new records for the account, populated with sample data. See Sample Data in Indivo for details.

Required Parameters:

• account_id: an identifier for the new address. Must be formatted as an email address.

Optional Parameters:

• full_name: The full name to associate with the account. Defaults to the empty string.
• contact_email: A valid email at which the account holder can be reached. Defaults to the account_id parameter.
• primary_secret_p: 0 or 1. Whether or not to associate a primary secret with the account. Defaults to 1.
• secondary_secret_p: 0 or 1. Whether or not to associate a secondary secret with the account. Defaults to 0.

After creating the new account, this call generates secrets for it, and then emails the user (at contact_email) with their activation link, which contains the primary secret.

This call will return 200 OK with info about the new account on success, 400 Bad Request if account_id isn’t provided or isn’t a valid email address, or if an account already exists with an id matching account_id.

indivo.views.account.account_forgot_password(request, account)

Resets an account if the user has forgotten its password.

This is a convenience call which encapsulates account_reset(), account_resend_secret(), and account_secret(). In summary, it resets the account to an uninitialized state, emails the user with a new primary-secret, and returns the secondary secret for display.

Will return 200 OK with the secondary secret on success, 400 Bad Request if the account hasn’t yet been initialized and couldn’t possibly need a reset. If the account has no associated secondary secret, the return XML will be empty.

indivo.views.account.account_info(request, account)

Display information about an account.

Return information includes the account’s secondary-secret, full name, contact email, login counts, state, and auth systems.

Will return 200 OK on success, with account info XML.

indivo.views.account.account_info_set(request, account)

Set basic information about an account.

request.POST can contain any of:

• contact_email: A new contact email for the account.
• full_name: A new full name for the account.

Each passed parameter will be updated for the account.

Will return 200 OK on success, 400 Bad Request if the POST data contains none of the settable parameters.

indivo.views.account.account_initialize(*args, **kwargs)

Initialize an account, activating it.

After validating primary and secondary secrets, changes the account’s state from uninitialized to active and sends a welcome email to the user.

If the account has an associated secondary secret, request.POST must contain:

• secondary_secret: The secondary_secret generated for the account.

Will return 200 OK on success, 403 Forbidden if the account has already been initialized or if either of the account secrets didn’t validate, and 400 Bad Request if a secondary secret was required, but didn’t appear in the POST data.

indivo.views.account.account_password_change(request, account)

Change a account’s password.

request.POST must contain:

• old: The existing account password.
• new: The desired new password.

Will return 200 OK on success, 403 Forbidden if the old password didn’t validate, 400 Bad Request if the POST data didn’t contain both an old password and a new one.

indivo.views.account.account_password_set(request, account)

Force the password of an account to a given value.

This differs from account_password_change() in that it does not require validation of the old password. This function is therefore admin-facing, whereas account_password_change() is user-facing.

request.POST must contain:

• password: The new password to set.

Will return 200 OK on success, 400 Bad Request if the passed POST data didn’t contain a new password.

indivo.views.account.account_primary_secret(request, account)

Display an account’s primary secret.

This is an admin-facing call, and should be used sparingly, as we would like to avoid sending primary-secrets over the wire. If possible, use account_check_secrets() instead.

Will return 200 OK with the primary secret on success.

indivo.views.account.account_resend_secret(request, account)

Sends an account user their primary secret in case they lost it.

Will return 200 OK on success.

indivo.views.account.account_reset(request, account)

Reset an account to an uninitialized state.

Just calls into reset().

Will return 200 OK on success.

indivo.views.account.account_search(request)

Search for accounts by name or email.

request.GET must contain the query parameters, any of:

• fullname: The full name of the account
• contact_email: The contact email for the account.

This call returns all accounts matching any part of any of the passed query parameters: i.e. it ORs together the query parameters and runs a partial-text match on each.

Will return 200 OK with XML describing matching accounts on success, 400 Bad Request if no query parameters are passed.

indivo.views.account.account_secret(request, account)

Return the secondary secret of an account.

Will always return 200 OK. If the account has no associated secondary secret, the return XML will be empty.

indivo.views.account.account_set_state(request, account)

Set the state of an account.

request.POST must contain:

• state: The desired new state of the account.

Options are:

• active: The account is ready for use.
• disabled: The account has been disabled, and cannot be logged into.
• retired: The account has been permanently disabled, and will never allow login again. Retired accounts cannot be set to any other state.

Will return 200 OK on success, 403 Forbidden if the account has been retired and 400 Bad Request if POST data did not contain a “status” parameter

indivo.views.account.account_username_set(request, account)

Force the username of an account to a given value.

request.POST must contain:

• username: The new username to set.

Will return 200 OK on success, 400 Bad Request if the POST data doesn’t conatain a new username.

indivo.views.account.delete_user_preferences(request, account, pha)

Delete all app-specific User Preferences for an account.

indivo.views.account.get_connect_credentials(request, account, pha)

Get oAuth credentials for an app to run in Connect or SMART REST mode.

Generates access tokens for pha to run against the record_id specified in request.POST, authorized by account. Generates 2 tokens: one for SMART Connect use, and one for SMART REST use.

If the app is not yet enabled for the record/carenet, this will return a 403 Forbidden.

indivo.views.account.get_user_preferences(request, account, pha)

Get app-specific User Preferences for an account.

We’re just storing these as app-specific documents with a specific external ID. ID is “{account_id}_USER_PREFERENCES”. Note that this will be further prepared by prepare_external_id() before insertion into the database.

indivo.views.account.set_user_preferences(request, account, pha)

Set app-specific User Preferences for an account.

Overrides all existing preferences.

indivo.views.audit module

indivo.views.audit.audit_document_view(request, *args, **kwargs)

Return audits of calls touching record and document_id.

Will return 200 OK with matching audits on succes, 404 Not Found if record or document_id don’t exist.

Deprecated since version 0.9.3: Use audit_query() instead.

indivo.views.audit.audit_function_view(request, *args, **kwargs)

Return audits of calls to function_name touching record and document_id.

Will return 200 OK with matching audits on succes, 404 Not Found if record or document_id don’t exist.

Deprecated since version 0.9.3: Use audit_query() instead.

indivo.views.audit.audit_query(request, *args, **kwargs)

Select Audit Objects via the Query API Interface.

Accepts any argument specified by the API Query Interface, and filters available audit objects by the arguments.

Will return 200 OK with XML containing individual or aggregated audit records on succes, 400 Bad Request if any of the arguments to the query interface are invalid.

indivo.views.audit.audit_record_view(request, *args, **kwargs)

Return audits of calls touching record.

Will return 200 OK with matching audits on succes, 404 Not Found if record doesn’t exist.

Deprecated since version 0.9.3: Use audit_query() instead.

indivo.views.base module

indivo.views.messaging module

indivo.views.messaging._get_subject(request)

Extract a message subject from request.POST.

indivo.views.messaging.account_inbox(request, *args, **kwargs)

List messages in an account’s inbox.

Messages will be ordered by order_by and paged by limit and offset. request.GET may additionally contain:

• include_archive: Adds messages that have been archived (which are normally omitted) to the listing. Any value will be interpreted as True. Defaults to False, as if it weren’t passed.

Will return 200 OK with a list of messages on success.

indivo.views.messaging.account_inbox_message(request, account, message_id)

Retrieve an individual message from an account’s inbox.

This call additionally filters message content based on its body-type. For example, markdown content is scrubbed of extraneous HTML, then converted to HTML content. Also, this call marks the message as read.

message_id should be the internal identifier of the message

Will return 200 OK with XML describing the message (id, sender, dates received, read, and archived, subject, body, severity, etc.) on success.

indivo.views.messaging.account_inbox_message_attachment_accept(request, account, message_id, attachment_num)

Accept a message attachment into the record it corresponds to.

This call is triggered when a user views a message with an attachment, and chooses to add the attachment contents into their record.

Will return 200 OK on success, 410 Gone if the attachment has already been saved.

indivo.views.messaging.account_message_archive(request, account, message_id)

Archive a message.

This call sets a message’s archival date as now, unless it’s already set. This means that future calls to account_inbox() will not display this message by default.

Will return 200 OK on success.

indivo.views.messaging.account_notifications(request, *args, **kwargs)

List an account’s notifications.

Orders by order_by, pages by limit and offset.

Will return 200 OK with a list of notifications on success.

indivo.views.messaging.account_send_message(*args, **kwargs)

Send a message to an account.

Account messages have no attachments for now, as we wouldn’t know which record to store them on.

request.POST may contain any of:

• message_id: An external identifier for the message, used for idempotent sends. Defaults to None.
• subject: The message subject. Defaults to [no subject].
• body: The message body. Defaults to [no body].
• severity: The importance of the message. Options are low, medium, high. Defaults to low.

After delivering the message to Indivo’s inbox, this call will send an email to the account’s contact address, alerting them that a new message has arrived.

Will return 200 OK on success, 400 Bad Request if the passed message_id is a duplicate.

indivo.views.messaging.record_message_attach(*args, **kwargs)

Attach a document to an Indivo message.

Only XML documents are accepted for now. Since Message objects are duplicated for each recipient account, this call may attach the document to multiple Message objects.

request.POST must contain the raw XML attachment data.

message_id: The external identifier of the message to add the attachment to

Will return 200 OK on success, 400 Bad Request if the attachment with number attachment_num has already been uploaded.

indivo.views.messaging.record_send_message(*args, **kwargs)

Send a message to a record.

request.POST may contain any of:

• subject: The message subject. Defaults to [no subject].
• body: The message body. Defaults to [no body].
• body_type: The formatting of the message body. Options are plaintext, markdown. Defaults to plaintext.
• num_attachments: The number of attachments this message requires. Attachments are uploaded with calls to record_message_attach(), and the message will not be delivered until all attachments have been uploaded. Defaults to 0.
• severity: The importance of the message. Options are low, medium, high. Defaults to low.

message_id: An external identifier for the message, used for idempotent sends.

Defaults to None.

After delivering the message to the Indivo inbox of all accounts authorized to view messages for the passed record, this call will send an email to each account’s contact address, alerting them that a new message has arrived.

Will return 200 OK on success, 400 Bad Request if the passed message_id is a duplicate.

indivo.views.pha module

indivo.views.pha._pha(*args, **kwargs)

indivo.views.pha._phas(*args, **kwargs)

indivo.views.pha.all_manifests(request)

List SMART manifests for all available userapps.

Will return 200 OK with a list of app manifests as JSON on success.

indivo.views.pha.all_phas(request)

List all available userapps.

Will return 200 OK with a list of app manifests as JSON on success.

indivo.views.pha.app_manifest(request, pha)

Return a SMART manifest for a single userapp.

Will return 200 OK with the app’s JSON manifest on success.

indivo.views.pha.app_record_list(request, pha)

Return a list of all records that have this pha enabled.

Will return :http:statuscode`200` with a list of records on success.

indivo.views.pha.autonomous_access_token(request, pha, record)

Fetch an access token for an autonomous app to access a record.

This call assumes that the app has already been enabled on the record, and that the user has already authorized it (this must be checked in the access control for the function). Otherwise, this will automatically enable the app on the record (a BAD idea).

This call should be made by autonomous apps to get access tokens for records which have already enabled them (presumably after a call to app_record_list).

Will return 200 OK with a valid access token for the app bound to the record on success.

indivo.views.pha.exchange_token(request)

Exchange a request token for a valid access token.

This call requires that the request be signed with a valid oauth request token that has previously been authorized.

Will return 200 OK with the access token on success, 403 Forbidden if the oauth signature is missing or invalid.

indivo.views.pha.pha(request, pha)

Return a description of a single userapp.

Will return 200 OK with the app’s JSON manifest on success.

indivo.views.pha.pha_delete(request, pha)

Delete a userapp from Indivo.

This call removes the app entirely from indivo, so it will never be accessible again. To remove an app just from a single record, see pha_record_delete().

Will return 200 OK on success.

indivo.views.pha.pha_record_delete(request, record, pha)

Remove a userapp from a record.

This is accomplished by deleting the app from all carenets belonging to the record, then removing the Shares between the record and the app.

Will return 200 OK on success, 404 Not Found if either the record or the app don’t exist.

indivo.views.pha.record_pha_enable(request, record, pha)

Enable a userapp for a record.

This is accomplished by adding a share between the record and the app. We don’t limit the share to a carenet: this is scoped to the whole record.

Will return 200 OK on success or if the share already exists, 404 Not Found if either the record or the app doesn’t exist.

indivo.views.pha.request_token(request)

Get a new request token, bound to a record or carenet if desired.

request.POST may contain EITHER:

• indivo_record_id: The record to which to bind the request token.
• indivo_carenet_id: The carenet to which to bind the request token.

Will return 200 OK with the request token on success, 403 Forbidden if the oauth signature on the request was missing or faulty.

indivo.views.pha.request_token_approve(request, reqtoken)

Indicate a user’s consent to bind an app to a record or carenet.

request.POST must contain EITHER:

• record_id: The record to bind to.
• carenet_id: The carenet to bind to.

Will return 200 OK with a redirect url to the app on success, 403 Forbidden if record_id/carenet_id don’t match reqtoken.

indivo.views.pha.request_token_claim(request, reqtoken)

Claim a request token on behalf of an account.

After this call, no one but request.principal will be able to approve reqtoken.

Will return 200 OK with the email of the claiming principal on success, 403 Forbidden if the token has already been claimed.

indivo.views.pha.request_token_info(request, reqtoken)

Get information about a request token.

Information includes:

• the record/carenet it is bound to
• Whether the bound record/carenet has been authorized before
• Information about the app for which the token was generated.

Will return 200 OK with the info on success.

indivo.views.pha.session_create(request)

Authenticate a user and register a web session for them.

request.POST must contain:

• username: the username of the user to authenticate.

request.POST may contain EITHER:

• password: the password to use with username against the

  internal password auth system.

• system: An external auth system to authenticate the user

Will return 200 OK with a valid session token on success, 400 Bad Request if no username was provided, 403 Forbidden if the passed credentials were invalid or it the passed system doesn’t exist.

indivo.views.pha.surl_verify(request)

Verify a signed URL.

The URL must contain the following GET parameters:

• surl_timestamp: when the url was generated. Must be within the past hour,

  to avoid permitting old surls.

• surl_token The access token used to sign the url.

• surl_sig The computed signature (base-64 encoded sha1) of the url.

Will always return 200 OK. The response body will be one of:

• <result>ok</result>: The surl was valid.
• <result>old</result>: The surl was too old.
• <result>mismatch</result>: The surl’s signature was invalid.

indivo.views.record module

indivo.views.record._record_create(request, principal_email=None, external_id=None)

Create an Indivo record.

request.POST must contain raw XML that is a valid Indivo Demographics document (see Indivo Document Demographics Schema).

This call will create a new record containing the following information:

• creator: Corresponds to request.principal.
• label: The full name of the new record, specified in the demographics document.
• owner: Corresponds to request.principal.
• external_id An external identifier for the record, if passed in.

Additionally, this call will create a Demographics document for the record.

Will return 200 OK with information about the record on success, 400 Bad Request if the demographics data in request.POST was empty or invalid XML.

indivo.views.record.record(request, record)

Get information about an individual record.

Will return 200 OK with information about the record on success.

indivo.views.record.record_create(*args, **kwargs)

Create a new record.

For 1:1 mapping of URLs to views: just calls _record_create().

indivo.views.record.record_create_ext(*args, **kwargs)

Create a new record with an associated external id.

For 1:1 mapping of URLs to views: just calls _record_create().

indivo.views.record.record_get_owner(request, record)

Get the owner of a record.

Will always return 200 OK. The response body will contain the owner’s email address, or the empty string if the record is unowned.

indivo.views.record.record_list(request, *args, **kwargs)

List all available records for an account.

This includes records that account owns, records that have been fully shared with account, and records that are shared with account via carenets.

Will return 200 OK with a list of records on success.

indivo.views.record.record_notify(request, record)

Send a notification about a record to all accounts authorized to be notified.

Notifications should be short alerts, as compared to full inbox messages, and may only be formatted as plaintext.

request.POST must contain:

• content: The plaintext content of the notification.

request.POST may contain:

• document_id: The document to which this notification pertains.
• app_url: A callback url to the app for more information.

Will return 200 OK on success, 400 Bad Request if content wasn’t passed.

indivo.views.record.record_pha(*args, **kwargs)

Get information about a given userapp bound to a record.

Will return 200 OK with a JSON manifest for the app on success, 404 Not Found if the app isn’t actually bound to the record.

indivo.views.record.record_pha_setup(*args, **kwargs)

Bind an app to a record without user authorization.

This call should be used to set up new records with apps required for this instance of Indivo to run (i.e. syncer apps that connect to data sources). It can only be made by admins, since it skips the normal app authorization process.

request.POST may contain raw content that will be used as a setup document for the record.

Will return 200 OK with a valid access token for the app bound to the record on success.

indivo.views.record.record_phas(*args, **kwargs)

List userapps bound to a given record.

request.GET may optionally contain:

• type: An XML schema namespace. If specified, only apps which explicitly declare themselves as supporting that namespace will be returned.

Will return 200 OK with a list of JSON manifests for the matching apps on success.

indivo.views.record.record_search(request)

Search for records by label (usually the same as full name).

request.GET must contain the query parameters, any of:

• label: The record’s label

This call returns all records matching any part of any of the query parameters: i.e. it ORs together the query parameters and runs a partial-text match on each.

Will return 200 OK with XML describing matching records on success, 400 Bad Request if no query parameters are passed.

indivo.views.record.record_set_owner(request, record)

Set the owner of a record.

request.POST must contain the email address of the new owner.

Will return 200 OK with information about the new owner on success, 400 Bad Request if request.POST is empty or the passed email address doesn’t correspond to an existing principal.

indivo.views.record.record_share_add(request, record)

Fully share a record with another account.

A full share gives the recipient account full access to all data and apps on the record, and adds the recipient to the list of accounts who are alerted when the record gets a new alert or notification.

request.POST must contain:

• account_id: the email address of the recipient account.

request.POST may contain:

• role_label: A label for the share (usually the relationship between the record owner and the recipient account, i.e. ‘Guardian’)

Will return 200 OK on success, 400 Bad Request if account_id was not passed, and 404 Not Found if the passed account_id does not correspond to an existing Account.

indivo.views.record.record_share_delete(request, record, other_account_id)

Undo a full record share with an account.

Will return 200 OK on success, 404 Not Found if other_account_id doesn’t correspond to an existing Account.

indivo.views.record.record_shares(request, record)

List the shares of a record.

This includes shares with apps (phashares) and full shares with accounts (fullshares).

Will return 200 OK with a list of shares on success.

indivo.views.smart_container module

indivo.views.smart_container.smart_capabilities(request)

SMART Capabilities

indivo.views.smart_container.smart_ontology(request)

Fetch the SMART ontology as RDF/XML.

Module contents

Indivo Views.

The Django views that implement all Indivo API functionality, including API calls related to:

• accounts
• auditing
• documents
• messaging
• apps
• records
• reporting
• sharing

indivo.views._get_indivo_version(smart_version)

indivo.views._get_smart_version(indivo_version)

indivo.views._get_version()

indivo.views.get_version(request)

Return the current version of Indivo.