public Patient validateFromOffice(AuthorizedDTO authDTO, String ipAddress) throws Exception {
Patient patient = null;
PatientSession patientSession = appDAO.findPatientSessionBySessionId(authDTO.getSessionId());
if (patientSession != null) {
patient = appDAO.findPatientBySessionId(authDTO.getSessionId());
String newSessionId = UUID.randomUUID().toString();
patient.getCred().setSessionId(newSessionId);
appDAO.update(patient.getCred());
patientSession.setSessionId(newSessionId);
appDAO.update(patientSession);
activityLogService.logViewPatient(
patient.getId(), null, patient.getId(), "ValidateFromOffice");
decrypt(patient);
}
return patient;
}
public boolean isValidSession(AuthorizedDTO dto, String ipAddress, String path) throws Exception {
String username = "";
appDAO.deleteExpiredPatientSessions();
if (dto == null || dto.getSessionId() == null) {
log.info(
"======= isValidSession() no session id submitted by user at ip address of " + ipAddress);
return false;
}
PatientSession patientSession = appDAO.findPatientSessionBySessionId(dto.getSessionId());
if (patientSession == null) {
log.info("======= isValidSession() no session found for : " + dto.getSessionId());
return false;
}
if (patientSession.getIpAddress().equals(ipAddress) == false) {
log.info(
"======= isValidSession() submitted IP address is of "
+ ipAddress
+ " does not match the one found in current session");
return false;
}
// check for proper access level
int accessLevel = patientSession.getPatient().getCred().getAccessLevel();
log.info("======= isValidSession() checking " + path);
if (Permissions.patientPermissionsMap.get(path) != null) {
username = patientSession.getPatient().getCred().getUsername();
log.info(
"======= isValidSession() checking "
+ path
+ " for user "
+ username
+ " with a permissions level of "
+ accessLevel);
if (Permissions.patientPermissionsMap.get(path)[accessLevel] == false) {
log.info(
"======= isValidSession() user "
+ username
+ " lacks permission level to execute "
+ path);
return false;
}
}
// update session timestamp to current time
patientSession.setLastAccessTime(new Date());
appDAO.update(patientSession);
log.info(
"======= isValidSession() user "
+ username
+ "'s timestamp updated to "
+ patientSession.getLastAccessTime());
return true;
}
public void startPatientSession(Patient patient, String ipAddress, AppDAO appDAO)
throws Exception {
PatientSession patientSession = new PatientSession();
patientSession.setPatient(patient);
patientSession.setSessionId(patient.getCred().getSessionId());
patientSession.setIpAddress(ipAddress);
patientSession.setLastAccessTime(new Date());
appDAO.create(patientSession);
PatientSessionData patientSessionData = new PatientSessionData();
patientSessionData.setPatientSession(patientSession);
log.info("======= Added " + patientSession.toString());
activityLogService.logViewPatient(
patient.getId(), null, patient.getId(), "StartPatientSession");
}
