Fix permission issues

vigneshhari · vigneshhari · commit 363e40d5774e · 2024-12-31T19:04:20.000+05:30
diff --git a/care/emr/api/viewsets/patient.py b/care/emr/api/viewsets/patient.py
@@ -38,15 +38,12 @@ class PatientViewSet(EMRModelViewSet):
 
     def authorize_update(self, request_obj, model_instance):
         if not AuthorizationController.call(
-            "can_write_patient_obj", self.request.user , model_instance
+            "can_write_patient_obj", self.request.user, model_instance
         ):
             raise PermissionDenied("Cannot Create Patient")
 
-
     def authorize_create(self, request_obj):
-        if not AuthorizationController.call(
-            "can_create_patient", self.request.user
-        ):
+        if not AuthorizationController.call("can_create_patient", self.request.user):
             raise PermissionDenied("Cannot Create Patient")
 
     def authorize_delete(self, instance):
@@ -154,4 +151,4 @@ def delete_user(self, request, *args, **kwargs):
         if not PatientUser.objects.filter(user=user, patient=patient).exists():
             raise ValidationError("User does not exist")
         PatientUser.objects.filter(user=user, patient=patient).delete()
-        return Response({}, status=204)
+        return Response({})
diff --git a/care/emr/models/patient.py b/care/emr/models/patient.py
@@ -63,6 +63,7 @@ def rebuild_users_cache(self):
 
     def save(self, *args, **kwargs) -> None:
         self.rebuild_organization_cache()
+        self.rebuild_users_cache()
         if self.date_of_birth and not self.year_of_birth:
             self.year_of_birth = self.date_of_birth.year
         super().save(*args, **kwargs)
diff --git a/care/security/authorization/patient.py b/care/security/authorization/patient.py
@@ -35,8 +35,6 @@ def find_roles_on_patient(self, user, patient):
         )
         return role_ids.union(set(roles))
 
-
-
     def can_view_patient_obj(self, user, patient):
         if user.is_superuser:
             return True
@@ -57,11 +55,9 @@ def can_write_patient_obj(self, user, patient):
 
     def can_create_patient(self, user):
         return self.check_permission_in_facility_organization(
-            [PatientPermissions.can_create_patient.name],
-            user
+            [PatientPermissions.can_create_patient.name], user
         )
 
-
     def can_view_clinical_data(self, user, patient):
         if user.is_superuser:
             return True
