@blackcode_sa/metaestetics-api 1.15.16 → 1.15.17-staging.0

package/src/services/patient/utils/sensitive.utils.ts

@@ -1,260 +1,260 @@
-import { getDoc, updateDoc, setDoc, serverTimestamp, Firestore } from 'firebase/firestore';
-import {
-  PatientSensitiveInfo,
-  CreatePatientSensitiveInfoData,
-  UpdatePatientSensitiveInfoData,
-} from '../../../types/patient';
-import { UserRole } from '../../../types';
-import { createPatientSensitiveInfoSchema } from '../../../validations/patient.schema';
-import { z } from 'zod';
-import {
-  getSensitiveInfoDocRef,
-  initSensitiveInfoDocIfNotExists,
-  getPatientDocRef,
-} from './docs.utils';
-import { MediaService, MediaAccessLevel, MediaResource } from '../../media/media.service';
-import { AuthError } from '../../../errors/auth.errors';
-import { getPractitionerProfileByUserRef } from './practitioner.utils';
-import { getClinicAdminByUserRef } from '../../clinic/utils/admin.utils';
-
-/**
- * Checks if the requester has permission to access/modify sensitive info.
- * Access is granted to the patient owner, or an associated practitioner/clinic admin.
- */
-const checkSensitiveAccessUtil = async (
-  db: Firestore,
-  patientId: string,
-  requesterId: string,
-  requesterRoles: UserRole[],
-): Promise<void> => {
-  const patientDoc = await getDoc(getPatientDocRef(db, patientId));
-  if (!patientDoc.exists()) {
-    throw new Error('Patient profile not found');
-  }
-  const patientData = patientDoc.data() as any; // Cast to any to access properties
-
-  // 1. Patient is the owner
-  if (patientData.userRef && patientData.userRef === requesterId) {
-    return;
-  }
-
-  // 2. Requester is an associated practitioner
-  if (requesterRoles.includes(UserRole.PRACTITIONER)) {
-    const practitionerProfile = await getPractitionerProfileByUserRef(db, requesterId);
-    if (practitionerProfile && patientData.doctorIds?.includes(practitionerProfile.id)) {
-      return;
-    }
-  }
-
-  // 3. Requester is an associated clinic admin
-  if (requesterRoles.includes(UserRole.CLINIC_ADMIN)) {
-    const adminProfile = await getClinicAdminByUserRef(db, requesterId);
-    if (adminProfile && adminProfile.clinicsManaged) {
-      const hasAccess = adminProfile.clinicsManaged.some(managedClinicId =>
-        patientData.clinicIds?.includes(managedClinicId),
-      );
-      if (hasAccess) {
-        return;
-      }
-    }
-  }
-
-  throw new AuthError(
-    'Unauthorized access to sensitive information.',
-    'AUTH/UNAUTHORIZED_ACCESS',
-    403,
-  );
-};
-
-/**
- * Handles photoUrl upload for sensitive info (supports MediaResource)
- * @param photoUrl - MediaResource (File, Blob, or URL string)
- * @param patientId - ID of the patient
- * @param mediaService - MediaService instance
- * @returns URL string of the uploaded or existing photo
- */
-const handlePhotoUrlUpload = async (
-  photoUrl: MediaResource | undefined | null,
-  patientId: string,
-  mediaService: MediaService,
-): Promise<string | null> => {
-  if (!photoUrl) {
-    return null;
-  }
-
-  // If it's already a URL string, return it as is
-  if (typeof photoUrl === 'string') {
-    return photoUrl;
-  }
-
-  // If it's a File or Blob, upload it
-  if (photoUrl instanceof File || photoUrl instanceof Blob) {
-    const mediaMetadata = await mediaService.uploadMedia(
-      photoUrl,
-      patientId, // Using patientId as ownerId
-      MediaAccessLevel.PRIVATE, // Sensitive info should be private
-      'patient_sensitive_photos',
-      photoUrl instanceof File ? photoUrl.name : `sensitive_photo_${patientId}`,
-    );
-    return mediaMetadata.url;
-  }
-
-  return null;
-};
-
-// Funkcije za rad sa osetljivim informacijama
-export const createSensitiveInfoUtil = async (
-  db: Firestore,
-  data: CreatePatientSensitiveInfoData,
-  requesterId: string,
-  requesterRoles: UserRole[],
-  mediaService?: MediaService,
-): Promise<PatientSensitiveInfo> => {
-  try {
-    // Security check
-    await checkSensitiveAccessUtil(db, data.patientId, requesterId, requesterRoles);
-
-    const validatedData = createPatientSensitiveInfoSchema.parse(data);
-
-    // Proveriti da li dokument već postoji
-    const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, data.patientId));
-    if (sensitiveDoc.exists()) {
-      throw new Error('Sensitive information already exists for this patient');
-    }
-
-    // Process photoUrl if it's a MediaResource and mediaService is provided
-    let processedPhotoUrl: string | null = null;
-    if (validatedData.photoUrl && mediaService) {
-      processedPhotoUrl = await handlePhotoUrlUpload(
-        validatedData.photoUrl,
-        data.patientId,
-        mediaService,
-      );
-    } else if (typeof validatedData.photoUrl === 'string') {
-      processedPhotoUrl = validatedData.photoUrl;
-    }
-
-    const sensitiveInfoData = {
-      ...validatedData,
-      photoUrl: processedPhotoUrl,
-      createdAt: serverTimestamp(),
-      updatedAt: serverTimestamp(),
-    };
-
-    await setDoc(getSensitiveInfoDocRef(db, data.patientId), sensitiveInfoData);
-
-    const createdDoc = await getDoc(getSensitiveInfoDocRef(db, data.patientId));
-    if (!createdDoc.exists()) {
-      throw new Error('Failed to create sensitive information');
-    }
-
-    return createdDoc.data() as PatientSensitiveInfo;
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      throw new Error('Invalid sensitive info data: ' + error.message);
-    }
-    throw error;
-  }
-};
-
-export const getSensitiveInfoUtil = async (
-  db: Firestore,
-  patientId: string,
-  requesterId: string,
-  requesterRoles: UserRole[],
-): Promise<PatientSensitiveInfo | null> => {
-  // Security check
-  await checkSensitiveAccessUtil(db, patientId, requesterId, requesterRoles);
-
-  // Inicijalizacija dokumenta ako ne postoji
-  await initSensitiveInfoDocIfNotExists(db, patientId, requesterId);
-
-  const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
-  return sensitiveDoc.exists() ? (sensitiveDoc.data() as PatientSensitiveInfo) : null;
-};
-
-export const updateSensitiveInfoUtil = async (
-  db: Firestore,
-  patientId: string,
-  data: UpdatePatientSensitiveInfoData,
-  requesterId: string,
-  requesterRoles: UserRole[],
-  mediaService?: MediaService,
-): Promise<PatientSensitiveInfo> => {
-  // Security check
-  await checkSensitiveAccessUtil(db, patientId, requesterId, requesterRoles);
-
-  // Inicijalizacija dokumenta ako ne postoji
-  await initSensitiveInfoDocIfNotExists(db, patientId, requesterId);
-
-  // Process photoUrl if it's a MediaResource and mediaService is provided
-  let processedPhotoUrl: string | null | undefined = undefined;
-  if (data.photoUrl !== undefined) {
-    if (mediaService) {
-      processedPhotoUrl = await handlePhotoUrlUpload(data.photoUrl, patientId, mediaService);
-    } else if (typeof data.photoUrl === 'string' || data.photoUrl === null) {
-      processedPhotoUrl = data.photoUrl;
-    } else {
-      // If photoUrl is a File/Blob but no mediaService provided, throw error
-      throw new Error('MediaService required to process photo upload');
-    }
-  }
-
-  const updateData = {
-    ...data,
-    photoUrl: processedPhotoUrl,
-    updatedAt: serverTimestamp(),
-  };
-
-  await updateDoc(getSensitiveInfoDocRef(db, patientId), updateData);
-
-  const updatedDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
-  if (!updatedDoc.exists()) {
-    throw new Error('Failed to retrieve updated sensitive information');
-  }
-
-  return updatedDoc.data() as PatientSensitiveInfo;
-};
-
-export const claimPatientSensitiveInfoUtil = async (
-  db: Firestore,
-  patientId: string,
-  userId: string,
-): Promise<PatientSensitiveInfo> => {
-  const patientDoc = await getDoc(getPatientDocRef(db, patientId));
-  if (!patientDoc.exists()) {
-    throw new Error('Patient profile not found');
-  }
-
-  const patientData = patientDoc.data() as any;
-
-  if (!patientData.isManual) {
-    throw new Error('Only manually created patient profiles can be claimed');
-  }
-
-  if (patientData.userRef) {
-    throw new Error('Patient profile has already been claimed');
-  }
-
-  const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
-  if (!sensitiveDoc.exists()) {
-    throw new Error('Patient sensitive information not found');
-  }
-
-  const sensitiveData = sensitiveDoc.data() as PatientSensitiveInfo;
-  if (sensitiveData.userRef) {
-    throw new Error('Patient sensitive information has already been claimed');
-  }
-
-  await updateDoc(getSensitiveInfoDocRef(db, patientId), {
-    userRef: userId,
-    updatedAt: serverTimestamp(),
-  });
-
-  const updatedDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
-  if (!updatedDoc.exists()) {
-    throw new Error('Failed to retrieve updated sensitive information');
-  }
-
-  return updatedDoc.data() as PatientSensitiveInfo;
-};
+import { getDoc, updateDoc, setDoc, serverTimestamp, Firestore } from 'firebase/firestore';
+import {
+  PatientSensitiveInfo,
+  CreatePatientSensitiveInfoData,
+  UpdatePatientSensitiveInfoData,
+} from '../../../types/patient';
+import { UserRole } from '../../../types';
+import { createPatientSensitiveInfoSchema } from '../../../validations/patient.schema';
+import { z } from 'zod';
+import {
+  getSensitiveInfoDocRef,
+  initSensitiveInfoDocIfNotExists,
+  getPatientDocRef,
+} from './docs.utils';
+import { MediaService, MediaAccessLevel, MediaResource } from '../../media/media.service';
+import { AuthError } from '../../../errors/auth.errors';
+import { getPractitionerProfileByUserRef } from './practitioner.utils';
+import { getClinicAdminByUserRef } from '../../clinic/utils/admin.utils';
+
+/**
+ * Checks if the requester has permission to access/modify sensitive info.
+ * Access is granted to the patient owner, or an associated practitioner/clinic admin.
+ */
+const checkSensitiveAccessUtil = async (
+  db: Firestore,
+  patientId: string,
+  requesterId: string,
+  requesterRoles: UserRole[],
+): Promise<void> => {
+  const patientDoc = await getDoc(getPatientDocRef(db, patientId));
+  if (!patientDoc.exists()) {
+    throw new Error('Patient profile not found');
+  }
+  const patientData = patientDoc.data() as any; // Cast to any to access properties
+
+  // 1. Patient is the owner
+  if (patientData.userRef && patientData.userRef === requesterId) {
+    return;
+  }
+
+  // 2. Requester is an associated practitioner
+  if (requesterRoles.includes(UserRole.PRACTITIONER)) {
+    const practitionerProfile = await getPractitionerProfileByUserRef(db, requesterId);
+    if (practitionerProfile && patientData.doctorIds?.includes(practitionerProfile.id)) {
+      return;
+    }
+  }
+
+  // 3. Requester is an associated clinic admin
+  if (requesterRoles.includes(UserRole.CLINIC_ADMIN)) {
+    const adminProfile = await getClinicAdminByUserRef(db, requesterId);
+    if (adminProfile && adminProfile.clinicsManaged) {
+      const hasAccess = adminProfile.clinicsManaged.some(managedClinicId =>
+        patientData.clinicIds?.includes(managedClinicId),
+      );
+      if (hasAccess) {
+        return;
+      }
+    }
+  }
+
+  throw new AuthError(
+    'Unauthorized access to sensitive information.',
+    'AUTH/UNAUTHORIZED_ACCESS',
+    403,
+  );
+};
+
+/**
+ * Handles photoUrl upload for sensitive info (supports MediaResource)
+ * @param photoUrl - MediaResource (File, Blob, or URL string)
+ * @param patientId - ID of the patient
+ * @param mediaService - MediaService instance
+ * @returns URL string of the uploaded or existing photo
+ */
+const handlePhotoUrlUpload = async (
+  photoUrl: MediaResource | undefined | null,
+  patientId: string,
+  mediaService: MediaService,
+): Promise<string | null> => {
+  if (!photoUrl) {
+    return null;
+  }
+
+  // If it's already a URL string, return it as is
+  if (typeof photoUrl === 'string') {
+    return photoUrl;
+  }
+
+  // If it's a File or Blob, upload it
+  if (photoUrl instanceof File || photoUrl instanceof Blob) {
+    const mediaMetadata = await mediaService.uploadMedia(
+      photoUrl,
+      patientId, // Using patientId as ownerId
+      MediaAccessLevel.PRIVATE, // Sensitive info should be private
+      'patient_sensitive_photos',
+      photoUrl instanceof File ? photoUrl.name : `sensitive_photo_${patientId}`,
+    );
+    return mediaMetadata.url;
+  }
+
+  return null;
+};
+
+// Funkcije za rad sa osetljivim informacijama
+export const createSensitiveInfoUtil = async (
+  db: Firestore,
+  data: CreatePatientSensitiveInfoData,
+  requesterId: string,
+  requesterRoles: UserRole[],
+  mediaService?: MediaService,
+): Promise<PatientSensitiveInfo> => {
+  try {
+    // Security check
+    await checkSensitiveAccessUtil(db, data.patientId, requesterId, requesterRoles);
+
+    const validatedData = createPatientSensitiveInfoSchema.parse(data);
+
+    // Proveriti da li dokument već postoji
+    const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, data.patientId));
+    if (sensitiveDoc.exists()) {
+      throw new Error('Sensitive information already exists for this patient');
+    }
+
+    // Process photoUrl if it's a MediaResource and mediaService is provided
+    let processedPhotoUrl: string | null = null;
+    if (validatedData.photoUrl && mediaService) {
+      processedPhotoUrl = await handlePhotoUrlUpload(
+        validatedData.photoUrl,
+        data.patientId,
+        mediaService,
+      );
+    } else if (typeof validatedData.photoUrl === 'string') {
+      processedPhotoUrl = validatedData.photoUrl;
+    }
+
+    const sensitiveInfoData = {
+      ...validatedData,
+      photoUrl: processedPhotoUrl,
+      createdAt: serverTimestamp(),
+      updatedAt: serverTimestamp(),
+    };
+
+    await setDoc(getSensitiveInfoDocRef(db, data.patientId), sensitiveInfoData);
+
+    const createdDoc = await getDoc(getSensitiveInfoDocRef(db, data.patientId));
+    if (!createdDoc.exists()) {
+      throw new Error('Failed to create sensitive information');
+    }
+
+    return createdDoc.data() as PatientSensitiveInfo;
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      throw new Error('Invalid sensitive info data: ' + error.message);
+    }
+    throw error;
+  }
+};
+
+export const getSensitiveInfoUtil = async (
+  db: Firestore,
+  patientId: string,
+  requesterId: string,
+  requesterRoles: UserRole[],
+): Promise<PatientSensitiveInfo | null> => {
+  // Security check
+  await checkSensitiveAccessUtil(db, patientId, requesterId, requesterRoles);
+
+  // Inicijalizacija dokumenta ako ne postoji
+  await initSensitiveInfoDocIfNotExists(db, patientId, requesterId);
+
+  const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
+  return sensitiveDoc.exists() ? (sensitiveDoc.data() as PatientSensitiveInfo) : null;
+};
+
+export const updateSensitiveInfoUtil = async (
+  db: Firestore,
+  patientId: string,
+  data: UpdatePatientSensitiveInfoData,
+  requesterId: string,
+  requesterRoles: UserRole[],
+  mediaService?: MediaService,
+): Promise<PatientSensitiveInfo> => {
+  // Security check
+  await checkSensitiveAccessUtil(db, patientId, requesterId, requesterRoles);
+
+  // Inicijalizacija dokumenta ako ne postoji
+  await initSensitiveInfoDocIfNotExists(db, patientId, requesterId);
+
+  // Process photoUrl if it's a MediaResource and mediaService is provided
+  let processedPhotoUrl: string | null | undefined = undefined;
+  if (data.photoUrl !== undefined) {
+    if (mediaService) {
+      processedPhotoUrl = await handlePhotoUrlUpload(data.photoUrl, patientId, mediaService);
+    } else if (typeof data.photoUrl === 'string' || data.photoUrl === null) {
+      processedPhotoUrl = data.photoUrl;
+    } else {
+      // If photoUrl is a File/Blob but no mediaService provided, throw error
+      throw new Error('MediaService required to process photo upload');
+    }
+  }
+
+  const updateData = {
+    ...data,
+    photoUrl: processedPhotoUrl,
+    updatedAt: serverTimestamp(),
+  };
+
+  await updateDoc(getSensitiveInfoDocRef(db, patientId), updateData);
+
+  const updatedDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
+  if (!updatedDoc.exists()) {
+    throw new Error('Failed to retrieve updated sensitive information');
+  }
+
+  return updatedDoc.data() as PatientSensitiveInfo;
+};
+
+export const claimPatientSensitiveInfoUtil = async (
+  db: Firestore,
+  patientId: string,
+  userId: string,
+): Promise<PatientSensitiveInfo> => {
+  const patientDoc = await getDoc(getPatientDocRef(db, patientId));
+  if (!patientDoc.exists()) {
+    throw new Error('Patient profile not found');
+  }
+
+  const patientData = patientDoc.data() as any;
+
+  if (!patientData.isManual) {
+    throw new Error('Only manually created patient profiles can be claimed');
+  }
+
+  if (patientData.userRef) {
+    throw new Error('Patient profile has already been claimed');
+  }
+
+  const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
+  if (!sensitiveDoc.exists()) {
+    throw new Error('Patient sensitive information not found');
+  }
+
+  const sensitiveData = sensitiveDoc.data() as PatientSensitiveInfo;
+  if (sensitiveData.userRef) {
+    throw new Error('Patient sensitive information has already been claimed');
+  }
+
+  await updateDoc(getSensitiveInfoDocRef(db, patientId), {
+    userRef: userId,
+    updatedAt: serverTimestamp(),
+  });
+
+  const updatedDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
+  if (!updatedDoc.exists()) {
+    throw new Error('Failed to retrieve updated sensitive information');
+  }
+
+  return updatedDoc.data() as PatientSensitiveInfo;
+};