@blackcode_sa/metaestetics-api 1.5.15 → 1.5.17

package/src/services/patient/utils/profile.utils.ts

@@ -8,6 +8,11 @@ import {
   increment,
   Firestore,
   Timestamp,
+  collection,
+  query,
+  where,
+  getDocs,
+  QueryConstraint,
 } from "firebase/firestore";
 import {
   ref,
@@ -21,10 +26,15 @@ import {
   PatientProfile,
   CreatePatientProfileData,
   Gender,
+  SearchPatientsParams,
+  RequesterInfo,
+  PATIENTS_COLLECTION,
 } from "../../../types/patient";
 import {
   patientProfileSchema,
   createPatientProfileSchema,
+  searchPatientsSchema,
+  requesterInfoSchema,
 } from "../../../validations/patient.schema";
 import {
   getPatientDocRef,
@@ -65,6 +75,8 @@ export const createPatientProfileUtil = async (
       isVerified: validatedData.isVerified,
       doctors: validatedData.doctors || [],
       clinics: validatedData.clinics || [],
+      doctorIds: validatedData.doctors?.map((d) => d.userRef) || [],
+      clinicIds: validatedData.clinics?.map((c) => c.clinicId) || [],
       createdAt: serverTimestamp(),
       updatedAt: serverTimestamp(),
     };
@@ -398,3 +410,107 @@ export const testCreateSubDocuments = async (
     throw error;
   }
 };
+
+/**
+ * Searches for patient profiles based on clinic and/or practitioner association.
+ * Applies security checks based on the requester's role and associations.
+ *
+ * @param {Firestore} db - Firestore instance.
+ * @param {SearchPatientsParams} params - Search criteria (clinicId, practitionerId).
+ * @param {RequesterInfo} requester - Information about the user performing the search.
+ * @returns {Promise<PatientProfile[]>} A promise resolving to an array of matching patient profiles.
+ */
+export const searchPatientsUtil = async (
+  db: Firestore,
+  params: SearchPatientsParams,
+  requester: RequesterInfo
+): Promise<PatientProfile[]> => {
+  // Validate input
+  searchPatientsSchema.parse(params);
+  requesterInfoSchema.parse(requester);
+
+  const constraints: QueryConstraint[] = [];
+  const patientsCollectionRef = collection(db, PATIENTS_COLLECTION);
+
+  // --- Security Checks & Initial Filtering ---
+
+  if (requester.role === "clinic_admin") {
+    // Clinic admin can only search within their own clinic
+    if (!requester.associatedClinicId) {
+      throw new Error(
+        "Associated clinic ID is required for clinic admin search."
+      );
+    }
+    // If the search params specify a different clinic, it's an invalid request for this admin.
+    if (params.clinicId && params.clinicId !== requester.associatedClinicId) {
+      console.warn(
+        `Clinic admin (${requester.id}) attempted to search outside their associated clinic (${requester.associatedClinicId})`
+      );
+      return []; // Or throw an error
+    }
+
+    // **Mandatory filter**: Ensure patients belong to the admin's clinic.
+    constraints.push(
+      where("clinicIds", "array-contains", requester.associatedClinicId)
+    );
+
+    // Optional filter: If practitionerId is also provided, filter by that practitioner *within the admin's clinic*.
+    if (params.practitionerId) {
+      constraints.push(
+        where("doctorIds", "array-contains", params.practitionerId)
+      );
+      // We might need an additional check here if the practitioner MUST work at the admin's clinic.
+      // This would require fetching practitioner data or having denormalized clinic IDs on the practitioner.
+    }
+  } else if (requester.role === "practitioner") {
+    // Practitioner can only search for their own patients.
+    if (!requester.associatedPractitionerId) {
+      throw new Error(
+        "Associated practitioner ID is required for practitioner search."
+      );
+    }
+    // If the search params specify a different practitioner, it's invalid.
+    if (
+      params.practitionerId &&
+      params.practitionerId !== requester.associatedPractitionerId
+    ) {
+      console.warn(
+        `Practitioner (${requester.id}) attempted to search for patients of another practitioner (${params.practitionerId})`
+      );
+      return []; // Or throw an error
+    }
+
+    // **Mandatory filter**: Ensure patients are associated with this practitioner.
+    constraints.push(
+      where("doctorIds", "array-contains", requester.associatedPractitionerId)
+    );
+
+    // Optional filter: If clinicId is provided, filter by patients of this practitioner *at that specific clinic*.
+    if (params.clinicId) {
+      constraints.push(where("clinicIds", "array-contains", params.clinicId));
+      // Similar to above, we might need to check if the practitioner actually works at this clinic.
+    }
+  } else {
+    // Should not happen due to validation, but good practice to handle.
+    throw new Error("Invalid requester role.");
+  }
+
+  // --- Execute Query ---
+  try {
+    const finalQuery = query(patientsCollectionRef, ...constraints);
+    const querySnapshot = await getDocs(finalQuery);
+
+    const patients = querySnapshot.docs.map(
+      (doc) => doc.data() as PatientProfile
+    );
+
+    console.log(
+      `[searchPatientsUtil] Found ${patients.length} patients matching criteria.`
+    );
+    return patients;
+  } catch (error) {
+    console.error("[searchPatientsUtil] Error searching patients:", error);
+    // Consider logging more details or re-throwing a specific error type
+    return []; // Return empty array on error
+  }
+};

package/src/types/calendar/index.ts

@@ -185,3 +185,44 @@ export interface UpdateAppointmentParams {
  * Collection names for calendar
  */
 export const CALENDAR_COLLECTION = "calendar";
+
+/**
+ * Enum for specifying the primary search location for calendar events
+ */
+export enum SearchLocationEnum {
+  PRACTITIONER = "practitioner",
+  PATIENT = "patient",
+  CLINIC = "clinic", // Represents searching events associated with a clinic
+}
+
+/**
+ * Interface for defining a date range
+ */
+export interface DateRange {
+  start: Timestamp;
+  end: Timestamp;
+}
+
+/**
+ * Interface for general calendar event search parameters
+ */
+export interface SearchCalendarEventsParams {
+  /** The primary location to search within (practitioner, patient, or clinic calendar). */
+  searchLocation: SearchLocationEnum;
+  /** The ID of the entity (practitioner, patient, or clinic) whose calendar/events are being searched. */
+  entityId: string;
+  /** Optional filter for clinic ID. If searchLocation is CLINIC, this is implicitly applied using entityId. */
+  clinicId?: string;
+  /** Optional filter for practitioner ID. */
+  practitionerId?: string;
+  /** Optional filter for patient ID. */
+  patientId?: string;
+  /** Optional filter for procedure ID. */
+  procedureId?: string;
+  /** Optional filter for a specific date range (based on event start time). */
+  dateRange?: DateRange;
+  /** Optional filter for event status. */
+  eventStatus?: CalendarEventStatus;
+  /** Optional filter for event type. */
+  eventType?: CalendarEventType;
+}

package/src/types/clinic/index.ts

@@ -149,6 +149,7 @@ export enum AdminTokenStatus {
 export interface AdminToken {
   id: string;
   token: string;
+  email?: string | null;
   status: AdminTokenStatus;
   usedByUserRef?: string;
   createdAt: Timestamp;
@@ -234,6 +235,7 @@ export interface UpdateClinicGroupData extends Partial<CreateClinicGroupData> {
  */
 export interface CreateAdminTokenData {
   expiresInDays?: number; // How many days the token is valid, default 7
+  email?: string | null;
 }
 
 /**

package/src/types/patient/index.ts

@@ -172,6 +172,8 @@ export interface PatientProfile {
   dateOfBirth?: Timestamp | null;
   doctors: PatientDoctor[]; // Lista doktora pacijenta
   clinics: PatientClinic[]; // Lista klinika pacijenta
+  doctorIds: string[]; // Denormalized array for querying
+  clinicIds: string[]; // Denormalized array for querying
   createdAt: Timestamp;
   updatedAt: Timestamp;
 }
@@ -188,14 +190,42 @@ export interface CreatePatientProfileData {
   isVerified: boolean;
   doctors?: PatientDoctor[];
   clinics?: PatientClinic[];
+  doctorIds?: string[]; // Initialize as empty or with initial doctors
+  clinicIds?: string[]; // Initialize as empty or with initial clinics
 }
 
 /**
  * Tip za ažuriranje Patient profila
  */
 export interface UpdatePatientProfileData
-  extends Partial<CreatePatientProfileData> {
+  extends Partial<Omit<PatientProfile, "id" | "createdAt" | "updatedAt">> {
+  // Use Omit to exclude base fields
   updatedAt?: FieldValue;
+  // Note: doctors, clinics, doctorIds, clinicIds should ideally be updated via specific methods (add/removeDoctor/Clinic)
+}
+
+/**
+ * Parameters for searching patient profiles.
+ */
+export interface SearchPatientsParams {
+  /** Optional: Filter patients associated with this clinic ID. */
+  clinicId?: string;
+  /** Optional: Filter patients associated with this practitioner ID. */
+  practitionerId?: string;
+}
+
+/**
+ * Information about the entity requesting the patient search.
+ */
+export interface RequesterInfo {
+  /** ID of the clinic admin user or practitioner user making the request. */
+  id: string;
+  /** Role of the requester, determining the search context. */
+  role: "clinic_admin" | "practitioner";
+  /** If role is 'clinic_admin', this is the associated clinic ID. */
+  associatedClinicId?: string;
+  /** If role is 'practitioner', this is the associated practitioner profile ID. */
+  associatedPractitionerId?: string;
 }
 
 export * from "./medical-info.types";

package/src/types/practitioner/index.ts

@@ -1,11 +1,11 @@
-import { Timestamp, FieldValue } from "firebase/firestore";
+import { Timestamp, FieldValue } from 'firebase/firestore';
 import {
   CertificationLevel,
   CertificationSpecialty,
-} from "../../backoffice/types/static/certification.types";
+} from '../../backoffice/types/static/certification.types';
 
-export const PRACTITIONERS_COLLECTION = "practitioners";
-export const REGISTER_TOKENS_COLLECTION = "register_tokens";
+export const PRACTITIONERS_COLLECTION = 'practitioners';
+export const REGISTER_TOKENS_COLLECTION = 'register_tokens';
 
 /**
  * Osnovne informacije o zdravstvenom radniku
@@ -17,7 +17,7 @@ export interface PractitionerBasicInfo {
   email: string;
   phoneNumber: string;
   dateOfBirth: Timestamp;
-  gender: "male" | "female" | "other";
+  gender: 'male' | 'female' | 'other';
   profileImageUrl?: string;
   bio?: string;
   languages: string[];
@@ -33,7 +33,7 @@ export interface PractitionerCertification {
   issuingAuthority: string;
   issueDate: Timestamp;
   expiryDate?: Timestamp;
-  verificationStatus: "pending" | "verified" | "rejected";
+  verificationStatus: 'pending' | 'verified' | 'rejected';
 }
 
 /**
@@ -59,18 +59,18 @@ export interface PractitionerClinicWorkingHours {
  * Status of practitioner profile
  */
 export enum PractitionerStatus {
-  DRAFT = "draft",
-  ACTIVE = "active",
+  DRAFT = 'draft',
+  ACTIVE = 'active',
 }
 
 /**
  * Token status for practitioner invitations
  */
 export enum PractitionerTokenStatus {
-  ACTIVE = "active",
-  USED = "used",
-  EXPIRED = "expired",
-  REVOKED = "revoked",
+  ACTIVE = 'active',
+  USED = 'used',
+  EXPIRED = 'expired',
+  REVOKED = 'revoked',
 }
 
 /**
@@ -119,8 +119,7 @@ export interface CreateDraftPractitionerData {
 /**
  * Tip za ažuriranje zdravstvenog radnika
  */
-export interface UpdatePractitionerData
-  extends Partial<CreatePractitionerData> {
+export interface UpdatePractitionerData extends Partial<CreatePractitionerData> {
   updatedAt?: FieldValue;
 }
 

package/src/validations/clinic.schema.ts

@@ -172,6 +172,7 @@ export const clinicAdminSchema = z.object({
 export const adminTokenSchema = z.object({
   id: z.string(),
   token: z.string(),
+  email: z.string().email().optional().nullable(),
   status: z.nativeEnum(AdminTokenStatus),
   usedByUserRef: z.string().optional(),
   createdAt: z.instanceof(Date).or(z.instanceof(Timestamp)), // Timestamp
@@ -183,6 +184,7 @@ export const adminTokenSchema = z.object({
  */
 export const createAdminTokenSchema = z.object({
   expiresInDays: z.number().min(1).max(30).optional(),
+  email: z.string().email().optional().nullable(),
 });
 
 /**

package/src/validations/patient.schema.ts

@@ -115,6 +115,8 @@ export const patientProfileSchema = z.object({
   isVerified: z.boolean(),
   doctors: z.array(patientDoctorSchema),
   clinics: z.array(patientClinicSchema),
+  doctorIds: z.array(z.string()),
+  clinicIds: z.array(z.string()),
   createdAt: z.instanceof(Timestamp),
   updatedAt: z.instanceof(Timestamp),
 });
@@ -132,6 +134,8 @@ export const createPatientProfileSchema = z.object({
   isVerified: z.boolean(),
   doctors: z.array(patientDoctorSchema).optional(),
   clinics: z.array(patientClinicSchema).optional(),
+  doctorIds: z.array(z.string()).optional(),
+  clinicIds: z.array(z.string()).optional(),
 });
 
 /**
@@ -152,4 +156,43 @@ export const createPatientSensitiveInfoSchema = z.object({
   emergencyContacts: z.array(emergencyContactSchema).optional(),
 });
 
+/**
+ * Schema for validating patient search parameters.
+ */
+export const searchPatientsSchema = z
+  .object({
+    clinicId: z.string().optional(),
+    practitionerId: z.string().optional(),
+  })
+  .refine((data) => data.clinicId || data.practitionerId, {
+    message: "At least one of clinicId or practitionerId must be provided",
+    path: [], // Optional: specify a path like ['clinicId'] or ['practitionerId']
+  });
+
+/**
+ * Schema for validating requester information during patient search.
+ */
+export const requesterInfoSchema = z
+  .object({
+    id: z.string(),
+    role: z.enum(["clinic_admin", "practitioner"]),
+    associatedClinicId: z.string().optional(),
+    associatedPractitionerId: z.string().optional(),
+  })
+  .refine(
+    (data) => {
+      if (data.role === "clinic_admin") {
+        return !!data.associatedClinicId;
+      } else if (data.role === "practitioner") {
+        return !!data.associatedPractitionerId;
+      }
+      return false;
+    },
+    {
+      message:
+        "Associated ID (clinic or practitioner) is required based on role",
+      path: ["associatedClinicId", "associatedPractitionerId"],
+    }
+  );
+
 export * from "./patient/medical-info.schema";