Now handlink revokes

perki · perki · commit 9db215af9913 · 2025-05-06T14:37:08.000+02:00
diff --git a/patient-home-controler.js b/patient-home-controler.js
@@ -10,20 +10,24 @@ window.onload = (event) => {
   patientHomeLib.showLoginButton('login-button', stateChange);
 };
 
-async function stateChange(state) {
+function stateChange(state) {
   if (state === 'loggedIN') {
     document.getElementById('please-login').style.visibility = 'hidden';
     document.getElementById('card-content').style.visibility = 'visible';
-    const formApiEndpoint = getRequestFrormApiEndPoint();
-    console.log('## formApiEndpoint:', formApiEndpoint);
-    const formsInfo = await patientHomeLib.getForms(formApiEndpoint);
-    showFormList(formsInfo)
+    refresh();
   } else {
     document.getElementById('please-login').style.visibility = 'visible';
     document.getElementById('card-content').style.visibility = 'hidden';
   }
 }
 
+async function refresh() {
+  const formApiEndpoint = getRequestFrormApiEndPoint();
+  console.log('## formApiEndpoint:', formApiEndpoint);
+  const formsInfo = await patientHomeLib.getForms(formApiEndpoint);
+  showFormList(formsInfo)
+}
+
 // ------- Get Dr's info -------- //
 function getRequestFrormApiEndPoint() {
   const params = new URLSearchParams(document.location.search);
@@ -35,13 +39,16 @@ function getRequestFrormApiEndPoint() {
 async function showFormList(formsInfo) {
   console.log('## showFormList', formsInfo);
 
-
   // -- table
   const table = document.getElementById('questionnary-table');
+  const tbody = document.getElementById('questionnary-table').getElementsByTagName('tbody')[0];;
 
+  // clear previous content
+  while (tbody.firstChild) {
+    tbody.removeChild(tbody.firstChild);
+  }
 
   for (const formInfo of formsInfo) {
-   
     // fill the table row
     const row = table.insertRow(-1);
     const cellQuestionnary = row.insertCell(-1);
@@ -54,7 +61,7 @@ async function showFormList(formsInfo) {
     cellDr.innerHTML = formInfo.drUserId;
 
     const cellStatus = row.insertCell(-1);
-    cellStatus.innerHTML = formInfo.formEvent.streamIds[0];
+    cellStatus.innerHTML = formInfo.status;
   }
 }
 
@@ -87,24 +94,37 @@ async function showFormDetails(formInfo) {
     cellLevel.innerHTML = permission.level;
   }
   // - grant access / open
-  const button = document.getElementById('grant-access-button');
+  const buttonOpen = document.getElementById('grant-access-button');
+  const buttonRevoke = document.getElementById('revoke-access-button');
 
   // -- pass the apiEndpoint to the next page !! Insecure just for demo
   const openHREF = `patient-profile.html?patientApiEndpoint=${patientHomeLib.getPatientApiEndpoint()}&questionaryId=${formInfo.questionaryId}`;
   if (formDetails.status === 'accepted') {
-    button.innerHTML = 'Open';
-    button.onclick = async function () {
+    buttonOpen.innerHTML = 'Open';
+    buttonOpen.onclick = async function () {
       // -- hack publish access anyway (this should be done just once)
       await patientHomeLib.publishAccess(formInfo, formDetails.sharedApiEndpoint);
       document.location.href = openHREF;
     };
+    buttonRevoke.innerHTML = 'Revoke';
+    buttonRevoke.onclick = async function () {
+      const doRevoke = confirm('Revoke ?');
+      if (doRevoke) patientHomeLib.revokeAccess(formDetails);
+      refresh();
+    };
   }
   else {
-    button.innerHTML = 'Grant access and Open';
-    button.onclick = async function () {
+    buttonOpen.innerHTML = 'Grant access and Open';
+    buttonOpen.onclick = async function () {
       await patientHomeLib.grantAccess(formInfo, formDetails);
       document.location.href = openHREF;
     };
+    buttonRevoke.innerHTML = 'Refuse';
+    buttonRevoke.onclick = async function () {
+      const doRevoke = confirm('Refuse ?');
+      if (doRevoke) patientHomeLib.revokeAccess(formDetails);
+      refresh();
+    }
   }
 
   // - json
diff --git a/patient-home-lib.js b/patient-home-lib.js
@@ -1,13 +1,21 @@
 const patientHomeLib = {
   getForms,
   getQuestionnaryDetails,
-  getQuestionnaryInfo,
   grantAccess,
   showLoginButton,
   getPatientApiEndpoint,
-  publishAccess
+  publishAccess,
+  revokeAccess
 }
 
+const AppBaseStreams = {
+  base: {id: 'demo-dr-forms', name: 'Demo Dr Forms'},
+  inbox: {id: 'demo-dr-forms-inbox', name: 'Demo Dr Forms - Inbox', parentId: 'demo-dr-forms'},
+  accepted: {id: 'demo-dr-forms-accepted', name: 'Demo Dr Forms - Accepted', parentId: 'demo-dr-forms'},
+  rejected: {id: 'demo-dr-forms-rejected', name: 'Demo Dr Forms - Rejected', parentId: 'demo-dr-forms'},
+};
+
+
 /**
  * Load app & get the forms
  * - initBaseFormsStreams
@@ -19,7 +27,7 @@ async function getForms (formApiEndpoint) {
   // init base for streams
   await initBaseFormsStreams(connection);
   // get list of form
-  const eventRes = await connection.api([{ method: 'events.get', params: { streams: ['demo-dr-forms'], limit: 100}}]);
+  const eventRes = await connection.api([{ method: 'events.get', params: { streams: [AppBaseStreams.base.id], limit: 100}}]);
 
   const forms = eventRes[0].events;
 
@@ -30,7 +38,7 @@ async function getForms (formApiEndpoint) {
       const apiCalls = [{
         method: 'events.create',
         params: {
-          streamIds: ['demo-dr-forms-inbox'],
+          streamIds: [AppBaseStreams.inbox.id],
           type: 'credentials/pryv-api-endpoint',
           content: formApiEndpoint
         }
@@ -45,7 +53,7 @@ async function getForms (formApiEndpoint) {
   const formsInfo = [];
   // add forms details 
   for (const formEvent of forms) {
-    const formInfo = await patientHomeLib.getQuestionnaryInfo(formEvent);
+    const formInfo = await getQuestionnaryInfo(formEvent);
     formsInfo.push(formInfo);
   }
 
@@ -56,12 +64,7 @@ async function getForms (formApiEndpoint) {
 
 // Creates the the streams structure for accepted and rejected froms
 async function initBaseFormsStreams (connection) {
-  const streams = [
-    {id: 'demo-dr-forms', name: 'Demo Dr Forms'},
-    {id: 'demo-dr-forms-inbox', name: 'Demo Dr Forms - Inbox', parentId: 'demo-dr-forms'},
-    {id: 'demo-dr-forms-accepted', name: 'Demo Dr Forms - Accepted', parentId: 'demo-dr-forms'},
-    {id: 'demo-dr-forms-rejected', name: 'Demo Dr Forms - Rejected', parentId: 'demo-dr-forms'},
-  ];
+  const streams = Object.values(AppBaseStreams);
   await createsPatientAccountStreams(connection, streams);
 }
 
@@ -127,23 +130,67 @@ async function publishAccess (formInfo, apiEndpoint) {
   }];
   const publishRes = await formInfo.drConnection.api(apiCalls);
   console.log('## Shared access published to Dr Account', publishRes);
+  if (! publishRes[0].event) {
+    const error = new Error('Failed publishing Acces');
+    error.innerObject = publishRes
+    throw error;
+  }
+  // -- update access and place in 'demo-dr-forms-accepted'
+  await updateEventFormStatus(formInfo, 'accepted');
+}
+
+/**
+ * 
+ * @param {*} formInfo 
+ * @param {string} newStatus 'accepted', 'rejected'
+ */
+async function updateEventFormStatus (formInfo, newStatus) {
+  const newStreamId = AppBaseStreams[newStatus].id;
+  const previousStreamsId = formInfo.formEvent.streamIds[0];
+  if (newStreamId === previousStreamsId) return;
+  const apiCalls = [{
+    method: 'events.update',
+    params: {
+      id: formInfo.formEvent.id,
+      update: {
+        streamIds: [newStreamId]
+      }
+    }
+  }];
+  const updateEvent = await connection.api(apiCalls);
+  console.log('## event Form status updated', newStatus, updateEvent);
+  formInfo.formEvent.streamIds = [newStreamId]
+}
+
+async function revokeAccess (formDetails) {
+  // revoke access
+  const revokeRes = await connection.api([{
+    "method": "accesses.delete",
+    "params": {
+      "id": formDetails.sharedAccessId
+    }
+  }]);
+  console.log("## revokeAccess res", revokeRes);
+  // -- update access and place in 'demo-dr-forms-rejected'
+  await updateEventFormStatus(formDetails.formInfo, 'rejected');
 }
 
 // ---- Get questionnary details ---- //
 async function getQuestionnaryDetails (formInfo) {
   const details = {
+    formInfo,
     status : 'pending',
   }
 
    //-- check if the access already exists --//
-   const accessesCheckRes = await connection.api([{ method: 'accesses.get', params: {}}]);
+   const accessesCheckRes = await connection.api([{ method: 'accesses.get', params: { includeDeletions: true }}]);
    const sharedAccess = accessesCheckRes[0].accesses.find(access => access.name === formInfo.sharingAccessId);
    if (sharedAccess) {
      details.status = 'accepted';
      details.sharedApiEndpoint = sharedAccess.apiEndpoint;
+     details.sharedAccessId = sharedAccess.id;
    }
 
-
    //-- get access permissions request --//
    const drAccessInfo = await formInfo.drConnection.accessInfo();
    const questionaryId = drAccessInfo.clientData?.['demo-dr-form']?.questionaryId;
@@ -165,16 +212,22 @@ async function getQuestionnaryInfo (formEvent) {
   console.log('## Dr Form info', drAccessInfo);
   const questionaryId = drAccessInfo.clientData?.['demo-dr-form']?.questionaryId;
   const drUserId = drAccessInfo.user.username;
+
+  const status = formEvent.streamIds[0];
+
   return {
+    status,
     formApiEndpoint,
     questionaryId,
     drUserId,
     drConnection,
+    created: new Date(drAccessInfo.created),
     formEvent,
     sharingAccessId: `${drUserId}-${questionaryId}`
   }
 }
 
+
 // ---------- connection to the pryv account ------------- //
 
 let connection = null;
diff --git a/patient.html b/patient.html
@@ -75,6 +75,8 @@ <h3>Permission request</h3>
               <td>&nbsp; &nbsp;</td>
               <td>
                 <button type="button" id="grant-access-button" class="btn btn-primary mb-2">Open</button>
+                <br><br>
+                <button type="button" id="revoke-access-button" class="btn btn-secondary mb-2">Revoke</button>
               </td>
             </tr>
           </table>
