Table of Contents
Portail has the aim of controlling the access to EDS (Entrepôts de Données de Santé) data
The main goals are to allow:
- Users to give access to other users to patient nominative or pseudonymised data
- Users to allow other users to give these accesses
- Cohort360 users to ask for exports of their cohorts and download them as CSV files or transfer them to Jupyter workspaces
- Admins to manage Jupyter and Unix workspaces
Here is a list of major frameworks used here.
- Python
sudo apt-get update sudo apt-get install python3.8
- PostgreSQL
sudo apt-get install postgresql postgresql-contrib
- Kerberos authentication development library
sudo apt-get install -y libkrb5-dev gcc
- Clone the repo
git clone https://gitlab.eds.aphp.fr/dev/console-admin/admin-back-end.git cd admin-back-end
- Prepare a virtual environment
pip install virtualenv virtualenv -p python3.8 venv source venv/bin/activate pip install -r requirements.txt
- Prepare your database
sudo -u postgres psql
CREATE USER portail_dev_limited_rw PASSWORD 'portail_psswd'; CREATE DATABASE portail_dev OWNER portail_dev_limited_rw; \q
- Configuration :
- create a .env file admin_cohort/.env following .env.example format
- Now run Django migrations in that order
source venv/bin/activate python manage.py migrate
- In order to allow Django to run its tests, authorise the user to create a test database
sudo -u postgres psql
ALTER USER portail_dev_limited_rw CREATEDB;
- If you want to run the server locally to try your own new actions, you'll need to give your user access to the schemas
\c portail_dev
GRANT ALL PRIVILEGES ON DATABASE portail_dev TO portail_dev_limited_rw;
- Also, here are a few rows to add so that the whole model could work (adapt with your email address, and the PERIMETER_TYPES you provide in .env):
\c portail_dev
-- An admin user
INSERT INTO "user" (firstname , lastname, provider_id, provider_username, email) VALUES('Cid', 'Kramer', 0, '96214', '[email protected]');
INSERT INTO accesses_profile(id, user_id, source, is_active, firstname, lastname, email) VALUES(0, '96214', 'Manual', 't', 'Cid', 'Kramer', '[email protected]');
-- An simple user to play with
INSERT INTO "user" (firstname , lastname, provider_id, provider_username, email) VALUES('Squall', 'Leonheart', 1, '41269', '[email protected]');
INSERT INTO accesses_profile(id, user_id, source, is_active, firstname, lastname, email) VALUES(1, '41269', 'Manual', 't', 'Squall', 'Leonheart', '[email protected]');
-- Basic perimeter tree
INSERT INTO accesses_perimeter(id, name, local_id, type_source_value, parent_id)
VALUES
(0, 'AP-HP', 'Local 00', 'AP-HP', null),
(1, 'Hospital 1', 'Local 01','Hospital', 0),
(2, 'Hospital 2', 'Local 02','Hospital', 0),
(3, 'Unit 1', 'Hospital 2','Hospital', 2)
;
-- Full administration role
INSERT INTO accesses_role(id, name, right_edit_roles, right_add_users, right_edit_users, right_read_users, right_manage_admin_accesses_same_level, right_read_admin_accesses_same_level, right_manage_admin_accesses_inferior_levels, right_read_admin_accesses_inferior_levels, right_manage_data_accesses_same_level, right_read_data_accesses_same_level, right_manage_data_accesses_inferior_levels, right_read_data_accesses_inferior_levels, right_read_patient_nominative, right_search_patient_with_ipp, right_read_patient_pseudo_anonymised, invalid_reason, right_read_logs, right_export_csv_nominative, right_export_csv_pseudo_anonymised, right_manage_export_csv, right_manage_review_export_csv, right_manage_review_transfer_jupyter, right_manage_transfer_jupyter, right_review_export_csv, right_review_transfer_jupyter, right_transfer_jupyter_nominative, right_transfer_jupyter_pseudo_anonymised, right_manage_env_unix_users, right_manage_env_user_links, right_read_env_unix_users) VALUES(0,'FULL_ADMIN','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t','t');
-- Access to admin profile
INSERT INTO accesses_access(role_id, perimeter_id, profile_id) VALUES(0, 0, 1);
- If you want to start using Cohort:
\c portail_dev
-- Nominative Data reading role
INSERT INTO accesses_role(id, name, right_edit_roles, right_add_users, right_edit_users, right_read_users, right_manage_admin_accesses_same_level, right_read_admin_accesses_same_level, right_manage_admin_accesses_inferior_levels, right_read_admin_accesses_inferior_levels, right_manage_data_accesses_same_level, right_read_data_accesses_same_level, right_manage_data_accesses_inferior_levels, right_read_data_accesses_inferior_levels, right_read_patient_nominative, right_search_patient_with_ipp, right_read_patient_pseudo_anonymised, invalid_reason, right_read_logs, right_export_csv_nominative, right_export_csv_pseudo_anonymised, right_manage_export_csv, right_manage_review_export_csv, right_manage_review_transfer_jupyter, right_manage_transfer_jupyter, right_review_export_csv, right_review_transfer_jupyter, right_transfer_jupyter_nominative, right_transfer_jupyter_pseudo_anonymised, right_manage_env_unix_users, right_manage_env_user_links, right_read_env_unix_users) VALUES(1,'Nominative Patient Reader','f','f','f','f','f','f','f','f','f','f','f','f','t','f','f','f','f','f','f','f','f','f','f','f','f','f','f','f','f','f');
-- Pseudo-anonymised Data reading role
INSERT INTO accesses_role(id, name, right_edit_roles, right_add_users, right_edit_users, right_read_users, right_manage_admin_accesses_same_level, right_read_admin_accesses_same_level, right_manage_admin_accesses_inferior_levels, right_read_admin_accesses_inferior_levels, right_manage_data_accesses_same_level, right_read_data_accesses_same_level, right_manage_data_accesses_inferior_levels, right_read_data_accesses_inferior_levels, right_read_patient_nominative, right_search_patient_with_ipp, right_read_patient_pseudo_anonymised, invalid_reason, right_read_logs, right_export_csv_nominative, right_export_csv_pseudo_anonymised, right_manage_export_csv, right_manage_review_export_csv, right_manage_review_transfer_jupyter, right_manage_transfer_jupyter, right_review_export_csv, right_review_transfer_jupyter, right_transfer_jupyter_nominative, right_transfer_jupyter_pseudo_anonymised, right_manage_env_unix_users, right_manage_env_user_links, right_read_env_unix_users) VALUES(2,'Pseudo-anonymised Patient Reader','f','f','f','f','f','f','f','f','f','f','f','f','f','f','t','f','f','f','f','f','f','f','f','f','f','f','f','f','f','f');
-- Access to NominativeDataReader for User 1 on Hospital1
INSERT INTO accesses_access(role_id, perimeter_id, profile_id) VALUES(1, 1, 1);
In the initial way to use this back-end server, authentication should be made using connection to APHP jwt server.
If you want to use it fully locally, update admin_cohort/AuthMiddleware.py
file.
Run the server to start making request via localhost:8000
:
source venv/bin/activate
python manage.py runserver
You can now go on website localhost:8000/docs/
for more details on the API.
How to explore data model into your POD
1 - Connection to your POD.
2 - launch the following command:
python3 manage.py shell
3 - import your data models:
from accesses.models import Access, Profile, Role
4 - you can start explore your data models: Exemple
allProfiles = Profile.objects.all()
firstProfil = allProfiles .first()
firstProfil.provider_id
Run: python manage.py test
Alexandre Martin, main developer - @alexandreMartinEcl - [email protected]
Julien Dubiel, project Owner - @j.du - [email protected]