[ADD] website_portal_medical_insurance: Insurance Portal

[lasley]

No description provided.

[codecov-io]

Codecov Report

Merging #233 into release/10.0 will decrease coverage by 4.63%.
The diff coverage is 58.26%.

@@               Coverage Diff                @@
##           release/10.0     #233      +/-   ##
================================================
- Coverage         88.01%   83.37%   -4.64%     
================================================
  Files               124      128       +4     
  Lines              2328     2328              
================================================
- Hits               2049     1941     -108     
- Misses              279      387     +108

Impacted Files	Coverage Δ
...ical_insurance_us/models/medical_insurance_plan.py	100% <100%> (ø)
...site_portal_medical_insurance_us/models/website.py	100% <100%> (ø)
...cal_insurance_us/models/website_config_settings.py	100% <100%> (ø)
...l_insurance_us/models/medical_insurance_company.py	100% <100%> (ø)
...te_portal_medical_insurance_us/controllers/main.py	33.33% <33.33%> (ø)
...nce_us/wizards/website_medical_insurance_wizard.py	44.82% <44.82%> (ø)
website_portal_medical/hooks.py	83.33% <71.42%> (ø)	⬆️
website_portal_medical_patient/controllers/main.py	28.57% <0%> (-68.1%)	⬇️
...edical_prescription_order_line/controllers/main.py	43.75% <0%> (-56.25%)	⬇️
...portal_medical_patient_species/controllers/main.py	50% <0%> (-50%)	⬇️
... and 18 more

[woodbrettm]

@lasley for this method. When the user wants to create a new insurance plan, the 'ADD' link will pass in /medical/insurance/plans/0. Which will show a 404 page.

Before, you instead had the <int:id> or something like that instead of the <model.... in the url. With your version we could browse and get an empty record and the form would display. When using <model . . . I don't think that's possible as it seems I get a 404 before the method logic even runs. I think awhile ago you were mentioning <model ... does validations to ensure the record exists.

With that in mind, to stay consistent, should we:

• Have all urls use the <int:id> to account for creating new recs instead of <model... or have something like:
• /medical/insurance/plans/new for creating new recs. That way the logic for showing forms for existing records and for showing a form to create a new one are separated.

[woodbrettm]

Ah dang sorry it doesn't show the method's url in preview. The URL for this method is:

    @http.route(
        ['/medical/insurance/plans/<model("medical.insurance.plan"):plan>'],
        type='http',
        auth='user',
        website=True,
        methods=['GET'],
    )
    def insurance_plan_show(self, plan=None, redirect=None, **kwargs):

[lasley]

No need for a /new, just listen on /medical/insurance/plans for POST & act on that instead?

[lasley]

Also it should all be singular /plan not plans. My bad there

[woodbrettm]

ah I see. Those should be modelled after the model name, not pluralized. I had changed to plans to stay consistent with patients. I'll need to edit the patient portals then too back to patient and not patients.

For the case of POST though, that's covered by your website_form method in website_portal_medical.

Perhaps I'm misunderstanding, but what I'm trying to get at is let's say the user is at /medical/insurance/plan, displaying all the plans. There is a link on that page that says ADD with an href to /medical/insurance/plan/0. This is to display a form to create a new plan.

Your code is as follows (at the bottom), which allows the rendering of the view even if no record exists. This allows for the display of a form when a user wants to create a new plan.

However if I change to ['/medical/insurance/plan/<model("medical.insurance.plan"):plan>'], I get a 404.

So I'm just trying to figure out what would be the best way to display a form for a record that does not exist in the database yet.

Should we have a /medical/insurance/plan/new uri specified as GET? Or should the logic be as what you have done?

Or perhaps what you specified in your comment using post. That doesn't really make sense to me to use post though.

    @http.route(
        ['/medical/insurance/plan/<int:plan_id>'],
        type='http',
        auth='user',
        website=True,
        methods=['GET'],
    )
    def insurance_plan_show(self, plan_id=None, redirect=None, **kwargs):
        values = {
            'error': {},
            'error_message': [],
            'success_page': kwargs.get('success_page', '/my/medical')
        }
        Plans = http.request.env['medical.insurance.plan']
        if plan_id:
            plan = Plans.browse(plan_id)
        else:
            plan = Plans.browse()
        values.update({
            'insurance_plan': plan and plan.sudo(),
        })
        return request.render(
            'website_portal_medical_insurance_us.insurance_plan', values,
        )

[woodbrettm]

Reason I'm asking is that medical patient portal is following what I have done, using model in the uri.

Upon looking here, it made me realize you can't create a patient from the frontend. So just wanted to confirm to either change to what you are doing for insurance plans, or if another idea is better.

[lasley]

/plans would display all plans, /plan/x would would display plan ID x. /plan should display a blank form. We should align this everywhere

[woodbrettm]

Awesome that clears things up. Sorry for the long comments : \

[woodbrettm]

@lasley I'm having some issues with this security rule, causing Travis to fail.
https://travis-ci.org/LasLabs/vertical-medical/jobs/274413214#L2432

The code generating the plans for the view is here

[woodbrettm]

Seems like create_uid is causing the problem.

[lasley]

Why .sudo() here and here.

It's going to be with the sudo, although usually the issue is on the create. I don't see the create though, so I assume it's happening in website_form, which gives good permissions.

[woodbrettm]

hmm. Well that was another issue. There were security errors when accessing patient, on product.uom.categ in the wizard on those exact lines. I noticed you used sudo in other parts of the file so figured that might work.

Could just be moving the poop train further down the line so I guess I'll re-look at them.

[lasley]

Did you create the test company with the same user you are testing with?

[lasley]

Or mark it as verified?

[woodbrettm]

Alright so I fixed the issue with the product.uom.categ error (at least locally).

Interestingly, after disabling all the security rules other than the access rules, the issue for accessing the medical plans still persists.

create a new plan as portal user then navigate back to the plans view. Following error happening. The interesting thing is that you clearly have a portal access rule for medical.insurance.company.

Runbot and travis may tell another story once done but this is what I'm getting locally.

Traceback (most recent call last):
  File "/opt/odoo/addons/website/models/ir_http.py", line 265, in _handle_exception
    response = super(Http, cls)._handle_exception(exception)
  File "/opt/odoo/odoo/addons/base/ir/ir_http.py", line 169, in _handle_exception
    return request._handle_exception(exception)
  File "/opt/odoo/odoo/http.py", line 766, in _handle_exception
    return super(HttpRequest, self)._handle_exception(exception)
  File "/opt/odoo/odoo/addons/base/ir/ir_http.py", line 195, in _dispatch
    result = request.dispatch()
  File "/opt/odoo/odoo/http.py", line 825, in dispatch
    r = self._call_function(**self.params)
  File "/opt/odoo/odoo/http.py", line 331, in _call_function
    return checked_call(self.db, *args, **kwargs)
  File "/opt/odoo/odoo/service/model.py", line 119, in wrapper
    return f(dbname, *args, **kwargs)
  File "/opt/odoo/odoo/http.py", line 327, in checked_call
    result.flatten()
  File "/opt/odoo/odoo/http.py", line 1257, in flatten
    self.response.append(self.render())
  File "/opt/odoo/odoo/http.py", line 1250, in render
    return env["ir.ui.view"].render_template(self.template, self.qcontext)
  File "/opt/odoo/odoo/addons/base/ir/ir_ui_view.py", line 1029, in render_template
    return self.browse(self.get_view_id(template)).render(values, engine)
  File "/opt/odoo/addons/website/models/ir_ui_view.py", line 110, in render
    return super(View, self).render(values, engine=engine)
  File "/opt/odoo/addons/web_editor/models/ir_ui_view.py", line 26, in render
    return super(IrUiView, self).render(values=values, engine=engine)
  File "/opt/odoo/odoo/addons/base/ir/ir_ui_view.py", line 1049, in render
    return self.env[engine].render(self.id, qcontext)
  File "/opt/odoo/odoo/addons/base/ir/ir_qweb/ir_qweb.py", line 53, in render
    return super(IrQWeb, self).render(id_or_xml_id, values=values, **context)
  File "/opt/odoo/odoo/addons/base/ir/ir_qweb/qweb.py", line 248, in render
    self.compile(template, options)(self, body.append, values or {})
  File "/opt/odoo/odoo/addons/base/ir/ir_qweb/qweb.py", line 322, in _compiled_fn
    raise QWebException("Error to render compiling AST", e, path, node and etree.tostring(node[0]), name)
QWebException: (u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: medical.insurance.company, Operation: read)', None)
Traceback (most recent call last):
  File "/opt/odoo/odoo/addons/base/ir/ir_qweb/qweb.py", line 315, in _compiled_fn
    return compiled(self, append, values, options, log)
  File "<template>", line 1, in template_website_portal_medical_insurance_us_insurances_1075
  File "<template>", line 3, in body_call_content_1074
  File "<template>", line 15, in foreach_1073
  File "/opt/odoo/odoo/addons/base/ir/ir_qweb/ir_qweb.py", line 261, in _get_field
    content = converter.record_to_html(record, field_name, field_options)
  File "/opt/odoo/odoo/addons/base/ir/ir_qweb/fields.py", line 100, in record_to_html
    value = record[field_name]
  File "/opt/odoo/odoo/models.py", line 5177, in __getitem__
    return self._fields[key].__get__(self, type(self))
  File "/opt/odoo/odoo/fields.py", line 871, in __get__
    value = record._cache[self]
  File "/opt/odoo/odoo/models.py", line 5526, in __getitem__
    return value.get() if isinstance(value, SpecialValue) else value
  File "/opt/odoo/odoo/fields.py", line 48, in get
    raise self.exception
AccessError: (u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: medical.insurance.company, Operation: read)', None)

Error to render compiling AST
AccessError: (u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: medical.insurance.company, Operation: read)', None)
Template: website_portal_medical_insurance_us.insurances
Path: /templates/t/t/t[2]/div/t/div/div/div[2]/div[1]/div
Node: <div class="h5" t-field="plan.insurance_company_id.name"/>

[woodbrettm]

Dang yeah travis is showing the same thing.

[woodbrettm]

set to /medical/insurance/plans

[woodbrettm]

@lasley this is a little weird haha. So I commented out the domain force rules in the manifest and only have these access records. What I don't get is that after creating a plan as portal user with the insurance company field populated, it's showing access errors when showing /medical/insurance/plans after that.

Yet we clearly have access granted to the portal user for medical.insurance.company. in the csv file.

Error to render compiling AST
AccessError: (u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: medical.insurance.company, Operation: read)', None)
Template: website_portal_medical_insurance_us.insurances
Path: /templates/t/t/t[2]/div/t/div/div/div[2]/div[1]/div
Node: <div class="h5" t-field="plan.insurance_company_id.name"/>

[lasley]

Insurance companies inherit from abstract entity, which delegate inherits from partner. Try adding a domain_force to allow the showing of partners when create_uid == user.id

[woodbrettm]

Should be insurance plans

[woodbrettm]

• Depends [10.0][FIX] Portal Patient URIs #243

[lasley]

Oops this one I can clear up (DMCA) because it's on our end