v2.1.0 (work in progress) #3122
Draft
+4,757
−3,843
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a new controller that handles the logic related to setting the default batch for a particular session so it's clearer what the controller does and its responsibilities.
From the batch we can get the programme and allow us to set today's batch per programme to support vaccinating multiple programmes.
When choosing a default batch for today's sessions, we need to store the batch per programme as it's possible nurses will be administering multiple programmes in one day.
This reverts commit 65c5b33.
The back link wasn't working correctly, it was taking the user to the `consent` question rather than taking the user to the last step in the wizard flow. There's also the potential for the previous question to have been a health question, in which case we need to take the user to the correct one.
This change has no effect on the functionality because we already use the local time zone when generating the value for `performed_at`, however this ensures that the tests pass when running the service in a time zone outside of `Europe/London`.
These margins don't exist in the prototype so we don't need them in the live service. If we do need a margin on the captions then we should apply it across the service rather than on an individual basis to ensure consistency.
These margins don't exist in the designs on the prototype so we can remove them from the service. If we do need a margin on the buttons then we should apply it across the service rather than on an individual basis to ensure consistency.
This switches all usage of the `recipient_deterministic` column to the `recipient` column that has been replaced and configured with deterministic encryption. This follows on from #2900 which added the `recipient` column.
When choosing a default batch for today's sessions, we need to store the batch per programme as it's possible nurses will be administering multiple programmes in one day.
The back link wasn't working correctly, it was taking the user to the `consent` question rather than taking the user to the last step in the wizard flow. There's also the potential for the previous question to have been a health question, in which case we need to take the user to the correct one.
These margins don't exist in the prototype so we don't need them in the live service. If we do need a margin on the captions and submit buttons then we should apply it across the service rather than on an individual basis to ensure consistency.
This change has no effect on the functionality because we already use the local time zone when generating the value for `performed_at`, however this ensures that the tests pass when running the service in a time zone outside of `Europe/London`.
This is the first part of updating the design of the patient table to match the latest designs in the prototype. In this commit, the filters on the table are moved to the left and rendered in a feature card. On the right the table is mostly the same, but will eventually be replaced with a list of cards.
This will have been run after the 2.0 deploy so it can be safely removed.
This is the first part of updating the design of the patient table to match the latest designs in the prototype. In this commit, the filters on the table are moved to the left and rendered in a feature card. On the right the table is mostly the same, but will eventually be replaced with a list of cards. ## Screenshot <img width="1139" alt="Screenshot 2025-03-02 at 17 27 07" src="https://github.com/user-attachments/assets/30531120-4fe4-4b7c-adb1-c34f05624337" />
This is in scope for the 2.1 release so we can now remove this feature flag.
Bumps the bundler group with 1 update: [cgi](https://github.com/ruby/cgi). Updates `cgi` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/ruby/cgi/releases) - [Commits](ruby/cgi@v0.4.1...v0.4.2) --- updated-dependencies: - dependency-name: cgi dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@hotwired/turbo-rails](https://github.com/hotwired/turbo-rails) from 8.0.12 to 8.0.13. - [Release notes](https://github.com/hotwired/turbo-rails/releases) - [Commits](https://github.com/hotwired/turbo-rails/commits) --- updated-dependencies: - dependency-name: "@hotwired/turbo-rails" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [sass](https://github.com/sass/dart-sass) from 1.85.0 to 1.85.1. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.85.0...1.85.1) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
This changes how the list of patients in the triage tab is filtered to only display patients that need triage, or have been triaged already. Patients that don't need triage are available immediately in the register tab. This also changes how the list of patients in the register tab is filtered to only display patients that are ready to be vaccinated, specifically they've got consent and either don't need triage or have been triaged. I will add some feature tests in a follow up PR that covers the entire flow, once the record and outcome tabs are in place.
This adds a new class that encapsulates all the logic related to patient session vaccination outcome and statuses. This class deals with only vaccination records that were performed in the session, and not historical vaccination records from previously, as it introduces a new concept of a session outcome compared to a programme outcome. This follows a similar approach that was added in db31a0b.
This updates the `SearchForm` and various associated classes to allow filtering patients and patient sessions by record (vaccination) status.
This no longer features in the designs and there's isn't a suitable place for it. I've taken this feature out in this commit so we can bring it back later if we need to.
This updates the design of the session record page to match the latest designs in the prototype, where a single tab for vaccinations are shown and the nurses are able to filter the patients by vaccination status and see the value per programme.
This removes unused code related to session tabs that are no longer used.
This allows users to change the default batch for a particular session/programme by showing a banner at the top of the "Record" tab.
The record tab in a session is specific to a particular session date, whereas the outcome tab can be used to see the overall status of a patient.
This adds a new class that encapsulates all the logic related to patient session programme vaccination outcome and statuses. This follows a similar approach that was added in db31a0b.
This updates the `SearchForm` and various associated classes to allow filtering patients and patient sessions by outcome (vaccination) status.
This updates the design of the session outcome page to match the latest designs in the prototype, where a single tab for vaccinations are shown and the nurses are able to filter the patients by vaccination status and see the value per programme.
This simplifies how the routing works for patient sessions by removing the unused section and tab parameters now that these have been combined in to tabs on the session page.
This updates the sessions table that's shown on the patient page to include the programmes, and ensure that we're deep linking to the patient in the sessions.
And replace it with the patient session outcome classes that were added to build the new session tabs. The stats were only used in one place and this change should ensure the numbers are consistent across the session.
This shows the programmes for the current session at the top of each page when navigating through the session tabs.
This updates the design of this component to match the latest designs in the prototype where only the school URN, address and consent form links are shown.
This changes the colour to blue to match the designs in the prototype.
This adds a component that renders a summary list contains the details of a session that is used on the session overview tab.
This adds a new component that renders a summary list of actions that the nurses can take in the current session.
This updates the design of the session overview tab to match the latest designs in the prototype. The main change is that a card is added that contains statistics across the session using the various outcome classes.
This updates the design of the session record page to match the latest designs in the prototype, where a single tab for vaccinations are shown and the nurses are able to filter the patients by vaccination status and see the value per programme. ## Screenshots <img width="1152" alt="Screenshot 2025-03-04 at 19 07 47" src="https://github.com/user-attachments/assets/cf9126c2-9496-413f-be4e-9945424e3ef3" /> <img width="1149" alt="Screenshot 2025-03-04 at 19 07 56" src="https://github.com/user-attachments/assets/3755a335-a8bd-4595-bfb6-3608f15b0e36" /> 
This updates the design of the session outcome page to match the latest designs in the prototype, where a single tab for vaccinations are shown and the nurses are able to filter the patients by vaccination status and see the value per programme. ## Screenshots <img width="1159" alt="Screenshot 2025-03-05 at 07 25 49" src="https://github.com/user-attachments/assets/3f45ce80-62cd-49ff-90e4-04279575dd85" /> <img width="1153" alt="Screenshot 2025-03-05 at 07 26 01" src="https://github.com/user-attachments/assets/838593bf-b0dd-418c-9bf9-64c0fe400396" />
This simplifies how the routing works for patient sessions to remove the `section` and `tab` parameters now that those pages no longer exist. It also fixes the design of the table of sessions shown on the patient page and fixes the links to deep link to the session for the patient with the right programme. ## Screenshots <img width="758" alt="Screenshot 2025-03-04 at 22 14 44" src="https://github.com/user-attachments/assets/0cb17053-9214-4146-840a-a13de232887a" />
This updates the design of the session overview tab to match the latest designs in the prototype. The main change is that a card is added that contains statistics across the session using the various outcome classes. ## Screenshot 
|
Please retry analysis of this Pull-Request directly on SonarQube Cloud |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @tab = params[:tab] | ||
| def set_back_link_path | ||
| context = params[:return_to] | ||
| context_path = try(:"session_#{context}_path") |
Check failure
Code scanning / CodeQL
Code injection Critical
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 minutes ago
To fix the problem, we need to ensure that the user input used to construct the method name is sanitized and validated against a list of allowed values. This will prevent arbitrary method execution based on user input. We can achieve this by defining a whitelist of allowed contexts and checking the user input against this list before constructing the method name.
- Define a list of allowed contexts.
- Validate the
params[:return_to]value against this list. - Only construct the method name if the value is valid; otherwise, use a default or fallback value.
Suggested changeset
1
app/controllers/patient_sessions_controller.rb
| @@ -89,4 +89,9 @@ | ||
| def set_back_link_path | ||
| allowed_contexts = %w[overview details edit] | ||
| context = params[:return_to] | ||
| context_path = try(:"session_#{context}_path") | ||
| if allowed_contexts.include?(context) | ||
| context_path = try(:"session_#{context}_path") | ||
| else | ||
| context_path = nil | ||
| end | ||
| @back_link_path = context_path || session_outcome_path |
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.