Update api/routes/patients.py

api/routes/patients.py

@@ -8,7 +8,7 @@ from datetime import datetime
 from bson import ObjectId
 from bson.errors import InvalidId
 from typing import Optional, List, Dict
-from pymongo import UpdateOne
+from pymongo import UpdateOne, DeleteOne
 from pymongo.errors import BulkWriteError
 import json
 from pathlib import Path
@@ -115,6 +115,78 @@ async def create_patient(
             detail=f"Failed to create patient: {str(e)}"
         )
 
+@router.delete("/patients/{patient_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_patient(
+    patient_id: str,
+    current_user: dict = Depends(get_current_user)
+):
+    """Delete a patient from the database"""
+    logger.info(f"Deleting patient {patient_id} by user {current_user.get('email')}")
+    
+    if current_user.get('role') not in ['admin']:
+        logger.warning(f"Unauthorized delete attempt by {current_user.get('email')}")
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Only administrators can delete patients"
+        )
+    
+    try:
+        # First check if patient exists
+        patient = await patients_collection.find_one({
+            "$or": [
+                {"_id": ObjectId(patient_id)},
+                {"fhir_id": patient_id}
+            ]
+        })
+        
+        if not patient:
+            logger.warning(f"Patient not found for deletion: {patient_id}")
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="Patient not found"
+            )
+        
+        # Prevent deletion of Synthea-generated patients
+        if patient.get('source') == 'synthea':
+            logger.warning(f"Attempt to delete Synthea patient: {patient_id}")
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Cannot delete Synthea-generated patients"
+            )
+        
+        # Perform deletion
+        result = await patients_collection.delete_one({
+            "$or": [
+                {"_id": ObjectId(patient_id)},
+                {"fhir_id": patient_id}
+            ]
+        })
+        
+        if result.deleted_count == 0:
+            logger.error(f"Failed to delete patient {patient_id}")
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail="Failed to delete patient"
+            )
+        
+        logger.info(f"Successfully deleted patient {patient_id}")
+        return None
+        
+    except ValueError as ve:
+        logger.error(f"Invalid patient ID format: {patient_id}, error: {str(ve)}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid patient ID format"
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Failed to delete patient {patient_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to delete patient: {str(e)}"
+        )
+
 async def process_synthea_patient(bundle: dict, file_path: str) -> Optional[dict]:
     logger.debug(f"Processing patient from file: {file_path}")
     patient_data = {}
@@ -367,7 +439,7 @@ async def list_patients(
     skip: int = Query(0, ge=0)
 ):
     logger.info(f"Listing patients with search: {search}, limit: {limit}, skip: {skip}")
-    query = {}
+    query = {}  # Removed the default "source": "synthea" filter
     
     if search:
         query["$or"] = [
@@ -392,7 +464,7 @@ async def list_patients(
         "medications": 1,
         "encounters": 1,
         "notes": 1,
-        "source": 1
+        "source": 1  # Added source to projection
     }
     
     try:
@@ -551,55 +623,5 @@ async def add_note(
             detail=f"Failed to add note: {str(e)}"
         )
 
-@router.delete("/patients/{patient_id}", status_code=status.HTTP_200_OK)
-async def delete_patient(
-    patient_id: str,
-    current_user: dict = Depends(get_current_user)
-):
-    """Delete a patient from the database"""
-    logger.info(f"Attempting to delete patient {patient_id} by user {current_user.get('email')}")
-    
-    if current_user.get('role') not in ['admin', 'doctor']:
-        logger.warning(f"Unauthorized delete attempt by {current_user.get('email')}")
-        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Only administrators and doctors can delete patients"
-        )
-    
-    try:
-        # Attempt to delete patient by either _id or fhir_id
-        result = await patients_collection.delete_one({
-            "$or": [
-                {"_id": ObjectId(patient_id)},
-                {"fhir_id": patient_id}
-            ]
-        })
-        
-        if result.deleted_count == 0:
-            logger.warning(f"Patient not found for deletion: {patient_id}")
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail="Patient not found"
-            )
-        
-        logger.info(f"Successfully deleted patient {patient_id}")
-        return {
-            "status": "success",
-            "message": f"Patient {patient_id} deleted successfully"
-        }
-        
-    except ValueError as ve:
-        logger.error(f"Invalid patient ID format: {patient_id}, error: {str(ve)}")
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Invalid patient ID format"
-        )
-    except Exception as e:
-        logger.error(f"Failed to delete patient {patient_id}: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Failed to delete patient: {str(e)}"
-        )
-
 # Export the router as 'patients' for api.__init__.py
 patients = router