Adding more location restrictions to the OpenMRS Services — Location Based Access Control
Week 12 [July 31, 2018 — Aug 06, 2018]
Now the time to add more locations restrictions to the OpenMRS services and Metadata. OpenMRS Service methods are directly accessing the data access object(DAO) to get from the database. So I wanted to add the location restrictions to the following service's methods as the first step,
- PatientService Methods — Contains methods to get/set the Patient and the related information
- Person Service Methods — Contains methods to get/set the Person and the related information
- User Service Methods — Contains methods to get/set the User and the related information
- Encounter Service Methods — Contains methods to get/set the Encounters and the related information
These are the tickets related to the task which I have worked on the last week,
[LBAC-14] Add restrictions to the PersonService methods to restrict them by the locations - OpenMRS…
Need to add an AOP Advise for those methods to restrict by the locations.
[LBAC-15] Add restrictions to the UserService methods to restrict them by the location - OpenMRS…
Location Based access control method should add the restrictions to these following methods from the UserService class…
[LBAC-16] Failed to restrict the encounters of the patients from other locations - OpenMRS Issues
When search for the encounters, the list contains the encounters of the patients who belong to other locations. It…
After that, I wanted to work with other OpenMRS components to verify those are working along with the location restrictions.
- OpenMRS Cohort Builder
- OpenMRS Reporting Module
- OpenMRS Data Export
OpenMRS Cohort builder failed to address the location restrictions since it’s used an own service to access the DAO to get the patient information. So I wanted to add the fixes to reporting-compatibility module to work along with the location restrictions (And it’s should not depend on each other modules). After adding the fix, I can see the Cohort builder is working with the locations restrictions.
Data Export feature uses the reporting-compatibility module to export the data. Since we added the fix to the reporting-compatibility module for the Cohorts, Data Export also addressed the location restrictions.
[RCM-109] Need to add patient verification to return Cohorts objects for the serviceMethods …
In reporting compatibility module used the org.openmrs.cohort.Cohort class instead of org.openmrs.Cohort class. So…
Reporting module fetches the data directly from the database through the SQL queries. So We can’t add any locations based restrictions to those methods since we haven’t any query based restrictions methods. So we skip this part for the initial release and decided to address this issue in the next release as the main target.
Status of the Project Road Map
This is the last week of the Google Summer of Code, the project roadmap including the objectives and extra credits are given below with the status.
- COMPLETED : Assign users to locations on registration (LBAC-2)
- COMPLETED : Assign patients to locations on registration (LBAC-3)
- COMPLETED : During the encounter, observation, and patient searches, return only those in the logged in location (LBAC-8, LBAC-9, LBAC-14,LBAC-15, LBAC-16)
- COMPLETED : Ability to move patients from one location to another by an administrator (LBAC-5, LBAC-11)
- COMPLETED : Ability to assign locations to already existing patients (LBAC-5)
- COMPLETED : Ability to assign locations to already existing users (LBAC-2)
- COMPLETED : Login screen should not require users to select locations because, on login, you know the location to which a user belongs. (LBAC-13)
- COMPLETED : When reports and other tools are run by a user in a certain location, they should include only those patients registered in the logged in location (LBAC-8, LBAC-9, LBAC-14,LBAC-15, LBAC-16)
- COMPLETED : REST calls while in a certain location should return only those results in the logged in location (LBAC-8, LBAC-9, LBAC-14,LBAC-15, LBAC-16)
Now the time to release the 0.1-beta version of the module … :-)