Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Abi | add. privilege checks for endpoints #54

Merged
merged 3 commits into from
May 10, 2024
Merged

Abi | add. privilege checks for endpoints #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f6ec751
Abi | add. privilege checks for endpoints
abinaya-u May 8, 2024
f807448
Abi | add. privilege checks for endpoints
abinaya-u May 8, 2024
5b329a8
Merge branch 'Bahmni-IPD-master' into access-based-privilege
abinaya-u May 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 0 additions & 13 deletions api/src/main/java/org/openmrs/module/ipd/api/util/PrivilegeConstants.java
View file
Open in desktop

This file was deleted.

61 changes: 60 additions & 1 deletion api/src/main/resources/liquibase.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -467,5 +467,64 @@
'2024-04-11 19:00:00', 'MM/dd/yyyy HH:mm:ss', 86400, true, 1, NOW(), UUID());
</sql>
</changeSet>

<changeSet id="ipd-edit-medication-tasks" author="Bahmni">
<preConditions onFail="MARK_RAN">
<sqlCheck expectedResult="0">select count(*) from privilege where privilege = 'Edit Medication Tasks'</sqlCheck>
</preConditions>
<insert tableName="privilege">
<column name="privilege" value="Edit Medication Tasks"/>
<column name="description" value="Edit Medication Tasks description"/>
<column name="uuid" valueComputed="uuid()"/>
</insert>
</changeSet>
<changeSet id="ipd-delete-medication-tasks" author="Bahmni">
<preConditions onFail="MARK_RAN">
<sqlCheck expectedResult="0">select count(*) from privilege where privilege = 'Delete Medication Tasks'</sqlCheck>
</preConditions>
<insert tableName="privilege">
<column name="privilege" value="Delete Medication Tasks"/>
<column name="description" value="Delete Medication Tasks description"/>
<column name="uuid" valueComputed="uuid()"/>
</insert>
</changeSet>
<changeSet id="ipd-edit-adhoc-medication-tasks" author="Bahmni">
<preConditions onFail="MARK_RAN">
<sqlCheck expectedResult="0">select count(*) from privilege where privilege = 'Edit adhoc medication tasks'</sqlCheck>
</preConditions>
<insert tableName="privilege">
<column name="privilege" value="Edit adhoc medication tasks"/>
<column name="description" value="Edit adhoc medication tasks description"/>
<column name="uuid" valueComputed="uuid()"/>
</insert>
</changeSet>
<changeSet id="ipd-edit-medication-administration-tasks" author="Bahmni">
<preConditions onFail="MARK_RAN">
<sqlCheck expectedResult="0">select count(*) from privilege where privilege = 'Edit Medication Administration'</sqlCheck>
</preConditions>
<insert tableName="privilege">
<column name="privilege" value="Edit Medication Administration"/>
<column name="description" value="Edit Medication Administration description"/>
<column name="uuid" valueComputed="uuid()"/>
</insert>
</changeSet>
<changeSet id="ipd-get-medication-administration" author="Bahmni">
<preConditions onFail="MARK_RAN">
<sqlCheck expectedResult="0">select count(*) from privilege where privilege = 'Get Medication Administration'</sqlCheck>
</preConditions>
<insert tableName="privilege">
<column name="privilege" value="Get Medication Administration"/>
<column name="description" value="Get Medication Administration description"/>
<column name="uuid" valueComputed="uuid()"/>
</insert>
</changeSet>
<changeSet id="ipd-get-medication-tasks" author="Bahmni">
<preConditions onFail="MARK_RAN">
<sqlCheck expectedResult="0">select count(*) from privilege where privilege = 'Get Medication Tasks'</sqlCheck>
</preConditions>
<insert tableName="privilege">
<column name="privilege" value="Get Medication Tasks"/>
<column name="description" value="Get Medication Tasks description"/>
<column name="uuid" valueComputed="uuid()"/>
</insert>
</changeSet>
</databaseChangeLog>
11 changes: 9 additions & 2 deletions ...rc/main/java/org/openmrs/module/ipd/controller/IPDMedicationAdministrationController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@

import lombok.extern.slf4j.Slf4j;
import org.hl7.fhir.r4.model.MedicationAdministration;
import org.openmrs.api.context.Context;
import org.openmrs.module.fhir2.apiext.dao.FhirMedicationAdministrationDao;
import org.openmrs.module.ipd.api.service.SlotService;
import org.openmrs.module.ipd.contract.MedicationAdministrationRequest;
import org.openmrs.module.ipd.contract.MedicationAdministrationResponse;
import org.openmrs.module.ipd.factory.MedicationAdministrationFactory;
import org.openmrs.module.ipd.service.IPDMedicationAdministrationService;
import org.openmrs.module.ipd.util.PrivilegeConstants;
import org.openmrs.module.webservices.rest.web.RestConstants;
import org.openmrs.module.webservices.rest.web.RestUtil;
import org.openmrs.module.webservices.rest.web.v1_0.controller.BaseRestController;
Expand All @@ -19,8 +21,7 @@
import java.util.ArrayList;
import java.util.List;

import static org.springframework.http.HttpStatus.BAD_REQUEST;
import static org.springframework.http.HttpStatus.OK;
import static org.springframework.http.HttpStatus.*;

@Controller
@RequestMapping(value = "/rest/" + RestConstants.VERSION_1 + "/ipd")
Expand All @@ -43,6 +44,9 @@ public IPDMedicationAdministrationController(IPDMedicationAdministrationService
@ResponseBody
public ResponseEntity<Object> createScheduledMedicationAdministration(@RequestBody List<MedicationAdministrationRequest> medicationAdministrationRequestList) {
try {
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.EDIT_MEDICATION_ADMINISTRATION)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege " + PrivilegeConstants.EDIT_MEDICATION_ADMINISTRATION), FORBIDDEN);
}
List<MedicationAdministrationResponse> medicationAdministrationResponseList = new ArrayList<>();
for (MedicationAdministrationRequest medicationAdministrationRequest : medicationAdministrationRequestList) {
MedicationAdministration medicationAdministration = ipdMedicationAdministrationService.saveScheduledMedicationAdministration(medicationAdministrationRequest);
Expand All @@ -59,6 +63,9 @@ public ResponseEntity<Object> createScheduledMedicationAdministration(@RequestBo
@ResponseBody
public ResponseEntity<Object> createAdhocMedicationAdministration(@RequestBody MedicationAdministrationRequest medicationAdministrationRequest) {
try {
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.EDIT_ADHOC_MEDICATION_TASKS) || !Context.getUserContext().hasPrivilege(PrivilegeConstants.EDIT_MEDICATION_ADMINISTRATION)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege(s) " + PrivilegeConstants.EDIT_MEDICATION_TASKS + ", "+PrivilegeConstants.EDIT_MEDICATION_ADMINISTRATION), FORBIDDEN);
}
MedicationAdministration medicationAdministration = ipdMedicationAdministrationService.saveAdhocMedicationAdministration(medicationAdministrationRequest);
MedicationAdministrationResponse medicationAdministrationResponse = medicationAdministrationFactory.mapMedicationAdministrationToResponse(medicationAdministration);
return new ResponseEntity<>(medicationAdministrationResponse, OK);
Expand Down
17 changes: 17 additions & 0 deletions omod/src/main/java/org/openmrs/module/ipd/controller/IPDScheduleController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@

import com.google.common.collect.Lists;
import lombok.extern.slf4j.Slf4j;
import org.bahmni.module.bahmnicore.util.WebUtils;
import org.openmrs.Patient;
import org.openmrs.Visit;
import org.openmrs.api.PatientService;
import org.openmrs.api.VisitService;
import org.openmrs.api.context.Context;
import org.openmrs.module.ipd.api.model.Schedule;
import org.openmrs.module.ipd.api.model.ServiceType;
import org.openmrs.module.ipd.api.model.Slot;
Expand All @@ -18,10 +20,12 @@
import org.openmrs.module.ipd.contract.ScheduleMedicationResponse;
import org.openmrs.module.ipd.model.PatientMedicationSummary;
import org.openmrs.module.ipd.service.IPDScheduleService;
import org.openmrs.module.ipd.util.PrivilegeConstants;
import org.openmrs.module.webservices.rest.web.RestConstants;
import org.openmrs.module.webservices.rest.web.RestUtil;
import org.openmrs.module.webservices.rest.web.v1_0.controller.BaseRestController;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
Expand All @@ -36,6 +40,7 @@
import static org.openmrs.module.ipd.contract.MedicationScheduleResponse.createFrom;
import static org.springframework.http.HttpStatus.BAD_REQUEST;
import static org.springframework.http.HttpStatus.OK;
import static org.springframework.http.HttpStatus.FORBIDDEN;

@Controller
@RequestMapping(value = "/rest/" + RestConstants.VERSION_1 + "/ipd/schedule")
Expand All @@ -59,6 +64,9 @@ public IPDScheduleController(IPDScheduleService ipdScheduleService, VisitService
@ResponseBody
public ResponseEntity<Object> createMedicationSchedule(@RequestBody ScheduleMedicationRequest scheduleMedicationRequest) {
try {
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.EDIT_MEDICATION_TASKS)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege " + PrivilegeConstants.EDIT_MEDICATION_TASKS), FORBIDDEN);
}
Schedule schedule = ipdScheduleService.saveMedicationSchedule(scheduleMedicationRequest);
return new ResponseEntity<>(ScheduleMedicationResponse.constructFrom(schedule), OK);
} catch (Exception e) {
Expand All @@ -71,6 +79,9 @@ public ResponseEntity<Object> createMedicationSchedule(@RequestBody ScheduleMedi
@ResponseBody
public ResponseEntity<Object> updateMedicationSchedule(@RequestBody ScheduleMedicationRequest scheduleMedicationRequest) {
try {
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.EDIT_MEDICATION_TASKS)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege " + PrivilegeConstants.EDIT_MEDICATION_TASKS), FORBIDDEN);
}
Schedule schedule = ipdScheduleService.updateMedicationSchedule(scheduleMedicationRequest);
return new ResponseEntity<>(ScheduleMedicationResponse.constructFrom(schedule), OK);
} catch (Exception e) {
Expand All @@ -86,6 +97,9 @@ public ResponseEntity<Object> getMedicationSlotsByDate(@RequestParam(value = "pa
@RequestParam(value = "visitUuid",required = false) String visitUuid,
@RequestParam(value = "view", required = false) String view) {
try {
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.GET_MEDICATION_ADMINISTRATION) || !Context.getUserContext().hasPrivilege(PrivilegeConstants.GET_MEDICATION_TASKS)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege(s) " + PrivilegeConstants.EDIT_MEDICATION_TASKS+", "+PrivilegeConstants.GET_MEDICATION_TASKS), FORBIDDEN);
}
; if (startTime != null && endTime != null) {
LocalDateTime localStartDate = convertEpocUTCToLocalTimeZone(startTime);
LocalDateTime localEndDate = convertEpocUTCToLocalTimeZone(endTime);
Expand All @@ -108,6 +122,9 @@ public ResponseEntity<Object> getMedicationSlotsByOrderUuids(@RequestParam(value
@RequestParam(value = "serviceType", required = false) ServiceType serviceType,
@RequestParam(value = "orderUuids", required = false) List<String> orderUuids) {
try {
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.GET_MEDICATION_ADMINISTRATION) || !Context.getUserContext().hasPrivilege(PrivilegeConstants.GET_MEDICATION_TASKS)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege(s) " + PrivilegeConstants.EDIT_MEDICATION_TASKS+" "+PrivilegeConstants.GET_MEDICATION_TASKS), FORBIDDEN);
}
List<Slot> slots;
if (orderUuids == null || orderUuids.isEmpty()) {
slots =
Expand Down
29 changes: 19 additions & 10 deletions omod/src/main/java/org/openmrs/module/ipd/controller/IPDVisitController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,30 @@
package org.openmrs.module.ipd.controller;

import lombok.extern.slf4j.Slf4j;
import org.openmrs.api.context.Context;
import org.openmrs.module.ipd.api.model.ServiceType;
import org.openmrs.module.ipd.api.model.Slot;
import org.openmrs.module.ipd.contract.IPDDrugOrderResponse;
import org.openmrs.module.ipd.contract.IPDTreatmentsResponse;
import org.openmrs.module.ipd.contract.MedicationAdministrationResponse;
import org.openmrs.module.ipd.model.IPDDrugOrder;
import org.openmrs.module.ipd.service.IPDVisitService;
import org.openmrs.module.ipd.util.PrivilegeConstants;
import org.openmrs.module.webservices.rest.web.RestConstants;
import org.openmrs.module.webservices.rest.web.RestUtil;
import org.openmrs.module.webservices.rest.web.v1_0.controller.BaseRestController;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import java.text.ParseException;
import java.util.*;
import java.util.stream.Collectors;

import static org.springframework.http.HttpStatus.FORBIDDEN;
import static org.springframework.http.HttpStatus.OK;

@Controller
@RequestMapping(value = "/rest/" + RestConstants.VERSION_1 + "/ipdVisit/{visitUuid}")
@Slf4j
Expand All @@ -32,17 +39,19 @@ public IPDVisitController(IPDVisitService ipdVisitService) {

@RequestMapping(value = "/medication", method = RequestMethod.GET)
@ResponseBody
public IPDTreatmentsResponse getVisitWiseMedications (
public ResponseEntity<Object> getVisitWiseMedications (
@PathVariable("visitUuid") String visitUuid,
@RequestParam(value = "includes", required = false) List<String> includes) throws ParseException {

List<IPDDrugOrder> prescribedOrders = ipdVisitService.getPrescribedOrders(visitUuid, true, null, null, null, false);
List<IPDDrugOrderResponse> prescribedOrderResponse = prescribedOrders.stream().map(IPDDrugOrderResponse::createFrom).collect(Collectors.toList());
List<MedicationAdministrationResponse> emergencyMedications = null;
if (includes != null && includes.contains("emergencyMedications")) {
List<Slot> emergencyMedicationSlots = ipdVisitService.getMedicationSlots(visitUuid, ServiceType.EMERGENCY_MEDICATION_REQUEST);
emergencyMedications = emergencyMedicationSlots.stream().map(slot -> MedicationAdministrationResponse.createFrom(slot.getMedicationAdministration())).collect(Collectors.toList());
}
return IPDTreatmentsResponse.createFrom(prescribedOrderResponse, emergencyMedications);
if (!Context.getUserContext().hasPrivilege(PrivilegeConstants.GET_MEDICATION_ADMINISTRATION) || !Context.getUserContext().hasPrivilege(PrivilegeConstants.GET_MEDICATION_TASKS)) {
return new ResponseEntity<>(RestUtil.wrapErrorResponse(new Exception(), "User doesn't have the following privilege(s) " + PrivilegeConstants.EDIT_MEDICATION_TASKS + ", " + PrivilegeConstants.GET_MEDICATION_TASKS), FORBIDDEN);
}
List<IPDDrugOrder> prescribedOrders = ipdVisitService.getPrescribedOrders(visitUuid, true, null, null, null, false);
List<IPDDrugOrderResponse> prescribedOrderResponse = prescribedOrders.stream().map(IPDDrugOrderResponse::createFrom).collect(Collectors.toList());
List<MedicationAdministrationResponse> emergencyMedications = null;
if (includes != null && includes.contains("emergencyMedications")) {
List<Slot> emergencyMedicationSlots = ipdVisitService.getMedicationSlots(visitUuid, ServiceType.EMERGENCY_MEDICATION_REQUEST);
emergencyMedications = emergencyMedicationSlots.stream().map(slot -> MedicationAdministrationResponse.createFrom(slot.getMedicationAdministration())).collect(Collectors.toList());
}
return new ResponseEntity(IPDTreatmentsResponse.createFrom(prescribedOrderResponse, emergencyMedications), OK);
}
}
19 changes: 19 additions & 0 deletions omod/src/main/java/org/openmrs/module/ipd/util/PrivilegeConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package org.openmrs.module.ipd.util;

import org.openmrs.annotation.AddOnStartup;

public class PrivilegeConstants {

@AddOnStartup(description = "Edit Medication Tasks description")
public static final String EDIT_MEDICATION_TASKS = "Edit Medication Tasks";
@AddOnStartup(description = "Delete Medication Tasks description")
public static final String DELETE_MEDICATION_TASKS = "Delete Medication Tasks";
@AddOnStartup(description = "Edit adhoc medication tasks description")
public static final String EDIT_ADHOC_MEDICATION_TASKS = "Edit adhoc medication tasks";
@AddOnStartup(description = "Edit Medication Administration description")
public static final String EDIT_MEDICATION_ADMINISTRATION = "Edit Medication Administration";
@AddOnStartup(description = "Get Medication Administration description")
public static final String GET_MEDICATION_ADMINISTRATION = "Get Medication Administration";
@AddOnStartup(description = "Get Medication Tasks description")
public static final String GET_MEDICATION_TASKS = "Get Medication Tasks";
}
Loading