Skip to content

Commit

Permalink
O3-3002: Queue Module - REST endpoints can be accessed without authen…
Browse files Browse the repository at this point in the history
…tication.
  • Loading branch information
IamMujuziMoses committed Mar 31, 2024
1 parent 21c98ae commit 8791272
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,25 @@
import org.openmrs.Location;
import org.openmrs.Visit;
import org.openmrs.VisitAttributeType;
import org.openmrs.annotation.Authorized;
import org.openmrs.api.APIException;
import org.openmrs.api.OpenmrsService;
import org.openmrs.module.queue.api.search.QueueEntrySearchCriteria;
import org.openmrs.module.queue.api.sort.SortWeightGenerator;
import org.openmrs.module.queue.model.Queue;
import org.openmrs.module.queue.model.QueueEntry;
import org.openmrs.module.queue.model.QueueEntryTransition;
import org.openmrs.module.queue.utils.PrivilegeConstants;

public interface QueueEntryService {
public interface QueueEntryService extends OpenmrsService {

/**
* Gets a queue entry given uuid.
*
* @param uuid uuid of the queue entry to be returned.
* @return {@link org.openmrs.module.queue.model.QueueEntry}
*/
@Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES })
Optional<QueueEntry> getQueueEntryByUuid(@NotNull String uuid);

/**
Expand All @@ -40,6 +44,7 @@ public interface QueueEntryService {
* @param id queueEntryId - the id of the queue entry to retrieve.
* @return {@link org.openmrs.module.queue.model.QueueEntry}
*/
@Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES })
Optional<QueueEntry> getQueueEntryById(@NotNull Integer id);

/**
Expand All @@ -48,6 +53,7 @@ public interface QueueEntryService {
* @param queueEntry the queue entry to be saved
* @return saved {@link org.openmrs.module.queue.model.QueueEntry}
*/
@Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES })
QueueEntry saveQueueEntry(@NotNull QueueEntry queueEntry);

/**
Expand Down Expand Up @@ -77,6 +83,7 @@ public interface QueueEntryService {
* @param queueEntry the queue entry to be voided
* @param voidReason the reason for voiding the queue entry
*/
@Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES })
void voidQueueEntry(@NotNull QueueEntry queueEntry, String voidReason);

/**
Expand All @@ -85,11 +92,13 @@ public interface QueueEntryService {
* @param queueEntry queue entry to be deleted
* @throws org.openmrs.api.APIException
*/
@Authorized({ PrivilegeConstants.PURGE_QUEUE_ENTRIES })
void purgeQueueEntry(@NotNull QueueEntry queueEntry) throws APIException;

/**
* @return {@link List} of queue entries that match the given %{@link QueueEntrySearchCriteria}
*/
@Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES })
List<QueueEntry> getQueueEntries(@NotNull QueueEntrySearchCriteria searchCriteria);

/**
Expand Down
12 changes: 11 additions & 1 deletion api/src/main/java/org/openmrs/module/queue/api/QueueService.java
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,25 @@
import java.util.List;
import java.util.Optional;

import org.openmrs.annotation.Authorized;
import org.openmrs.api.APIException;
import org.openmrs.api.OpenmrsService;
import org.openmrs.module.queue.api.search.QueueSearchCriteria;
import org.openmrs.module.queue.model.Queue;
import org.openmrs.module.queue.utils.PrivilegeConstants;

/**
* This interface defines methods for Queue objects
*/
public interface QueueService {
public interface QueueService extends OpenmrsService {

/**
* Gets a queue given UUID.
*
* @param uuid uuid of the queue to be returned.
* @return {@link org.openmrs.module.queue.model.Queue}
*/
@Authorized({ PrivilegeConstants.GET_QUEUES })
Optional<Queue> getQueueByUuid(@NotNull String uuid);

/**
Expand All @@ -37,6 +41,7 @@ public interface QueueService {
* @param id queueId - the id of the queue to retrieve.
* @return {@link org.openmrs.module.queue.model.Queue}
*/
@Authorized({ PrivilegeConstants.GET_QUEUES })
Optional<Queue> getQueueById(@NotNull Integer id);

/**
Expand All @@ -53,16 +58,19 @@ public interface QueueService {
* @param queue the queue to be saved
* @return saved {@link org.openmrs.module.queue.model.Queue}
*/
@Authorized({ PrivilegeConstants.ADD_QUEUES, PrivilegeConstants.EDIT_QUEUES })
Queue saveQueue(@NotNull Queue queue);

/**
* @return all queues
*/
@Authorized({ PrivilegeConstants.GET_QUEUES })
List<Queue> getAllQueues();

/**
* @return {@link List} of queues that match the given %{@link QueueSearchCriteria}
*/
@Authorized({ PrivilegeConstants.GET_QUEUES })
List<Queue> getQueues(@NotNull QueueSearchCriteria searchCriteria);

/**
Expand All @@ -71,6 +79,7 @@ public interface QueueService {
* @param queue the queue to retire
* @param retireReason the reason for voiding the queue
*/
@Authorized({ PrivilegeConstants.DELETE_QUEUES })
void retireQueue(@NotNull Queue queue, String retireReason);

/**
Expand All @@ -79,5 +88,6 @@ public interface QueueService {
* @param queue queue to be deleted
* @throws APIException <strong>Should</strong> delete the given queue from the database
*/
@Authorized({ PrivilegeConstants.PURGE_QUEUES })
void purgeQueue(@NotNull Queue queue) throws APIException;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* This Source Code Form is subject to the terms of the Mozilla Public License,
* v. 2.0. If a copy of the MPL was not distributed with this file, You can
* obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
* the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
*
* Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
* graphic logo is a trademark of OpenMRS Inc.
*/
package org.openmrs.module.queue.utils;

import org.openmrs.annotation.AddOnStartup;
import org.openmrs.annotation.HasAddOnStartupPrivileges;

/**
* Contains all privilege names and their descriptions. Some privilege names may be marked with
* AddOnStartup annotation.
*
* @see org.openmrs.annotation.AddOnStartup
* @since 2.4.0
*/
@HasAddOnStartupPrivileges
public class PrivilegeConstants {

// Add Privilege Constants
@AddOnStartup(description = "Able to add/save queues")
public static final String ADD_QUEUES = "Add Queues";

// Get Privilege Constants
@AddOnStartup(description = "Able to get/view queues")
public static final String GET_QUEUES = "Get Queues";

@AddOnStartup(description = "Able to get/view queue entries")
public static final String GET_QUEUE_ENTRIES = "Get Queue Entries";

// Delete Privilege Constants
@AddOnStartup(description = "Able to delete/retire queues")
public static final String DELETE_QUEUES = "Delete Queues";

// Edit Privilege Constants
@AddOnStartup(description = "Able to edit queues")
public static final String EDIT_QUEUES = "Edit Queues";

// Manage Privilege Constants
@AddOnStartup(description = "Able to add/edit/retire queue entries")
public static final String MANAGE_QUEUE_ENTRIES = "Manage Queue Entries";

// Purge Privilege Constants
public static final String PURGE_QUEUES = "Purge Queues";

public static final String PURGE_QUEUE_ENTRIES = "Purge Queue Entries";
}

0 comments on commit 8791272

Please sign in to comment.