User Authorization Framework
I'm starting this page in order to refactor the permission strategy we currently have in place with OpenMRS. The first step of this process will be to document the privileges currently assigned to OpenMRS components (server layer methods, JSPs, controllers, etc). The next step will be to document the desired privileges for each of these components and to try to remove redundant permission checks (where possible). The third step will be to discuss the possibility of specifying the privilege mapping within the OpenMRS administration page. Currently, we map privileges to methods and JSPs within the source code (i.e. @Authorized("View Patients").
Contents |
Current Authorization Mapping
Patient Service
| Method | Current Privileges | Desired Privileges |
|---|---|---|
| createPatient(Patient patient) | Add Patients | |
| getPatient(Integer) | View Patients | View Patients |
| updatePatient(Patient patient) | None | |
| identifierInUse(String, PatientIdentifierType, Patient) | None | |
| getPatientsByIdentifier(String, boolean) | None | |
| getPatientsByIdentifierPattern(String,includeVoided) | None | |
| getPatientsByName(String) | None | |
| getPatientsByName(String, boolean) | None | |
| voidPatient(Patient, String) | Edit Patients | |
| unvoidPatient(Patient) | Edit Patients | |
| deletePatient(Patient) | None | |
| getPatientIdentifiers(PatientIdentifierType) | None | |
| getPatientIdentifiers(String, PatientIdentifierType) | None | |
| updatePatientIdentifier(PatientIdentifier) | None | |
| getPatientIdentifierTypes() | None | |
| getPatientIdentifierType(Integer) | None | |
| getPatientIdentifierType(String) | None | |
| checkPatientIdentifier(PatientIdentifier) | None | |
| checkPatientIdentifiers(Patient) | None | |
| getTribe(Integer) | None | |
| getTribes() | None | |
| findTribes(String) | None | |
| findPatients(String, boolean) | None | |
| findPatient(Patient) | None | |
| findDuplicatePatients(Set<String>) | ||
| mergePatients(Patient, Patient) | None | |
| exitFromCare(Patient, Date, Concept) | None | |
| processDeath(Patient, Date, Concept, String) | None | |
| saveCauseOfDeathObs(Patient, Date, Concept, String) | None |
Controllers
JSP
Feature Requests
- An easy way to assign a user a certain set of privileges without relying on user roles.
Trouble Areas
As a System Developer, you can do things that a role with all privileges checked cannot do. For example, only developers can start or change a patient regimen. What has been noticed is that under the administration page, the options a System Developer has these extra options.
- Observations: Manage Mime Types
- Scheduler: Manage Scheduler
- Reports: Manage Report Elements, Manage Data Exports, View Patient Summaries
- Maintenance: System Information, Audit Patient Identifiers, Data Entry Statistics
Available Privileges
- Add Concept Proposal
- Add Concepts
- Add Encounters
- Add Forms
- Add Observations
- Add Orders
- Add Patients
- Add People
- Add Reports
- Add Users
- Analysis Shortcut
- Analyze
- Delete Concepts
- Delete Encounters
- Delete Forms
- Delete Observations
- Delete Orders
- Delete Patients
- Delete People
- Delete Reports
- Delete Users
- Edit Concept Proposal
- Edit Concepts
- Edit Encounters
- Edit Forms
- Edit Observations
- Edit Orders
- Edit Patient Programs
- Edit Patients
- Edit People
- Edit Reports
- Edit User Passwords
- Edit Users
- Find Patient Shortcut
- Form Entry
- Manage Alerts
- Manage Concept Classes
- Manage Concept Datatypes
- Manage Encounter Types
- Manage Field Types
- Manage Global Properties
- Manage Groups
- Manage Identifier Types
- Manage Locations
- Manage MIME Types
- Manage Modules
- Manage Order Types
- Manage Patient Programs
- Manage Person Attribute Types
- Manage Privileges
- Manage Programs
- Manage Relationship Types
- Manage Relationships
- Manage Reports
- Manage Roles
- Manage Scheduler
- Manage Tribes
- Patient Dashboard - View Demographics Section
- Patient Dashboard - View Encounters Section
- Patient Dashboard - View Forms Section
- Patient Dashboard - View Graphs Section
- Patient Dashboard - View Overview Section
- Patient Dashboard - View Patient Summary
- Patient Dashboard - View Regimen Section
- Upload XSN
- View Administration Functions
- View Concepts
- View Encounters
- View Forms
- View Navigation Menu
- View Observations
- View Orders
- View Patient Cohorts
- View Patient Sets
- View Patients
- View People
- View Programs
- View Reports
- View Unpublished Forms
- View Users
- This page was last modified 14:25, 27 June 2007.
- This page has been accessed 1,978 times.
- License
- About OpenMRS®