From a6f91d071c06d221b211e9cf0d934e0a0c67fe69 Mon Sep 17 00:00:00 2001 From: Tusha Date: Thu, 25 Apr 2024 12:16:44 +0300 Subject: [PATCH] O3-3002: Queue Module - REST endpoints can be accessed without authentication. (#71) --- .../module/queue/api/QueueEntryService.java | 18 +- .../module/queue/api/QueueRoomService.java | 52 ++++- .../module/queue/api/QueueService.java | 10 + .../queue/api/RoomProviderMapService.java | 50 +++++ .../queue/utils/PrivilegeConstants.java | 48 +++++ api/src/main/resources/liquibase.xml | 198 ++++++++++++++++++ 6 files changed, 373 insertions(+), 3 deletions(-) create mode 100644 api/src/main/java/org/openmrs/module/queue/utils/PrivilegeConstants.java diff --git a/api/src/main/java/org/openmrs/module/queue/api/QueueEntryService.java b/api/src/main/java/org/openmrs/module/queue/api/QueueEntryService.java index 4ae58aa..09b52a9 100644 --- a/api/src/main/java/org/openmrs/module/queue/api/QueueEntryService.java +++ b/api/src/main/java/org/openmrs/module/queue/api/QueueEntryService.java @@ -17,12 +17,14 @@ import org.openmrs.Location; import org.openmrs.Visit; import org.openmrs.VisitAttributeType; +import org.openmrs.annotation.Authorized; import org.openmrs.api.APIException; import org.openmrs.module.queue.api.search.QueueEntrySearchCriteria; import org.openmrs.module.queue.api.sort.SortWeightGenerator; import org.openmrs.module.queue.model.Queue; import org.openmrs.module.queue.model.QueueEntry; import org.openmrs.module.queue.model.QueueEntryTransition; +import org.openmrs.module.queue.utils.PrivilegeConstants; public interface QueueEntryService { @@ -32,6 +34,7 @@ public interface QueueEntryService { * @param uuid uuid of the queue entry to be returned. * @return {@link org.openmrs.module.queue.model.QueueEntry} */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES }) Optional getQueueEntryByUuid(@NotNull String uuid); /** @@ -40,6 +43,7 @@ public interface QueueEntryService { * @param id queueEntryId - the id of the queue entry to retrieve. * @return {@link org.openmrs.module.queue.model.QueueEntry} */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES }) Optional getQueueEntryById(@NotNull Integer id); /** @@ -48,27 +52,30 @@ public interface QueueEntryService { * @param queueEntry the queue entry to be saved * @return saved {@link org.openmrs.module.queue.model.QueueEntry} */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES }) QueueEntry saveQueueEntry(@NotNull QueueEntry queueEntry); /** * Transitions a queue entry by ending one queue entry and creating a new queue entry that starts at * that time - * + * * @param queueEntryTransition the queueEntryTransition * @return the new QueueEntry that is created */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES }) QueueEntry transitionQueueEntry(@NotNull QueueEntryTransition queueEntryTransition); /** * Undos a transition to the input queue entry by voiding it and making its previous queue entry * active by setting the previous entry's end time to null. - * + * * @see QueueEntryService#getPreviousQueueEntry(QueueEntry) * @param queueEntry the queue entry to undo transition to. Must be active * @return the previous queue entry, re-activated * @throws IllegalArgumentException if the previous queue entry does not exist * @throws IllegalStateException if multiple previous entries are identified */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES }) QueueEntry undoTransition(@NotNull QueueEntry queueEntry); /** @@ -77,6 +84,7 @@ public interface QueueEntryService { * @param queueEntry the queue entry to be voided * @param voidReason the reason for voiding the queue entry */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES }) void voidQueueEntry(@NotNull QueueEntry queueEntry, String voidReason); /** @@ -85,17 +93,20 @@ public interface QueueEntryService { * @param queueEntry queue entry to be deleted * @throws org.openmrs.api.APIException */ + @Authorized({ PrivilegeConstants.PURGE_QUEUE_ENTRIES }) void purgeQueueEntry(@NotNull QueueEntry queueEntry) throws APIException; /** * @return {@link List} of queue entries that match the given %{@link QueueEntrySearchCriteria} */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES }) List getQueueEntries(@NotNull QueueEntrySearchCriteria searchCriteria); /** * @return {@link Long} count of queue entries that match the given * %{@link QueueEntrySearchCriteria} */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES }) Long getCountOfQueueEntries(@NotNull QueueEntrySearchCriteria searchCriteria); /** @@ -103,12 +114,14 @@ public interface QueueEntryService { * @param queue * @return VisitQueueNumber - used to identify patients in the queue instead of using patient name */ + @Authorized({ org.openmrs.util.PrivilegeConstants.ADD_VISITS, org.openmrs.util.PrivilegeConstants.EDIT_VISITS }) String generateVisitQueueNumber(@NotNull Location location, @NotNull Queue queue, @NotNull Visit visit, @NotNull VisitAttributeType visitAttributeType); /** * Closes all active queue entries */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ENTRIES }) void closeActiveQueueEntries(); /** @@ -135,5 +148,6 @@ String generateVisitQueueNumber(@NotNull Location location, @NotNull Queue queue * @return the previous queue entry, null otherwise. * @throws IllegalStateException if multiple previous queue entries are identified */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ENTRIES }) QueueEntry getPreviousQueueEntry(@NotNull QueueEntry queueEntry); } diff --git a/api/src/main/java/org/openmrs/module/queue/api/QueueRoomService.java b/api/src/main/java/org/openmrs/module/queue/api/QueueRoomService.java index 753463f..765ffe4 100644 --- a/api/src/main/java/org/openmrs/module/queue/api/QueueRoomService.java +++ b/api/src/main/java/org/openmrs/module/queue/api/QueueRoomService.java @@ -14,23 +14,73 @@ import java.util.List; import java.util.Optional; +import org.openmrs.annotation.Authorized; import org.openmrs.api.APIException; import org.openmrs.module.queue.api.search.QueueRoomSearchCriteria; import org.openmrs.module.queue.model.QueueRoom; +import org.openmrs.module.queue.utils.PrivilegeConstants; public interface QueueRoomService { + /** + * Gets a queue room given a uuid. + * + * @param uuid the uuid of the queue room to be returned. + * @return {@link org.openmrs.module.queue.model.QueueRoom} + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) Optional getQueueRoomByUuid(@NotNull String uuid); + /** + * Gets a queue room by id. + * + * @param id the id of the queue room to retrieve. + * @return {@link org.openmrs.module.queue.model.QueueRoom} + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) Optional getQueueRoomById(@NotNull int id); + /** + * Gets a List of all Queue Rooms. + * + * @return {@link List} of all queue rooms + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) List getAllQueueRooms(); + /** + * Saves a queue room + * + * @param queueRoom the queue room to be saved + * @return saved {@link org.openmrs.module.queue.model.QueueRoom} + */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ROOMS }) QueueRoom saveQueueRoom(@NotNull QueueRoom queueRoom); + /** + * Gets a List of all Queue Rooms that match the given QueueRoomSearchCriteria. + * + * @return {@link List} of queue rooms that match the given + * {@link org.openmrs.module.queue.api.search.QueueRoomSearchCriteria} + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) List getQueueRooms(QueueRoomSearchCriteria searchCriteria); - void retireQueueRoom(@NotNull QueueRoom queueRoom, String voidReason); + /** + * Retires a queue room. + * + * @param queueRoom the queue room to retire + * @param retireReason the reason for retiring the queue room + */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ROOMS }) + void retireQueueRoom(@NotNull QueueRoom queueRoom, String retireReason); + /** + * Completely remove a queue room from the database + * + * @param queueRoom queue room to be deleted + * @throws org.openmrs.api.APIException + */ + @Authorized({ PrivilegeConstants.PURGE_QUEUE_ROOMS }) void purgeQueueRoom(@NotNull QueueRoom queueRoom) throws APIException; } diff --git a/api/src/main/java/org/openmrs/module/queue/api/QueueService.java b/api/src/main/java/org/openmrs/module/queue/api/QueueService.java index b4c9580..1b53d5f 100644 --- a/api/src/main/java/org/openmrs/module/queue/api/QueueService.java +++ b/api/src/main/java/org/openmrs/module/queue/api/QueueService.java @@ -14,9 +14,11 @@ import java.util.List; import java.util.Optional; +import org.openmrs.annotation.Authorized; import org.openmrs.api.APIException; import org.openmrs.module.queue.api.search.QueueSearchCriteria; import org.openmrs.module.queue.model.Queue; +import org.openmrs.module.queue.utils.PrivilegeConstants; /** * This interface defines methods for Queue objects @@ -29,6 +31,7 @@ public interface QueueService { * @param uuid uuid of the queue to be returned. * @return {@link org.openmrs.module.queue.model.Queue} */ + @Authorized({ PrivilegeConstants.GET_QUEUES }) Optional getQueueByUuid(@NotNull String uuid); /** @@ -37,6 +40,7 @@ public interface QueueService { * @param id queueId - the id of the queue to retrieve. * @return {@link org.openmrs.module.queue.model.Queue} */ + @Authorized({ PrivilegeConstants.GET_QUEUES }) Optional getQueueById(@NotNull Integer id); /** @@ -45,6 +49,7 @@ public interface QueueService { * @param queue the queue to be saved * @return saved {@link org.openmrs.module.queue.model.Queue} */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUES }) Queue createQueue(@NotNull Queue queue); /** @@ -53,16 +58,19 @@ public interface QueueService { * @param queue the queue to be saved * @return saved {@link org.openmrs.module.queue.model.Queue} */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUES }) Queue saveQueue(@NotNull Queue queue); /** * @return all queues */ + @Authorized({ PrivilegeConstants.GET_QUEUES }) List getAllQueues(); /** * @return {@link List} of queues that match the given %{@link QueueSearchCriteria} */ + @Authorized({ PrivilegeConstants.GET_QUEUES }) List getQueues(@NotNull QueueSearchCriteria searchCriteria); /** @@ -71,6 +79,7 @@ public interface QueueService { * @param queue the queue to retire * @param retireReason the reason for voiding the queue */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUES }) void retireQueue(@NotNull Queue queue, String retireReason); /** @@ -79,5 +88,6 @@ public interface QueueService { * @param queue queue to be deleted * @throws APIException Should delete the given queue from the database */ + @Authorized({ PrivilegeConstants.PURGE_QUEUES }) void purgeQueue(@NotNull Queue queue) throws APIException; } diff --git a/api/src/main/java/org/openmrs/module/queue/api/RoomProviderMapService.java b/api/src/main/java/org/openmrs/module/queue/api/RoomProviderMapService.java index 7e30a50..f216f82 100644 --- a/api/src/main/java/org/openmrs/module/queue/api/RoomProviderMapService.java +++ b/api/src/main/java/org/openmrs/module/queue/api/RoomProviderMapService.java @@ -14,24 +14,74 @@ import java.util.List; import java.util.Optional; +import org.openmrs.annotation.Authorized; import org.openmrs.api.APIException; import org.openmrs.module.queue.api.search.RoomProviderMapSearchCriteria; import org.openmrs.module.queue.model.RoomProviderMap; +import org.openmrs.module.queue.utils.PrivilegeConstants; public interface RoomProviderMapService { + /** + * Gets a room provider map given a uuid. + * + * @param uuid the uuid of the room provider map to be returned. + * @return {@link org.openmrs.module.queue.model.RoomProviderMap} + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) Optional getRoomProviderMapByUuid(@NotNull String uuid); + /** + * Gets a room provider map by id. + * + * @param id the id of the room provider map to retrieve. + * @return {@link org.openmrs.module.queue.model.RoomProviderMap} + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) Optional getRoomProviderMapById(@NotNull int id); + /** + * Saves a room provider map + * + * @param roomProviderMap the room provider map to be saved + * @return saved {@link org.openmrs.module.queue.model.RoomProviderMap} + */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ROOMS }) RoomProviderMap saveRoomProviderMap(@NotNull RoomProviderMap roomProviderMap); + /** + * Gets a List of all Room Provider Maps. + * + * @return {@link List} of all room provider maps + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) List getAllRoomProviderMaps(); + /** + * Gets a List of all Room Provider Maps that match the given RoomProviderMapSearchCriteria. + * + * @return {@link List} of room provider maps that match the given + * {@link org.openmrs.module.queue.api.search.RoomProviderMapSearchCriteria} + */ + @Authorized({ PrivilegeConstants.GET_QUEUE_ROOMS }) List getRoomProviderMaps(RoomProviderMapSearchCriteria searchCriteria); + /** + * Voids a room provider map + * + * @param roomProviderMap the room provider map to void + * @param voidReason the reason for voiding the room provider map + */ + @Authorized({ PrivilegeConstants.MANAGE_QUEUE_ROOMS }) void voidRoomProviderMap(@NotNull RoomProviderMap roomProviderMap, String voidReason); + /** + * Completely remove a room provider map from the database + * + * @param roomProviderMap room provider map to be deleted + * @throws org.openmrs.api.APIException + */ + @Authorized({ PrivilegeConstants.PURGE_QUEUE_ROOMS }) void purgeRoomProviderMap(@NotNull RoomProviderMap roomProviderMap) throws APIException; } diff --git a/api/src/main/java/org/openmrs/module/queue/utils/PrivilegeConstants.java b/api/src/main/java/org/openmrs/module/queue/utils/PrivilegeConstants.java new file mode 100644 index 0000000..95de425 --- /dev/null +++ b/api/src/main/java/org/openmrs/module/queue/utils/PrivilegeConstants.java @@ -0,0 +1,48 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public License, + * v. 2.0. If a copy of the MPL was not distributed with this file, You can + * obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under + * the terms of the Healthcare Disclaimer located at http://openmrs.org/license. + * + * Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS + * graphic logo is a trademark of OpenMRS Inc. + */ +package org.openmrs.module.queue.utils; + +import org.openmrs.annotation.AddOnStartup; +import org.openmrs.annotation.HasAddOnStartupPrivileges; + +/** + * Contains all privilege names and their descriptions. Some privilege names may be marked with + * AddOnStartup annotation. + * + * @see org.openmrs.annotation.AddOnStartup + * @since 2.4.0 + */ +@HasAddOnStartupPrivileges +public class PrivilegeConstants { + + @AddOnStartup(description = "Able to get/view queues") + public static final String GET_QUEUES = "Get Queues"; + + @AddOnStartup(description = "Able to get/view queue entries") + public static final String GET_QUEUE_ENTRIES = "Get Queue Entries"; + + @AddOnStartup(description = "Able to get/view queue rooms") + public static final String GET_QUEUE_ROOMS = "Get Queue Rooms"; + + @AddOnStartup(description = "Able to add/edit/retire queues") + public static final String MANAGE_QUEUES = "Manage Queues"; + + @AddOnStartup(description = "Able to add/edit/retire queue entries") + public static final String MANAGE_QUEUE_ENTRIES = "Manage Queue Entries"; + + @AddOnStartup(description = "Able to add/edit/retire queue rooms") + public static final String MANAGE_QUEUE_ROOMS = "Manage Queue Rooms"; + + public static final String PURGE_QUEUES = "Purge Queues"; + + public static final String PURGE_QUEUE_ENTRIES = "Purge Queue Entries"; + + public static final String PURGE_QUEUE_ROOMS = "Purge Queue Rooms"; +} diff --git a/api/src/main/resources/liquibase.xml b/api/src/main/resources/liquibase.xml index 27e2e7c..6e52efe 100644 --- a/api/src/main/resources/liquibase.xml +++ b/api/src/main/resources/liquibase.xml @@ -460,4 +460,202 @@ + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Get Visits'; + + + + Add "Get Queue Entries" privilege to the roles having "Get Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Get Queue Entries' from role_privilege rp + WHERE rp.privilege = 'Get Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Get Queue Entries' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Add Visits'; + + + + Add "Manage Queue Entries" privilege to the roles having "Add Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Manage Queue Entries' from role_privilege rp + WHERE rp.privilege = 'Add Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Manage Queue Entries' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Edit Visits'; + + + + Add "Manage Queue Entries" privilege to the roles having "Edit Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Manage Queue Entries' from role_privilege rp + WHERE rp.privilege = 'Edit Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Manage Queue Entries' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Delete Visits'; + + + + Add "Purge Queue Entries" privilege to the roles having "Delete Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Purge Queue Entries' from role_privilege rp + WHERE rp.privilege = 'Delete Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Purge Queue Entries' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Get Visits'; + + + + Add "Get Queue Rooms" privilege to the roles having "Get Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Get Queue Rooms' from role_privilege rp + WHERE rp.privilege = 'Get Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Get Queue Rooms' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Add Visits'; + + + + Add "Manage Queue Rooms" privilege to the roles having "Add Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Manage Queue Rooms' from role_privilege rp + WHERE rp.privilege = 'Add Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Manage Queue Rooms' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Edit Visits'; + + + + Add "Manage Queue Rooms" privilege to the roles having "Edit Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Manage Queue Rooms' from role_privilege rp + WHERE rp.privilege = 'Edit Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Manage Queue Rooms' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Delete Visits'; + + + + Add "Purge Queue Rooms" privilege to the roles having "Delete Visits" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Purge Queue Rooms' from role_privilege rp + WHERE rp.privilege = 'Delete Visits' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Purge Queue Rooms' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Get Visit Types'; + + + + Add "Get Queues" privilege to the roles having "Get Visit Types" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Get Queues' from role_privilege rp + WHERE rp.privilege = 'Get Visit Types' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Get Queues' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Manage Visit Types'; + + + + Add "Manage Queues" privilege to the roles having "Manage Visit Types" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Manage Queues' from role_privilege rp + WHERE rp.privilege = 'Manage Visit Types' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Manage Queues' + AND rp2.role=rp.role); + + + + + + + + SELECT count(*) FROM role_privilege WHERE privilege='Manage Visit Types'; + + + + Add "Purge Queues" privilege to the roles having "Manage Visit Types" + + INSERT INTO role_privilege (role, privilege) + SELECT role, 'Purge Queues' from role_privilege rp + WHERE rp.privilege = 'Manage Visit Types' + AND NOT EXISTS (SELECT role, privilege FROM role_privilege rp2 WHERE rp2.privilege='Purge Queues' + AND rp2.role=rp.role); + + +