I have prepared an endpoint to expose the System Logs via the REST endpoint. But the request should be validated by the user privileges before exposing the logs through the REST services. I have checked the web services module, but couldn’t find anything related to my case. Can somebody help me to add the privilege check for REST services?
Also, I would send a PR to openmrs-core adding a privilege check for accessing the server logs (even though you’d still want to add the check in the REST module so that you don’t have to wait for people to upgrade to the latest OpenMRS core just for this).
yah, We haven’t any such related implementation in REST module right now.
Also, I would send a PR to openmrs-core adding a privilege check for accessing the server logs (even though you’d still want to add the check in the REST module so that you don’t have to wait for people to upgrade to the latest OpenMRS core just for this).
I agreed with you. I will add a privilege check at the REST endpoint right now to make this process easy and then I will send a PR to the OpenMRS-Core with the required privilege check. I have required the VIEW_ADMIN_FUNCTIONS privilege to retrieve the server logs. So the following method will help me to implement this privilege check.
I would create a new privilege like “Get Server Logs”.
I thought about this also, but I need to add GET_SERVER_LOGS constant value to the openmrs-core PrivilegeConstants. So then the web services module will need the upgraded version of OpenMRS.
Is it possible to use the “Get Server Logs” string constant inside the REST module to check the privilege? So the user needs to create this privilege manually to the respected access user. (We can skip the core upgrade requirement )
public static final String GET_SERVER_LOGS = "Get Server Logs";
public List<String[]> getServerLogs() {
Context.requirePrivilege(GET_SERVER_LOGS);
....
}
I would create a new privilege like “Get Server Logs”.
I thought about this also, but I need to add GET_SERVER_LOGS constant value to the openmrs-core PrivilegeConstants. So then the web services module will need the upgraded version of OpenMRS.
Is it possible to use the “Get Server Logs” string constant inside the REST module to check the privilege? So the user needs to create this privilege manually to the respected access user. (We can skip the core upgrade requirement )
public static final String GET_SERVER_LOGS = "Get Server Logs";
public List<String[]> getServerLogs() {
Context.requirePrivilege(GET_SERVER_LOGS);
....
}
@darius Could I get some your help to complete this one ?
I have completed this implementation and working on the PR reviews.
I can see the serverlogs resource through the swagger docs in the openmrs-2.0.6-SNAPSHOT version. I have included this following method to bring this resource into swagger docs,
@Override
public Model getGETModel(Representation rep) {
return ((ModelImpl) super.getGETModel(rep))
.property("serverLog", new MapProperty());
}
but I have just checked the latest snapshot version of openmrs-core (openmrs-2.2.0-SNAPSHOT) with this implementation. I couldn’t see the server logs resource in the swagger docs
What is the issue here? Could someone please help me?