Few endpoints in AdministrativeService are made public

Hi @ibacher @dkayiwa @mksd,

Why few of the methods in administrationService not having any authorisation eg: getGlobalProperty()

Is it done intentionally or a miss ?

cc: @angshuonline @binduak @gsluthra @n0man

1 Like

We had a number of places like this one, which needed access to global properties before authentication. As a result, this was intentionally left as not requiring authorisation. But this was designed more than 10 years ago, and hence it could be time to revisit it.

But then methods like updateGlobalProperty look like something we just missed.

1 Like

@rohit.yawalkar - Can you log JIRA issue for openmrs code (OpenMRS JIRA), and pick up this fix to add authorizations for mutation APIs of global properties?

1 Like

sure @gsluthra