@heliostrike,
Some more thoughts on the API for the module…
When the module first runs, it should auto-generate and save an internal uuid that will serve as its token for the Atlas. This is the secret we don’t want to expose in urls and what we’ll store in the auth table for a module.
Module start with:
POST /module
{
token: "module-generated-uuid"
}
and server responds with either:
HTTP 200 OK
[
{ /* linked marker here */ }
]
or, if no marker has been linked:
HTTP 200 OK
[ ]
Then module loads iframe with src /?module=true
(while we could pass the linked marker id here, let’s not because the user can change the linked marker while interacting with the iframe). The following behavior applies only to Atlas Server when it’s in this “marker mode.”
If a user isn’t authenticated, the OpenMRS Atlas redirects them to /login
.
When the Atlas website finishes loading in module mode and a user is authenticated, it would ask the module (through the iframe) for it’s linked marker and, if one exists, it would set focus to the linked marker (just as if we loaded the atlas website with /?id={id}
for that marker).
I believe this code will already show a “This is not me” link on a linked marker and show a “This is me” link on any other markers the authenticated user can edit, which is the behavior we want.
If a marker is linked, then the user shouldn’t see the “Create a marker” option in the menu.
If we haven’t yet linked a marker, the user would see the “Create a marker” option and creating a marker would automatically link it to the module.
Linking a marker to the module should store the module’s token in the auth table for that marker. Likewise, unlinking a marker from the module should remove this auth rule to ensure a module is never linked to more than one marker. In essence, the auth rule represents the link between module & marker.