Issue or Question:
The module has several roles and (so far) one privilege. My goal is to add the roles and privileges correctly and assign them to each other.
Currently the privilege is added to the database via config.xml, the roles are added within the activator class.
I have also tried a solution where I add the roles and privileges in the liquibase file.
Now I have seen the @AddonStartup Annotation. Is this the recommended way of adding roles and privileges within a module?
If I get this right, there are two different(?) approaches in the core:
a) Via Liquibase (liquibase-core-data.xml)
I think i have found a accurate way to add privileges and roles. The negative aspect for me was to upgrade my module to OpenMRS 1.9.4 compatibility, but this was actually a very positive side aspect
I am not going to widely describe the solution. I use the metadatadeploy-api to install the roles and privileges. If anyone wants to see an example take a look at “EbolaRolePrivilegeMetadata” class in the the ebola module:
If anyone ever needs help with this feel free to post here, I will try to help you!
we could need your input/opinions
what is the suggested or “best practice” approach for adding roles and privileges?
some modules use
metadatadeploy api + a constants class including roles/privileges
and some use liquibase + constants class including roles/privileges
I am personally in favor of the metadatadeploy method since we define the privileges/roles constants in a class and add them to the database via the install method provided by AbstractMetadataBundle using the same constants. the approach with liquibase still needs to have a class with the constants to refer to those privileges/roles in the code. and this is where there is a potential mismatch between roles/privileges in liquibase and the ones defined in the code. therefore I dont like it too much, but on the other hand using the metadatadeploy-api adds another dependency to the module.
So, metadatadeploy instead of liquibase? Radiology module will have to add dependency to the metadatadeploy module, just for a couple of roles and privileges…
Normally I’ve done this in situations where I am also using metadatadeploy
to create other things too.
If you aren’t creating other metadata, and want to avoid the dependency, I
would create these via the config.xml-based mechanism that Wyclif mentioned.
Thanks @wyclif and @darius for your explanations! We will then stick with the config.xml for now and use the metadatadeploy once we want to add other things as well.
The config.xml approach only supports privileges and not roles though, if you really want to void adding dependencies on the other modules you could probably add the roles via liquibase as @sunbiz suggested