My OpenMRS Fellowship Journey 2024: Wikum Weerakutti

Community
,
1

Hi everyone, I am Wikum Weerakutti from Sri Lanka. I’ve been contributing to the OpenMRS for almost two years now. What initially drew me to OpenMRS is its commitment to enhancing healthcare through technology and its diverse and supportive team.

Last year I had the privilege of participating in Google Summer of Code with the OpenMRS. During this, I dedicated my efforts to enhancing the OpenMRS SDK. This provided me with invaluable insights into the OpenMRS.

I am grateful to announce that I have been selected as an OpenMRS Backend Engineering Fellow. Throughout this fellowship, my primary objective will be to enhance the OpenMRS backend infrastructure, guided by the invaluable mentorship of @dkayiwa.

Over the past few weeks, Daniel and I have been exploring strategies to enhance the startup time of OpenMRS. Additionally, we had discussions on how to move forward with OpenMRS standalone and patientflag module GSOC projects.

I am sincerely grateful to OpenMRS for entrusting me with this incredible opportunity. I invite you all to join me on this journey by following along with the updates and discussions shared within this talk thread. Your feedback and insights are invaluable to me. Thank you for taking the time to read through this.

23 Likes
2

A very well-deserved congratulations to you Wikum!! Your hard work, clear communication, investment in docs, and thoughtful engineering really make you stand out :smiley: :clap:

Awesome :smiley:

4 Likes
3

Congratulations, Wikum! :tada:

4 Likes
4

congrats Wikum :boom:

3 Likes
5

Congratulations Wikum!

3 Likes
6

Congrats @wikumc well deserved :+1:

2 Likes
7

Congratulations, @wikumc! :clap:

1 Like
8

A big Congratulations @wikumc :clap:

1 Like
9

Congratulations @wikumc :star2:

1 Like
10

congrats @wikumc

1 Like
11

Congs @wikumc a big experience awaits u :clap:

1 Like
12

Hi everyone,

It has been a month since I last provided an update on my fellowship journey. Over the past few weeks, I was occupied with exams, which limited my availability for full-time work. Now that the exams are over, I am fully committed to contributing to OpenMRS. Here are some of the tasks I am currently focusing on:

Adding Detailed Audit Logging to OpenMRS

OpenMRS lacks a comprehensive audit system. which would enable admin users to track database changes effectively. My primary focus has been researching potential solutions for this issue. Currently, we are exploring the adoption of Hibernate Envers as it aligns well with our existing usage of Hibernate across various modules.

Making Global properties access should be privileged

The main objective of this is to restrict access to global properties to authorized users only. A major challenge of this is ensuring that OpenMRS can access essential global properties during startup before the user logs in. I’ve explored several methods for implementation and have created draft pull requests to solicit feedback from @dkayiwa and determine the most suitable approach.

Reviewing GSOC contributor proposals

This year I am mentoring the GSOC project for validating and re-working (updating) the OpenMRS PatientFlags module. We received five proposals for this project, and I dedicated time to thoroughly review each one. During the review process, we assessed factors such as the student’s previous contributions, their understanding of the project, and the quality of formatting and structure in their proposals. After careful consideration of all the proposals, we have selected the one that shows the most promise. Stay tuned for further updates!

I have also worked on a few other tasks too. My main focus at the moment is to complete the existing tickets and help with the OpenMRS platform roadmap. Thank you for reading, Until next time!

6 Likes
13

Looking forward to the next update on this :slight_smile: This detailed audit logging is an important need for OpenMRS and we’re so glad to have you working on this :slight_smile: (And Global Properties authorization too, of course!!)

3 Likes
14

Hi all,

I want to provide an update on what’s been happening over the past few weeks. During this time, my focus has primarily been on two tickets. Let’s take a closer look at each ticket and the progress made on them.

TRUNK-6203: Global property access should be privileged

This ticket has been a significant priority for OpenMRS, with plans to incorporate it into the platform version 2.7. Adding authorization for accessing global properties enhances system security. Once this authorization is implemented we have to ensure core functions and modules can access global properties during startup for smooth user login.

There are two methods to resolve this:

  1. We could utilize the addProxyPrivilege(String privilege) method to grant the privilege to the user when necessary.
  2. Alternatively, we could introduce a new method that grants access to essential privileges to anonymous users.

After discussing with @dkayiwa, we have decided to proceed with the first method

I’ve created the following PRs for this ticket:

In addition, we might have to add support to a few other modules to ensure compatibility with both O2 and O3 distributions.

OMRS-131: Detailed Audit Logging

We decided to use Hibernate Envers to audit changes in the OpenMRS database. This choice aligns well with our current use of Hibernate throughout OpenMRS. To fully enable audit logging, we need to complete the following steps:

  • Enable Hibernate Envers in the OpenMRS core.
  • Develop a separate module that allows users to view the logs.

I thought enabling Envers going to be a straightforward task because according to the Hibernate Envers documentation, you just need to add the Hibernate Envers dependency to the project and use the @Auditied annotation to the entity you need to audit. However, I faced several issues, particularly with auto-generating audit tables for some entities. I won’t delve into the technical details here, but if you’re interested, please take a moment to read the comments in the following PRs.

After several fixes, I have enabled auditing for all core tables except the user_properties table. I am currently investigating this issue and hope to resolve it without making significant code changes to the core.

GSOC-2024: Validating and re-working (updating) the OpenMRS PatientFlags module

We chose @manojll for this GSOC project due to his excellent proposal and significant prior contributions to OpenMRS. He is now hard at work on this project and has already made a few pull requests. You can find more details about the project’s progress by visiting the wiki project page and reading his blog posts. Both @dkayiwa and I are excited to mentor him on this project.

Thank you for taking the time to read this update. Your valuable feedback is always appreciated

cc: @grace

7 Likes
15

Wikum this is one of the best technical fellowship posts ever :slight_smile: Thank you for explaining all this so clearly!! Great updates and I can’t tell you how encouraging it is to hear about all this progress. Keep up the great work! :clap:

5 Likes
16

Thank you… :heart:

1 Like
17

Hi all,

The primary work on both main tickets, which I’ve been focusing on since the beginning of my fellowship, is now finished, and I’ve had the opportunity to begin several new projects. Let’s delve deeper into these developments

TRUNK-6203: Global property access should be privileged

Implementing this feature was crucial for enhancing OpenMRS security. It restricts access to global properties for non-privileged users, while still allowing them access to essential tasks, such as reaching the login page.

After integrating this feature into the CORE, we reviewed each module in the 2.x/O3 reference applications to ensure they had access to global properties where necessary. For more details, please refer to my previous post.

OMRS-131: Detailed Audit Logging

I have reached a significant milestone with this ticket by successfully implementing Hibernate Envers in the OpenMRS core. Now, OpenMRS can audit changes to almost all tables in its database. However, we had to exclude two tables from this implementation, as Envers was unable to auto-generate audit tables for them without requiring a lot of changes to our code base. These two tables are:

I made a few commits to completely implement Envers. You can find them here

We are keeping auditing disabled by default. You can find more details on how to use this feature on our wiki page.

I am currently developing a backend module that users can utilize to access audit logs. The main goal of this module is to offer all the necessary endpoints and services for accessing audit data, as well as to provide a simple user interface for viewing audit logs.

You can track the progress of this module and join the discussion on my OpenMRS Talk post, or by visiting my GitHub repository:

I am going to use this post to address some of the questions you might have about this implementation.

1. Why do we implement this straight to the CORE rather than first trying this on a module?

When Envers audits a table that includes fields referencing another table, it can only audit those fields if the referenced table is also audited. For example, we can only audit the person_id field in the person_address table if the person table itself is audited.

@Entity
@Table(name = "person_address")
public class PersonAddress extends BaseChangeableOpenmrsData implements java.io.Serializable, Cloneable, Comparable<PersonAddress>, Address {
	
	public static final long serialVersionUID = 343333L;
	
	// Fields
	@Id
	@Column(name = "person_address_id")
	@GeneratedValue(strategy = GenerationType.IDENTITY)
	private Integer personAddressId;
	
	@ManyToOne
	@JoinColumn(name = "person_id")
	private Person person;

Due to this, starting the implementation in a module would be inefficient, as we would have to mark many of the module table fields as Not Audited.

2. Can we audit database views using this feature?

No, this feature only records changes made to the database, such as creations, modifications, and deletions. The primary goal is to audit changes to the database itself, not user actions. I explored the possibility of auditing views using Hibernate Interceptors, but we decided against it. Implementing such a system would record all database calls, potentially creating a large amount of unnecessary data and noise

3. Can we select what tables to audit or ignore?

Currently, our implementation does not support selective auditing. You can either enable or disable auditing entirely.

I hope this clears up any questions you might have. If you have more questions or want to share feedback, feel free to drop them on our Talk post: New Audit Log System for OpenMRS: Seeking Feedback and Suggestions.

O3-3424: Better O3 Setup 2024

The main goal of this epic is to enable better, easier O3 installing and configuring. I have been assigned some of the tickets related to this and I started working on one of the main tickets related to this epic.

This tool allows users to customize their version of the RefApp by using a simplified distro.properties file that includes just three key fields:

  1. parent.artifact
  2. parent.groupId
  3. parent.version

Users can further tailor their servers by overriding default properties. You can find details on the ticket page. I have submitted a pull request on the SDK for this feature and am currently awaiting its review

Pull request: O3-3424: Distro Inheritance Tool

GSOC-2024: Validating and re-working (updating) the OpenMRS PatientFlags module

For the past few weeks, @manojll was hard at work on this project. He has submitted pull requests for most of the project’s features and completed his mid-term evaluation last week. I am truly impressed by his passion and dedication. I would also like to thank @dkayiwa for the continuous support provided to both Manoj and myself throughout this project.

In addition to my main tasks, I’ve also been assisting community members where possible. A significant issue I addressed was a bug in the SDK that failed to add configurations for the O3 setup. You can view the commit that resolved this issue here: Resolve the Configuration Extraction Error for O3. Special thanks to @njiddasalifu for identifying and reporting this bug.

Thank you all for taking the time to read this update. Please feel free to share any feedback you might have.

2 Likes