Required Privilege on apps for all reference application openmrs modules

  • I would like to suggest that all apps in modules implementing ref app should have a required privilege to them this eases work on configuring access rights for users. here is a good senario in Dataintergrityapp module where the app is not restricted by any privilege.

@dkayiwa @ssmusoke @darius @wyclif

@slubwama can you please give some examples of where this is not done, and you’d like to see it?

@darius I gave an example of dataintergrity module in my post also Delete Patient is one of them. I will suggest others as I go through different modules.

@slubwama do you mean having a single privilege that grants access to a user to be able to use any feature a specific module provides?

No I mean per feature. some modules have these well done others don’t. So its a suggestion to have an audit for those that don’t to be modified to implement it.

I think the point is that modules should ideally implement privilege checking just as we do in core and this is not implemented consistently across all modules.

Some thoughts:

  • Could we make it easier for modules to adopt privilege checking provided by core?
  • Do our templates for new modules include privilege checking to encourage learning by example?
  • Could we make it easier to see privilege checking (or lack of it) in javadocs to more readily expose gaps?

This is already supported, it’s just that some module developers miss to add them.

@slubwama what you’re suggesting makes perfect sense. The way to make this happen is to create JIRA issues for each of the modules you find that’s missing a privilege check.

These can probably be labeled as intro tickets as well.

To Burke’s point, maybe we can create a jar to be imported at test time by refapp-compliant modules that tests best-practices like this.

@darius Noted Will do so whenever I find a gap