security in Bahmni

If any user don’t have permision of clinical module and somehow that person get the url’s which is executing in clinical module then that user can access that url and perform any related action. this is happening in my install.

For example:- I logged-In with nurse user that user have only InPatient app previllage and then I paste below url in logged-In session browser, https://DOMAIN/bahmni/clinical/index.html#/default/patient/PATIENT-UUID/dashboard/disposition

Now for “nurse user” i don’t have access to the disposition of any patient but here i can do, it is showing some UI error but still saving the actions.

please answer my query your suggestion would be greatly appreciated.

Hi Ankur,

Thanks for pointing this out. We have also identified this defect and have a card in place to track this issue. You can check its progress here. The fix will be available with the next release.

Hi Sruti,

Thanks a lot.

I am not able to access to this help center, It is showing “It looks like you don’t have access to this help center. If possible, please try contacting us another way”, what should i do in order to see the progress.

Sorry Ankur. There seems to be an issue in viewing this link. We are working on fixing it.

@ankur The problem could be that you have a JIRA login for some project other than Bahmni. While @sruti is fixing it, you can try copying the link on an incognito window. Worked for me. :slight_smile:

Thanks @vinay and @sruti now it’s working.