Ok maybe not as simple as I first figured - I knew there must be reason someone hadn't already done this! I also now remember that in UsageStatistics I didn't use AOP to record patient record *accesses* but put the code into the controller for the patient dashboard, so that it avoided all the calls from things like the AJAX search box.
Maybe we need to override getPatients? The UsageStatistics module relies on patient location but when this was implemented at Rwinkwavu we realised that most patients didn't have a location attribute. So then I threw together a simple module for adding that attribute based on locations from encounters (which I can put in the repos if anyone wants it) Seems like this functionality is pretty important for some implementations so maybe we have to start fixing and enforcing patient locations. One problem with user locations is that user's can change them themselves. We'd need to restrict that or just have a new location (or set of locations) which are assigned to each user. Seems fairly plausible that a user might need access to patients from X locations so the user attribute wouldn't be much use anyway. Count me in for the call. I'm on Boston time today and tomo, then back to Rwanda time. On 25 August 2011 15:36, Blaya, Joaquin Andres < [email protected]> wrote: > I'm one of those extremely interested in this, and would be happy to be > on a call. My additional request would be to put this into the cohort > builder where each health center would view only their patient > searches/saved cohorts and also could only see their patients if they asked > for all patients. > > Sent from my Android phone using TouchDown (www.nitrodesk.com) > > > -----Original Message----- > *From:* Darius Jazayeri [[email protected]] > *Received:* Thursday, 25 Aug 2011, 16:31 > *To:* [email protected] [ > [email protected]] > *Subject:* Re: [OPENMRS-DEV] Location based patient access permissions > > Hi Rowan, > > You're correct that this is pretty straightforward to do with AOP, > although you almost definitely need to take some kind of shortcut to make it > perform adequately to limit the patient-search-by-name method called > frequently via ajax. > > (Though, what defines the patient's location and the user's location? For > the patient it could be an assigned location via a PersonAttribute, or it > could be "Any encounter ever". What about for the user?) > > The Restrict By Role module does a more general version of this, but was > written back in the days of OpenMRS 1.2 or 1.3, and really should be retired > in favor of something more modern. > > I think this is one of the most commonly requested OpenMRS features. It's > also a huge task to implement in a general way in core, but I think it would > be very valuable to write the module you're describing. Perhaps we can > organize a discussion or call among interested people to see if there's an > easy-to-implement approach that will solve the 90% use case. > > I could imagine building ~ 5 different filters that cover many use cases, > and that can be individually enabled/disabled in a config page. > > -Darius > > On Thu, Aug 25, 2011 at 12:03 PM, Rowan Seymour <[email protected]>wrote: > >> Something that's needed in Rwanda is a away to limit access to patient >> records by providers based on location. Seems like this would be pretty easy >> to do via aop. A very simple version would just check that the provider is >> from the same location. A more sophisticated version would allow providers >> to be assigned to patients from multiple locations. You could define which >> roles are subject to this location requirement and which aren't. >> >> I'm sure I've heard people discussing this before but I can't find any >> such modules in the repository... I'll put something together if there isn't >> something I'm missing here. >> >> Rowan >> ------------------------------ >> Click here to >> unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from >> OpenMRS Developers' mailing list > > > ------------------------------ > Click here to > unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from > OpenMRS Developers' mailing list > ------------------------------ > Click here to > unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from > OpenMRS Developers' mailing list > -- *Rowan Seymour* tel: +250 783835665 http://twitter.com/rowanseymour _________________________________________ To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to [email protected] with "SIGNOFF openmrs-devel-l" in the body (not the subject) of your e-mail. [mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l]
