Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Openemr inferno fixes for #5827 #5828 #5829 #5830 #5831 #5833 #5834 #5836

Merged
merged 4 commits into from
Oct 18, 2022
Merged

Openemr inferno fixes for #5827 #5828 #5829 #5830 #5831 #5833 #5834 #5836

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
725b3b9
OpenEMR FHIR Api bug/feature fixes
adunsulag Oct 12, 2022
c7f9041
Fix scope permission on insert/create/delete
adunsulag Oct 12, 2022
5f88f92
Fix styles and unit tests
adunsulag Oct 12, 2022
60ab557
Fix missing definition URL
adunsulag Oct 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix styles and unit tests
  • Loading branch information
@adunsulag
adunsulag committed Oct 12, 2022
commit 5f88f92d821591044b6cf2a8d6656eb37b81feea
7 changes: 3 additions & 4 deletions _rest_routes.inc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11590,8 +11590,7 @@
// for the currently logged in user
if ($request->getRequestUserUUIDString() == $uuid) {
$return = (new FhirPersonRestController())->getOne($uuid);
}
else if (!$request->isPatientRequest()) {
} else if (!$request->isPatientRequest()) {
// not a patient ,make sure we have access to the users ACL
RestConfig::authorization_check("admin", "users");
$return = (new FhirPersonRestController())->getOne($uuid);
Expand Down Expand Up @@ -12566,7 +12565,7 @@
* )
* )
*/
"GET /fhir/OperationDefinition" => function(HttpRestRequest $request) {
"GET /fhir/OperationDefinition" => function (HttpRestRequest $request) {
// for now we will just hard code the custom resources
$operationDefinitionController = new \OpenEMR\RestControllers\FHIR\Operations\FhirOperationDefinitionRestController();
$return = $operationDefinitionController->getAll($request->getQueryParams());
Expand Down Expand Up @@ -12628,7 +12627,7 @@
* ),
* )
*/
"GET /fhir/OperationDefinition/:operation" => function($operation, HttpRestRequest $request) {
"GET /fhir/OperationDefinition/:operation" => function ($operation, HttpRestRequest $request) {
// for now we will just hard code the custom resources
$operationDefinitionController = new \OpenEMR\RestControllers\FHIR\Operations\FhirOperationDefinitionRestController();
$return = $operationDefinitionController->getOne($operation);
Expand Down
6 changes: 3 additions & 3 deletions library/classes/Document.class.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,11 +283,11 @@ public function has_expired()
return false;
}

public function can_patient_access($pid) {
public function can_patient_access($pid)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bradymiller If you can look at this from a security point of view and let me know if you see any problems. Its called in the FhirDocumentRestController.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would just make sure $pid is also not empty in the if (overkill but might as well). otherwise looks good.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bradymiller Maybe I'm tired but I believe the first check for empty on the foreignID makes sure the $pid is also never empty since foreignID has to equal the $pid.

Copy link
Member

@bradymiller bradymiller Oct 12, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that is true. is overkill, on security related stuff, I overuse !empty() and am explicit so i don't need to think :)
can leave as is.

{
$foreignId = $this->get_foreign_id();
// TODO: if any information blocking rule checks were to be applied, they can be done here
if (!empty($foreignId) && $foreignId == $pid)
{
if (!empty($foreignId) && $foreignId == $pid) {
return true;
}
return false;
Expand Down
3 changes: 2 additions & 1 deletion src/Common/Http/HttpRestRouteHandler.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,8 @@ private static function checkSecurity(HttpRestRequest $restRequest)
$config::scope_check($scopeType, $resource, $permission);
}

public static function fhirRestRequestSkipSecurityCheck(HttpRestRequest $restRequest) : bool {
public static function fhirRestRequestSkipSecurityCheck(HttpRestRequest $restRequest): bool
{
$resource = $restRequest->getResource();
// capability statement, smart well knowns, and operation definitions are skipped.
$skippedChecks = ['metadata', '.well-known', 'OperationDefinition'];
Expand Down
10 changes: 5 additions & 5 deletions src/RestControllers/FHIR/Operations/FhirOperationDefinitionRestController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
<?php


namespace OpenEMR\RestControllers\FHIR\Operations;


use OpenEMR\Common\Http\Psr17Factory;
use OpenEMR\Common\Http\StatusCode;
use OpenEMR\FHIR\R4\FHIRDomainResource\FHIROperationDefinition;
Expand Down Expand Up @@ -45,7 +43,8 @@ public function getAll($searchParams)
return $response;
}

public function getOne($operationId) {
public function getOne($operationId)
{
$processingResult = new ProcessingResult();
$statusCode = 200;
if ($operationId == '$bulkdata-status') {
Expand All @@ -64,7 +63,8 @@ private function createResponseForCode($statusCode)
return $response->withAddedHeader('Content-Type', 'application/json');
}

private function getBulkDataStatusDefinition() {
private function getBulkDataStatusDefinition()
{
$opDef = new FHIROperationDefinition();
$opDef->setName('$bulkdata-status');
$opDef->setStatus("active");
Expand All @@ -84,4 +84,4 @@ private function getBulkDataStatusDefinition() {
$opDef->addParameter($opDefParameter);
return $opDef;
}
}
}
5 changes: 3 additions & 2 deletions src/RestControllers/RestControllerHelper.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@ public function addOperations($resource, $items, FHIRCapabilityStatementResource
$fhirOperation->setDefinition(new FHIRCanonical('http://hl7.org/fhir/uv/bulkdata/OperationDefinition/' . $operationName));
$capResource->addOperation($fhirOperation);
} else if ($operation === '$bulkdata-status') {
$fhirOperation= new FHIRCapabilityStatementOperation();
$fhirOperation = new FHIRCapabilityStatementOperation();
$fhirOperation->setName($operation);
$capResource->addOperation($fhirOperation);
// TODO: @adunsulag we should document in our capability statement how to use the bulkdata-status operation
Expand Down Expand Up @@ -387,7 +387,8 @@ public function getCapabilityRESTObject($routes, $serviceClassNameSpace = self::
* @param string $resource
* @return string
*/
private static function getResourceTypeForResource(string $resource) {
private static function getResourceTypeForResource(string $resource)
{
$firstChar = $resource[0] ?? '';
if ($firstChar == '$') {
return 'OperationDefinition';
Expand Down
3 changes: 2 additions & 1 deletion src/Services/PatientService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -605,7 +605,8 @@ public function getUuid($pid)
return self::getUuidById($pid, self::TABLE_NAME, 'pid');
}

public function getPidByUuid($uuid) {
public function getPidByUuid($uuid)
{
return self::getIdByUuid($uuid, self::TABLE_NAME, 'pid');
}

Expand Down
2 changes: 1 addition & 1 deletion tests/Tests/Unit/Common/Http/HttpRestParsedRouteTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public function testGetResourceWithDocumentBinaryFormat()
$definition = 'GET /fhir/Binary/:id';

$parsedRoute = new HttpRestParsedRoute("GET", $request, $definition);
$this->assertEquals("Document", $parsedRoute->getResource());
$this->assertEquals("Binary", $parsedRoute->getResource());
}

public function testIsOperation()
Expand Down