Skip to content

O3-4616: Add permission check for placing retrospective orders on behalf of another provider#5729

Open
akash8843 wants to merge 2 commits intoopenmrs:masterfrom
akash8843:O3-4616-rde-permissions
Open

O3-4616: Add permission check for placing retrospective orders on behalf of another provider#5729
akash8843 wants to merge 2 commits intoopenmrs:masterfrom
akash8843:O3-4616-rde-permissions

Conversation

@akash8843
Copy link

@akash8843 akash8843 commented Jan 31, 2026

Description

While working on RDE-related order flows, I noticed that during retrospective order creation, there is currently no explicit permission check when an order is placed on behalf of another provider.

This PR adds a small but important authorization check to handle that case more safely.

What this PR changes

  • Introduces a new privilege: PLACE_ORDERS_ON_BEHALF
  • Adds a backend check in OrderServiceImpl during retrospective order saving
  • If the authenticated provider is different from the orderer, the user must have this privilege
  • An APIException is thrown if the privilege is missing

The existing behavior remains unchanged for normal (non-retrospective) order flows.

Why this is needed

In real-world RDE workflows, retrospective data entry is often done by data entry staff, not clinicians.
Without an explicit privilege check, any authenticated user could place orders on behalf of another provider, which does not feel safe or intentional.

This change makes that behavior explicit and configurable through roles and privileges.

Issue

Notes

This PR focuses only on backend enforcement. A follow-up frontend PR can handle hiding or disabling RDE-related UI elements based on the same privilege.

@emphor11
Copy link

emphor11 commented Feb 8, 2026

@akash8843
I noticed the addition of isServletContextModifiable() and the conditional around WebDaemon.startOpenmrs. This appears to affect general webapp startup behavior and doesn’t seem directly related to the RDE permission changes in O3-4616. Could you clarify the motivation for this change or whether it should be handled in a separate PR?

suubi-joshua
suubi-joshua reviewed Feb 10, 2026
View reviewed changes
@suubi-joshua
Copy link
Contributor

suubi-joshua commented Feb 10, 2026

Could you also add test coverage for the changes you have made.

@akash8843 akash8843 force-pushed the O3-4616-rde-permissions branch from 9836d4f to 14096b9 Compare February 11, 2026 05:05
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 11, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@akash8843
Copy link
Author

akash8843 commented Feb 11, 2026

@emphor11 , @suubi-joshua Thanks for the review.

The backend permission enforcement for placing retrospective orders on behalf of another provider has been completed.

This PR includes:

  • Privilege check implementation in OrderServiceImpl
  • New PLACE_ORDERS_ON_BEHALF constant in PrivilegeConstants
  • Unit test coverage in OrderServiceTest

All tests are passing locally.

Please let me know if any further refinements are needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@suubi-joshua suubi-joshua suubi-joshua left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akash8843 @emphor11 @suubi-joshua

Comments