Skip to content

Various improvements to enforcing permissions #585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ibacher wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Various improvements to enforcing permissions #585

ibacher wants to merge 2 commits into from

Conversation

@ibacher
Copy link
Member

@ibacher ibacher commented Dec 8, 2025

Description of what I changed

This PR adds:

  1. A better scheme for enforcing permissions for search for those endpoints that search more than one domain, allowing users to, e.g., search only encounters on the /Encounters endpoint if they don't have the ability to read Visits
  2. Adds a comprehensive set of per-resource privilege checks at least for resource reads.
  3. Fixes a couple of typos in the privileges required for conditions
  4. Adds an AuthorizationInterceptor so that APIAuthenicationExceptions are reported in a more user-friendly way

Issue I worked on

see https://issues.openmrs.org/browse/FM2-

Checklist: I completed these to help reviewers :)

  • My IDE is configured to follow the code style of this project.

    No? Unsure? -> configure your IDE, format the code and add the changes with git add . && git commit --amend

  • I have added tests to cover my changes. (If you refactored
    existing code that was well tested you do not have to add tests)

    No? -> write tests and add them to this commit git add . && git commit --amend

  • I ran mvn clean package right before creating this pull request and
    added all formatting changes to my commit.

    No? -> execute above command

  • All new and existing tests passed.

    No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.

  • My pull request is based on the latest changes of the master branch.

    No? Unsure? -> execute command git pull --rebase upstream master

@ibacher
Various improvements to enforcing permissions
3eb80ab 
This commit largely adds:

1. A better scheme for enforcing permissions for search for those endpoints
   that search more than one domain, allowing users to, e.g., search only
   encounters on the /Encounters endpoint if they don't have the ability
   to read Visits
2. Adds a comprehensive set of per-resource privilege checks at least for
   resource reads.
3. Fixes a couple of typos in the privileges required for conditions
4. Adds an AuthorizationInterceptor so that APIAuthenicationExceptions
   are reported in a more user-friendly way
@ibacher
Merge remote-tracking branch 'origin/master' into fix-permission-checks
6a9da42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ibacher