Difference between revisions of "The Notes API"
(start documenting ACL checks required.) |
(check squads.) |
||
| Line 1: | Line 1: | ||
= Using the Notes API = | = Using the Notes API = | ||
== Including Notes Functionality == | |||
The Notes API is available in OpenEMR by including the following line in your code: | The Notes API is available in OpenEMR by including the following line in your code: | ||
| Line 6: | Line 8: | ||
Thos loads up all of the functions for dealing with notes. | Thos loads up all of the functions for dealing with notes. | ||
Once | == Access Controls == | ||
=== Patient Notes === | |||
Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations: | |||
{| class="wikitable" border="1" cellpadding="1" | {| class="wikitable" border="1" cellpadding="1" | ||
|- | |- | ||
| Line 14: | Line 19: | ||
| (empty string) | | (empty string) | ||
| Should be checked any time note contents are going to be displayed | | Should be checked any time note contents are going to be displayed | ||
|- | |||
| 'write','addonly' | |||
| should be checked any time notes are going to be created, updated, or deleted | |||
|} | |} | ||
Once pnotes.inc is included, the following functions | For information on checking an ACL, please refer to [[The OpenEMR API]]. | ||
=== Squads === | |||
After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question. | |||
Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient: | |||
$tmp = getPatientData($pid, "squad"); | |||
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) | |||
$thisauth = 0; /* current user is not authorized to see members of this squad */ | |||
== Functions Available == | |||
Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data: | |||
== addPnote == | === addPnote === | ||
== deletePnote == | === deletePnote === | ||
== getPnoteById == | === getPnoteById === | ||
== getPnotesByUser == | === getPnotesByUser === | ||
== updatePnote == | === updatePnote === | ||
== updatePnoteMessageStatus == | === updatePnoteMessageStatus === | ||
= Dependencies = | = Dependencies = | ||
The Notes API uses the database table 'pnotes' to store its data. | The Notes API uses the database table 'pnotes' to store its data. | ||
Revision as of 09:55, 6 December 2012
Using the Notes API
Including Notes Functionality
The Notes API is available in OpenEMR by including the following line in your code:
require_once("$srcdir/pnotes.inc");
Thos loads up all of the functions for dealing with notes.
Access Controls
Patient Notes
Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations:
| Permission | Operation |
|---|---|
| (empty string) | Should be checked any time note contents are going to be displayed |
| 'write','addonly' | should be checked any time notes are going to be created, updated, or deleted |
For information on checking an ACL, please refer to The OpenEMR API.
Squads
After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question.
Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient:
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
$thisauth = 0; /* current user is not authorized to see members of this squad */
Functions Available
Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data:
addPnote
deletePnote
getPnoteById
getPnotesByUser
updatePnote
updatePnoteMessageStatus
Dependencies
The Notes API uses the database table 'pnotes' to store its data.
