Skip to first unread message
Devin
Nov 16, 2014, 6:43:42 AM11/16/14
to implem...@openmrs.org
Hey everyone,
Any time I sink my teeth into a new project especially one as complex as openmrs I like to whip up a chat app as a slightly more involved "hello world".
In this case I wanted to whip out a module that would add a chat room for clinicians & other logged in users, while disallowing guests.
To build it I need to know some things.
From within the context of a module what is the correct way of accessing the current session or better yet the user object?
How can I tell what role(s) the currently logged in user has?
Furthermore, how can I get a list of everyone who is logged in at the moment?
The final piece of the puzzle may be a bit more complex and possibly outside the scope of a module so I'm seeking advice...
I would like the chat widget to be present on every page once the user is logged in.
I have a feeling that this will require a change to the header.jsp file or whatever it is in core that serves up the header.
This means I'm going to need to download openmrs-core, recompile it with the changes and modify the reference app???
Am I correct, or is there a better way?
I am sure many of these questions could be answered in the API docs, but I'm struggling to find anything current on these subjects.
Perhaps I'm looking in the wrong place? http://en.flossmanuals.net/openmrs-developers-guide/hello-world-module/
Are there actual docs showing what's exposed to the module api somewhere?
Final question...
Is there any appetite to add this module to the community modules?
Thanks!
Any time I sink my teeth into a new project especially one as complex as openmrs I like to whip up a chat app as a slightly more involved "hello world".
In this case I wanted to whip out a module that would add a chat room for clinicians & other logged in users, while disallowing guests.
To build it I need to know some things.
From within the context of a module what is the correct way of accessing the current session or better yet the user object?
How can I tell what role(s) the currently logged in user has?
Furthermore, how can I get a list of everyone who is logged in at the moment?
The final piece of the puzzle may be a bit more complex and possibly outside the scope of a module so I'm seeking advice...
I would like the chat widget to be present on every page once the user is logged in.
I have a feeling that this will require a change to the header.jsp file or whatever it is in core that serves up the header.
This means I'm going to need to download openmrs-core, recompile it with the changes and modify the reference app???
Am I correct, or is there a better way?
I am sure many of these questions could be answered in the API docs, but I'm struggling to find anything current on these subjects.
Perhaps I'm looking in the wrong place? http://en.flossmanuals.net/openmrs-developers-guide/hello-world-module/
Are there actual docs showing what's exposed to the module api somewhere?
Final question...
Is there any appetite to add this module to the community modules?
Thanks!
Kaweesi Joseph
Nov 16, 2014, 7:04:40 AM11/16/14
to implem...@openmrs.org
Hi Devin, glad to hear that, please checkout the developer's guide from
You may also look into https://wiki.openmrs.org/display/docs/Developer+Guide to have a better overview of the platform
Probably to have a real feel of working with roles from a programmer's perspective you may look into how some already existing modules do it for example:
Consider also looking into https://wiki.openmrs.org/display/docs/Module+Privileges+and+Roles
Thanks and welcome :)
KAWEESI JOSEPH (k-joseph)
OpenMRS 1.11 Release ManagerWhat we most need now is NOT legal religion BUT true and genuine conversion through Christ our righteousness
--
OpenMRS Implementers: http://om.rs/implist
Post: implem...@openmrs.org | Unsubscribe: implementers...@openmrs.org
Manage your OpenMRS subscriptions at http://om.rs/id
Register today for our Maputo 2015 Implementers Meeting: http://om.rs/moz15
To unsubscribe from this group and stop receiving emails from it, send an email to implementers...@openmrs.org.
Devin
Nov 16, 2014, 8:31:14 AM11/16/14
to implem...@openmrs.org
Thanks for the links! That was very helpful.
It looks like to get a list of current users (which was one of my questions), I can simply call
org.openmrs.web.user.CurrentUsers,getCurrentUserNames
http://resources.openmrs.org/doc/org/openmrs/web/user/CurrentUsers.html
When we send a message it will likely be in the form of a JSON object tagged with the sender & recipient, I can probably map that to names, but since names may change, it might be better to have a mapping of user ids.
So now I need to determine how to look up a user's id or possibly the entire user object and just grab the id from a method, all of which needs to be based on the name obtained from CurrentUsers.getCurrentUserNames
I can see that regardless of how I get the info, the individual user looking at the webpage is going to be an instance of http://resources.openmrs.org/doc/org/openmrs/User.html
With this I can see that it looks like roles are obtained from either...
org.openmrs.User.getAllRoles() or hasRole(rolename) it also looks like there is a privileges attribute that I've never noticed before.
Maybe it would be a good idea to add a privilege to indicate the user can participate in chat, so instead of using roles we would just use the privilege instead and then add the privilege to the authenticated user role.
In that context, perhaps roles should be utilized for individual "chat rooms", I could see it being useful to get info from other sites...
"Hey other receptionists, does anyone know how I'm supposed to deal with ...?"
Now if I can just sort out how I'm supposed to get the currently logged in user object, I should have everything almost I need to make this happen, except...
One other thing that I had not thought of before, is that this simple module would likely impose a SarbOx load on any organization in the USA that would be using it, in addition to HIPAA.
These messages would probably be something that SarbOx mandates data retention for and because it's very likely that patient information will be traversing this medium, HIPAA is going to want things encrypted and restricted.
It might be a good idea to sign each message with a timestamp and a signature
It would also be a good idea to store the message encrypted with an AES key that is tied to the user roles.
Private messaging (as opposed to group chat) could be implemented by using a public/private key pair, so only the user the message is intended for could decrypt it.
As it turns out, I don't actually see anything related to encryption anywhere in the API yet.
I'll keep digging, but would really like any pointers.
Thanks again!
It looks like to get a list of current users (which was one of my questions), I can simply call
org.openmrs.web.user.CurrentUsers,getCurrentUserNames
http://resources.openmrs.org/doc/org/openmrs/web/user/CurrentUsers.html
When we send a message it will likely be in the form of a JSON object tagged with the sender & recipient, I can probably map that to names, but since names may change, it might be better to have a mapping of user ids.
So now I need to determine how to look up a user's id or possibly the entire user object and just grab the id from a method, all of which needs to be based on the name obtained from CurrentUsers.getCurrentUserNames
I can see that regardless of how I get the info, the individual user looking at the webpage is going to be an instance of http://resources.openmrs.org/doc/org/openmrs/User.html
With this I can see that it looks like roles are obtained from either...
org.openmrs.User.getAllRoles() or hasRole(rolename) it also looks like there is a privileges attribute that I've never noticed before.
Maybe it would be a good idea to add a privilege to indicate the user can participate in chat, so instead of using roles we would just use the privilege instead and then add the privilege to the authenticated user role.
In that context, perhaps roles should be utilized for individual "chat rooms", I could see it being useful to get info from other sites...
"Hey other receptionists, does anyone know how I'm supposed to deal with ...?"
Now if I can just sort out how I'm supposed to get the currently logged in user object, I should have everything almost I need to make this happen, except...
One other thing that I had not thought of before, is that this simple module would likely impose a SarbOx load on any organization in the USA that would be using it, in addition to HIPAA.
These messages would probably be something that SarbOx mandates data retention for and because it's very likely that patient information will be traversing this medium, HIPAA is going to want things encrypted and restricted.
It might be a good idea to sign each message with a timestamp and a signature
It would also be a good idea to store the message encrypted with an AES key that is tied to the user roles.
Private messaging (as opposed to group chat) could be implemented by using a public/private key pair, so only the user the message is intended for could decrypt it.
As it turns out, I don't actually see anything related to encryption anywhere in the API yet.
I'll keep digging, but would really like any pointers.
Thanks again!
Darius Jazayeri
Nov 17, 2014, 5:50:15 PM11/17/14
to implementers
Hi Devin,
There's quite a lot in here to digest on a Monday. :-) I'd very briefly say:
1. You should decide whether you want to be developing for OpenMRS 2.x or the legacy web application, because the web development style is very different.
2. I would personally want to try the Minimum Viable Product approach to a feature (called Floss by some OpenMRS people), and I would think that AES encryption is far beyond a version 1. (Is there really a point is using stronger encryption on inter-user messages than there is on the patient record itself?) Once you have something working, people can more clearly think about whether that thing should be picked up for community support.
3. This is actually the wrong mailing list for this thread. You actually want the d...@openmrs.org mailing list for questions/discussions about development. See https://wiki.openmrs.org/x/lwLn for all the lists.
-Darius
Devin
Nov 18, 2014, 4:37:42 AM11/18/14
to implem...@openmrs.org
Thanks for the heads up.
I was unaware that this was a mailing list. From my perspective it looks like a group in google groups, i.e. a usenet group.
Doing a search doesn't show any other groups for openmrs except this one.
I'll try in the linked list.
Also development for 2.x is clearly where I need to be with this. However there isn't a whole lot of information I've been able to track down which explains the 2.x style.
I was unaware that this was a mailing list. From my perspective it looks like a group in google groups, i.e. a usenet group.
Doing a search doesn't show any other groups for openmrs except this one.
I'll try in the linked list.
Also development for 2.x is clearly where I need to be with this. However there isn't a whole lot of information I've been able to track down which explains the 2.x style.
Daniel Kayiwa
Nov 18, 2014, 4:41:33 AM11/18/14
to implem...@openmrs.org
Devin,
Am sending this from here just in case you are not yet on the dev list. :)- Epic - Reference Application
- Reference Application
- App Framework Developer Documentation
- App Framework Step by Step Tutorial
- Setting Up a Development Environment for OpenMRS 2.x
- Reference Application Implementation Dev FAQs
- Using the UI Framework in Your Module
- UI Framework
If we keep uppermost in our minds the unkind and unjust acts of others, we shall find it impossible to love them as Christ has loved us; but if our thoughts dwell upon the wondrous love and pity of Christ for us, the same spirit will flow out to others.
Devin
Nov 18, 2014, 4:59:45 AM11/18/14
to implem...@openmrs.org
Also, this is just my observation, but I feel that the floss approach is a cute but very dangerous story.
Introducing critical features such as encryption and security at a later stage inevitably causes a huge mess.
Enumerating all essential requirements as design criteria up front, to the greatest extent possible, ensures that the product will based on a much more solid footing and require far less rework later on.
It will probably be debated until the sun burns out, but my experience has lead me to the conclusion that when going for anything not intended to be a simple toy, the first question to answer is how can this break/fail.
You don't lay down a single line of code until you can answer that question and have addressed the vulnerabilities.
Clem's approach is exactly the reason that huge security vulnerabilities creep into otherwise solid products.
In the given example, Clem has people walking across a paper mache bridge secured to the other side with dental floss. Next they are driving across it.
My guess is that either clem has some seriously nasty teeth and dental floss is actually made of inch thick steel cable,
or he rebuilt his bridge several dozen times by now, in which case the Ship of Theseus principle kicks in.
Another way to spin the Clem story is that "There are never enough resources to do things the right way the first time, but sometimes there are enough resources to do them over."
Just my thoughts :)
Introducing critical features such as encryption and security at a later stage inevitably causes a huge mess.
Enumerating all essential requirements as design criteria up front, to the greatest extent possible, ensures that the product will based on a much more solid footing and require far less rework later on.
It will probably be debated until the sun burns out, but my experience has lead me to the conclusion that when going for anything not intended to be a simple toy, the first question to answer is how can this break/fail.
You don't lay down a single line of code until you can answer that question and have addressed the vulnerabilities.
Clem's approach is exactly the reason that huge security vulnerabilities creep into otherwise solid products.
In the given example, Clem has people walking across a paper mache bridge secured to the other side with dental floss. Next they are driving across it.
My guess is that either clem has some seriously nasty teeth and dental floss is actually made of inch thick steel cable,
or he rebuilt his bridge several dozen times by now, in which case the Ship of Theseus principle kicks in.
Another way to spin the Clem story is that "There are never enough resources to do things the right way the first time, but sometimes there are enough resources to do them over."
Just my thoughts :)
Devin
Nov 18, 2014, 5:11:22 AM11/18/14
to implem...@openmrs.org
Thank you, this is perfect!
Reply all
Reply to author
Forward
0 new messages