Difference between revisions of "The Notes API"
(check squads.) |
|||
Line 38: | Line 38: | ||
=== addPnote === | === addPnote === | ||
returns: the ID of the newly added note. | |||
=== deletePnote === | === deletePnote === | ||
=== getPnoteById === | === getPnoteById === |
Revision as of 10:23, 6 December 2012
Using the Notes API
Including Notes Functionality
The Notes API is available in OpenEMR by including the following line in your code:
require_once("$srcdir/pnotes.inc");
Thos loads up all of the functions for dealing with notes.
Access Controls
Patient Notes
Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations:
Permission | Operation |
---|---|
(empty string) | Should be checked any time note contents are going to be displayed |
'write','addonly' | should be checked any time notes are going to be created, updated, or deleted |
For information on checking an ACL, please refer to The OpenEMR API.
Squads
After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question.
Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient:
$tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) $thisauth = 0; /* current user is not authorized to see members of this squad */
Functions Available
Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data:
addPnote
returns: the ID of the newly added note.
deletePnote
getPnoteById
getPnotesByUser
updatePnote
updatePnoteMessageStatus
Dependencies
The Notes API uses the database table 'pnotes' to store its data.