Difference between revisions of "The Notes API"

From OpenEMR Project Wiki
(start documenting ACL checks required.)
(check squads.)
Line 1: Line 1:
= Using the Notes API =
= Using the Notes API =
== Including Notes Functionality ==
The Notes API is available in OpenEMR by including the following line in your code:
The Notes API is available in OpenEMR by including the following line in your code:


Line 6: Line 8:
Thos loads up all of the functions for dealing with notes.
Thos loads up all of the functions for dealing with notes.


Once that is done, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. the 'patients/notes' ACO should be checked in the following situations:
== Access Controls ==
 
=== Patient Notes ===
Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations:
{| class="wikitable" border="1" cellpadding="1"
{| class="wikitable" border="1" cellpadding="1"
|-
|-
Line 14: Line 19:
| (empty string)
| (empty string)
| Should be checked any time note contents are going to be displayed
| Should be checked any time note contents are going to be displayed
|-
| 'write','addonly'
| should be checked any time notes are going to be created, updated, or deleted
|}
|}


Once pnotes.inc is included, the following functions are available:
For information on checking an ACL, please refer to [[The OpenEMR API]].
 
=== Squads ===
After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question.
 
Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient:
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
  $thisauth = 0; /* current user is not authorized to see members of this squad */
 
== Functions Available ==
Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data:


== addPnote ==
=== addPnote ===
== deletePnote ==
=== deletePnote ===
== getPnoteById ==
=== getPnoteById ===
== getPnotesByUser ==
=== getPnotesByUser ===
== updatePnote ==
=== updatePnote ===
== updatePnoteMessageStatus ==
=== updatePnoteMessageStatus ===


= Dependencies =
= Dependencies =
The Notes API uses the database table 'pnotes' to store its data.
The Notes API uses the database table 'pnotes' to store its data.

Revision as of 09:55, 6 December 2012

Using the Notes API

Including Notes Functionality

The Notes API is available in OpenEMR by including the following line in your code:

require_once("$srcdir/pnotes.inc");

Thos loads up all of the functions for dealing with notes.

Access Controls

Patient Notes

Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations:

Permission Operation
(empty string) Should be checked any time note contents are going to be displayed
'write','addonly' should be checked any time notes are going to be created, updated, or deleted

For information on checking an ACL, please refer to The OpenEMR API.

Squads

After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question.

Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient:

$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
 $thisauth = 0; /* current user is not authorized to see members of this squad */

Functions Available

Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data:

addPnote

deletePnote

getPnoteById

getPnotesByUser

updatePnote

updatePnoteMessageStatus

Dependencies

The Notes API uses the database table 'pnotes' to store its data.