Difference between revisions of "The Notes API"

From OpenEMR Project Wiki
(start documenting ACL checks required.)
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Using the Notes API =
= Using the Notes API =
The Notes API is a series of functions for handling notes, attached to patient files.
== Including Notes Functionality ==
The Notes API is available in OpenEMR by including the following line in your code:
The Notes API is available in OpenEMR by including the following line in your code:


  require_once("$srcdir/pnotes.inc");
  require_once($GLOBALS['srcdir'].'/pnotes.inc');
 
This loads up all of the functions for dealing with notes.


Thos loads up all of the functions for dealing with notes.
== Access Controls ==


Once that is done, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. the 'patients/notes' ACO should be checked in the following situations:
=== Patient Notes ===
Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations:
{| class="wikitable" border="1" cellpadding="1"
{| class="wikitable" border="1" cellpadding="1"
|-
|-
Line 14: Line 21:
| (empty string)
| (empty string)
| Should be checked any time note contents are going to be displayed
| Should be checked any time note contents are going to be displayed
|-
| 'write','addonly'
| should be checked any time notes are going to be created, updated, or deleted
|}
|}


Once pnotes.inc is included, the following functions are available:
For information on checking an ACL, please refer to [[The OpenEMR API]].
 
=== Squads ===
After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question.
 
Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient:
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
  $thisauth = 0; /* current user is not authorized to see members of this squad */
 
== Functions Available ==
Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data:
 
=== addPnote ===
returns: the ID of the newly added note.
 
=== deletePnote ===
=== disappearPnote ===
=== getPnoteById ===
=== getPnotesByDate ===
=== getPnotesByUser ===
Get the patient notes for the given user.
 
This function is used to retrieve notes assigned to the given user, or optionally notes assigned to any user. It can return notes that have been marked deleted/completed, notes that have not yet been deleted/completed, or all notes. It supports limits and ofsetting of results, to enable selectively pulling a long result set as a series of results.
 
==== Arguments ====
 
==== Return value ====


== addPnote ==
=== getSentPnotesByDate ===
== deletePnote ==
=== reappearPnote ===
== getPnoteById ==
=== updatePnote ===
== getPnotesByUser ==
=== updatePnoteMessageStatus ===
== updatePnote ==
== updatePnoteMessageStatus ==


= Dependencies =
= Dependencies =
The Notes API uses the database table 'pnotes' to store its data.
The Notes API uses the database table 'pnotes' to store its data.

Latest revision as of 10:43, 13 December 2012

Using the Notes API

The Notes API is a series of functions for handling notes, attached to patient files.

Including Notes Functionality

The Notes API is available in OpenEMR by including the following line in your code:

require_once($GLOBALS['srcdir'].'/pnotes.inc');

This loads up all of the functions for dealing with notes.

Access Controls

Patient Notes

Once notes functionality has been included, it is important to use the appropriate ACL checks to ensure that users who are viewing/updating/deleting notes are authorized to do so. The 'patients/notes' ACO should be checked in the following situations:

Permission Operation
(empty string) Should be checked any time note contents are going to be displayed
'write','addonly' should be checked any time notes are going to be created, updated, or deleted

For information on checking an ACL, please refer to The OpenEMR API.

Squads

After the appropriate access to the notes have been established, it is important to also check if the patient is a member of any 'squad', and check to see if the user has permissions to the squad in question.

Squads are checked with the same ACL system used previously. for example, assuming pid is the ID of the current patient:

$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
 $thisauth = 0; /* current user is not authorized to see members of this squad */

Functions Available

Once pnotes.inc is included and you are satisfied the proper ACL checks have been performed, the following functions should be used to manipulate note data:

addPnote

returns: the ID of the newly added note.

deletePnote

disappearPnote

getPnoteById

getPnotesByDate

getPnotesByUser

Get the patient notes for the given user.

This function is used to retrieve notes assigned to the given user, or optionally notes assigned to any user. It can return notes that have been marked deleted/completed, notes that have not yet been deleted/completed, or all notes. It supports limits and ofsetting of results, to enable selectively pulling a long result set as a series of results.

Arguments

Return value

getSentPnotesByDate

reappearPnote

updatePnote

updatePnoteMessageStatus

Dependencies

The Notes API uses the database table 'pnotes' to store its data.