Reminder: Create & find trunk-related issues here. Legacy Trac tickets are still available. Problems? Workflow feedback? Need a module project? Open a support ticket.

OpenMRS Trunk

Implement a way to evaluate blocks of code that are not allowed to change the database

Details

  • Type: Bug Bug
  • Status: Ready for Work Ready for Work
  • Priority: Should Should
  • Resolution: Unresolved
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: None
  • Description:
    Hide

    In the AdministrationService executeSQL method, you have the option of specifying that the query should be read-only, and will fail if it attempts an UPDATE. We need an equivalent mechanism for executing arbitrary Java code (possibly invoked via Groovy or Velocity scripts).

    After this ticket is completed, the Patient Flags module should be changed to only allow read-only groovy scripts.

    Show
    In the AdministrationService executeSQL method, you have the option of specifying that the query should be read-only, and will fail if it attempts an UPDATE. We need an equivalent mechanism for executing arbitrary Java code (possibly invoked via Groovy or Velocity scripts). After this ticket is completed, the Patient Flags module should be changed to only allow read-only groovy scripts.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Darius Jazayeri added a comment - 2009-12-02 23:19:52 EST

One way to do this might be to have some sort of global variable (thread local, I gues) that puts the Context in read-only mode. When that variable is set to read-only, then any @Authorized annotation that has a privilege that doesn't start with "View" should fail, even if the authenticated user would typically have the privilege.

Show
Darius Jazayeri added a comment - 2009-12-02 23:19:52 EST One way to do this might be to have some sort of global variable (thread local, I gues) that puts the Context in read-only mode. When that variable is set to read-only, then any @Authorized annotation that has a privilege that doesn't start with "View" should fail, even if the authenticated user would typically have the privilege.
Hide
Permalink
Michael Downey added a comment - 2010-07-08 15:28:48 EDT

Auto-advancing imported tickets to assessed status.

Show
Michael Downey added a comment - 2010-07-08 15:28:48 EDT Auto-advancing imported tickets to assessed status.

People

Dates

  • Created:
    2009-12-02 23:17:46 EST
    Updated:
    2010-07-08 15:30:59 EDT
Atlassian JIRA (v4.1.1#522) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for OpenMRS. Try JIRA - bug tracking software for your team.