Downloads Documentation Community
Contribute
Contribute Demo






Show Sidebar
Login | Register


Ticket #1951 (new task)

Opened 3 months ago

Last modified 3 months ago

Implement a way to evaluate blocks of code that are not allowed to change the database

Reported by: djazayeri Assigned to:
Priority: major Milestone:
Component: OpenMRS Code Base Keywords: groovy velocity script read only flags
Cc: Introductory Ticket: 0
Code Review Status:

Description

In the AdministrationService executeSQL method, you have the option of specifying that the query should be read-only, and will fail if it attempts an UPDATE. We need an equivalent mechanism for executing arbitrary Java code (possibly invoked via Groovy or Velocity scripts).

After this ticket is completed, the Patient Flags module should be changed to only allow read-only groovy scripts.

Change History

12/02/09 23:19:52 changed by djazayeri

One way to do this might be to have some sort of global variable (thread local, I gues) that puts the Context in read-only mode. When that variable is set to read-only, then any @Authorized annotation that has a privilege that doesn't start with "View" should fail, even if the authenticated user would typically have the privilege.