Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guard routes so client cannot access patients, Appointments outside of group #62

Open
kchapple opened this issue Oct 5, 2016 · 3 comments
Open

Guard routes so client cannot access patients, Appointments outside of group #62

kchapple opened this issue Oct 5, 2016 · 3 comments
Labels
bug

Comments

@kchapple
Copy link
Collaborator

kchapple commented Oct 5, 2016

No description provided.

@kchapple kchapple added the bug label Oct 5, 2016
@Leo24
Copy link
Contributor

Leo24 commented Oct 21, 2016

Do you mean to add check of patient group_id?
How interacts patients group_id with user emr_id?

@kchapple
Copy link
Collaborator Author

Yes @Leo24 . The patient group_id equals the pid for the master patient in the EHR database. Dependents have their own pid, and the group_id field is the pid of the master patient record. We need to disallow the user account from accessing patients outside their group, meaning that the patient must have the currently logged-in user's emr_id in the group_id field in order to access the Patient resource, or we should return an unauthorized response.

@Leo24
Copy link
Contributor

Leo24 commented Oct 24, 2016

#87 - Add check of patient group_id

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kchapple @Leo24