The REDCap OnCore Client needs to verify that users attempting to access the enrollment data for a study are listed as study staff on that study. Study staff data can be provided by the OnCore API via the GetProtocolStaff method. Staff needs to be looked up via UFID. Study staff data should be cached like any other data fetched form OnCore. Managing queries of a user's UFID requires that we store that attribute as an extension of the REDCap user information.
To achieve these goals, I recommend these functions be implemented:
Add a new entity named user_attributes with redcap_entity. This entity needs 2 attributes: username, staff_id
For each user that opens the Pull OnCore Subjects page, test for a server environment variable named HTTP_GLID. If it exists, store/update it in the staff_id attribute with a username equal to the $REDCAP_USER.
Add a new entity named protocol_staff. The entity should have 3 attributes: protocol_id (or whatever we called this attribute in the protocols table), staff_id, and stop_date
Add an action to the existing actions that execute when the Refresh OnCore data button is pressed. The new action should use the getProtocolStaff OnCore API method to fetch the protocolStaff for this one protocol, store that data in the protocol_staff entity.
Modify the actions that present data on the Pull OnCore Subjects plugin page to check the authorization of the currently logged in user before presenting enrollment data. Only users whose staff_id is listed in the current protocol's protocol_staff table with a stop date in the future are authorized to see enrollment data.
Make sure the Refresh OnCore data button is visible and works at all times. This will allow people to refresh cached protocol staff data that might be blocking their access to the enrollment data.
Here's the workflow of a normal interaction with the new features that verify the logged in user is on staff:
pbchase
commented
5 years ago
The REDCap OnCore Client needs to verify that users attempting to access the enrollment data for a study are listed as study staff on that study. Study staff data can be provided by the OnCore API via the GetProtocolStaff method. Staff needs to be looked up via UFID. Study staff data should be cached like any other data fetched form OnCore. Managing queries of a user's UFID requires that we store that attribute as an extension of the REDCap user information.
To achieve these goals, I recommend these functions be implemented:
user_attributeswith redcap_entity. This entity needs 2 attributes:username,staff_idPull OnCore Subjectspage, test for a server environment variable namedHTTP_GLID. If it exists, store/update it in thestaff_idattribute with ausernameequal to the$REDCAP_USER.protocol_staff. The entity should have 3 attributes:protocol_id(or whatever we called this attribute in the protocols table),staff_id, andstop_dateRefresh OnCore databutton is pressed. The new action should use the getProtocolStaff OnCore API method to fetch the protocolStaff for this one protocol, store that data in theprotocol_staffentity.Pull OnCore Subjectsplugin page to check the authorization of the currently logged in user before presenting enrollment data. Only users whose staff_id is listed in the current protocol's protocol_staff table with a stop date in the future are authorized to see enrollment data.Refresh OnCore databutton is visible and works at all times. This will allow people to refresh cached protocol staff data that might be blocking their access to the enrollment data.Here's the workflow of a normal interaction with the new features that verify the logged in user is on staff: