search

medic / cht-core

The CHT Core Framework makes it faster to build responsive, offline-first digital health apps that equip health workers to provide better care in their communities. It is a central resource of the Community Health Toolkit.
https://communityhealthtoolkit.org
GNU Affero General Public License v3.0
468 stars 217 forks source link

Update docs on phone when replication permissions change #6544

Open garethbowen opened 4 years ago

garethbowen commented 4 years ago

Overview

Currently replication permissions are based on a user's facility_id. This is a single UUID that references a place in the hierarchy. The user is permitted to access all people and places underneath that place. The user also has access to all reports about the people and places they can access.

There are a few caveats to this, including

Problem

Patients move to another geographical area and it's difficult to move them in the system because we record the entire hierarchy in contacts and reports. This changes which users can access the docs, but we have no mechanism for replicating the new docs to the phone, nor removing the old docs from the phone. The workaround is to wipe the users device and replicate from scratch.

Proposal

To make it easier to keep the users device up to date we need to find a way to refresh the db contents when their permissions, depth, or assigned contacts change.

When access to a doc has been revoked we would invoke a custom purge to delete the doc from the device. This is a little challenging due to working out the delta of what docs should be purged, but we can reuse some of the replication code to work this out. When access to a doc has been added we need to let the device know to replicate the new docs.

To accomplish this create docs in the medic-user-{username}-meta db to indicate the changing permissions. When these are replicated prompt the user to refresh and kick off a bootstrap task to update the docs in their PouchDB. Once complete these docs can be purged/deleted so we know the update has been process on this device.

There's an outstanding question about what happens if a doc is purged, and then you're granted access again, as the above replication will conflict.

Discussion document Probably duplicate issues: https://github.com/medic/cht-core/issues/5701 and https://github.com/medic/cht-core/issues/6458

michaelkohn commented 4 months ago

Let's say you have a hierarchy where you want to add a level above a CHW's area called Parish.

Current Hierarchy: District -> Health Facility -> CHW Area New Hierarchy: District -> Health Facility -> Parish -> CHW Area

Since this would essentially re-parent the CHW Area to be a Parish instead of Health Facility, and we...

record the entire hierarchy in contacts and reports

...I assume this means all contacts and reports on the CHW's device would need to be updated.

I know projects that make hierarchy changes often clear data from CHW's devices and sync afresh after the hierarchy changes are made, though perhaps it depends on the type of hierarchy changes that are being made. In the example above (adding the Parish), would they need to wipe their data and sync afresh? If so, will this feature make that not necessary or does this feature only handle updates to "permissions, depth, or assigned contacts" ?