OpenSRP Web FHIR Info Gateway Plugin

[ageryck]

Make additional changes to the gateway plugins to facilitate web login, currently, the web authenticates via keycloak and queries HAPI directly. The proposed changes should allow all requests coming from web clients to be channeled via the gateway. The changes include;

• [x] Test permission checker's ability to handle requests from web clients, same implementation to work for both Android & Web clients.
  • [x] #50
• [ ] Implement a new sync strategy in the Data Access Checker to handle requests from web clients.
  • [ ] Sync by Location
  • [ ] Sync by Role
  • [ ] Sync by Permissions
• [ ] Test PractitionerDetails endpoint for web users

[ageryck]

Implementing Data Access Checker The following resources are expected to be requested by web clients;

• Practitioner
• PractitionerRole
• Organization
• CareTeam
• Location
• Group(Commodities)
• Patient and related resources

Data filter for web clients will be based on three factors;

1. User Role
2. Assigned Permissions for Role
3. User Assignment - this is new, we intend to assign users to locations/jurisdictions to manage on the web whenever such users belong to an Admin/SuperAdmin roles

The goal is to only allow data back to the web for resources the users have permission to act on (CRUD), the granular regulation on how the user will act on this data is implemented in web RBAC

[ageryck]

The first part of this ticket is to test web client login via gateway without the Data Access Filter Implementation, this will mimic the current authentication via keycloak that all requests return all data in HAPI without any additional filters.

[dubdabasoduba]

@ageryck @lincmba @ndegwamartin Here is my general idea of how we can approach this

Core functionalities

• Implement a plugin to augment OpenSRP web's capabilities by enabling comprehensive CRUD operations via the FHIR Information Gateway.

Plugin Development Specifications:

• Incorporate Access Checker functionality within the plugin to validate the authorization token utilized in incoming requests.
• Integrate Permission Checker capability to ascertain whether the user initiating the request has adequate privileges for the requested action.
• Leverage existing Permission Checker to fulfill the requirements outlined above.

Extension of the Plugin to Implement Data Filtering for OpenSRP web:

• Extend the SyncAccessDecision to include data filtering functionalities tailored for OpenSRP web.
  • Discussions with the rest of the stakeholders such as Project Managers, Service Delivery, and Product Owners to define the filtering criteria scope are required
• The current use case requires filtering data based on the assigned location of the user.

---

Deliverable 1

1. Test out point OpenSRP web to the gateway and see what happens.
2. Update the Access and Permission checker where necessary.
3. Complete this ticket https://github.com/opensrp/fhircore/issues/2850

Deliverable 2

1. Adding the Data filtering functionality

[ageryck]

Data filtering for web clients has been shelved for the current scope to be implemented later.