We're updating the issue view to help you get more done. 

Add a "secure" PatientRepository component that checks access rights before performing an action

Description

Currently, the default PatientRepository implementation doesn't enforce any rights, as is the standard for java code, leaving the rights checking to the components that process client requests. Since both the velocity-facing script service and the REST service need to check these rights, it makes sense to move this aspect in a single place.

Environment

None

Status

Assignee

Sergiu Dumitriu

Reporter

Sergiu Dumitriu

Labels

None

External issue ID

None

External issue ID

None

Components

Fix versions

Priority

Major