Date
15 October 2009
In Attendance
- Mike Seaton
- Ben Wolfe
- Darius Jazayeri
- Justin Miranda
- Paul Biondich
- Burke Mamlin
- Win Ribeka
- Michael Downey
Agenda
- Discuss module authentication (how does it work? how should it work?) – see discussion on dev list
- Module startup and service startup are really system functions, and should be invoked with Admin privileges.
- By design, modules can do anything they want to by assigning proxy privileges. Given that, we should have a simple mechanism to bypass privilege checks, like: Context.runWithAdministratorPrivileges(Runnable);
- Should user sessions timeout be default? (dev list thread)
- Review branches to see what needs pruned.
- Discretely define what determines that something becomes part of core OpenMRS.
- Puntable Agenda Refactor the program and workflow to person from patient.
Preperatory Data about Branches
Active Lists |
Upul |
last touched 2 months ago |
5 commits |
cohort-definition-refactoring |
mseaton |
last touched 6 months |
8 commits |
data-synchronization-admin-ui |
nzeyi |
2 months |
30 commits (should be merged into sync module) |
data_synchronization_bidirectional |
maros |
3 weeks |
many commits (being moved to sync module) |
dataset |
jmiranda for grekier |
2 years |
(no commits to branch after creation) |
dataset-definition-refactoring |
jmiranda |
5 months |
(4 commits) |
form-refactoring |
djazayeri for jmanico - |
1 year |
~20 commits |
global-property-types |
dthomas for konnikov |
2 months |
~50 commits |
hl7-nk1 |
bmckown |
2 months |
1 commit |
indicator |
mseaton |
6 months |
1 commit |
logic-cache |
tmdugan for frosemond |
3 months |
15 commits |
logicathon |
bwolfe |
1 year |
~50 commits |
reporting |
jmiranda + pboucher |
2 years ago |
4 commits |
reporting-sprint |
mseaton, jmiranda |
7 months ago |
~30 commits |
scheduler |
jmiranda |
2 years ago |
5 commits |
serialization |
bwolfe for luzhuangwei |
3 months |
50 commits, partially merged to trunk? |
structured-numeric |
bwolfe (djazayeri?) for vdgreat |
1 year |
3 commits |
testathon |
jmiranda for group |
4 months |
~40 commits |
visualization |
sdamarju, hrodrigues |
2 years |
40 commits |
Minutes
- Current state of modules
- Module gets privileges of user who started it when started from admin page. When starting OpenMRS, modules get no privileges
- On startup, OpenMRS loads each module (puts the module in memory), starts each module that is supposed to be running (calls the activator's onStartup method), then Spring is restarted
- If module activator throws an exception, then the module is considered not started and the message shows on the module management page as an error
- Proposed changes
- Modules need to be called as system is starting (similar to current onStartup method)
- Need a notification after all contexts are initiated (Spring has restarted) (#1712)
- Need a context will restart and context restarting
- Need a notification that module is being shutdown
- Need a notification that a module has been shutdown
- method names: willStart, started, willRefreshContext, contextRefreshed, willStop, stopped
- Framework should make methods thread-safe
- Notification methods should be invoked as super user
- We add a daemon user that will be used to notify modules, could replace scheduler, and cannot authenticate to API
To Do
-
- Need to e-mail devsec list about idea to add daemon user to all OpenMRS implementations with reserved UUID
- Shouldn't this go out to a broader audience? I'd vote for dev instead of devsec -Paul
- Would like to move away from assuming id == 1 for core data and use reserved UUIDs
- Need a ticket for refactoring module notification methods
- Need to e-mail devsec list about idea to add daemon user to all OpenMRS implementations with reserved UUID
We talked about how to handle proxy privileges. Ideally, privileges could only be added (proxy'd) by someone who has those privileges.
-
- Could do this with signed modules, where module author is proxying as super user
- Could require admin to "grant" privileges to a module when loaded
- Proxy privilege method in API would need:
- to persist which privileges have been allowed for which modules and
- to know which module had invoked the method to ensure the module has been granted those privileges
- There is a Thread.currentThread().getStackTrace() that could be used to find out who called a method
Should user sessions timeout be default? (dev list thread)
- We agree that API should have a default timeout for user authentication
- This could be done by checking time since last hasPrivilege() call during each hasPrivilege() call. If too much time has passed, then invalidate user context otherwise reset the timeout at hasPrivilege() call
- Admin interface should have a way to alter specific user timeouts, even increasing to infinity if necessary
Pruning branches
Keep |
Active Lists |
Upul |
last touched 2 months ago |
5 commits |
Prune |
cohort-definition-refactoring |
mseaton |
last touched 6 months |
8 commits |
Keep |
data-synchronization-admin-ui |
nzeyi |
2 months |
30 commits (should be merged into sync module) |
Keep |
data_synchronization_bidirectional |
maros |
3 weeks |
many commits (being moved to sync module) |
Prune |
dataset |
jmiranda for grekier |
2 years |
(no commits to branch after creation) |
Prune |
dataset-definition-refactoring |
jmiranda |
5 months |
(4 commits) |
Prune |
form-refactoring |
djazayeri for jmanico - |
1 year |
~20 commits |
Keep (check w/ Dave) |
global-property-types |
dthomas for konnikov |
2 months |
~50 commits |
Keep |
hl7-nk1 |
bmckown |
2 months |
1 commit |
Prune |
indicator |
mseaton |
6 months |
1 commit |
Prune after checking w/ Tammy/Win |
logic-cache |
tmdugan for frosemond |
3 months |
15 commits |
On deck for Prune |
logicathon |
bwolfe |
1 year |
~50 commits |
Prune |
reporting |
jmiranda + pboucher |
2 years ago |
4 commits |
Prune |
reporting-sprint |
mseaton, jmiranda |
7 months ago |
~30 commits |
Prune |
scheduler |
jmiranda |
2 years ago |
5 commits |
Prune after checking with Ben |
serialization |
bwolfe for luzhuangwei |
3 months |
50 commits, partially merged to trunk? |
Keep |
structured-numeric |
bwolfe (djazayeri?) for vdgreat |
1 year |
3 commits |
Keep |
testathon |
jmiranda for group |
4 months |
~40 commits |
Prune after checking with Paul/Ben |
visualization |
sdamarju, hrodrigues |
2 years |
40 commits |
Branches To Dos
- Win will check into logic-cache branch
- Ben will f/u on serialization and visualization branches
Punted
- Discretely define what determines that something becomes part of core OpenMRS.
- Puntable Agenda Refactor the program and workflow to person from patient.
We will schedule weekly slots for code review and design time
- Tentative is code review on Monday morning, design on Wednesday mornings
- Will finalize times on dev list
- We should send a note to dev list if we are going 2 or more weeks without scheduled code review and/or design time (with 2+ people for each). Ben will cover this for now, but it will eventually be part of the job for a QA person