2009-10-15 Developers Conference Call
Date
15 October 2009
In Attendance
Mike Seaton
Ben Wolfe
Darius Jazayeri
Justin Miranda
Paul Biondich
Burke Mamlin
Win Ribeka
Michael Downey
Agenda
Discuss module authentication (how does it work? how should it work?) – see discussion on dev list
Module startup and service startup are really system functions, and should be invoked with Admin privileges.
By design, modules can do anything they want to by assigning proxy privileges. Given that, we should have a simple mechanism to bypass privilege checks, like: Context.runWithAdministratorPrivileges(Runnable);
Should user sessions timeout be default? (dev list thread)
Review branches to see what needs pruned.
Discretely define what determines that something becomes part of core OpenMRS.
Puntable Agenda Refactor the program and workflow to person from patient.
Preperatory Data about Branches
Active Lists | Upul | last touched 2 months ago | 5 commits |
cohort-definition-refactoring | mseaton | last touched 6 months | 8 commits |
data-synchronization-admin-ui | nzeyi | 2 months | 30 commits (should be merged into sync module) |
data_synchronization_bidirectional | maros | 3 weeks | many commits (being moved to sync module) |
dataset | jmiranda for grekier | 2 years | (no commits to branch after creation) |
dataset-definition-refactoring | jmiranda | 5 months | (4 commits) |
form-refactoring | djazayeri for jmanico - | 1 year | ~20 commits |
global-property-types | dthomas for konnikov | 2 months | ~50 commits |
hl7-nk1 | bmckown | 2 months | 1 commit |
indicator | mseaton | 6 months | 1 commit |
logic-cache | tmdugan for frosemond | 3 months | 15 commits |
logicathon | bwolfe | 1 year | ~50 commits |
reporting | jmiranda + pboucher | 2 years ago | 4 commits |
reporting-sprint | mseaton, jmiranda | 7 months ago | ~30 commits |
scheduler | jmiranda | 2 years ago | 5 commits |
serialization | bwolfe for luzhuangwei | 3 months | 50 commits, partially merged to trunk? |
structured-numeric | bwolfe (djazayeri?) for vdgreat | 1 year | 3 commits |
testathon | jmiranda for group | 4 months | ~40 commits |
visualization | sdamarju, hrodrigues | 2 years | 40 commits |
Minutes
Current state of modules
Module gets privileges of user who started it when started from admin page. When starting OpenMRS, modules get no privileges
On startup, OpenMRS loads each module (puts the module in memory), starts each module that is supposed to be running (calls the activator's onStartup method), then Spring is restarted
If module activator throws an exception, then the module is considered not started and the message shows on the module management page as an error
Proposed changes
Modules need to be called as system is starting (similar to current onStartup method)
Need a notification after all contexts are initiated (Spring has restarted) (#1712)
Need a context will restart and context restarting
Need a notification that module is being shutdown
Need a notification that a module has been shutdown
method names: willStart, started, willRefreshContext, contextRefreshed, willStop, stopped
Framework should make methods thread-safe
Notification methods should be invoked as super user
We add a daemon user that will be used to notify modules, could replace scheduler, and cannot authenticate to API
To Do
Need to e-mail devsec list about idea to add daemon user to all OpenMRS implementations with reserved UUID
Shouldn't this go out to a broader audience? I'd vote for dev instead of devsec -Paul
Would like to move away from assuming id == 1 for core data and use reserved UUIDs
Need a ticket for refactoring module notification methods
We talked about how to handle proxy privileges. Ideally, privileges could only be added (proxy'd) by someone who has those privileges.
Could do this with signed modules, where module author is proxying as super user
Could require admin to "grant" privileges to a module when loaded
Proxy privilege method in API would need:
to persist which privileges have been allowed for which modules and
to know which module had invoked the method to ensure the module has been granted those privileges
There is a Thread.currentThread().getStackTrace() that could be used to find out who called a method
Should user sessions timeout be default? (dev list thread)
We agree that API should have a default timeout for user authentication
This could be done by checking time since last hasPrivilege() call during each hasPrivilege() call. If too much time has passed, then invalidate user context otherwise reset the timeout at hasPrivilege() call
Admin interface should have a way to alter specific user timeouts, even increasing to infinity if necessary
Pruning branches
Keep | Active Lists | Upul | last touched 2 months ago | 5 commits |
Prune | cohort-definition-refactoring | mseaton | last touched 6 months | 8 commits |
Keep | data-synchronization-admin-ui | nzeyi | 2 months | 30 commits (should be merged into sync module) |
Keep | data_synchronization_bidirectional | maros | 3 weeks | many commits (being moved to sync module) |
Prune | dataset | jmiranda for grekier | 2 years | (no commits to branch after creation) |
Prune | dataset-definition-refactoring | jmiranda | 5 months | (4 commits) |
Prune | form-refactoring | djazayeri for jmanico - | 1 year | ~20 commits |
Keep (check w/ Dave) | global-property-types | dthomas for konnikov | 2 months | ~50 commits |
Keep | hl7-nk1 | bmckown | 2 months | 1 commit |
Prune | indicator | mseaton | 6 months | 1 commit |
Prune after checking w/ Tammy/Win | logic-cache | tmdugan for frosemond | 3 months | 15 commits |
On deck for Prune | logicathon | bwolfe | 1 year | ~50 commits |
Prune | reporting | jmiranda + pboucher | 2 years ago | 4 commits |
Prune | reporting-sprint | mseaton, jmiranda | 7 months ago | ~30 commits |
Prune | scheduler | jmiranda | 2 years ago | 5 commits |
Prune after checking with Ben | serialization | bwolfe for luzhuangwei | 3 months | 50 commits, partially merged to trunk? |
Keep | structured-numeric | bwolfe (djazayeri?) for vdgreat | 1 year | 3 commits |
Keep | testathon | jmiranda for group | 4 months | ~40 commits |
Prune after checking with Paul/Ben | visualization | sdamarju, hrodrigues | 2 years | 40 commits |
Branches To Dos
Win will check into logic-cache branch
Ben will f/u on serialization and visualization branches
Punted
Discretely define what determines that something becomes part of core OpenMRS.
Puntable Agenda Refactor the program and workflow to person from patient.
We will schedule weekly slots for code review and design time
Tentative is code review on Monday morning, design on Wednesday mornings
Will finalize times on dev list
We should send a note to dev list if we are going 2 or more weeks without scheduled code review and/or design time (with 2+ people for each). Ben will cover this for now, but it will eventually be part of the job for a QA person