Skip to content

Commit

Permalink
Fixes openemr#5178 FHIR Medication endpoint (openemr#5179)
Browse files Browse the repository at this point in the history 
Implements the Medication endpoint for FHIR.
  • Loading branch information
@adunsulag
adunsulag committed Apr 19, 2022
1 parent 9152297 commit d647343
Show file tree
Hide file tree
Showing 4 changed files with 213 additions and 70 deletions.
8 changes: 4 additions & 4 deletions API_README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ curl -X POST -k -H 'Content-Type: application/json' -i https://localhost:9300/oa
"client_name": "A Private App",
"token_endpoint_auth_method": "client_secret_post",
"contacts": ["[email protected]", "[email protected]"],
"scope": "openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/transaction.read user/transaction.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read"
"scope": "openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/transaction.read user/transaction.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read"
}'
```

Expand Down Expand Up @@ -233,7 +233,7 @@ You will need to pass the scopes you are requesting, the redirect_uri (must be o

Example GET (this must be done in a browser):
```
GET /oauth2/default/authorize?client_id=yi4mnmVadpnqnJiOigkcGshuG-Kayiq6kmLqCJsYrk4&response_type=code&scope=launch%2Fpatient%20openid%20fhirUser%20offline_access%20patient%2FAllergyIntolerance.read%20patient%2FCarePlan.read%20patient%2FCareTeam.read%20patient%2FCondition.read%20patient%2FDevice.read%20patient%2FDiagnosticReport.read%20patient%2FDocumentReference.read%20patient%2FEncounter.read%20patient%2FGoal.read%20patient%2FImmunization.read%20patient%2FLocation.read%20patient%2FMedicationRequest.read%20patient%2FObservation.read%20patient%2FOrganization.read%20patient%2FPatient.read%20patient%2FPractitioner.read%20patient%2FProcedure.read%20patient%2FProvenance.read&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcallback&state=9512151b-e5ca-cb4b-1ddc-aaf4cd8c6ecc
GET /oauth2/default/authorize?client_id=yi4mnmVadpnqnJiOigkcGshuG-Kayiq6kmLqCJsYrk4&response_type=code&scope=launch%2Fpatient%20openid%20fhirUser%20offline_access%20patient%2FAllergyIntolerance.read%20patient%2FCarePlan.read%20patient%2FCareTeam.read%20patient%2FCondition.read%20patient%2FDevice.read%20patient%2FDiagnosticReport.read%20patient%2FDocumentReference.read%20patient%2FEncounter.read%20patient%2FGoal.read%20patient%2FImmunization.read%20patient%2FLocation.read%20patient%2FMedication.read%20patient%2FMedicationRequest.read%20patient%2FObservation.read%20patient%2FOrganization.read%20patient%2FPatient.read%20patient%2FPractitioner.read%20patient%2FProcedure.read%20patient%2FProvenance.read&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcallback&state=9512151b-e5ca-cb4b-1ddc-aaf4cd8c6ecc
```

The client application must then make a request for an access token by hitting the /token endpoint. Note the redirect_uri MUST match what what was sent in /authorize endpoint.
Expand Down Expand Up @@ -284,7 +284,7 @@ curl -X POST -k -H 'Content-Type: application/x-www-form-urlencoded'
-i 'https://localhost:9300/oauth2/default/token'
--data 'grant_type=password
&client_id=LnjqojEEjFYe5j2Jp9m9UnmuxOnMg4VodEJj3yE8_OA
&scope=openid%20offline_access%20api%3Aoemr%20api%3Afhir%20user%2Fallergy.read%20user%2Fallergy.write%20user%2Fappointment.read%20user%2Fappointment.write%20user%2Fdental_issue.read%20user%2Fdental_issue.write%20user%2Fdocument.read%20user%2Fdocument.write%20user%2Fdrug.read%20user%2Fencounter.read%20user%2Fencounter.write%20user%2Ffacility.read%20user%2Ffacility.write%20user%2Fimmunization.read%20user%2Finsurance.read%20user%2Finsurance.write%20user%2Finsurance_company.read%20user%2Finsurance_company.write%20user%2Finsurance_type.read%20user%2Flist.read%20user%2Fmedical_problem.read%20user%2Fmedical_problem.write%20user%2Fmedication.read%20user%2Fmedication.write%20user%2Fmessage.write%20user%2Fpatient.read%20user%2Fpatient.write%20user%2Fpractitioner.read%20user%2Fpractitioner.write%20user%2Fprescription.read%20user%2Fprocedure.read%20user%2Fsoap_note.read%20user%2Fsoap_note.write%20user%2Fsurgery.read%20user%2Fsurgery.write%20user%2Ftransaction.read%20user%2Ftransaction.write%20user%2Fvital.read%20user%2Fvital.write%20user%2FAllergyIntolerance.read%20user%2FCareTeam.read%20user%2FCondition.read%20user%2FCoverage.read%20user%2FEncounter.read%20user%2FImmunization.read%20user%2FLocation.read%20user%2FMedicationRequest.read%20user%2FObservation.read%20user%2FOrganization.read%20user%2FOrganization.write%20user%2FPatient.read%20user%2FPatient.write%20user%2FPractitioner.read%20user%2FPractitioner.write%20user%2FPractitionerRole.read%20user%2FProcedure.read
&scope=openid%20offline_access%20api%3Aoemr%20api%3Afhir%20user%2Fallergy.read%20user%2Fallergy.write%20user%2Fappointment.read%20user%2Fappointment.write%20user%2Fdental_issue.read%20user%2Fdental_issue.write%20user%2Fdocument.read%20user%2Fdocument.write%20user%2Fdrug.read%20user%2Fencounter.read%20user%2Fencounter.write%20user%2Ffacility.read%20user%2Ffacility.write%20user%2Fimmunization.read%20user%2Finsurance.read%20user%2Finsurance.write%20user%2Finsurance_company.read%20user%2Finsurance_company.write%20user%2Finsurance_type.read%20user%2Flist.read%20user%2Fmedical_problem.read%20user%2Fmedical_problem.write%20user%2Fmedication.read%20user%2Fmedication.write%20user%2Fmessage.write%20user%2Fpatient.read%20user%2Fpatient.write%20user%2Fpractitioner.read%20user%2Fpractitioner.write%20user%2Fprescription.read%20user%2Fprocedure.read%20user%2Fsoap_note.read%20user%2Fsoap_note.write%20user%2Fsurgery.read%20user%2Fsurgery.write%20user%2Ftransaction.read%20user%2Ftransaction.write%20user%2Fvital.read%20user%2Fvital.write%20user%2FAllergyIntolerance.read%20user%2FCareTeam.read%20user%2FCondition.read%20user%2FCoverage.read%20user%2FEncounter.read%20user%2FImmunization.read%20user%2FLocation.read%20user%2FMedication%20user%2FMedicationRequest.read%20user%2FObservation.read%20user%2FOrganization.read%20user%2FOrganization.write%20user%2FPatient.read%20user%2FPatient.write%20user%2FPractitioner.read%20user%2FPractitioner.write%20user%2FPractitionerRole.read%20user%2FProcedure.read
&user_role=users
&username=admin
&password=pass'
Expand All @@ -296,7 +296,7 @@ curl -X POST -k -H 'Content-Type: application/x-www-form-urlencoded'
-i 'https://localhost:9300/oauth2/default/token'
--data 'grant_type=password
&client_id=LnjqojEEjFYe5j2Jp9m9UnmuxOnMg4VodEJj3yE8_OA
&scope=openid%20offline_access%20api%3Aport%20api%3Afhir%20patient%2Fencounter.read%20patient%2Fpatient.read%20patient%2FAllergyIntolerance.read%20patient%2FCareTeam.read%20patient%2FCondition.read%20patient%2FCoverage.read%20patient%2FEncounter.read%20patient%2FImmunization.read%20patient%2FMedicationRequest.read%20patient%2FObservation.read%20patient%2FPatient.read%20patient%2FProcedure.read
&scope=openid%20offline_access%20api%3Aport%20api%3Afhir%20patient%2Fencounter.read%20patient%2Fpatient.read%20patient%2FAllergyIntolerance.read%20patient%2FCareTeam.read%20patient%2FCondition.read%20patient%2FCoverage.read%20patient%2FEncounter.read%20patient%2FImmunization.read%20patient%2FMedication%20patient%2FMedicationRequest.read%20patient%2FObservation.read%20patient%2FPatient.read%20patient%2FProcedure.read
&user_role=patient
&username=Phil1
&password=phil
Expand Down
98 changes: 98 additions & 0 deletions _rest_routes.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
* "patient/Goal.read": "Read goal resources for the current patient (api:fhir)",
* "patient/Immunization.read": "Read immunization resources for the current patient (api:fhir)",
* "patient/Location.read": "Read location resources for the current patient (api:fhir)",
* "patient/Medication.read": "Read medication resources for the current patient (api:fhir)",
* "patient/MedicationRequest.read": "Read medication request resources for the current patient (api:fhir)",
* "patient/Observation.read": "Read observation resources for the current patient (api:fhir)",
* "patient/Organization.read": "Read organization resources for the current patient (api:fhir)",
Expand Down Expand Up @@ -87,6 +88,7 @@
* "user/Goal.read": "Read all goal resources the user has access to (api:fhir)",
* "user/Immunization.read": "Read all immunization resources the user has access to (api:fhir)",
* "user/Location.read": "Read all location resources the user has access to (api:fhir)",
* "user/Medication.read": "Read all medication resources the user has access to (api:fhir)",
* "user/MedicationRequest.read": "Read all medication request resources the user has access to (api:fhir)",
* "user/Observation.read": "Read all observation resources the user has access to (api:fhir)",
* "user/Organization.read": "Read all organization resources the user has access to (api:fhir)",
Expand Down Expand Up @@ -9393,6 +9395,102 @@
return $return;
},

/**
* @OA\Get(
* path="/fhir/Medication",
* description="Returns a list of Medication resources.",
* tags={"fhir"},
* @OA\Response(
* response="200",
* description="Standard Response",
* @OA\MediaType(
* mediaType="application/json",
* @OA\Schema(
* @OA\Property(
* property="json object",
* description="FHIR Json object.",
* type="object"
* ),
* example={
* "meta": {
* "lastUpdated": "2021-09-14T09:13:51"
* },
* "resourceType": "Bundle",
* "type": "collection",
* "total": 0,
* "link": {
* {
* "relation": "self",
* "url": "https://localhost:9300/apis/default/fhir/Medication"
* }
* }
* }
* )
* )
* ),
* @OA\Response(
* response="400",
* ref="#/components/responses/badrequest"
* ),
* @OA\Response(
* response="401",
* ref="#/components/responses/unauthorized"
* ),
* security={{"openemr_auth":{}}}
* )
*/
"GET /fhir/Medication" => function (HttpRestRequest $request) {
RestConfig::authorization_check("patients", "med");
$return = (new FhirMedicationRestController())->getAll($request->getQueryParams());
RestConfig::apiLog($return);
return $return;
},

/**
* @OA\Get(
* path="/fhir/Medication/{uuid}",
* description="Returns a single Medication resource.",
* tags={"fhir"},
* @OA\Parameter(
* name="uuid",
* in="path",
* description="The uuid for the Medication resource.",
* required=true,
* @OA\Schema(
* type="string"
* )
* ),
* @OA\Response(
* response="200",
* ref="#/components/responses/standard"
* ),
* @OA\Response(
* response="400",
* ref="#/components/responses/badrequest"
* ),
* @OA\Response(
* response="401",
* ref="#/components/responses/unauthorized"
* ),
* @OA\Response(
* response="404",
* ref="#/components/responses/uuidnotfound"
* ),
* security={{"openemr_auth":{}}}
* )
*/
"GET /fhir/Medication/:uuid" => function ($uuid, HttpRestRequest $request) {
if ($request->isPatientRequest()) {
// only allow access to data of binded patient
$return = (new FhirMedicationRestController())->getOne($uuid, $request->getPatientUUIDString());
} else {
RestConfig::authorization_check("patients", "med");
$return = (new FhirMedicationRestController())->getOne($uuid);
}
RestConfig::apiLog($return);
return $return;
},

/**
* @OA\Get(
* path="/fhir/MedicationRequest",
Expand Down
Loading

0 comments on commit d647343

Please sign in to comment.