search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update FUNDING.yml
[openemr.git] / _rest_routes.inc.php
blob9e8b6910a5d9485e89ae642a9baa896e4baf7791
1 <?php
2
3 /**
4 * Routes
5 * (All REST routes)
6 *
7 * @package OpenEMR
8 * @link http://www.open-emr.org
9 * @author Matthew Vita <matthewvita48@gmail.com>
10 * @author Jerry Padgett <sjpadgett@gmail.com>
11 * @author Brady Miller <brady.g.miller@gmail.com>
12 * @author Yash Raj Bothra <yashrajbothra786@gmail.com>
13 * @copyright Copyright (c) 2018 Matthew Vita <matthewvita48@gmail.com>
14 * @copyright Copyright (c) 2018-2020 Jerry Padgett <sjpadgett@gmail.com>
15 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
16 * @copyright Copyright (c) 2020 Yash Raj Bothra <yashrajbothra786@gmail.com>
17 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
18 */
19
20 // Lets keep our controller classes with the routes.
21 //
22 use OpenEMR\Common\Acl\AccessDeniedException;
23 use OpenEMR\Common\Http\HttpRestRequest;
24 use OpenEMR\RestControllers\AllergyIntoleranceRestController;
25 use OpenEMR\RestControllers\FacilityRestController;
26 use OpenEMR\RestControllers\VersionRestController;
27 use OpenEMR\RestControllers\ProductRegistrationRestController;
28 use OpenEMR\RestControllers\PatientRestController;
29 use OpenEMR\RestControllers\EncounterRestController;
30 use OpenEMR\RestControllers\PractitionerRestController;
31 use OpenEMR\RestControllers\ListRestController;
32 use OpenEMR\RestControllers\InsuranceCompanyRestController;
33 use OpenEMR\RestControllers\AppointmentRestController;
34 use OpenEMR\RestControllers\ConditionRestController;
35 use OpenEMR\RestControllers\ONoteRestController;
36 use OpenEMR\RestControllers\DocumentRestController;
37 use OpenEMR\RestControllers\DrugRestController;
38 use OpenEMR\RestControllers\ImmunizationRestController;
39 use OpenEMR\RestControllers\InsuranceRestController;
40 use OpenEMR\RestControllers\MessageRestController;
41 use OpenEMR\RestControllers\PrescriptionRestController;
42 use OpenEMR\RestControllers\ProcedureRestController;
43
44 // Note some Http clients may not send auth as json so a function
45 // is implemented to determine and parse encoding on auth route's.
46
47 // Note that the api route is only for users role
48 // (there is a mechanism in place to ensure only user role can access the api route)
49 RestConfig::$ROUTE_MAP = array(
50 "GET /api/facility" => function () {
51 RestConfig::authorization_check("admin", "users");
52 $return = (new FacilityRestController())->getAll($_GET);
53 RestConfig::apiLog($return);
54 return $return;
55 },
56 "GET /api/facility/:fuuid" => function ($fuuid) {
57 RestConfig::authorization_check("admin", "users");
58 $return = (new FacilityRestController())->getOne($fuuid);
59 RestConfig::apiLog($return);
60 return $return;
61 },
62 "POST /api/facility" => function () {
63 RestConfig::authorization_check("admin", "super");
64 $data = (array) (json_decode(file_get_contents("php://input")));
65 $return = (new FacilityRestController())->post($data);
66 RestConfig::apiLog($return, $data);
67 return $return;
68 },
69 "PUT /api/facility/:fuuid" => function ($fuuid) {
70 RestConfig::authorization_check("admin", "super");
71 $data = (array) (json_decode(file_get_contents("php://input")));
72 $return = (new FacilityRestController())->patch($fuuid, $data);
73 RestConfig::apiLog($return, $data);
74 return $return;
75 },
76 "GET /api/patient" => function () {
77 RestConfig::authorization_check("patients", "demo");
78 $return = (new PatientRestController())->getAll($_GET);
79 RestConfig::apiLog($return);
80 return $return;
81 },
82 "POST /api/patient" => function () {
83 RestConfig::authorization_check("patients", "demo");
84 $data = (array) (json_decode(file_get_contents("php://input")));
85 $return = (new PatientRestController())->post($data);
86 RestConfig::apiLog($return, $data);
87 return $return;
88 },
89 "PUT /api/patient/:puuid" => function ($puuid) {
90 RestConfig::authorization_check("patients", "demo");
91 $data = (array) (json_decode(file_get_contents("php://input")));
92 $return = (new PatientRestController())->put($puuid, $data);
93 RestConfig::apiLog($return, $data);
94 return $return;
95 },
96 "GET /api/patient/:puuid" => function ($puuid) {
97 RestConfig::authorization_check("patients", "demo");
98 $return = (new PatientRestController())->getOne($puuid);
99 RestConfig::apiLog($return);
100 return $return;
101 },
102 "GET /api/patient/:puuid/encounter" => function ($puuid) {
103 RestConfig::authorization_check("encounters", "auth_a");
104 $return = (new EncounterRestController())->getAll($puuid);
105 RestConfig::apiLog($return);
106 return $return;
107 },
108 "POST /api/patient/:puuid/encounter" => function ($puuid) {
109 RestConfig::authorization_check("encounters", "auth_a");
110 $data = (array) (json_decode(file_get_contents("php://input")));
111 $return = (new EncounterRestController())->post($puuid, $data);
112 RestConfig::apiLog($return, $data);
113 return $return;
114 },
115 "PUT /api/patient/:puuid/encounter/:euuid" => function ($puuid, $euuid) {
116 RestConfig::authorization_check("encounters", "auth_a");
117 $data = (array) (json_decode(file_get_contents("php://input")));
118 $return = (new EncounterRestController())->put($puuid, $euuid, $data);
119 RestConfig::apiLog($return, $data);
120 return $return;
121 },
122 "GET /api/patient/:puuid/encounter/:euuid" => function ($puuid, $euuid) {
123 RestConfig::authorization_check("encounters", "auth_a");
124 $return = (new EncounterRestController())->getOne($puuid, $euuid);
125 RestConfig::apiLog($return);
126 return $return;
127 },
128 "GET /api/patient/:pid/encounter/:eid/soap_note" => function ($pid, $eid) {
129 RestConfig::authorization_check("encounters", "notes");
130 $return = (new EncounterRestController())->getSoapNotes($pid, $eid);
131 RestConfig::apiLog($return);
132 return $return;
133 },
134 "POST /api/patient/:pid/encounter/:eid/vital" => function ($pid, $eid) {
135 RestConfig::authorization_check("encounters", "notes");
136 $data = (array) (json_decode(file_get_contents("php://input")));
137 $return = (new EncounterRestController())->postVital($pid, $eid, $data);
138 RestConfig::apiLog($return, $data);
139 return $return;
140 },
141 "PUT /api/patient/:pid/encounter/:eid/vital/:vid" => function ($pid, $eid, $vid) {
142 RestConfig::authorization_check("encounters", "notes");
143 $data = (array) (json_decode(file_get_contents("php://input")));
144 $return = (new EncounterRestController())->putVital($pid, $eid, $vid, $data);
145 RestConfig::apiLog($return, $data);
146 return $return;
147 },
148 "GET /api/patient/:pid/encounter/:eid/vital" => function ($pid, $eid) {
149 RestConfig::authorization_check("encounters", "notes");
150 $return = (new EncounterRestController())->getVitals($pid, $eid);
151 RestConfig::apiLog($return);
152 return $return;
153 },
154 "GET /api/patient/:pid/encounter/:eid/vital/:vid" => function ($pid, $eid, $vid) {
155 RestConfig::authorization_check("encounters", "notes");
156 $return = (new EncounterRestController())->getVital($pid, $eid, $vid);
157 RestConfig::apiLog($return);
158 return $return;
159 },
160 "GET /api/patient/:pid/encounter/:eid/soap_note/:sid" => function ($pid, $eid, $sid) {
161 RestConfig::authorization_check("encounters", "notes");
162 $return = (new EncounterRestController())->getSoapNote($pid, $eid, $sid);
163 RestConfig::apiLog($return);
164 return $return;
165 },
166 "POST /api/patient/:pid/encounter/:eid/soap_note" => function ($pid, $eid) {
167 RestConfig::authorization_check("encounters", "notes");
168 $data = (array) (json_decode(file_get_contents("php://input")));
169 $return = (new EncounterRestController())->postSoapNote($pid, $eid, $data);
170 RestConfig::apiLog($return, $data);
171 return $return;
172 },
173 "PUT /api/patient/:pid/encounter/:eid/soap_note/:sid" => function ($pid, $eid, $sid) {
174 RestConfig::authorization_check("encounters", "notes");
175 $data = (array) (json_decode(file_get_contents("php://input")));
176 $return = (new EncounterRestController())->putSoapNote($pid, $eid, $sid, $data);
177 RestConfig::apiLog($return, $data);
178 return $return;
179 },
180 "GET /api/practitioner" => function () {
181 RestConfig::authorization_check("admin", "users");
182 $return = (new PractitionerRestController())->getAll($_GET);
183 RestConfig::apiLog($return);
184 return $return;
185 },
186 "GET /api/practitioner/:prid" => function ($prid) {
187 RestConfig::authorization_check("admin", "users");
188 $return = (new PractitionerRestController())->getOne($prid);
189 RestConfig::apiLog($return);
190 return $return;
191 },
192 "POST /api/practitioner" => function () {
193 RestConfig::authorization_check("admin", "users");
194 $data = (array) (json_decode(file_get_contents("php://input")));
195 $return = (new PractitionerRestController())->post($data);
196 RestConfig::apiLog($return, $data);
197 return $return;
198 },
199 "PUT /api/practitioner/:prid" => function ($prid) {
200 RestConfig::authorization_check("admin", "users");
201 $data = (array) (json_decode(file_get_contents("php://input")));
202 $return = (new PractitionerRestController())->patch($prid, $data);
203 RestConfig::apiLog($return, $data);
204 return $return;
205 },
206 "GET /api/medical_problem" => function () {
207 RestConfig::authorization_check("encounters", "notes");
208 $return = (new ConditionRestController())->getAll();
209 RestConfig::apiLog($return);
210 return $return;
211 },
212 "GET /api/medical_problem/:muuid" => function ($muuid) {
213 RestConfig::authorization_check("encounters", "notes");
214 $return = (new ConditionRestController())->getOne($muuid);
215 RestConfig::apiLog($return);
216 return $return;
217 },
218 "GET /api/patient/:puuid/medical_problem" => function ($puuid) {
219 RestConfig::authorization_check("encounters", "notes");
220 $return = (new ConditionRestController())->getAll($puuid, "medical_problem");
221 RestConfig::apiLog($return);
222 return $return;
223 },
224 "GET /api/patient/:puuid/medical_problem/:muuid" => function ($puuid, $muuid) {
225 RestConfig::authorization_check("patients", "med");
226 $return = (new ConditionRestController())->getAll(['puuid' => $puuid, 'condition_uuid' => $muuid]);
227 RestConfig::apiLog($return);
228 return $return;
229 },
230 "POST /api/patient/:puuid/medical_problem" => function ($puuid) {
231 RestConfig::authorization_check("patients", "med");
232 $data = (array) (json_decode(file_get_contents("php://input")));
233 $return = (new ConditionRestController())->post($puuid, $data);
234 RestConfig::apiLog($return, $data);
235 return $return;
236 },
237 "PUT /api/patient/:puuid/medical_problem/:muuid" => function ($puuid, $muuid) {
238 RestConfig::authorization_check("patients", "med");
239 $data = (array) (json_decode(file_get_contents("php://input")));
240 $return = (new ConditionRestController())->put($puuid, $muuid, $data);
241 RestConfig::apiLog($return, $data);
242 return $return;
243 },
244 "DELETE /api/patient/:puuid/medical_problem/:muuid" => function ($puuid, $muuid) {
245 RestConfig::authorization_check("patients", "med");
246 $return = (new ConditionRestController())->delete($puuid, $muuid);
247 RestConfig::apiLog($return);
248 return $return;
249 },
250 "GET /api/allergy" => function () {
251 RestConfig::authorization_check("patients", "med");
252 $return = (new AllergyIntoleranceRestController())->getAll();
253 RestConfig::apiLog($return);
254 return $return;
255 },
256 "GET /api/allergy/:auuid" => function ($auuid) {
257 RestConfig::authorization_check("patients", "med");
258 $return = (new AllergyIntoleranceRestController())->getOne($auuid);
259 RestConfig::apiLog($return);
260 return $return;
261 },
262 "GET /api/patient/:puuid/allergy" => function ($puuid) {
263 RestConfig::authorization_check("patients", "med");
264 $return = (new AllergyIntoleranceRestController())->getAll(['lists.pid' => $puuid]);
265 RestConfig::apiLog($return);
266 return $return;
267 },
268 "GET /api/patient/:puuid/allergy/:auuid" => function ($puuid, $auuid) {
269 RestConfig::authorization_check("patients", "med");
270 $return = (new AllergyIntoleranceRestController())->getAll(['lists.pid' => $puuid, 'lists.id' => $auuid]);
271 RestConfig::apiLog($return);
272 return $return;
273 },
274 "POST /api/patient/:puuid/allergy" => function ($puuid) {
275 RestConfig::authorization_check("patients", "med");
276 $data = (array) (json_decode(file_get_contents("php://input")));
277 $return = (new AllergyIntoleranceRestController())->post($puuid, $data);
278 RestConfig::apiLog($return, $data);
279 return $return;
280 },
281 "PUT /api/patient/:puuid/allergy/:auuid" => function ($puuid, $auuid) {
282 RestConfig::authorization_check("patients", "med");
283 $data = (array) (json_decode(file_get_contents("php://input")));
284 $return = (new AllergyIntoleranceRestController())->put($puuid, $auuid, $data);
285 RestConfig::apiLog($return, $data);
286 return $return;
287 },
288 "DELETE /api/patient/:puuid/allergy/:auuid" => function ($puuid, $auuid) {
289 RestConfig::authorization_check("patients", "med");
290 $return = (new AllergyIntoleranceRestController())->delete($puuid, $auuid);
291 RestConfig::apiLog($return);
292 return $return;
293 },
294 "GET /api/patient/:pid/medication" => function ($pid) {
295 RestConfig::authorization_check("patients", "med");
296 $return = (new ListRestController())->getAll($pid, "medication");
297 RestConfig::apiLog($return);
298 return $return;
299 },
300 "POST /api/patient/:pid/medication" => function ($pid) {
301 RestConfig::authorization_check("patients", "med");
302 $data = (array) (json_decode(file_get_contents("php://input")));
303 $return = (new ListRestController())->post($pid, "medication", $data);
304 RestConfig::apiLog($return, $data);
305 return $return;
306 },
307 "PUT /api/patient/:pid/medication/:mid" => function ($pid, $mid) {
308 RestConfig::authorization_check("patients", "med");
309 $data = (array) (json_decode(file_get_contents("php://input")));
310 $return = (new ListRestController())->put($pid, $mid, "medication", $data);
311 RestConfig::apiLog($return, $data);
312 return $return;
313 },
314 "GET /api/patient/:pid/medication/:mid" => function ($pid, $mid) {
315 RestConfig::authorization_check("patients", "med");
316 $return = (new ListRestController())->getOne($pid, "medication", $mid);
317 RestConfig::apiLog($return);
318 return $return;
319 },
320 "DELETE /api/patient/:pid/medication/:mid" => function ($pid, $mid) {
321 RestConfig::authorization_check("patients", "med");
322 $return = (new ListRestController())->delete($pid, $mid, "medication");
323 RestConfig::apiLog($return);
324 return $return;
325 },
326 "GET /api/patient/:pid/surgery" => function ($pid) {
327 RestConfig::authorization_check("patients", "med");
328 $return = (new ListRestController())->getAll($pid, "surgery");
329 RestConfig::apiLog($return);
330 return $return;
331 },
332 "GET /api/patient/:pid/surgery/:sid" => function ($pid, $sid) {
333 RestConfig::authorization_check("patients", "med");
334 $return = (new ListRestController())->getOne($pid, "surgery", $sid);
335 RestConfig::apiLog($return);
336 return $return;
337 },
338 "DELETE /api/patient/:pid/surgery/:sid" => function ($pid, $sid) {
339 RestConfig::authorization_check("patients", "med");
340 $return = (new ListRestController())->delete($pid, $sid, "surgery");
341 RestConfig::apiLog($return);
342 return $return;
343 },
344 "POST /api/patient/:pid/surgery" => function ($pid) {
345 RestConfig::authorization_check("patients", "med");
346 $data = (array) (json_decode(file_get_contents("php://input")));
347 $return = (new ListRestController())->post($pid, "surgery", $data);
348 RestConfig::apiLog($return, $data);
349 return $return;
350 },
351 "PUT /api/patient/:pid/surgery/:sid" => function ($pid, $sid) {
352 RestConfig::authorization_check("patients", "med");
353 $data = (array) (json_decode(file_get_contents("php://input")));
354 $return = (new ListRestController())->put($pid, $sid, "surgery", $data);
355 RestConfig::apiLog($return, $data);
356 return $return;
357 },
358 "GET /api/patient/:pid/dental_issue" => function ($pid) {
359 RestConfig::authorization_check("patients", "med");
360 $return = (new ListRestController())->getAll($pid, "dental");
361 RestConfig::apiLog($return);
362 return $return;
363 },
364 "GET /api/patient/:pid/dental_issue/:did" => function ($pid, $did) {
365 RestConfig::authorization_check("patients", "med");
366 $return = (new ListRestController())->getOne($pid, "dental", $did);
367 RestConfig::apiLog($return);
368 return $return;
369 },
370 "DELETE /api/patient/:pid/dental_issue/:did" => function ($pid, $did) {
371 RestConfig::authorization_check("patients", "med");
372 $return = (new ListRestController())->delete($pid, $did, "dental");
373 RestConfig::apiLog($return);
374 return $return;
375 },
376 "POST /api/patient/:pid/dental_issue" => function ($pid) {
377 RestConfig::authorization_check("patients", "med");
378 $data = (array) (json_decode(file_get_contents("php://input")));
379 $return = (new ListRestController())->post($pid, "dental", $data);
380 RestConfig::apiLog($return, $data);
381 return $return;
382 },
383 "PUT /api/patient/:pid/dental_issue/:did" => function ($pid, $did) {
384 RestConfig::authorization_check("patients", "med");
385 $data = (array) (json_decode(file_get_contents("php://input")));
386 $return = (new ListRestController())->put($pid, $did, "dental", $data);
387 RestConfig::apiLog($return, $data);
388 return $return;
389 },
390 "GET /api/patient/:pid/appointment" => function ($pid) {
391 RestConfig::authorization_check("patients", "appt");
392 $return = (new AppointmentRestController())->getAllForPatient($pid);
393 RestConfig::apiLog($return);
394 return $return;
395 },
396 "POST /api/patient/:pid/appointment" => function ($pid) {
397 RestConfig::authorization_check("patients", "appt");
398 $data = (array) (json_decode(file_get_contents("php://input")));
399 $return = (new AppointmentRestController())->post($pid, $data);
400 RestConfig::apiLog($return, $data);
401 return $return;
402 },
403 "GET /api/appointment" => function () {
404 RestConfig::authorization_check("patients", "appt");
405 $return = (new AppointmentRestController())->getAll();
406 RestConfig::apiLog($return);
407 return $return;
408 },
409 "GET /api/appointment/:eid" => function ($eid) {
410 RestConfig::authorization_check("patients", "appt");
411 $return = (new AppointmentRestController())->getOne($eid);
412 RestConfig::apiLog($return);
413 return $return;
414 },
415 "DELETE /api/patient/:pid/appointment/:eid" => function ($pid, $eid) {
416 RestConfig::authorization_check("patients", "appt");
417 $return = (new AppointmentRestController())->delete($eid);
418 RestConfig::apiLog($return);
419 return $return;
420 },
421 "GET /api/patient/:pid/appointment/:eid" => function ($pid, $eid) {
422 RestConfig::authorization_check("patients", "appt");
423 $return = (new AppointmentRestController())->getOne($eid);
424 RestConfig::apiLog($return);
425 return $return;
426 },
427 "GET /api/list/:list_name" => function ($list_name) {
428 RestConfig::authorization_check("lists", "default");
429 $return = (new ListRestController())->getOptions($list_name);
430 RestConfig::apiLog($return);
431 return $return;
432 },
433 "GET /api/version" => function () {
434 $return = (new VersionRestController())->getOne();
435 RestConfig::apiLog($return);
436 return $return;
437 },
438 "GET /api/product" => function () {
439 $return = (new ProductRegistrationRestController())->getOne();
440 RestConfig::apiLog($return);
441 return $return;
442 },
443 "GET /api/insurance_company" => function () {
444 $return = (new InsuranceCompanyRestController())->getAll();
445 RestConfig::apiLog($return);
446 return $return;
447 },
448 "GET /api/insurance_company/:iid" => function ($iid) {
449 $return = (new InsuranceCompanyRestController())->getOne($iid);
450 RestConfig::apiLog($return);
451 return $return;
452 },
453 "GET /api/insurance_type" => function () {
454 $return = (new InsuranceCompanyRestController())->getInsuranceTypes();
455 RestConfig::apiLog($return);
456 return $return;
457 },
458 "POST /api/insurance_company" => function () {
459 $data = (array) (json_decode(file_get_contents("php://input")));
460 $return = (new InsuranceCompanyRestController())->post($data);
461 RestConfig::apiLog($return, $data);
462 return $return;
463 },
464 "PUT /api/insurance_company/:iid" => function ($iid) {
465 $data = (array) (json_decode(file_get_contents("php://input")));
466 $return = (new InsuranceCompanyRestController())->put($iid, $data);
467 RestConfig::apiLog($return, $data);
468 return $return;
469 },
470 "POST /api/patient/:pid/document" => function ($pid) {
471 $return = (new DocumentRestController())->postWithPath($pid, $_GET['path'], $_FILES['document']);
472 RestConfig::apiLog($return);
473 return $return;
474 },
475 "GET /api/patient/:pid/document" => function ($pid) {
476 $return = (new DocumentRestController())->getAllAtPath($pid, $_GET['path']);
477 RestConfig::apiLog($return);
478 return $return;
479 },
480 "GET /api/patient/:pid/document/:did" => function ($pid, $did) {
481 $return = (new DocumentRestController())->downloadFile($pid, $did);
482 RestConfig::apiLog($return);
483 return $return;
484 },
485 "GET /api/patient/:pid/insurance" => function ($pid) {
486 $return = (new InsuranceRestController())->getAll($pid);
487 RestConfig::apiLog($return);
488 return $return;
489 },
490 "GET /api/patient/:pid/insurance/:type" => function ($pid, $type) {
491 $return = (new InsuranceRestController())->getOne($pid, $type);
492 RestConfig::apiLog($return);
493 return $return;
494 },
495 "POST /api/patient/:pid/insurance/:type" => function ($pid, $type) {
496 $data = (array) (json_decode(file_get_contents("php://input")));
497 $return = (new InsuranceRestController())->post($pid, $type, $data);
498 RestConfig::apiLog($return, $data);
499 return $return;
500 },
501 "PUT /api/patient/:pid/insurance/:type" => function ($pid, $type) {
502 $data = (array) (json_decode(file_get_contents("php://input")));
503 $return = (new InsuranceRestController())->put($pid, $type, $data);
504 RestConfig::apiLog($return, $data);
505 return $return;
506 },
507 "POST /api/patient/:pid/message" => function ($pid) {
508 RestConfig::authorization_check("patients", "notes");
509 $data = (array) (json_decode(file_get_contents("php://input")));
510 $return = (new MessageRestController())->post($pid, $data);
511 RestConfig::apiLog($return, $data);
512 return $return;
513 },
514 "PUT /api/patient/:pid/message/:mid" => function ($pid, $mid) {
515 RestConfig::authorization_check("patients", "notes");
516 $data = (array) (json_decode(file_get_contents("php://input")));
517 $return = (new MessageRestController())->put($pid, $mid, $data);
518 RestConfig::apiLog($return, $data);
519 return $return;
520 },
521 "DELETE /api/patient/:pid/message/:mid" => function ($pid, $mid) {
522 RestConfig::authorization_check("patients", "notes");
523 $return = (new MessageRestController())->delete($pid, $mid);
524 RestConfig::apiLog($return);
525 return $return;
526 },
527 "GET /api/immunization" => function () {
528 RestConfig::authorization_check("patients", "med");
529 $return = (new ImmunizationRestController())->getAll($_GET);
530 RestConfig::apiLog($return);
531 return $return;
532 },
533 "GET /api/immunization/:uuid" => function ($uuid) {
534 RestConfig::authorization_check("patients", "med");
535 $return = (new ImmunizationRestController())->getOne($uuid);
536 RestConfig::apiLog($return);
537 return $return;
538 },
539 "GET /api/procedure" => function () {
540 RestConfig::authorization_check("patients", "med");
541 $return = (new ProcedureRestController())->getAll();
542 RestConfig::apiLog($return);
543 return $return;
544 },
545 "GET /api/procedure/:uuid" => function ($uuid) {
546 RestConfig::authorization_check("patients", "med");
547 $return = (new ProcedureRestController())->getOne($uuid);
548 RestConfig::apiLog($return);
549 return $return;
550 },
551 "GET /api/drug" => function () {
552 RestConfig::authorization_check("patients", "med");
553 $return = (new DrugRestController())->getAll();
554 RestConfig::apiLog($return);
555 return $return;
556 },
557 "GET /api/drug/:uuid" => function ($uuid) {
558 RestConfig::authorization_check("patients", "med");
559 $return = (new DrugRestController())->getOne($uuid);
560 RestConfig::apiLog($return);
561 return $return;
562 },
563 "GET /api/prescription" => function () {
564 RestConfig::authorization_check("patients", "med");
565 $return = (new PrescriptionRestController())->getAll();
566 RestConfig::apiLog($return);
567 return $return;
568 },
569 "GET /api/prescription/:uuid" => function ($uuid) {
570 RestConfig::authorization_check("patients", "med");
571 $return = (new PrescriptionRestController())->getOne($uuid);
572 RestConfig::apiLog($return);
573 return $return;
574 }
575 );
576
577 use OpenEMR\Common\Http\StatusCode;
578 use OpenEMR\Common\Http\Psr17Factory;
579 use OpenEMR\RestControllers\FHIR\FhirAllergyIntoleranceRestController;
580 use OpenEMR\RestControllers\FHIR\FhirCarePlanRestController;
581 use OpenEMR\RestControllers\FHIR\FhirCareTeamRestController;
582 use OpenEMR\RestControllers\FHIR\FhirConditionRestController;
583 use OpenEMR\RestControllers\FHIR\FhirCoverageRestController;
584 use OpenEMR\RestControllers\FHIR\FhirDeviceRestController;
585 use OpenEMR\RestControllers\FHIR\FhirDiagnosticReportRestController;
586 use OpenEMR\RestControllers\FHIR\FhirDocumentReferenceRestController;
587 use OpenEMR\RestControllers\FHIR\FhirEncounterRestController;
588 use OpenEMR\RestControllers\FHIR\FhirExportRestController;
589 use OpenEMR\RestControllers\FHIR\FhirObservationRestController;
590 use OpenEMR\RestControllers\FHIR\FhirImmunizationRestController;
591 use OpenEMR\RestControllers\FHIR\FhirGoalRestController;
592 use OpenEMR\RestControllers\FHIR\FhirLocationRestController;
593 use OpenEMR\RestControllers\FHIR\FhirMedicationRestController;
594 use OpenEMR\RestControllers\FHIR\FhirMedicationRequestRestController;
595 use OpenEMR\RestControllers\FHIR\FhirOrganizationRestController;
596 use OpenEMR\RestControllers\FHIR\FhirPatientRestController;
597 use OpenEMR\RestControllers\FHIR\FhirPersonRestController;
598 use OpenEMR\RestControllers\FHIR\FhirPractitionerRoleRestController;
599 use OpenEMR\RestControllers\FHIR\FhirPractitionerRestController;
600 use OpenEMR\RestControllers\FHIR\FhirProcedureRestController;
601 use OpenEMR\RestControllers\FHIR\FhirProvenanceRestController;
602 use OpenEMR\RestControllers\FHIR\FhirMetaDataRestController;
603
604 // Note that the fhir route includes both user role and patient role
605 // (there is a mechanism in place to ensure patient role is binded
606 // to only see the data of the one patient)
607 RestConfig::$FHIR_ROUTE_MAP = array(
608 "GET /fhir/AllergyIntolerance" => function (HttpRestRequest $request) {
609 $getParams = $request->getQueryParams();
610 if ($request->isPatientRequest()) {
611 // only allow access to data of binded patient
612 $return = (new FhirAllergyIntoleranceRestController($request))->getAll($getParams, $request->getPatientUUIDString());
613 } else {
614 RestConfig::authorization_check("patients", "med");
615 $return = (new FhirAllergyIntoleranceRestController($request))->getAll($getParams);
616 }
617 RestConfig::apiLog($return);
618 return $return;
619 },
620 "GET /fhir/AllergyIntolerance/:id" => function ($id, HttpRestRequest $request) {
621 if ($request->isPatientRequest()) {
622 // only allow access to data of binded patient
623 $return = (new FhirAllergyIntoleranceRestController($request))->getOne($id, $request->getPatientUUIDString());
624 } else {
625 RestConfig::authorization_check("patients", "med");
626 $return = (new FhirAllergyIntoleranceRestController($request))->getOne($id);
627 }
628 RestConfig::apiLog($return);
629 return $return;
630 },"GET /fhir/CarePlan" => function (HttpRestRequest $request) {
631 $getParams = $request->getQueryParams();
632 if ($request->isPatientRequest()) {
633 // only allow access to data of binded patient
634 $return = (new FhirCarePlanRestController())->getAll($getParams, $request->getPatientUUIDString());
635 } else {
636 RestConfig::authorization_check("patients", "med");
637 $return = (new FhirCareTeamRestController())->getAll($getParams);
638 }
639 RestConfig::apiLog($return);
640 return $return;
641 },
642 "GET /fhir/CarePlan/:uuid" => function ($uuid, HttpRestRequest $request) {
643 if ($request->isPatientRequest()) {
644 // only allow access to data of binded patient
645 $return = (new FhirCarePlanRestController())->getOne($uuid, $request->getPatientUUIDString());
646 } else {
647 RestConfig::authorization_check("patients", "med");
648 $return = (new FhirCarePlanRestController())->getOne($uuid);
649 }
650 RestConfig::apiLog($return);
651 return $return;
652 },
653 "GET /fhir/CareTeam" => function (HttpRestRequest $request) {
654 $getParams = $request->getQueryParams();
655 if ($request->isPatientRequest()) {
656 // only allow access to data of binded patient
657 $return = (new FhirCareTeamRestController())->getAll($getParams, $request->getPatientUUIDString());
658 } else {
659 RestConfig::authorization_check("patients", "med");
660 $return = (new FhirCareTeamRestController())->getAll($getParams);
661 }
662 RestConfig::apiLog($return);
663 return $return;
664 },
665 "GET /fhir/CareTeam/:uuid" => function ($uuid, HttpRestRequest $request) {
666 if ($request->isPatientRequest()) {
667 // only allow access to data of binded patient
668 $return = (new FhirCareTeamRestController())->getOne($uuid, $request->getPatientUUIDString());
669 } else {
670 RestConfig::authorization_check("patients", "med");
671 $return = (new FhirCareTeamRestController())->getOne($uuid);
672 }
673 RestConfig::apiLog($return);
674 return $return;
675 },
676 "GET /fhir/Condition" => function (HttpRestRequest $request) {
677 $getParams = $request->getQueryParams();
678 if ($request->isPatientRequest()) {
679 // only allow access to data of binded patient
680 $return = (new FhirConditionRestController())->getAll($getParams, $request->getPatientUUIDString());
681 } else {
682 RestConfig::authorization_check("patients", "med");
683 $return = (new FhirConditionRestController())->getAll($getParams);
684 }
685 RestConfig::apiLog($return);
686 return $return;
687 },
688 "GET /fhir/Condition/:id" => function ($uuid, HttpRestRequest $request) {
689 if ($request->isPatientRequest()) {
690 // only allow access to data of binded patient
691 $return = (new FhirConditionRestController())->getOne($uuid, $request->getPatientUUIDString());
692 } else {
693 RestConfig::authorization_check("patients", "med");
694 $return = (new FhirConditionRestController())->getOne($uuid);
695 }
696 RestConfig::apiLog($return);
697 return $return;
698 },
699 "GET /fhir/Coverage" => function (HttpRestRequest $request) {
700 RestConfig::authorization_check("admin", "super");
701 $return = (new FhirCoverageRestController())->getAll($request->getQueryParams());
702 RestConfig::apiLog($return);
703 return $return;
704 },
705 "GET /fhir/Coverage/:uuid" => function ($uuid, HttpRestRequest $request) {
706 RestConfig::authorization_check("admin", "super");
707 $return = (new FhirCoverageRestController())->getOne($uuid);
708 RestConfig::apiLog($return);
709 return $return;
710 },
711 "GET /fhir/Device" => function (HttpRestRequest $request) {
712 RestConfig::authorization_check("admin", "super");
713 $return = (new FhirDeviceRestController())->getAll($request->getQueryParams());
714 RestConfig::apiLog($return);
715 return $return;
716 },
717 "GET /fhir/Device/:uuid" => function ($uuid, HttpRestRequest $request) {
718 RestConfig::authorization_check("admin", "super");
719 $return = (new FhirDeviceRestController())->getOne($uuid);
720 RestConfig::apiLog($return);
721 return $return;
722 },
723 "GET /fhir/DiagnosticReport" => function (HttpRestRequest $request) {
724 RestConfig::authorization_check("admin", "super");
725 $return = (new FhirDiagnosticReportRestController())->getAll($request->getQueryParams());
726 RestConfig::apiLog($return);
727 return $return;
728 },
729 "GET /fhir/DiagnosticReport/:uuid" => function ($uuid, HttpRestRequest $request) {
730 RestConfig::authorization_check("admin", "super");
731 $return = (new FhirDiagnosticReportRestController())->getOne($uuid);
732 RestConfig::apiLog($return);
733 return $return;
734 },
735 'GET /fhir/DocumentReference' => function (HttpRestRequest $request) {
736 RestConfig::authorization_check("admin", "super");
737 $return = (new FhirDocumentReferenceRestController())->getAll($request->getQueryParams());
738 RestConfig::apiLog($return);
739 return $return;
740 },
741 "GET /fhir/DocumentReference/:uuid" => function ($uuid, HttpRestRequest $request) {
742 RestConfig::authorization_check("admin", "super");
743 $return = (new FhirDocumentReferenceRestController())->getOne($uuid);
744 RestConfig::apiLog($return);
745 return $return;
746 },
747 'GET /fhir/Document/:id/Binary' => function ($documentId, HttpRestRequest $request) {
748 // currently only allow users with the same permissions as export to take a file out
749 // this could be relaxed to allow other types of files ie such as patient access etc.
750 RestConfig::authorization_check("admin", "users");
751
752 // Grab the document id
753 $docController = new \OpenEMR\RestControllers\FHIR\FhirDocumentRestController($request);
754 $response = $docController->downloadDocument($documentId, $request->getRequestUserId());
755 return $response;
756 },
757 "GET /fhir/Encounter" => function (HttpRestRequest $request) {
758 $getParams = $request->getQueryParams();
759 if ($request->isPatientRequest()) {
760 // only allow access to data of binded patient
761 $return = (new FhirEncounterRestController())->getAll($getParams, $request->getPatientUUIDString());
762 } else {
763 RestConfig::authorization_check("encounters", "auth_a");
764 $return = (new FhirEncounterRestController())->getAll($getParams);
765 }
766 RestConfig::apiLog($return);
767 return $return;
768 },
769 "GET /fhir/Encounter/:id" => function ($id, HttpRestRequest $request) {
770 if ($request->isPatientRequest()) {
771 // only allow access to data of binded patient
772 $return = (new FhirEncounterRestController())->getOne($id, $request->getPatientUUIDString());
773 } else {
774 RestConfig::authorization_check("admin", "super");
775 $return = (new FhirEncounterRestController())->getOne($id);
776 }
777 RestConfig::apiLog($return);
778 return $return;
779 },
780 "GET /fhir/Goal" => function (HttpRestRequest $request) {
781 $getParams = $request->getQueryParams();
782 if ($request->isPatientRequest()) {
783 // only allow access to data of binded patient
784 $return = (new FhirGoalRestController())->getAll($getParams, $request->getPatientUUIDString());
785 } else {
786 RestConfig::authorization_check("admin", "super");
787 $return = (new FhirGoalRestController())->getAll($getParams);
788 }
789 RestConfig::apiLog($return);
790 return $return;
791 },
792 "GET /fhir/Goal/:id" => function ($id, HttpRestRequest $request) {
793 if ($request->isPatientRequest()) {
794 // only allow access to data of binded patient
795 $return = (new FhirGoalRestController())->getOne($id, $request->getPatientUUIDString());
796 } else {
797 RestConfig::authorization_check("admin", "super");
798 $return = (new FhirGoalRestController())->getOne($id);
799 }
800 RestConfig::apiLog($return);
801 return $return;
802 },
803
804 'GET /fhir/Group/:id/$export' => function ($groupId, HttpRestRequest $request) {
805 RestConfig::authorization_check("admin", "users");
806 $fhirExportService = new FhirExportRestController($request);
807 $exportParams = $request->getQueryParams();
808 $exportParams['groupId'] = $groupId;
809 $return = $fhirExportService->processExport(
810 $exportParams,
811 'Group',
812 $request->getHeader('Accept'),
813 $request->getHeader('Prefer')
814 );
815 RestConfig::apiLog($return);
816 return $return;
817 },
818 "GET /fhir/Immunization" => function (HttpRestRequest $request) {
819 $getParams = $request->getQueryParams();
820 if ($request->isPatientRequest()) {
821 // only allow access to data of binded patient
822 $return = (new FhirImmunizationRestController())->getAll($getParams, $request->getPatientUUIDString());
823 } else {
824 RestConfig::authorization_check("patients", "med");
825 $return = (new FhirImmunizationRestController())->getAll($getParams);
826 }
827 RestConfig::apiLog($return);
828 return $return;
829 },
830 "GET /fhir/Immunization/:id" => function ($id, HttpRestRequest $request) {
831 if ($request->isPatientRequest()) {
832 // only allow access to data of binded patient
833 $return = (new FhirImmunizationRestController())->getOne($id, $request->getPatientUUIDString());
834 } else {
835 RestConfig::authorization_check("patients", "med");
836 $return = (new FhirImmunizationRestController())->getOne($id);
837 }
838 RestConfig::apiLog($return);
839 return $return;
840 },
841 "GET /fhir/Location" => function (HttpRestRequest $request) {
842 RestConfig::authorization_check("patients", "med");
843 $return = (new FhirLocationRestController())->getAll($request->getQueryParams());
844 RestConfig::apiLog($return);
845 return $return;
846 },
847 "GET /fhir/Location/:uuid" => function ($uuid, HttpRestRequest $request) {
848 RestConfig::authorization_check("patients", "med");
849 $return = (new FhirLocationRestController())->getOne($uuid);
850 RestConfig::apiLog($return);
851 return $return;
852 },
853 "GET /fhir/Medication" => function (HttpRestRequest $request) {
854 RestConfig::authorization_check("patients", "med");
855 $return = (new FhirMedicationRestController())->getAll($request->getQueryParams());
856 RestConfig::apiLog($return);
857 return $return;
858 },
859 "GET /fhir/Medication/:uuid" => function ($uuid, HttpRestRequest $request) {
860 RestConfig::authorization_check("patients", "med");
861 $return = (new FhirMedicationRestController())->getOne($uuid);
862 RestConfig::apiLog($return);
863 return $return;
864 },
865 "GET /fhir/MedicationRequest" => function (HttpRestRequest $request) {
866 $getParams = $request->getQueryParams();
867 if ($request->isPatientRequest()) {
868 // only allow access to data of binded patient
869 $return = (new FhirMedicationRequestRestController())->getAll($getParams, $request->getPatientUUIDString());
870 } else {
871 RestConfig::authorization_check("patients", "med");
872 $return = (new FhirMedicationRequestRestController())->getAll($getParams);
873 }
874 RestConfig::apiLog($return);
875 return $return;
876 },
877 "GET /fhir/MedicationRequest/:uuid" => function ($uuid, HttpRestRequest $request) {
878 if ($request->isPatientRequest()) {
879 // only allow access to data of binded patient
880 $return = (new FhirMedicationRequestRestController())->getOne($uuid, $request->getPatientUUIDString());
881 } else {
882 RestConfig::authorization_check("patients", "med");
883 $return = (new FhirMedicationRequestRestController())->getOne($uuid);
884 }
885 RestConfig::apiLog($return);
886 return $return;
887 },
888 "GET /fhir/Organization" => function (HttpRestRequest $request) {
889 if (!$request->isPatientRequest()) {
890 RestConfig::authorization_check("admin", "users");
891 }
892 $return = (new FhirOrganizationRestController())->getAll($request->getQueryParams());
893 RestConfig::apiLog($return);
894 return $return;
895 },
896 "GET /fhir/Organization/:id" => function ($id, HttpRestRequest $request) {
897 $patientUUID = null;
898 if (!$request->isPatientRequest()) {
899 RestConfig::authorization_check("admin", "users");
900 } else {
901 $patientUUID = $request->getPatientUUIDString();
902 }
903 $return = (new FhirOrganizationRestController())->getOne($id, $patientUUID);
904
905 RestConfig::apiLog($return);
906 return $return;
907 },
908 "POST /fhir/Organization" => function (HttpRestRequest $request) {
909 RestConfig::authorization_check("admin", "super");
910 $data = (array) (json_decode(file_get_contents("php://input"), true));
911 $return = (new FhirOrganizationRestController())->post($data);
912 RestConfig::apiLog($return, $data);
913 return $return;
914 },
915 "PUT /fhir/Organization/:id" => function ($id, HttpRestRequest $request) {
916 RestConfig::authorization_check("admin", "super");
917 $data = (array) (json_decode(file_get_contents("php://input"), true));
918 $return = (new FhirOrganizationRestController())->patch($id, $data);
919 RestConfig::apiLog($return, $data);
920 return $return;
921 },
922 "GET /fhir/Observation" => function (HttpRestRequest $request) {
923 $getParams = $request->getQueryParams();
924 if ($request->isPatientRequest()) {
925 // only allow access to data of binded patient
926 $return = (new FhirObservationRestController())->getAll($getParams, $request->getPatientUUIDString());
927 } else {
928 RestConfig::authorization_check("patients", "med");
929 $return = (new FhirObservationRestController())->getAll($getParams);
930 }
931 RestConfig::apiLog($return);
932 return $return;
933 },
934 "GET /fhir/Observation/:uuid" => function ($uuid, HttpRestRequest $request) {
935 if ($request->isPatientRequest()) {
936 // only allow access to data of binded patient
937 $return = (new FhirObservationRestController())->getOne($uuid, $request->getPatientUUIDString());
938 } else {
939 RestConfig::authorization_check("patients", "med");
940 $return = (new FhirObservationRestController())->getOne($uuid);
941 }
942 RestConfig::apiLog($return);
943 return $return;
944 },
945 "POST /fhir/Patient" => function (HttpRestRequest $request) {
946 RestConfig::authorization_check("patients", "demo");
947 $data = (array) (json_decode(file_get_contents("php://input"), true));
948 $return = (new FhirPatientRestController())->post($data);
949 RestConfig::apiLog($return, $data);
950 return $return;
951 },
952 "PUT /fhir/Patient/:id" => function ($id, HttpRestRequest $request) {
953 RestConfig::authorization_check("patients", "demo");
954 $data = (array) (json_decode(file_get_contents("php://input"), true));
955 $return = (new FhirPatientRestController())->put($id, $data);
956 RestConfig::apiLog($return, $data);
957 return $return;
958 },
959 "GET /fhir/Patient" => function (HttpRestRequest $request) {
960 $params = $request->getQueryParams();
961 if ($request->isPatientRequest()) {
962 // only allow access to data of binded patient
963 // Note in Patient context still have to return a bundle even if it is just one resource. (ie.
964 // need to use getAll rather than getOne)
965 $params['_id'] = $request->getPatientUUIDString();
966 $return = (new FhirPatientRestController())->getAll($params, $request->getPatientUUIDString());
967 } else {
968 RestConfig::authorization_check("patients", "demo");
969 $return = (new FhirPatientRestController())->getAll($params);
970 }
971 RestConfig::apiLog($return);
972 return $return;
973 },
974 // we have to have the bulk fhir export operation here otherwise it will match $export to the patient $id
975 'GET /fhir/Patient/$export' => function (HttpRestRequest $request) {
976 RestConfig::authorization_check("admin", "users");
977 $fhirExportService = new FhirExportRestController($request);
978 $return = $fhirExportService->processExport(
979 $request->getQueryParams(),
980 'Patient',
981 $request->getHeader('Accept'),
982 $request->getHeader('Prefer')
983 );
984 RestConfig::apiLog($return);
985 return $return;
986 },
987 "GET /fhir/Patient/:id" => function ($id, HttpRestRequest $request) {
988 if ($request->isPatientRequest()) {
989 // only allow access to data of binded patient
990 if (empty($id) || ($id != $request->getPatientUUIDString())) {
991 throw new AccessDeniedException("patients", "demo", "patient id invalid");
992 }
993 $id = $request->getPatientUUIDString();
994 } else {
995 RestConfig::authorization_check("patients", "demo");
996 }
997 $return = (new FhirPatientRestController())->getOne($id);
998 RestConfig::apiLog($return);
999 return $return;
1000 },
1001 "GET /fhir/Person" => function (HttpRestRequest $request) {
1002 RestConfig::authorization_check("admin", "users");
1003 $return = (new FhirPersonRestController())->getAll($request->getQueryParams());
1004 RestConfig::apiLog($return);
1005 return $return;
1006 },
1007 "GET /fhir/Person/:uuid" => function ($uuid, HttpRestRequest $request) {
1008 RestConfig::authorization_check("admin", "users");
1009 $return = (new FhirPersonRestController())->getOne($uuid);
1010 RestConfig::apiLog($return);
1011 return $return;
1012 },
1013 "GET /fhir/Practitioner" => function (HttpRestRequest $request) {
1014
1015 // TODO: @adunsulag talk with brady.miller about patients needing access to any practitioner resource
1016 // that is referenced in connected patient resources -- such as AllergyIntollerance.
1017 // I don't believe patients are assigned to a particular practitioner
1018 // should we allow just open api access to admin information? Should we restrict particular pieces
1019 // of data in the practitioner side (phone number, address information) based on a permission set?
1020 if (!$request->isPatientRequest()) {
1021 RestConfig::authorization_check("admin", "users");
1022 }
1023 $return = (new FhirPractitionerRestController())->getAll($request->getQueryParams());
1024 RestConfig::apiLog($return);
1025 return $return;
1026 },
1027 "GET /fhir/Practitioner/:id" => function ($id, HttpRestRequest $request) {
1028 // TODO: @adunsulag talk with brady.miller about patients needing access to any practitioner resource
1029 // that is referenced in connected patient resources -- such as AllergyIntollerance.
1030 // I don't believe patients are assigned to a particular practitioner
1031 // should we allow just open api access to admin information? Should we restrict particular pieces
1032 // of data in the practitioner side (phone number, address information) based on a permission set?
1033 if (!$request->isPatientRequest()) {
1034 RestConfig::authorization_check("admin", "users");
1035 }
1036 $return = (new FhirPractitionerRestController())->getOne($id);
1037 RestConfig::apiLog($return);
1038 return $return;
1039 },
1040 "POST /fhir/Practitioner" => function (HttpRestRequest $request) {
1041 RestConfig::authorization_check("admin", "users");
1042 $data = (array) (json_decode(file_get_contents("php://input"), true));
1043 $return = (new FhirPractitionerRestController())->post($data);
1044 RestConfig::apiLog($return, $data);
1045 return $return;
1046 },
1047 "PUT /fhir/Practitioner/:id" => function ($id, HttpRestRequest $request) {
1048 RestConfig::authorization_check("admin", "users");
1049 $data = (array) (json_decode(file_get_contents("php://input"), true));
1050 $return = (new FhirPractitionerRestController())->patch($id, $data);
1051 RestConfig::apiLog($return, $data);
1052 return $return;
1053 },
1054 "GET /fhir/PractitionerRole" => function (HttpRestRequest $request) {
1055 RestConfig::authorization_check("admin", "users");
1056 $return = (new FhirPractitionerRoleRestController())->getAll($request->getQueryParams());
1057 RestConfig::apiLog($return);
1058 return $return;
1059 },
1060 "GET /fhir/PractitionerRole/:id" => function ($id, HttpRestRequest $request) {
1061 RestConfig::authorization_check("admin", "users");
1062 $return = (new FhirPractitionerRoleRestController())->getOne($id);
1063 RestConfig::apiLog($return);
1064 return $return;
1065 },
1066 "GET /fhir/Procedure" => function (HttpRestRequest $request) {
1067 if ($request->isPatientRequest()) {
1068 // only allow access to data of binded patient
1069 $return = (new FhirProcedureRestController())->getAll($request->getQueryParams(), $request->getPatientUUIDString());
1070 } else {
1071 RestConfig::authorization_check("patients", "med");
1072 $return = (new FhirProcedureRestController())->getAll($request->getQueryParams());
1073 }
1074 RestConfig::apiLog($return);
1075 return $return;
1076 },
1077 "GET /fhir/Procedure/:uuid" => function ($uuid, HttpRestRequest $request) {
1078 if ($request->isPatientRequest()) {
1079 // only allow access to data of binded patient
1080 $return = (new FhirProcedureRestController())->getOne($uuid, $request->getPatientUUIDString());
1081 } else {
1082 RestConfig::authorization_check("patients", "med");
1083 $return = (new FhirProcedureRestController())->getOne($uuid);
1084 }
1085 RestConfig::apiLog($return);
1086 return $return;
1087 },
1088 "GET /fhir/Provenance/:uuid" => function ($uuid, HttpRestRequest $request) {
1089 if ($request->isPatientRequest()) {
1090 // only allow access to data of binded patient
1091 $return = (new FhirProvenanceRestController())->getOne($uuid, $request->getPatientUUIDString());
1092 } else {
1093 RestConfig::authorization_check("admin", "super");
1094 $return = (new FhirProvenanceRestController())->getOne($uuid);
1095 }
1096 RestConfig::apiLog($return);
1097 return $return;
1098 },
1099 // other endpoints
1100 "GET /fhir/metadata" => function () {
1101 $return = (new FhirMetaDataRestController())->getMetaData();
1102 RestConfig::apiLog($return);
1103 return $return;
1104 },
1105 "GET /fhir/.well-known/smart-configuration" => function () {
1106 $authController = new \OpenEMR\RestControllers\AuthorizationController();
1107 $return = (new \OpenEMR\RestControllers\SMART\SMARTConfigurationController($authController))->getConfig();
1108 RestConfig::apiLog($return);
1109 return $return;
1110 },
1111
1112 // FHIR root level operations
1113 'GET /fhir/$export' => function (HttpRestRequest $request) {
1114 RestConfig::authorization_check("admin", "users");
1115 $fhirExportService = new FhirExportRestController($request);
1116 $return = $fhirExportService->processExport(
1117 $request->getQueryParams(),
1118 'System',
1119 $request->getHeader('Accept'),
1120 $request->getHeader('Prefer')
1121 );
1122 RestConfig::apiLog($return);
1123 return $return;
1124 },
1125 // these two operations are adopted based on the documentation used in the IBM FHIR Server
1126 // we'd reference cerner or epic but we couldn't find any documentation about those (Jan 30th 2021)
1127 // @see https://ibm.github.io/FHIR/guides/FHIRBulkOperations/
1128 'GET /fhir/$bulkdata-status' => function (HttpRestRequest $request) {
1129 RestConfig::authorization_check("admin", "users");
1130 $jobUuidString = $request->getQueryParam('job');
1131 // if we were truly async we would return 202 here to say we are in progress with a JSON response
1132 // since OpenEMR data is so small we just return the JSON from the database
1133 $fhirExportService = new FhirExportRestController($request);
1134 $return = $fhirExportService->processExportStatusRequestForJob($jobUuidString);
1135 RestConfig::apiLog($return);
1136 return $return;
1137 },
1138 'DELETE /fhir/$bulkdata-status' => function (HttpRestRequest $request) {
1139 RestConfig::authorization_check("admin", "users");
1140 $job = $request->getQueryParam('job');
1141 $fhirExportService = new FhirExportRestController($request);
1142 $return = $fhirExportService->processDeleteExportForJob($job);
1143 RestConfig::apiLog($return);
1144 return $return;
1145 }
1146 );
1147
1148 // Note that the portal (api) route is only for patient role
1149 // (there is a mechanism in place to ensure only patient role can access the portal (api) route)
1150 RestConfig::$PORTAL_ROUTE_MAP = array(
1151 "GET /portal/patient" => function (HttpRestRequest $request) {
1152 $return = (new PatientRestController())->getOne($request->getPatientUUIDString());
1153 RestConfig::apiLog($return);
1154 return $return;
1155 },
1156 "GET /portal/patient/encounter" => function (HttpRestRequest $request) {
1157 $return = (new EncounterRestController())->getAll($request->getPatientUUIDString());
1158 RestConfig::apiLog($return);
1159 return $return;
1160 },
1161 "GET /portal/patient/encounter/:euuid" => function ($euuid, HttpRestRequest $request) {
1162 $return = (new EncounterRestController())->getOne($request->getPatientUUIDString(), $euuid);
1163 RestConfig::apiLog($return);
1164 return $return;
1165 }
1166 );
Mirror of official OpenEMR Sourceforge repository