8 * @link http://www.open-emr.org
9 * @author Matthew Vita <matthewvita48@gmail.com>
10 * @author Jerry Padgett <sjpadgett@gmail.com>
11 * @author Brady Miller <brady.g.miller@gmail.com>
12 * @author Yash Raj Bothra <yashrajbothra786@gmail.com>
13 * @copyright Copyright (c) 2018 Matthew Vita <matthewvita48@gmail.com>
14 * @copyright Copyright (c) 2018-2020 Jerry Padgett <sjpadgett@gmail.com>
15 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
16 * @copyright Copyright (c) 2020 Yash Raj Bothra <yashrajbothra786@gmail.com>
17 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
20 // Lets keep our controller classes with the routes.
22 use OpenEMR\Common\Acl\AccessDeniedException
;
23 use OpenEMR\Common\Http\HttpRestRequest
;
24 use OpenEMR\RestControllers\AllergyIntoleranceRestController
;
25 use OpenEMR\RestControllers\FacilityRestController
;
26 use OpenEMR\RestControllers\VersionRestController
;
27 use OpenEMR\RestControllers\ProductRegistrationRestController
;
28 use OpenEMR\RestControllers\PatientRestController
;
29 use OpenEMR\RestControllers\EncounterRestController
;
30 use OpenEMR\RestControllers\PractitionerRestController
;
31 use OpenEMR\RestControllers\ListRestController
;
32 use OpenEMR\RestControllers\InsuranceCompanyRestController
;
33 use OpenEMR\RestControllers\AppointmentRestController
;
34 use OpenEMR\RestControllers\ConditionRestController
;
35 use OpenEMR\RestControllers\ONoteRestController
;
36 use OpenEMR\RestControllers\DocumentRestController
;
37 use OpenEMR\RestControllers\DrugRestController
;
38 use OpenEMR\RestControllers\ImmunizationRestController
;
39 use OpenEMR\RestControllers\InsuranceRestController
;
40 use OpenEMR\RestControllers\MessageRestController
;
41 use OpenEMR\RestControllers\PrescriptionRestController
;
42 use OpenEMR\RestControllers\ProcedureRestController
;
44 // Note some Http clients may not send auth as json so a function
45 // is implemented to determine and parse encoding on auth route's.
47 // Note that the api route is only for users role
48 // (there is a mechanism in place to ensure only user role can access the api route)
49 RestConfig
::$ROUTE_MAP = array(
50 "GET /api/facility" => function () {
51 RestConfig
::authorization_check("admin", "users");
52 $return = (new FacilityRestController())->getAll($_GET);
53 RestConfig
::apiLog($return);
56 "GET /api/facility/:fuuid" => function ($fuuid) {
57 RestConfig
::authorization_check("admin", "users");
58 $return = (new FacilityRestController())->getOne($fuuid);
59 RestConfig
::apiLog($return);
62 "POST /api/facility" => function () {
63 RestConfig
::authorization_check("admin", "super");
64 $data = (array) (json_decode(file_get_contents("php://input")));
65 $return = (new FacilityRestController())->post($data);
66 RestConfig
::apiLog($return, $data);
69 "PUT /api/facility/:fuuid" => function ($fuuid) {
70 RestConfig
::authorization_check("admin", "super");
71 $data = (array) (json_decode(file_get_contents("php://input")));
72 $return = (new FacilityRestController())->patch($fuuid, $data);
73 RestConfig
::apiLog($return, $data);
76 "GET /api/patient" => function () {
77 RestConfig
::authorization_check("patients", "demo");
78 $return = (new PatientRestController())->getAll($_GET);
79 RestConfig
::apiLog($return);
82 "POST /api/patient" => function () {
83 RestConfig
::authorization_check("patients", "demo");
84 $data = (array) (json_decode(file_get_contents("php://input")));
85 $return = (new PatientRestController())->post($data);
86 RestConfig
::apiLog($return, $data);
89 "PUT /api/patient/:puuid" => function ($puuid) {
90 RestConfig
::authorization_check("patients", "demo");
91 $data = (array) (json_decode(file_get_contents("php://input")));
92 $return = (new PatientRestController())->put($puuid, $data);
93 RestConfig
::apiLog($return, $data);
96 "GET /api/patient/:puuid" => function ($puuid) {
97 RestConfig
::authorization_check("patients", "demo");
98 $return = (new PatientRestController())->getOne($puuid);
99 RestConfig
::apiLog($return);
102 "GET /api/patient/:puuid/encounter" => function ($puuid) {
103 RestConfig
::authorization_check("encounters", "auth_a");
104 $return = (new EncounterRestController())->getAll($puuid);
105 RestConfig
::apiLog($return);
108 "POST /api/patient/:puuid/encounter" => function ($puuid) {
109 RestConfig
::authorization_check("encounters", "auth_a");
110 $data = (array) (json_decode(file_get_contents("php://input")));
111 $return = (new EncounterRestController())->post($puuid, $data);
112 RestConfig
::apiLog($return, $data);
115 "PUT /api/patient/:puuid/encounter/:euuid" => function ($puuid, $euuid) {
116 RestConfig
::authorization_check("encounters", "auth_a");
117 $data = (array) (json_decode(file_get_contents("php://input")));
118 $return = (new EncounterRestController())->put($puuid, $euuid, $data);
119 RestConfig
::apiLog($return, $data);
122 "GET /api/patient/:puuid/encounter/:euuid" => function ($puuid, $euuid) {
123 RestConfig
::authorization_check("encounters", "auth_a");
124 $return = (new EncounterRestController())->getOne($puuid, $euuid);
125 RestConfig
::apiLog($return);
128 "GET /api/patient/:pid/encounter/:eid/soap_note" => function ($pid, $eid) {
129 RestConfig
::authorization_check("encounters", "notes");
130 $return = (new EncounterRestController())->getSoapNotes($pid, $eid);
131 RestConfig
::apiLog($return);
134 "POST /api/patient/:pid/encounter/:eid/vital" => function ($pid, $eid) {
135 RestConfig
::authorization_check("encounters", "notes");
136 $data = json_decode(file_get_contents("php://input"), true) ??
[];
137 $return = (new EncounterRestController())->postVital($pid, $eid, $data);
138 RestConfig
::apiLog($return, $data);
141 "PUT /api/patient/:pid/encounter/:eid/vital/:vid" => function ($pid, $eid, $vid) {
142 RestConfig
::authorization_check("encounters", "notes");
143 $data = json_decode(file_get_contents("php://input"), true) ??
[];
144 $return = (new EncounterRestController())->putVital($pid, $eid, $vid, $data);
145 RestConfig
::apiLog($return, $data);
148 "GET /api/patient/:pid/encounter/:eid/vital" => function ($pid, $eid) {
149 RestConfig
::authorization_check("encounters", "notes");
150 $return = (new EncounterRestController())->getVitals($pid, $eid);
151 RestConfig
::apiLog($return);
154 "GET /api/patient/:pid/encounter/:eid/vital/:vid" => function ($pid, $eid, $vid) {
155 RestConfig
::authorization_check("encounters", "notes");
156 $return = (new EncounterRestController())->getVital($pid, $eid, $vid);
157 RestConfig
::apiLog($return);
160 "GET /api/patient/:pid/encounter/:eid/soap_note/:sid" => function ($pid, $eid, $sid) {
161 RestConfig
::authorization_check("encounters", "notes");
162 $return = (new EncounterRestController())->getSoapNote($pid, $eid, $sid);
163 RestConfig
::apiLog($return);
166 "POST /api/patient/:pid/encounter/:eid/soap_note" => function ($pid, $eid) {
167 RestConfig
::authorization_check("encounters", "notes");
168 $data = (array) (json_decode(file_get_contents("php://input")));
169 $return = (new EncounterRestController())->postSoapNote($pid, $eid, $data);
170 RestConfig
::apiLog($return, $data);
173 "PUT /api/patient/:pid/encounter/:eid/soap_note/:sid" => function ($pid, $eid, $sid) {
174 RestConfig
::authorization_check("encounters", "notes");
175 $data = (array) (json_decode(file_get_contents("php://input")));
176 $return = (new EncounterRestController())->putSoapNote($pid, $eid, $sid, $data);
177 RestConfig
::apiLog($return, $data);
180 "GET /api/practitioner" => function () {
181 RestConfig
::authorization_check("admin", "users");
182 $return = (new PractitionerRestController())->getAll($_GET);
183 RestConfig
::apiLog($return);
186 "GET /api/practitioner/:prid" => function ($prid) {
187 RestConfig
::authorization_check("admin", "users");
188 $return = (new PractitionerRestController())->getOne($prid);
189 RestConfig
::apiLog($return);
192 "POST /api/practitioner" => function () {
193 RestConfig
::authorization_check("admin", "users");
194 $data = (array) (json_decode(file_get_contents("php://input")));
195 $return = (new PractitionerRestController())->post($data);
196 RestConfig
::apiLog($return, $data);
199 "PUT /api/practitioner/:prid" => function ($prid) {
200 RestConfig
::authorization_check("admin", "users");
201 $data = (array) (json_decode(file_get_contents("php://input")));
202 $return = (new PractitionerRestController())->patch($prid, $data);
203 RestConfig
::apiLog($return, $data);
206 "GET /api/medical_problem" => function () {
207 RestConfig
::authorization_check("encounters", "notes");
208 $return = (new ConditionRestController())->getAll();
209 RestConfig
::apiLog($return);
212 "GET /api/medical_problem/:muuid" => function ($muuid) {
213 RestConfig
::authorization_check("encounters", "notes");
214 $return = (new ConditionRestController())->getOne($muuid);
215 RestConfig
::apiLog($return);
218 "GET /api/patient/:puuid/medical_problem" => function ($puuid) {
219 RestConfig
::authorization_check("encounters", "notes");
220 $return = (new ConditionRestController())->getAll($puuid, "medical_problem");
221 RestConfig
::apiLog($return);
224 "GET /api/patient/:puuid/medical_problem/:muuid" => function ($puuid, $muuid) {
225 RestConfig
::authorization_check("patients", "med");
226 $return = (new ConditionRestController())->getAll(['puuid' => $puuid, 'condition_uuid' => $muuid]);
227 RestConfig
::apiLog($return);
230 "POST /api/patient/:puuid/medical_problem" => function ($puuid) {
231 RestConfig
::authorization_check("patients", "med");
232 $data = (array) (json_decode(file_get_contents("php://input")));
233 $return = (new ConditionRestController())->post($puuid, $data);
234 RestConfig
::apiLog($return, $data);
237 "PUT /api/patient/:puuid/medical_problem/:muuid" => function ($puuid, $muuid) {
238 RestConfig
::authorization_check("patients", "med");
239 $data = (array) (json_decode(file_get_contents("php://input")));
240 $return = (new ConditionRestController())->put($puuid, $muuid, $data);
241 RestConfig
::apiLog($return, $data);
244 "DELETE /api/patient/:puuid/medical_problem/:muuid" => function ($puuid, $muuid) {
245 RestConfig
::authorization_check("patients", "med");
246 $return = (new ConditionRestController())->delete($puuid, $muuid);
247 RestConfig
::apiLog($return);
250 "GET /api/allergy" => function () {
251 RestConfig
::authorization_check("patients", "med");
252 $return = (new AllergyIntoleranceRestController())->getAll();
253 RestConfig
::apiLog($return);
256 "GET /api/allergy/:auuid" => function ($auuid) {
257 RestConfig
::authorization_check("patients", "med");
258 $return = (new AllergyIntoleranceRestController())->getOne($auuid);
259 RestConfig
::apiLog($return);
262 "GET /api/patient/:puuid/allergy" => function ($puuid) {
263 RestConfig
::authorization_check("patients", "med");
264 $return = (new AllergyIntoleranceRestController())->getAll(['lists.pid' => $puuid]);
265 RestConfig
::apiLog($return);
268 "GET /api/patient/:puuid/allergy/:auuid" => function ($puuid, $auuid) {
269 RestConfig
::authorization_check("patients", "med");
270 $return = (new AllergyIntoleranceRestController())->getAll(['lists.pid' => $puuid, 'lists.id' => $auuid]);
271 RestConfig
::apiLog($return);
274 "POST /api/patient/:puuid/allergy" => function ($puuid) {
275 RestConfig
::authorization_check("patients", "med");
276 $data = (array) (json_decode(file_get_contents("php://input")));
277 $return = (new AllergyIntoleranceRestController())->post($puuid, $data);
278 RestConfig
::apiLog($return, $data);
281 "PUT /api/patient/:puuid/allergy/:auuid" => function ($puuid, $auuid) {
282 RestConfig
::authorization_check("patients", "med");
283 $data = (array) (json_decode(file_get_contents("php://input")));
284 $return = (new AllergyIntoleranceRestController())->put($puuid, $auuid, $data);
285 RestConfig
::apiLog($return, $data);
288 "DELETE /api/patient/:puuid/allergy/:auuid" => function ($puuid, $auuid) {
289 RestConfig
::authorization_check("patients", "med");
290 $return = (new AllergyIntoleranceRestController())->delete($puuid, $auuid);
291 RestConfig
::apiLog($return);
294 "GET /api/patient/:pid/medication" => function ($pid) {
295 RestConfig
::authorization_check("patients", "med");
296 $return = (new ListRestController())->getAll($pid, "medication");
297 RestConfig
::apiLog($return);
300 "POST /api/patient/:pid/medication" => function ($pid) {
301 RestConfig
::authorization_check("patients", "med");
302 $data = (array) (json_decode(file_get_contents("php://input")));
303 $return = (new ListRestController())->post($pid, "medication", $data);
304 RestConfig
::apiLog($return, $data);
307 "PUT /api/patient/:pid/medication/:mid" => function ($pid, $mid) {
308 RestConfig
::authorization_check("patients", "med");
309 $data = (array) (json_decode(file_get_contents("php://input")));
310 $return = (new ListRestController())->put($pid, $mid, "medication", $data);
311 RestConfig
::apiLog($return, $data);
314 "GET /api/patient/:pid/medication/:mid" => function ($pid, $mid) {
315 RestConfig
::authorization_check("patients", "med");
316 $return = (new ListRestController())->getOne($pid, "medication", $mid);
317 RestConfig
::apiLog($return);
320 "DELETE /api/patient/:pid/medication/:mid" => function ($pid, $mid) {
321 RestConfig
::authorization_check("patients", "med");
322 $return = (new ListRestController())->delete($pid, $mid, "medication");
323 RestConfig
::apiLog($return);
326 "GET /api/patient/:pid/surgery" => function ($pid) {
327 RestConfig
::authorization_check("patients", "med");
328 $return = (new ListRestController())->getAll($pid, "surgery");
329 RestConfig
::apiLog($return);
332 "GET /api/patient/:pid/surgery/:sid" => function ($pid, $sid) {
333 RestConfig
::authorization_check("patients", "med");
334 $return = (new ListRestController())->getOne($pid, "surgery", $sid);
335 RestConfig
::apiLog($return);
338 "DELETE /api/patient/:pid/surgery/:sid" => function ($pid, $sid) {
339 RestConfig
::authorization_check("patients", "med");
340 $return = (new ListRestController())->delete($pid, $sid, "surgery");
341 RestConfig
::apiLog($return);
344 "POST /api/patient/:pid/surgery" => function ($pid) {
345 RestConfig
::authorization_check("patients", "med");
346 $data = (array) (json_decode(file_get_contents("php://input")));
347 $return = (new ListRestController())->post($pid, "surgery", $data);
348 RestConfig
::apiLog($return, $data);
351 "PUT /api/patient/:pid/surgery/:sid" => function ($pid, $sid) {
352 RestConfig
::authorization_check("patients", "med");
353 $data = (array) (json_decode(file_get_contents("php://input")));
354 $return = (new ListRestController())->put($pid, $sid, "surgery", $data);
355 RestConfig
::apiLog($return, $data);
358 "GET /api/patient/:pid/dental_issue" => function ($pid) {
359 RestConfig
::authorization_check("patients", "med");
360 $return = (new ListRestController())->getAll($pid, "dental");
361 RestConfig
::apiLog($return);
364 "GET /api/patient/:pid/dental_issue/:did" => function ($pid, $did) {
365 RestConfig
::authorization_check("patients", "med");
366 $return = (new ListRestController())->getOne($pid, "dental", $did);
367 RestConfig
::apiLog($return);
370 "DELETE /api/patient/:pid/dental_issue/:did" => function ($pid, $did) {
371 RestConfig
::authorization_check("patients", "med");
372 $return = (new ListRestController())->delete($pid, $did, "dental");
373 RestConfig
::apiLog($return);
376 "POST /api/patient/:pid/dental_issue" => function ($pid) {
377 RestConfig
::authorization_check("patients", "med");
378 $data = (array) (json_decode(file_get_contents("php://input")));
379 $return = (new ListRestController())->post($pid, "dental", $data);
380 RestConfig
::apiLog($return, $data);
383 "PUT /api/patient/:pid/dental_issue/:did" => function ($pid, $did) {
384 RestConfig
::authorization_check("patients", "med");
385 $data = (array) (json_decode(file_get_contents("php://input")));
386 $return = (new ListRestController())->put($pid, $did, "dental", $data);
387 RestConfig
::apiLog($return, $data);
390 "GET /api/patient/:pid/appointment" => function ($pid) {
391 RestConfig
::authorization_check("patients", "appt");
392 $return = (new AppointmentRestController())->getAllForPatient($pid);
393 RestConfig
::apiLog($return);
396 "POST /api/patient/:pid/appointment" => function ($pid) {
397 RestConfig
::authorization_check("patients", "appt");
398 $data = (array) (json_decode(file_get_contents("php://input")));
399 $return = (new AppointmentRestController())->post($pid, $data);
400 RestConfig
::apiLog($return, $data);
403 "GET /api/appointment" => function () {
404 RestConfig
::authorization_check("patients", "appt");
405 $return = (new AppointmentRestController())->getAll();
406 RestConfig
::apiLog($return);
409 "GET /api/appointment/:eid" => function ($eid) {
410 RestConfig
::authorization_check("patients", "appt");
411 $return = (new AppointmentRestController())->getOne($eid);
412 RestConfig
::apiLog($return);
415 "DELETE /api/patient/:pid/appointment/:eid" => function ($pid, $eid) {
416 RestConfig
::authorization_check("patients", "appt");
417 $return = (new AppointmentRestController())->delete($eid);
418 RestConfig
::apiLog($return);
421 "GET /api/patient/:pid/appointment/:eid" => function ($pid, $eid) {
422 RestConfig
::authorization_check("patients", "appt");
423 $return = (new AppointmentRestController())->getOne($eid);
424 RestConfig
::apiLog($return);
427 "GET /api/list/:list_name" => function ($list_name) {
428 RestConfig
::authorization_check("lists", "default");
429 $return = (new ListRestController())->getOptions($list_name);
430 RestConfig
::apiLog($return);
433 "GET /api/version" => function () {
434 $return = (new VersionRestController())->getOne();
435 RestConfig
::apiLog($return);
438 "GET /api/product" => function () {
439 $return = (new ProductRegistrationRestController())->getOne();
440 RestConfig
::apiLog($return);
443 "GET /api/insurance_company" => function () {
444 $return = (new InsuranceCompanyRestController())->getAll();
445 RestConfig
::apiLog($return);
448 "GET /api/insurance_company/:iid" => function ($iid) {
449 $return = (new InsuranceCompanyRestController())->getOne($iid);
450 RestConfig
::apiLog($return);
453 "GET /api/insurance_type" => function () {
454 $return = (new InsuranceCompanyRestController())->getInsuranceTypes();
455 RestConfig
::apiLog($return);
458 "POST /api/insurance_company" => function () {
459 $data = (array) (json_decode(file_get_contents("php://input")));
460 $return = (new InsuranceCompanyRestController())->post($data);
461 RestConfig
::apiLog($return, $data);
464 "PUT /api/insurance_company/:iid" => function ($iid) {
465 $data = (array) (json_decode(file_get_contents("php://input")));
466 $return = (new InsuranceCompanyRestController())->put($iid, $data);
467 RestConfig
::apiLog($return, $data);
470 "POST /api/patient/:pid/document" => function ($pid) {
471 $return = (new DocumentRestController())->postWithPath($pid, $_GET['path'], $_FILES['document']);
472 RestConfig
::apiLog($return);
475 "GET /api/patient/:pid/document" => function ($pid) {
476 $return = (new DocumentRestController())->getAllAtPath($pid, $_GET['path']);
477 RestConfig
::apiLog($return);
480 "GET /api/patient/:pid/document/:did" => function ($pid, $did) {
481 $return = (new DocumentRestController())->downloadFile($pid, $did);
482 RestConfig
::apiLog($return);
485 "GET /api/patient/:pid/insurance" => function ($pid) {
486 $return = (new InsuranceRestController())->getAll($pid);
487 RestConfig
::apiLog($return);
490 "GET /api/patient/:pid/insurance/:type" => function ($pid, $type) {
491 $return = (new InsuranceRestController())->getOne($pid, $type);
492 RestConfig
::apiLog($return);
495 "POST /api/patient/:pid/insurance/:type" => function ($pid, $type) {
496 $data = (array) (json_decode(file_get_contents("php://input")));
497 $return = (new InsuranceRestController())->post($pid, $type, $data);
498 RestConfig
::apiLog($return, $data);
501 "PUT /api/patient/:pid/insurance/:type" => function ($pid, $type) {
502 $data = (array) (json_decode(file_get_contents("php://input")));
503 $return = (new InsuranceRestController())->put($pid, $type, $data);
504 RestConfig
::apiLog($return, $data);
507 "POST /api/patient/:pid/message" => function ($pid) {
508 RestConfig
::authorization_check("patients", "notes");
509 $data = (array) (json_decode(file_get_contents("php://input")));
510 $return = (new MessageRestController())->post($pid, $data);
511 RestConfig
::apiLog($return, $data);
514 "PUT /api/patient/:pid/message/:mid" => function ($pid, $mid) {
515 RestConfig
::authorization_check("patients", "notes");
516 $data = (array) (json_decode(file_get_contents("php://input")));
517 $return = (new MessageRestController())->put($pid, $mid, $data);
518 RestConfig
::apiLog($return, $data);
521 "DELETE /api/patient/:pid/message/:mid" => function ($pid, $mid) {
522 RestConfig
::authorization_check("patients", "notes");
523 $return = (new MessageRestController())->delete($pid, $mid);
524 RestConfig
::apiLog($return);
527 "GET /api/immunization" => function () {
528 RestConfig
::authorization_check("patients", "med");
529 $return = (new ImmunizationRestController())->getAll($_GET);
530 RestConfig
::apiLog($return);
533 "GET /api/immunization/:uuid" => function ($uuid) {
534 RestConfig
::authorization_check("patients", "med");
535 $return = (new ImmunizationRestController())->getOne($uuid);
536 RestConfig
::apiLog($return);
539 "GET /api/procedure" => function () {
540 RestConfig
::authorization_check("patients", "med");
541 $return = (new ProcedureRestController())->getAll();
542 RestConfig
::apiLog($return);
545 "GET /api/procedure/:uuid" => function ($uuid) {
546 RestConfig
::authorization_check("patients", "med");
547 $return = (new ProcedureRestController())->getOne($uuid);
548 RestConfig
::apiLog($return);
551 "GET /api/drug" => function () {
552 RestConfig
::authorization_check("patients", "med");
553 $return = (new DrugRestController())->getAll();
554 RestConfig
::apiLog($return);
557 "GET /api/drug/:uuid" => function ($uuid) {
558 RestConfig
::authorization_check("patients", "med");
559 $return = (new DrugRestController())->getOne($uuid);
560 RestConfig
::apiLog($return);
563 "GET /api/prescription" => function () {
564 RestConfig
::authorization_check("patients", "med");
565 $return = (new PrescriptionRestController())->getAll();
566 RestConfig
::apiLog($return);
569 "GET /api/prescription/:uuid" => function ($uuid) {
570 RestConfig
::authorization_check("patients", "med");
571 $return = (new PrescriptionRestController())->getOne($uuid);
572 RestConfig
::apiLog($return);
577 use OpenEMR\Common\Http\StatusCode
;
578 use OpenEMR\Common\Http\Psr17Factory
;
579 use OpenEMR\RestControllers\FHIR\FhirAllergyIntoleranceRestController
;
580 use OpenEMR\RestControllers\FHIR\FhirCarePlanRestController
;
581 use OpenEMR\RestControllers\FHIR\FhirCareTeamRestController
;
582 use OpenEMR\RestControllers\FHIR\FhirConditionRestController
;
583 use OpenEMR\RestControllers\FHIR\FhirCoverageRestController
;
584 use OpenEMR\RestControllers\FHIR\FhirDeviceRestController
;
585 use OpenEMR\RestControllers\FHIR\FhirDiagnosticReportRestController
;
586 use OpenEMR\RestControllers\FHIR\FhirDocumentReferenceRestController
;
587 use OpenEMR\RestControllers\FHIR\FhirEncounterRestController
;
588 use OpenEMR\RestControllers\FHIR\FhirExportRestController
;
589 use OpenEMR\RestControllers\FHIR\FhirObservationRestController
;
590 use OpenEMR\RestControllers\FHIR\FhirImmunizationRestController
;
591 use OpenEMR\RestControllers\FHIR\FhirGoalRestController
;
592 use OpenEMR\RestControllers\FHIR\FhirGroupRestController
;
593 use OpenEMR\RestControllers\FHIR\FhirLocationRestController
;
594 use OpenEMR\RestControllers\FHIR\FhirMedicationRestController
;
595 use OpenEMR\RestControllers\FHIR\FhirMedicationRequestRestController
;
596 use OpenEMR\RestControllers\FHIR\FhirOrganizationRestController
;
597 use OpenEMR\RestControllers\FHIR\FhirPatientRestController
;
598 use OpenEMR\RestControllers\FHIR\FhirPersonRestController
;
599 use OpenEMR\RestControllers\FHIR\FhirPractitionerRoleRestController
;
600 use OpenEMR\RestControllers\FHIR\FhirPractitionerRestController
;
601 use OpenEMR\RestControllers\FHIR\FhirProcedureRestController
;
602 use OpenEMR\RestControllers\FHIR\FhirProvenanceRestController
;
603 use OpenEMR\RestControllers\FHIR\FhirMetaDataRestController
;
605 // Note that the fhir route includes both user role and patient role
606 // (there is a mechanism in place to ensure patient role is binded
607 // to only see the data of the one patient)
608 RestConfig
::$FHIR_ROUTE_MAP = array(
609 "GET /fhir/AllergyIntolerance" => function (HttpRestRequest
$request) {
610 $getParams = $request->getQueryParams();
611 if ($request->isPatientRequest()) {
612 // only allow access to data of binded patient
613 $return = (new FhirAllergyIntoleranceRestController($request))->getAll($getParams, $request->getPatientUUIDString());
615 RestConfig
::authorization_check("patients", "med");
616 $return = (new FhirAllergyIntoleranceRestController($request))->getAll($getParams);
618 RestConfig
::apiLog($return);
621 "GET /fhir/AllergyIntolerance/:id" => function ($id, HttpRestRequest
$request) {
622 if ($request->isPatientRequest()) {
623 // only allow access to data of binded patient
624 $return = (new FhirAllergyIntoleranceRestController($request))->getOne($id, $request->getPatientUUIDString());
626 RestConfig
::authorization_check("patients", "med");
627 $return = (new FhirAllergyIntoleranceRestController($request))->getOne($id);
629 RestConfig
::apiLog($return);
631 },"GET /fhir/CarePlan" => function (HttpRestRequest
$request) {
632 $getParams = $request->getQueryParams();
633 if ($request->isPatientRequest()) {
634 // only allow access to data of binded patient
635 $return = (new FhirCarePlanRestController())->getAll($getParams, $request->getPatientUUIDString());
637 RestConfig
::authorization_check("patients", "med");
638 $return = (new FhirCarePlanRestController())->getAll($getParams);
640 RestConfig
::apiLog($return);
643 "GET /fhir/CarePlan/:uuid" => function ($uuid, HttpRestRequest
$request) {
644 if ($request->isPatientRequest()) {
645 // only allow access to data of binded patient
646 $return = (new FhirCarePlanRestController())->getOne($uuid, $request->getPatientUUIDString());
648 RestConfig
::authorization_check("patients", "med");
649 $return = (new FhirCarePlanRestController())->getOne($uuid);
651 RestConfig
::apiLog($return);
654 "GET /fhir/CareTeam" => function (HttpRestRequest
$request) {
655 $getParams = $request->getQueryParams();
656 if ($request->isPatientRequest()) {
657 // only allow access to data of binded patient
658 $return = (new FhirCareTeamRestController())->getAll($getParams, $request->getPatientUUIDString());
660 RestConfig
::authorization_check("patients", "med");
661 $return = (new FhirCareTeamRestController())->getAll($getParams);
663 RestConfig
::apiLog($return);
666 "GET /fhir/CareTeam/:uuid" => function ($uuid, HttpRestRequest
$request) {
667 if ($request->isPatientRequest()) {
668 // only allow access to data of binded patient
669 $return = (new FhirCareTeamRestController())->getOne($uuid, $request->getPatientUUIDString());
671 RestConfig
::authorization_check("patients", "med");
672 $return = (new FhirCareTeamRestController())->getOne($uuid);
674 RestConfig
::apiLog($return);
677 "GET /fhir/Condition" => function (HttpRestRequest
$request) {
678 $getParams = $request->getQueryParams();
679 if ($request->isPatientRequest()) {
680 // only allow access to data of binded patient
681 $return = (new FhirConditionRestController())->getAll($getParams, $request->getPatientUUIDString());
683 RestConfig
::authorization_check("patients", "med");
684 $return = (new FhirConditionRestController())->getAll($getParams);
686 RestConfig
::apiLog($return);
689 "GET /fhir/Condition/:id" => function ($uuid, HttpRestRequest
$request) {
690 if ($request->isPatientRequest()) {
691 // only allow access to data of binded patient
692 $return = (new FhirConditionRestController())->getOne($uuid, $request->getPatientUUIDString());
694 RestConfig
::authorization_check("patients", "med");
695 $return = (new FhirConditionRestController())->getOne($uuid);
697 RestConfig
::apiLog($return);
700 "GET /fhir/Coverage" => function (HttpRestRequest
$request) {
701 RestConfig
::authorization_check("admin", "super");
702 $return = (new FhirCoverageRestController())->getAll($request->getQueryParams());
703 RestConfig
::apiLog($return);
706 "GET /fhir/Coverage/:uuid" => function ($uuid, HttpRestRequest
$request) {
707 RestConfig
::authorization_check("admin", "super");
708 $return = (new FhirCoverageRestController())->getOne($uuid);
709 RestConfig
::apiLog($return);
712 "GET /fhir/Device" => function (HttpRestRequest
$request) {
713 if ($request->isPatientRequest()) {
714 // only allow access to data of binded patient
715 $return = (new FhirDeviceRestController())->getAll($request->getQueryParams(), $request->getPatientUUIDString());
717 RestConfig
::authorization_check("admin", "super");
718 $return = (new FhirDeviceRestController())->getAll($request->getQueryParams());
720 RestConfig
::apiLog($return);
723 "GET /fhir/Device/:uuid" => function ($uuid, HttpRestRequest
$request) {
724 if ($request->isPatientRequest()) {
725 // only allow access to data of binded patient
726 $return = (new FhirDeviceRestController())->getOne($uuid, $request->getPatientUUIDString());
728 RestConfig
::authorization_check("admin", "super");
729 $return = (new FhirDeviceRestController())->getOne($uuid);
731 RestConfig
::apiLog($return);
734 "GET /fhir/DiagnosticReport" => function (HttpRestRequest
$request) {
735 $getParams = $request->getQueryParams();
736 if ($request->isPatientRequest()) {
737 // only allow access to data of binded patient
738 $return = (new FhirDiagnosticReportRestController())->getAll($getParams, $request->getPatientUUIDString());
740 RestConfig
::authorization_check("admin", "super");
741 $return = (new FhirDiagnosticReportRestController())->getAll($getParams);
743 RestConfig
::apiLog($return);
746 "GET /fhir/DiagnosticReport/:uuid" => function ($uuid, HttpRestRequest
$request) {
747 $getParams = $request->getQueryParams();
748 if ($request->isPatientRequest()) {
749 // only allow access to data of binded patient
750 $return = (new FhirDiagnosticReportRestController())->getOne($uuid, $request->getPatientUUIDString());
752 RestConfig
::authorization_check("admin", "super");
753 $return = (new FhirDiagnosticReportRestController())->getOne($uuid);
755 RestConfig
::apiLog($return);
758 'GET /fhir/DocumentReference' => function (HttpRestRequest
$request) {
759 $getParams = $request->getQueryParams();
760 if ($request->isPatientRequest()) {
761 // only allow access to data of binded patient
762 $return = (new FhirDocumentReferenceRestController($request))->getAll($getParams, $request->getPatientUUIDString());
764 RestConfig
::authorization_check("admin", "super");
765 $return = (new FhirDocumentReferenceRestController($request))->getAll($getParams);
767 RestConfig
::apiLog($return);
770 "GET /fhir/DocumentReference/:uuid" => function ($uuid, HttpRestRequest
$request) {
771 $getParams = $request->getQueryParams();
772 if ($request->isPatientRequest()) {
773 // only allow access to data of binded patient
774 $return = (new FhirDocumentReferenceRestController($request))->getOne($uuid, $request->getPatientUUIDString());
776 RestConfig
::authorization_check("admin", "super");
777 $return = (new FhirDocumentReferenceRestController($request))->getOne($uuid);
779 RestConfig
::apiLog($return);
782 'GET /fhir/Document/:id/Binary' => function ($documentId, HttpRestRequest
$request) {
783 // currently only allow users with the same permissions as export to take a file out
784 // this could be relaxed to allow other types of files ie such as patient access etc.
785 RestConfig
::authorization_check("admin", "users");
787 // Grab the document id
788 $docController = new \OpenEMR\RestControllers\FHIR\
FhirDocumentRestController($request);
789 $response = $docController->downloadDocument($documentId, $request->getRequestUserId());
792 "GET /fhir/Encounter" => function (HttpRestRequest
$request) {
793 $getParams = $request->getQueryParams();
794 if ($request->isPatientRequest()) {
795 // only allow access to data of binded patient
796 $return = (new FhirEncounterRestController())->getAll($getParams, $request->getPatientUUIDString());
798 RestConfig
::authorization_check("encounters", "auth_a");
799 $return = (new FhirEncounterRestController())->getAll($getParams);
801 RestConfig
::apiLog($return);
804 "GET /fhir/Encounter/:id" => function ($id, HttpRestRequest
$request) {
805 if ($request->isPatientRequest()) {
806 // only allow access to data of binded patient
807 $return = (new FhirEncounterRestController())->getOne($id, $request->getPatientUUIDString());
809 RestConfig
::authorization_check("admin", "super");
810 $return = (new FhirEncounterRestController())->getOne($id);
812 RestConfig
::apiLog($return);
815 "GET /fhir/Goal" => function (HttpRestRequest
$request) {
816 $getParams = $request->getQueryParams();
817 if ($request->isPatientRequest()) {
818 // only allow access to data of binded patient
819 $return = (new FhirGoalRestController())->getAll($getParams, $request->getPatientUUIDString());
821 RestConfig
::authorization_check("admin", "super");
822 $return = (new FhirGoalRestController())->getAll($getParams);
824 RestConfig
::apiLog($return);
827 "GET /fhir/Goal/:id" => function ($id, HttpRestRequest
$request) {
828 if ($request->isPatientRequest()) {
829 // only allow access to data of binded patient
830 $return = (new FhirGoalRestController())->getOne($id, $request->getPatientUUIDString());
832 RestConfig
::authorization_check("admin", "super");
833 $return = (new FhirGoalRestController())->getOne($id);
835 RestConfig
::apiLog($return);
838 'GET /fhir/Group' => function (HttpRestRequest
$request) {
839 RestConfig
::authorization_check("admin", "users");
840 $getParams = $request->getQueryParams();
841 if ($request->isPatientRequest()) {
842 // only allow access to data of binded patient
843 $return = (new FhirGroupRestController())->getAll($getParams, $request->getPatientUUIDString());
845 $return = (new FhirGroupRestController())->getAll($getParams);
847 RestConfig
::apiLog($return);
850 "GET /fhir/Group/:id" => function ($id, HttpRestRequest
$request) {
851 RestConfig
::authorization_check("admin", "users");
852 if ($request->isPatientRequest()) {
853 // only allow access to data of binded patient
854 $return = (new FhirGroupRestController())->getOne($id, $request->getPatientUUIDString());
856 $return = (new FhirGroupRestController())->getOne($id);
858 RestConfig
::apiLog($return);
861 'GET /fhir/Group/:id/$export' => function ($groupId, HttpRestRequest
$request) {
862 RestConfig
::authorization_check("admin", "users");
863 $fhirExportService = new FhirExportRestController($request);
864 $exportParams = $request->getQueryParams();
865 $exportParams['groupId'] = $groupId;
866 $return = $fhirExportService->processExport(
869 $request->getHeader('Accept'),
870 $request->getHeader('Prefer')
872 RestConfig
::apiLog($return);
875 "GET /fhir/Immunization" => function (HttpRestRequest
$request) {
876 $getParams = $request->getQueryParams();
877 if ($request->isPatientRequest()) {
878 // only allow access to data of binded patient
879 $return = (new FhirImmunizationRestController())->getAll($getParams, $request->getPatientUUIDString());
881 RestConfig
::authorization_check("patients", "med");
882 $return = (new FhirImmunizationRestController())->getAll($getParams);
884 RestConfig
::apiLog($return);
887 "GET /fhir/Immunization/:id" => function ($id, HttpRestRequest
$request) {
888 if ($request->isPatientRequest()) {
889 // only allow access to data of binded patient
890 $return = (new FhirImmunizationRestController())->getOne($id, $request->getPatientUUIDString());
892 RestConfig
::authorization_check("patients", "med");
893 $return = (new FhirImmunizationRestController())->getOne($id);
895 RestConfig
::apiLog($return);
898 "GET /fhir/Location" => function (HttpRestRequest
$request) {
899 $return = (new FhirLocationRestController())->getAll($request->getQueryParams(), $request->getPatientUUIDString());
900 RestConfig
::apiLog($return);
903 "GET /fhir/Location/:uuid" => function ($uuid, HttpRestRequest
$request) {
904 $return = (new FhirLocationRestController())->getOne($uuid, $request->getPatientUUIDString());
905 RestConfig
::apiLog($return);
908 "GET /fhir/Medication" => function (HttpRestRequest
$request) {
909 RestConfig
::authorization_check("patients", "med");
910 $return = (new FhirMedicationRestController())->getAll($request->getQueryParams());
911 RestConfig
::apiLog($return);
914 "GET /fhir/Medication/:uuid" => function ($uuid, HttpRestRequest
$request) {
915 RestConfig
::authorization_check("patients", "med");
916 $return = (new FhirMedicationRestController())->getOne($uuid);
917 RestConfig
::apiLog($return);
920 "GET /fhir/MedicationRequest" => function (HttpRestRequest
$request) {
921 $getParams = $request->getQueryParams();
922 if ($request->isPatientRequest()) {
923 // only allow access to data of binded patient
924 $return = (new FhirMedicationRequestRestController())->getAll($getParams, $request->getPatientUUIDString());
926 RestConfig
::authorization_check("patients", "med");
927 $return = (new FhirMedicationRequestRestController())->getAll($getParams);
929 RestConfig
::apiLog($return);
932 "GET /fhir/MedicationRequest/:uuid" => function ($uuid, HttpRestRequest
$request) {
933 if ($request->isPatientRequest()) {
934 // only allow access to data of binded patient
935 $return = (new FhirMedicationRequestRestController())->getOne($uuid, $request->getPatientUUIDString());
937 RestConfig
::authorization_check("patients", "med");
938 $return = (new FhirMedicationRequestRestController())->getOne($uuid);
940 RestConfig
::apiLog($return);
943 "GET /fhir/Organization" => function (HttpRestRequest
$request) {
944 if (!$request->isPatientRequest()) {
945 RestConfig
::authorization_check("admin", "users");
947 $return = (new FhirOrganizationRestController())->getAll($request->getQueryParams());
948 RestConfig
::apiLog($return);
951 "GET /fhir/Organization/:id" => function ($id, HttpRestRequest
$request) {
953 if (!$request->isPatientRequest()) {
954 RestConfig
::authorization_check("admin", "users");
956 $patientUUID = $request->getPatientUUIDString();
958 $return = (new FhirOrganizationRestController())->getOne($id, $patientUUID);
960 RestConfig
::apiLog($return);
963 "POST /fhir/Organization" => function (HttpRestRequest
$request) {
964 RestConfig
::authorization_check("admin", "super");
965 $data = (array) (json_decode(file_get_contents("php://input"), true));
966 $return = (new FhirOrganizationRestController())->post($data);
967 RestConfig
::apiLog($return, $data);
970 "PUT /fhir/Organization/:id" => function ($id, HttpRestRequest
$request) {
971 RestConfig
::authorization_check("admin", "super");
972 $data = (array) (json_decode(file_get_contents("php://input"), true));
973 $return = (new FhirOrganizationRestController())->patch($id, $data);
974 RestConfig
::apiLog($return, $data);
977 "GET /fhir/Observation" => function (HttpRestRequest
$request) {
978 $getParams = $request->getQueryParams();
979 if ($request->isPatientRequest()) {
980 // only allow access to data of binded patient
981 $return = (new FhirObservationRestController())->getAll($getParams, $request->getPatientUUIDString());
983 RestConfig
::authorization_check("patients", "med");
984 $return = (new FhirObservationRestController())->getAll($getParams);
986 RestConfig
::apiLog($return);
989 "GET /fhir/Observation/:uuid" => function ($uuid, HttpRestRequest
$request) {
990 if ($request->isPatientRequest()) {
991 // only allow access to data of binded patient
992 $return = (new FhirObservationRestController())->getOne($uuid, $request->getPatientUUIDString());
994 RestConfig
::authorization_check("patients", "med");
995 $return = (new FhirObservationRestController())->getOne($uuid);
997 RestConfig
::apiLog($return);
1000 "POST /fhir/Patient" => function (HttpRestRequest
$request) {
1001 RestConfig
::authorization_check("patients", "demo");
1002 $data = (array) (json_decode(file_get_contents("php://input"), true));
1003 $return = (new FhirPatientRestController())->post($data);
1004 RestConfig
::apiLog($return, $data);
1007 "PUT /fhir/Patient/:id" => function ($id, HttpRestRequest
$request) {
1008 RestConfig
::authorization_check("patients", "demo");
1009 $data = (array) (json_decode(file_get_contents("php://input"), true));
1010 $return = (new FhirPatientRestController())->put($id, $data);
1011 RestConfig
::apiLog($return, $data);
1014 "GET /fhir/Patient" => function (HttpRestRequest
$request) {
1015 $params = $request->getQueryParams();
1016 if ($request->isPatientRequest()) {
1017 // only allow access to data of binded patient
1018 // Note in Patient context still have to return a bundle even if it is just one resource. (ie.
1019 // need to use getAll rather than getOne)
1020 $params['_id'] = $request->getPatientUUIDString();
1021 $return = (new FhirPatientRestController())->getAll($params, $request->getPatientUUIDString());
1023 RestConfig
::authorization_check("patients", "demo");
1024 $return = (new FhirPatientRestController())->getAll($params);
1026 RestConfig
::apiLog($return);
1029 // we have to have the bulk fhir export operation here otherwise it will match $export to the patient $id
1030 'GET /fhir/Patient/$export' => function (HttpRestRequest
$request) {
1031 RestConfig
::authorization_check("admin", "users");
1032 $fhirExportService = new FhirExportRestController($request);
1033 $return = $fhirExportService->processExport(
1034 $request->getQueryParams(),
1036 $request->getHeader('Accept'),
1037 $request->getHeader('Prefer')
1039 RestConfig
::apiLog($return);
1042 "GET /fhir/Patient/:id" => function ($id, HttpRestRequest
$request) {
1043 if ($request->isPatientRequest()) {
1044 // only allow access to data of binded patient
1045 if (empty($id) ||
($id != $request->getPatientUUIDString())) {
1046 throw new AccessDeniedException("patients", "demo", "patient id invalid");
1048 $id = $request->getPatientUUIDString();
1050 RestConfig
::authorization_check("patients", "demo");
1052 $return = (new FhirPatientRestController())->getOne($id);
1053 RestConfig
::apiLog($return);
1056 "GET /fhir/Person" => function (HttpRestRequest
$request) {
1057 RestConfig
::authorization_check("admin", "users");
1058 $return = (new FhirPersonRestController())->getAll($request->getQueryParams());
1059 RestConfig
::apiLog($return);
1062 "GET /fhir/Person/:uuid" => function ($uuid, HttpRestRequest
$request) {
1063 RestConfig
::authorization_check("admin", "users");
1064 $return = (new FhirPersonRestController())->getOne($uuid);
1065 RestConfig
::apiLog($return);
1068 "GET /fhir/Practitioner" => function (HttpRestRequest
$request) {
1070 // TODO: @adunsulag talk with brady.miller about patients needing access to any practitioner resource
1071 // that is referenced in connected patient resources -- such as AllergyIntollerance.
1072 // I don't believe patients are assigned to a particular practitioner
1073 // should we allow just open api access to admin information? Should we restrict particular pieces
1074 // of data in the practitioner side (phone number, address information) based on a permission set?
1075 if (!$request->isPatientRequest()) {
1076 RestConfig
::authorization_check("admin", "users");
1078 $return = (new FhirPractitionerRestController())->getAll($request->getQueryParams());
1079 RestConfig
::apiLog($return);
1082 "GET /fhir/Practitioner/:id" => function ($id, HttpRestRequest
$request) {
1083 // TODO: @adunsulag talk with brady.miller about patients needing access to any practitioner resource
1084 // that is referenced in connected patient resources -- such as AllergyIntollerance.
1085 // I don't believe patients are assigned to a particular practitioner
1086 // should we allow just open api access to admin information? Should we restrict particular pieces
1087 // of data in the practitioner side (phone number, address information) based on a permission set?
1088 if (!$request->isPatientRequest()) {
1089 RestConfig
::authorization_check("admin", "users");
1091 $return = (new FhirPractitionerRestController())->getOne($id);
1092 RestConfig
::apiLog($return);
1095 "POST /fhir/Practitioner" => function (HttpRestRequest
$request) {
1096 RestConfig
::authorization_check("admin", "users");
1097 $data = (array) (json_decode(file_get_contents("php://input"), true));
1098 $return = (new FhirPractitionerRestController())->post($data);
1099 RestConfig
::apiLog($return, $data);
1102 "PUT /fhir/Practitioner/:id" => function ($id, HttpRestRequest
$request) {
1103 RestConfig
::authorization_check("admin", "users");
1104 $data = (array) (json_decode(file_get_contents("php://input"), true));
1105 $return = (new FhirPractitionerRestController())->patch($id, $data);
1106 RestConfig
::apiLog($return, $data);
1109 "GET /fhir/PractitionerRole" => function (HttpRestRequest
$request) {
1110 RestConfig
::authorization_check("admin", "users");
1111 $return = (new FhirPractitionerRoleRestController())->getAll($request->getQueryParams());
1112 RestConfig
::apiLog($return);
1115 "GET /fhir/PractitionerRole/:id" => function ($id, HttpRestRequest
$request) {
1116 RestConfig
::authorization_check("admin", "users");
1117 $return = (new FhirPractitionerRoleRestController())->getOne($id);
1118 RestConfig
::apiLog($return);
1121 "GET /fhir/Procedure" => function (HttpRestRequest
$request) {
1122 if ($request->isPatientRequest()) {
1123 // only allow access to data of binded patient
1124 $return = (new FhirProcedureRestController())->getAll($request->getQueryParams(), $request->getPatientUUIDString());
1126 RestConfig
::authorization_check("patients", "med");
1127 $return = (new FhirProcedureRestController())->getAll($request->getQueryParams());
1129 RestConfig
::apiLog($return);
1132 "GET /fhir/Procedure/:uuid" => function ($uuid, HttpRestRequest
$request) {
1133 if ($request->isPatientRequest()) {
1134 // only allow access to data of binded patient
1135 $return = (new FhirProcedureRestController())->getOne($uuid, $request->getPatientUUIDString());
1137 RestConfig
::authorization_check("patients", "med");
1138 $return = (new FhirProcedureRestController())->getOne($uuid);
1140 RestConfig
::apiLog($return);
1143 "GET /fhir/Provenance/:uuid" => function ($uuid, HttpRestRequest
$request) {
1144 if ($request->isPatientRequest()) {
1145 // only allow access to data of binded patient
1146 $return = (new FhirProvenanceRestController($request))->getOne($uuid, $request->getPatientUUIDString());
1148 RestConfig
::authorization_check("admin", "super");
1149 $return = (new FhirProvenanceRestController($request))->getOne($uuid);
1151 RestConfig
::apiLog($return);
1154 // NOTE: this GET request only supports requests with an _id parameter. FHIR inferno test tool requires the 'search'
1155 // property to support which is why this endpoint exists.
1156 "GET /fhir/Provenance" => function (HttpRestRequest
$request) {
1157 if ($request->isPatientRequest()) {
1158 // only allow access to data of binded patient
1159 $return = (new FhirProvenanceRestController($request))->getAll($request->getQueryParams(), $request->getPatientUUIDString());
1161 // TODO: it seems like regular users should be able to grab authorship / provenance information
1162 RestConfig
::authorization_check("admin", "super");
1163 $return = (new FhirProvenanceRestController($request))->getAll($request->getQueryParams());
1165 RestConfig
::apiLog($return);
1169 "GET /fhir/metadata" => function () {
1170 $return = (new FhirMetaDataRestController())->getMetaData();
1171 RestConfig
::apiLog($return);
1174 "GET /fhir/.well-known/smart-configuration" => function () {
1175 $authController = new \OpenEMR\RestControllers\
AuthorizationController();
1176 $return = (new \OpenEMR\RestControllers\SMART\
SMARTConfigurationController($authController))->getConfig();
1177 RestConfig
::apiLog($return);
1181 // FHIR root level operations
1182 'GET /fhir/$export' => function (HttpRestRequest
$request) {
1183 RestConfig
::authorization_check("admin", "users");
1184 $fhirExportService = new FhirExportRestController($request);
1185 $return = $fhirExportService->processExport(
1186 $request->getQueryParams(),
1188 $request->getHeader('Accept'),
1189 $request->getHeader('Prefer')
1191 RestConfig
::apiLog($return);
1194 // these two operations are adopted based on the documentation used in the IBM FHIR Server
1195 // we'd reference cerner or epic but we couldn't find any documentation about those (Jan 30th 2021)
1196 // @see https://ibm.github.io/FHIR/guides/FHIRBulkOperations/
1197 'GET /fhir/$bulkdata-status' => function (HttpRestRequest
$request) {
1198 RestConfig
::authorization_check("admin", "users");
1199 $jobUuidString = $request->getQueryParam('job');
1200 // if we were truly async we would return 202 here to say we are in progress with a JSON response
1201 // since OpenEMR data is so small we just return the JSON from the database
1202 $fhirExportService = new FhirExportRestController($request);
1203 $return = $fhirExportService->processExportStatusRequestForJob($jobUuidString);
1204 RestConfig
::apiLog($return);
1207 'DELETE /fhir/$bulkdata-status' => function (HttpRestRequest
$request) {
1208 RestConfig
::authorization_check("admin", "users");
1209 $job = $request->getQueryParam('job');
1210 $fhirExportService = new FhirExportRestController($request);
1211 $return = $fhirExportService->processDeleteExportForJob($job);
1212 RestConfig
::apiLog($return);
1217 // Note that the portal (api) route is only for patient role
1218 // (there is a mechanism in place to ensure only patient role can access the portal (api) route)
1219 RestConfig
::$PORTAL_ROUTE_MAP = array(
1220 "GET /portal/patient" => function (HttpRestRequest
$request) {
1221 $return = (new PatientRestController())->getOne($request->getPatientUUIDString());
1222 RestConfig
::apiLog($return);
1225 "GET /portal/patient/encounter" => function (HttpRestRequest
$request) {
1226 $return = (new EncounterRestController())->getAll($request->getPatientUUIDString());
1227 RestConfig
::apiLog($return);
1230 "GET /portal/patient/encounter/:euuid" => function ($euuid, HttpRestRequest
$request) {
1231 $return = (new EncounterRestController())->getOne($request->getPatientUUIDString(), $euuid);
1232 RestConfig
::apiLog($return);