2024-09-19 Permissions in API+UI

00:00:00

Community Introduction and Roles

Alessandro Domanico

• Participants introduced themselves and their roles in the Open Hospital project.

• Alessandro facilitated the meeting, emphasizing the importance of community communication.

• Various contributors from different organizations shared their backgrounds and areas of focus, including backend and frontend development.

• Alessandro shared a document summarizing issues related to the project: https://docs.google.com/spreadsheets/d/18c-iaBFcARG2It-jgSRuf0cKSnFczsV7E6IPRB8nHtg/edit?gid=0

00:25:00

Current Development Focus

@All

• Discussion centered on ongoing tasks, particularly the administrative part of the new web interface for Open Hospital.

• Participants reviewed issues related to user permissions and the status of pull requests.

00:30:00

API and Permission Management

gaspard

• Gaspard proposed improvements to the API for managing user permissions more efficiently.

• Discussion on whether to update permissions individually or in bulk, with suggestions for new endpoints to streamline the process.

Conflict Management in Data Updates

@All

• Participants discussed the need for a locking mechanism to prevent data conflicts during updates.

• Concerns were raised about automatically refreshing data, with a preference for notifying users of conflicts instead.

• Agreement on the necessity of implementing a lock mechanism across various entities in the project.

• Discussion on whether to create a global class for the lock mechanism to apply to all entities.

01:00:00

Data Freshness and Real-Time Updates

@All

• Discussion on ensuring data freshness in the front end and backend.

• Proposal for implementing real-time updates to keep users informed of changes without manual refresh.

• Acknowledgment of the complexity and workload involved in implementing such features.

01:05:00

Permission Management and Dependencies

@All

• Concerns raised about the dependency of permissions on one another.

• Discussion on how to manage permissions effectively to avoid conflicts.

• Mention of the need for a more structured approach to permission assignments.

01:40:00

User Creation and Password Management

@All

• Debate on the security of password handling during user creation.

• Agreement that passwords should not be sent in clear text and should be encrypted on the backend.

• Discussion on the need for separate data transfer objects (DTOs) for user creation and retrieval to avoid exposing sensitive information.

01:50:00

User Controller Refactoring Discussion

@All

• Discussion on the need to extract a group's controller from the user controller.

• Steve Tsala mentioned the removal of response entities in favor of returning plain Java objects.

• Concerns raised by Alessandro Domanico regarding the implications of this change, especially in terms of error handling and consistency across controllers.

02:05:00

Merge and Pull Request Coordination

gaspard

Steve Tsala

Tedros Kahsu

• Gaspard Beernaert inquired about the timing of merging his pull request related to user edits.

• Steve Tsala suggested that they need to handle permissions in the pull request and will coordinate with Gaspard.

• Tedros Kahsu expressed willingness to work on new issues and familiarize himself with the codebase.

02:10:00

User Deletion and Activation Discussion

@All

• Discussion on user deletion versus user activation, with suggestions to implement soft deletion.

• Concerns raised about the implications of deleting users who may have associated data.

02:15:00

Token Management Improvements

Silevester Dongmo

Alessandro Domanico

• Silevester raised concerns about the user experience when tokens expire.

• Alessandro mentioned an existing issue (OP-1329) regarding token provider improvements, including refreshing and blacklisting.

02:20:00

Upcoming Releases and Prioritization

@All

• Discussion on the urgency of upcoming releases and the need to prioritize tasks effectively.

• Gaspard Beernaert asked about the timeline for the next release.