|
Contents: | Main | Section | See Also: | User Manual | Advanced User Manual |
Once a policy has been created and tested, it is ready to be used by the new VA FileMan Web service or within an application’s own code. The $$CANDO^DIAC1 API evaluates a policy to determine if the action being attempted is permitted.
If a matching entry exists in the APPLICATION ACTION (#1.61) file for the requested action and specified file or sub-file, its policy is evaluated to determine the user’s authorization to access the file and/or record. Policy rules are evaluated in sequence, and processing continues until the stop criteria for the policy is met.
$$CANDO^DIAC1(file,iens,action[,user][,.value][,.fields][,msg_root][,err_root])
file: |
(Required) A VistA file number or sub-file number. |
iens: |
(Required/Optional) Standard IENS string indicating internal entry numbers. It is required if evaluating an action on an existing record. |
action: |
(Required) The API name of the action to be taken on the record; the file and action parameters should identify an entry in the APPLICATION ACTION (#1.61) file. |
user: |
(Optional) Pointer to the NEW PERSON (#200) file; defaults to the current value of DUZ if not defined. |
value(name): |
(Optional) Array of additional attribute values to use when evaluating policies, passed by reference in the form: VALUE(“name”) = “value” The name-value pairs could match target attributes in the policy for supplementing the results of the ATTRIBUTE FUNCTION, or simply be additional values used by other functions or messages. NOTE: The ATTRIBUTE FUNCTION (#.04) field of the POLICY (#1.6) file points to the TYPE (#.03) field of the POLICY (#1.62) file. |
.fields: |
(Optional) Local variable that receives output from the call:
NOTE: The .fields parameter is passed by reference, which is indicated by the dot (.) in front of the name in the parameter list. Every parameter is passed using variables, but if it’s passed by reference then whatever happens to the variable inside the call also happens to the variable in the calling program. (That is not the case with normal parameter passing, without the leading dot.) The fields variable is KILLed at the beginning of each call. |
msg_root: |
(Optional) Closed root into which any relevant advice messages is returned. If this parameter is not passed, the array is put into nodes descendant from ^TMP(“DIMSG”,$J). |
err_root: |
(Optional) Closed root into which the error messages are returned. If this parameter is not passed, the array is put into nodes descendant from ^TMP(“DIERR”,$J). |
This Boolean extrinsic function returns the following:
Advice messages can be returned for either a Permit or Deny result. Available Fields are only returned on a Permit.
To check the current user’s authorization to view a chemistry result using our sample Lab policy, a simple call could be made to the API, as shown below:
>S OK=$$CANDO^DIAC1(63.04,“7019779.8679,12345,”,“read”) W !,OK 1 |
A different user may not be permitted to view the result, and the message array can show why, as shown below:
>S OK=$$CANDO^DIAC1(63.04,“7019779.8679,12345,”,“read”,1000406,,,“ZZMSG”) >W OK,! ZW ZZMSG 0 ZZMSG(1)=“FMUSER,ONE is not authorized to view preliminary results.” ZZMSG(2)=“Please contact Lab staff.” |
An incomplete call to the API returns an error, as shown below:
>S OK=$$CANDO^DIAC1(63.04,“7019779.8679,12345,”,,,,,“ZZMSG”,“ZZERR”) >W OK,! ZW ZZERR -1 ZZERR(1)=“The input parameter that identifies the ACTION is missing or invalid.” |
VA (Internet) / VA (Intranet) / OIT / EPMO / Site Map / Terms of Use / VA Privacy Policy / Accessibility Reviewed/Updated: January 19, 2018 If you have questions, need more information, or are having accessibility problems with this Web site, please contact us by E-Mail: Webmasters
|