Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday 3 September 2013

KwaMoja as it is used in African hospitals

People always talk about the use of +KwaMoja  in manufacturing, and distribution businesses, but +KwaMoja  also plays a big part in the administration of several hospitals.

We have written some extensions to +KwaMoja  that enable it to link seamlessly with an open source health information system project Care2x. All the financial and inventory transactions are delegated to +KwaMoja , and Care2x deals with the clinical information side.

When a patient is admitted in Care2x, +KwaMoja  Care2x will send this information to +KwaMoja  and if the patient is not already setup as a customer they will be setup. The interface with Care2x uses customer branches to indicate who will be paying the bill. If the patient pays in cash then they will get a branch with a code of CASH setup. If they are an insurance customer then they get a branch with an identical code to the customer code for that insurance company.

When any transaction occurs in Care2x which affects the financial status of the hospital then that information is sent to +KwaMoja.

So, when as in this example the doctor prescribes drugs for a patient in Care2x the transaction will be sent to +KwaMoja.

The cashier, who uses +KwaMoja will search for this patient and will be shown a list of all unpaid transactions for that patient, as can be seen here.

Once the items are paid for then the cashier will give the patient a receipt, which they can then exchange for the drugs, or test, or whatever the item is for.

If the item is a physical item, such as drugs as in this case +KwaMoja will automatically deduct the amount from the stock held. +KwaMoja will also do all the double entry bookkeeping for this transaction behind the scenes.

At the end of the cashiers shift, they can produce a report of all monies that they have taken, which should tally with the physical amount of money they have. This is transferred both physically and within +KwaMoja to a central cash account.

Using +KwaMoja the hospital can gain greater efficiency. It can also gain greater security against fraud, and as +KwaMoja is web based if there are remote funders of the hospital, such as a western charity, or central government, they get greater visibility on how the hospital is performing. All this leads to better health care for the people, and +KwaMoja is playing a central part in this.

Wednesday 5 June 2013

How to keep a stable KwaMoja/webERP installation updated

There has been a lot of discussion recently on the webERP forums about how to keep a stable version of your implementation, so I thought it might be a good moment to write an article on how to do this.

Firstly Web ERP Africa Ltd keeps a stable branch of the webERP code. This takes the last release (4.10.1 at the moment I write this) and then just adds in any bug fixes that have been applied to the main line. Obviously this does not include any bug fix to any new functionality, as that functionality does not exist in the stable branch. We also apply our regression tests to these fixes, to ensure that they are not re-introducing any previous bugs. This branch should then get progressively more stable, but anybody  who wants the latest features can use the main trunk. I have made this stable branch publicly available from my github repository and can be found here. You can download a zip file containing this code from here. This zip file is automatically updated when a new bug fix is applied.

Exactly the same is true for KwaMoja, it's stable branch can be found by using the master branch here.

So if you are using a KwaMoja/webERP that has no customisations in it then all you have to do, is to keep an eye on this repository, and download new versions as and when it is updated.

However there are potential problems when you have customised scripts in your installation. I will assume that if the user has the knowledge to change the files then they will have a small knowledge of IT, and you will need the application Git installed.
 
What we wish is to avoid the code being over written when updating from the stable branch. I have created a small git repository here to represent the stable branch, and have uploaded the following script to it, calling it HelloWorld.php:

<?php
include('includes/session.inc');
$Title = _('Hello World');
include('includes/header.inc');
echo '<p class="page_title_text noPrint" ><img src="'.$RootPath.'/css/'.$Theme.'/images/user.png" width="24px" title="' . _('Hello World') . '" alt="" />' . _('Hello World') . '</p>';
if (isset($_POST['Submit'])) {
    /* Get clients IP address */
    $IPAddress = $_SERVER['REMOTE_ADDR'];

    /* Has user been here before? */
    $SQL = "SELECT count(name) as names
                FROM helloworld
                WHERE name='" . $_POST['Name'] . "'
                    AND ipaddress='" . $IPAddress . "'";
    $Result = DB_query($SQL, $db);
    $MyRow = DB_fetch_array($Result);
    if ($MyRow['names'] > 0) {
        prnMsg( _('Welcome back') . ' ' . $_POST['Name'], 'info');
    } else {
        $SQL = "INSERT INTO helloworld (ipaddress,
                                        name)
                                    VALUES (
                                        '" . $IPAddress . "',
                                        '" . $_POST['Name'] . "'
                                    )";
        $Result = DB_query($SQL, $db);
        prnMsg( _('Hi') . ' ' . $_POST['Name'], 'info');
    }
} else {
    echo '<div class="page_help_text noPrint">' . _('Enter your name in the box below.') . '</div>';
    echo '<form enctype="multipart/form-data" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post" class="noPrint">';
    echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
    echo '<div class="centre">
            <input type="text" name="Name" />
        </div>
        <div class="centre">
            <input type="submit" name="Submit" value="Submit" />
        </div>';
    echo '</form>';
}
include('includes/footer.inc');

?>

Now you can pull this code to your own machine by issuing the command:

git clone git@github.com:timschofield/Example1.git

Now we make a local change to our code. We will change the word 'Hi' to 'Hello'. Now if we wish to update our code to the latest from the repository we would issue the command:

git pull git@github.com:timschofield/Example1.git

and this will update any changes - if there were any new bug fixes applied for instance. However you will notice that Git is smart enough not to try and overwrite your code that you changed locally.

So by using Git we can update our code to the latest stable branch, whilst keeping our local changes in place.

Thursday 2 May 2013

KwaMoja/webERP security

This question came up recently on the webERP forum:

I'm new to webERP and naturally have some questions. I've created a role called "Inventory" in Access Permission Maintenance, then a user for this role and limited access to just "Display Inventory" module in User Maintenance. But I'd like to further limit access so my inventory user can NOT see pages in this range:

• Inventory Valuation Report
...
• List Negative Stocks
• Stock Transfer Note[/align]

The webERP Manual is vague on this. Is there a doc I can read to find out can I restrict a user, for example, to just Inventory.Maintenance.View or Update Prices Based On Costs?


Unfortunately the advice the poster was given was complex and not really correct, and the administrator of the forum has blocked me from helping people there. However, there is a much simpler answer which doesn't involve setting up phantom security tokens, and other complexities. This is to go to each of the reports they want removed in the "Page Security Settings" option in the setup module, and from there just give it a security token of a higher level than the inventory user. For instance set it to "General Ledger Reports/Inquiries" which makes more sense for something like an Inventory Valuation report. Then the report will be gone from the users screen the next time they log in. It's as simple as that!

However that led me to thinking that a lot of people (including it seems the current webERP project developer) who don't really understand the security system within KwaMoja/webERP so I thought it might be good to explain how it works.

Every user has a security role. These roles are meant to mirror their real life roles. So for instance we may have a role of an inventory clerk, and a role of an accountant. There can be any number of inventory clerks, and any number of accountants, all having the same role. As many roles as are wanted can be created.

Each role is given a number of security tokens. Each of these tokens permits the user with that role to perform different functions. There are a number of predefined tokens:


0 Main Index Page

1 Order Entry/Inquiries customer access only

2 Basic Reports and Inquiries with selection options

3 Credit notes and AR management

4 Purchasing data/PO Entry/Reorder Levels

5 Accounts Payable

6 Petty Cash

7 Bank Reconciliations

8 General ledger reports/inquiries

9 Supplier centre - Supplier access only

10 General Ledger Maintenance, stock valuation & Configuration

11 Inventory Management and Pricing

15
User Management and System Administration

When a user tries to access a function, the security token for that functionality is looked up in a database table called scripts and it is then compared with the array of security tokens that is owned by the role allotted to that user. If the token is in that array, the functionality can be accessed, if not, then access is denied.

This lookup is also performed when displaying the menus, and if the security token is not there, the menu option will not be displayed.

This system is simple elegant and flexible. It can be made as simple or as complex as an organisation requires. For instance a one person business only needs one security token, and one role, whereas a large business with hundreds of employees will have a very complex structure.

I hope this helps provide some insight into how the system works.