Skip to content

Allow providers to file results on behalf of other providers#2418

Open
D3V41 wants to merge 26 commits into
developfrom
feature/remove-flagged-providers-from-lab-updated-base-develop
Open

Allow providers to file results on behalf of other providers#2418
D3V41 wants to merge 26 commits into
developfrom
feature/remove-flagged-providers-from-lab-updated-base-develop

Conversation

@D3V41

@D3V41 D3V41 commented Apr 17, 2026

Copy link
Copy Markdown
Collaborator

Status Quo

Currently, a logged-in provider cannot file lab results on behalf of another provider.


Change

We have added functionality to allow a provider to file results on behalf of other providers.
(Example shown logged in as doctor oscardoc.)

Important

This PR is designed to minimize support burden on OpenOSP.

  • By default, this PR will NOT change any behaviour because the functionality defaults to "off" for all providers.
  • Only if providers actively turn on this feature within the user preferences will this option to "file on their behalf" become enabled.
  • Note that for Magenta, we decided to turn on this feature for all providers automatically in our production, without any significant complaints.

Main Workflow

Case 1: 0 or 1 provider attached to the lab:

  • Clicking Acknowledge opens the updated acknowledgement dialog, but no file options are shown.
    • image

Case 2: More than 1 provider attached to the lab:

  • Clicking Acknowledge opens a combined modal where the user selects providers to file for and adds an acknowledgement comment.

    • image
    • image
  • User adds comment and selects providers to file on their behalf, then clicks Submit.

    • image
  • After confirmation, the UI updates accordingly:

    • image

Preferences

Providers can configure the behavior under Preferences:

image
  1. Control the file dialog accordion
    Toggle the option:
    "Automatically expand "File Document on Behalf of Others" in comment box"

    • If disabled, the accordion is collapsed by default when the modal opens:
      • image
    • If enabled, the accordion is expanded by default when the modal opens:
      • image
  2. Prevent others from filing on your behalf
    Turn off the option:
    "Allow other providers to file results on your behalf when they acknowledge HL7 lab results "

    • image

Additional Features

  1. Even if a user has already acknowledged a lab, they can still file it for other providers using the File for… button.

    • image
    • image
    • image
  2. If the provider has acknowledged version 1 and, after some time, version 2 is released.
    image

    • If the provider then acknowledges version 2:
    • Old behaviour: The status of version 1 was changed from A → F.
      • image
    • New behaviour: The status of version 1 is not changed if it is already A.
      • image

Summary by Sourcery

Enable providers to optionally file HL7 lab results on behalf of other providers, controlled by new user preferences and backed by updated lab filing and routing logic.

New Features:

  • Add UI workflows and dialogs that let a provider file HL7 lab results on behalf of other linked providers during acknowledgement or via a separate "File for..." action.
  • Introduce provider-level preferences to auto-offer filing for others and to allow or prevent others from filing results on your behalf, plus a refreshed lab comment preference page.

Bug Fixes:

  • Preserve the acknowledgement status of older lab versions when a newer version is acknowledged instead of changing previously acknowledged results to filed.

Enhancements:

  • Refine lab filing backend to support filing labs for multiple providers up to a selected lab, including security checks, status handling, and safer comment updates.
  • Improve lab acknowledgement and filing UI styling and accessibility, including combined acknowledge/file dialogs and updated provider preference links.
  • Extend lab routing status enums to include a filed state and expose queue removal utilities for reuse.

Summary by cubic

Adds an opt‑in workflow to file HL7 lab results on behalf of other providers via a combined Acknowledge/File modal and a post‑ack “File for…” action. Server logic enforces _lab privileges, derives on‑behalf identity from the session, and respects the target provider’s “allow others” setting.

  • New Features

    • Combined modal in labDisplay.jsp: enter a comment and optionally select other linked providers (select‑all; disabled for opt‑outs; accordion auto‑expands based on preference, default off).
    • “File for…” after you acknowledge: files on behalf of selected providers up to the chosen version using version order, records an auto‑comment, and removes from queues; adds F routing status.
    • Backend: LabManager.fileLabsForProviderUpToFlaggedLab and updated CommonLabResultData.fileLabs add privilege checks, param validation, and optional comments; preferences page modernized with AJAX toggles for “Offer to file for others” (default off), “Allow others to file for you,” and “Disable comment before acknowledging.”
  • Bug Fixes

    • Preserve A/F on older versions when acknowledging newer ones or filing on behalf; avoid overwriting existing comments unless changed.
    • Security/UX hardening: enforce “allow others to file for you” on the server, validate requests, fix dialog wiring and duplicate IDs, safe output encoding, and guard null window.opener in inbox flows.

Written for commit 9e71611. Summary will update on new commits.

Summary by CodeRabbit

  • New Features

    • File lab results on behalf of other providers with provider selection and multi-provider filing.
  • Improvements

    • New HL7 Lab Result Preferences UI (offer/file for others, allow others file for you, disable ack comments) with a “Set HL7 Lab Result Preferences” button.
    • Redesigned acknowledge/file dialogs and improved filing UX.
    • Added localized strings for the new preference.
  • Bug Fixes

    • Improved window-opener safety to prevent JS errors.

D3V41 added 22 commits April 17, 2026 16:10
- Added preference to allow other providers to file on their behalf
- Added preference to enable filing results on behalf of other providers
- Implemented `fileLabsForProviderUpToFlaggedLab` to file labs starting from a selected lab.
- Added support for filing labs up to a specific lab version.
- Ensured labs are only filed if their status is `Not Acknowledge`, and updated to `Filed but not acknowledged`.
…unction openAcknowledgementDialog() instead of openFileDialog(false)
  - Add combined "Acknowledge/File Document" modal (comment + provider selection in one step)
  - Add separate "File Document" dialog for the "File for..." button (no comment needed)
  - Fix isLabNotFiledOrAckFlag not being set when logged-in provider appeared first in ackList
  - Improve code comments and add full flow documentation for the ack/filing feature
…viders() with no args, which always rejected and blocked the acknowledge flow

  - Fix duplicate-ID DOM lookups by passing segmentId/labType as parameters through openFileDialog → openFileOnlyDialog/openCombinedAckFileDialog → fileOnBehalfOfMultipleProviders instead of reading #segmentID/#labType
  - Remove duplicate loggedInProviderNo/loggedInProviderName hidden inputs inside fileDialog loop that broke jQuery ID uniqueness
Replaces the legacy JSP form in setLabAckComment.jsp with a Bootstrap 5 toggle UI that saves preferences instantly via AJAX, adds a new setDisableAckCommentPref action method, consolidates HL7 lab preferences  into the comment page, removes the now-redundant "View HL7 Lab Result
  Prefs" button from providerpreference.jsp, and updates the tip text in
  labDisplay.jsp to link directly to the new preferences page.
@D3V41 D3V41 self-assigned this Apr 17, 2026
@sourcery-ai

sourcery-ai Bot commented Apr 17, 2026

Copy link
Copy Markdown

Reviewer's Guide

Implements an opt‑in workflow for filing HL7 lab results on behalf of other providers, adds UI to select providers in new modals, wires this to server‑side filing logic that respects per‑provider preferences, and adjusts lab filing/acknowledgement behavior (including version handling and comment updates) while keeping default behavior unchanged unless preferences are enabled.

Sequence diagram for the new HL7 acknowledge and file-on-behalf workflow

sequenceDiagram
    actor Provider
    participant Browser
    participant LabDisplayPage
    participant FileLabs2Action
    participant LabManager
    participant ProviderManager2
    participant ProviderLabRoutingDao
    participant CommonLabResultData
    participant ReportStatusUpdate2Action

    rect rgb(235,245,255)
        Provider->>Browser: Click Acknowledge
        Browser->>LabDisplayPage: openFileDialog(false, segmentId, HL7)
        LabDisplayPage->>LabDisplayPage: Check isHl7OfferFileForOthers
        alt isHl7OfferFileForOthers_false
            LabDisplayPage->>LabDisplayPage: Click tempAckBtn (legacy flow)
            LabDisplayPage->>ReportStatusUpdate2Action: submit acknowledgeForm with status A and comment
            ReportStatusUpdate2Action->>CommonLabResultData: updateReportStatus(labNo, providerNo, A, comment, HL7)
            CommonLabResultData-->>ReportStatusUpdate2Action: status_updated
            ReportStatusUpdate2Action-->>Browser: response (no file on behalf)
        else isHl7OfferFileForOthers_true
            LabDisplayPage->>Browser: Open combinedAckFileDialog modal
            Provider->>Browser: Enter comment and optionally select providers
            Provider->>Browser: Click Submit
            Browser->>LabDisplayPage: combinedAckOkButton click
            alt providers_selected
                loop for_each_selected_provider
                    LabDisplayPage->>FileLabs2Action: POST FileLabs.do method=fileOnBehalfOfMultipleProviders
                    FileLabs2Action->>FileLabs2Action: Validate _lab write privilege
                    FileLabs2Action->>LabManager: fileLabsForProviderUpToFlaggedLab(loggedInInfo, providerNo, flaggedLabId, labType, comment, fileUpToLabNo, true)
                    LabManager->>ProviderManager2: isHl7AllowOthersFileForYou(loggedInInfo, providerNo)
                    alt provider_opted_out
                        ProviderManager2-->>LabManager: false
                        LabManager-->>FileLabs2Action: throw SecurityException
                        FileLabs2Action-->>LabDisplayPage: error
                    else provider_opted_in
                        ProviderManager2-->>LabManager: true
                        LabManager->>ProviderLabRoutingDao: findByLabNoAndLabTypeAndProviderNo(labId, labType, providerNo)
                        ProviderLabRoutingDao-->>LabManager: ProviderLabRoutingModel_list
                        loop for_each_matching_lab
                            LabManager->>CommonLabResultData: updateReportStatus(labId, providerNo, F, autoComment, labType, skipCommentOnUpdate)
                            CommonLabResultData-->>LabManager: status_updated
                            LabManager->>CommonLabResultData: removeFromQueue(labId)
                            CommonLabResultData-->>LabManager: removed
                        end
                        LabManager-->>FileLabs2Action: filed
                        FileLabs2Action-->>LabDisplayPage: success
                    end
                end
                LabDisplayPage->>LabDisplayPage: acknowledgeWithComment(comment, segmentId)
                LabDisplayPage->>ReportStatusUpdate2Action: submit acknowledgeForm with status A and comment
                ReportStatusUpdate2Action->>CommonLabResultData: updateReportStatus(labNo, providerNo, A, comment, HL7)
                CommonLabResultData-->>ReportStatusUpdate2Action: status_updated
            else no_providers_selected
                LabDisplayPage->>LabDisplayPage: acknowledgeWithComment(comment, segmentId)
                LabDisplayPage->>ReportStatusUpdate2Action: submit acknowledgeForm with status A and comment
                ReportStatusUpdate2Action->>CommonLabResultData: updateReportStatus(labNo, providerNo, A, comment, HL7)
                CommonLabResultData-->>ReportStatusUpdate2Action: status_updated
            end
            ReportStatusUpdate2Action-->>Browser: response
        end
    end

    rect rgb(245,235,255)
        Provider->>Browser: Click File for... (already acknowledged)
        Browser->>LabDisplayPage: openFileDialog(true, segmentId, HL7)
        LabDisplayPage->>Browser: Open fileDialog modal
        Provider->>Browser: Select providers and confirm
        loop for_each_selected_provider
            LabDisplayPage->>FileLabs2Action: POST FileLabs.do method=fileOnBehalfOfMultipleProviders
            FileLabs2Action->>LabManager: fileLabsForProviderUpToFlaggedLab(onBehalfOfOtherProvider=true)
            LabManager->>ProviderManager2: isHl7AllowOthersFileForYou
            ProviderManager2-->>LabManager: preference
            alt allowed
                LabManager->>ProviderLabRoutingDao: findByLabNoAndLabTypeAndProviderNo
                ProviderLabRoutingDao-->>LabManager: routing_records
                LabManager->>CommonLabResultData: updateReportStatus(..., F, autoComment,...)
                CommonLabResultData-->>LabManager: status_updated
            else not_allowed
                LabManager-->>FileLabs2Action: SecurityException
            end
        end
        FileLabs2Action-->>LabDisplayPage: success
        LabDisplayPage->>Browser: reload page to show filed statuses
    end
Loading

Sequence diagram for updating HL7 lab version statuses during filing

sequenceDiagram
    actor Provider
    participant Browser
    participant ReportStatusUpdate2Action
    participant LabManager
    participant ProviderLabRoutingDao
    participant CommonLabResultData

    Provider->>Browser: Select version 2 lab and choose File all up to this
    Browser->>ReportStatusUpdate2Action: Submit form with id array and labNo for v2

    ReportStatusUpdate2Action->>ReportStatusUpdate2Action: Validate _lab write privilege
    loop iterate_through_lab_ids_until_v2
        ReportStatusUpdate2Action->>LabManager: findByLabNoAndLabTypeAndProviderNo(loggedInInfo, labNo, lab_type, providerNo)
        LabManager->>ProviderLabRoutingDao: findByLabNoAndLabTypeAndProviderNo(labNo, lab_type, providerNo)
        ProviderLabRoutingDao-->>LabManager: ProviderLabRoutingModel_list
        LabManager-->>ReportStatusUpdate2Action: routing_records
        alt existing_status_is_A
            ReportStatusUpdate2Action->>ReportStatusUpdate2Action: Skip updating this version (do not change A to F)
        else status_not_A
            ReportStatusUpdate2Action->>CommonLabResultData: updateReportStatus(labNo, providerNo, F, emptyComment, lab_type)
            CommonLabResultData-->>ReportStatusUpdate2Action: status_updated
        end
    end
    ReportStatusUpdate2Action-->>Browser: Response with updated statuses (v1 remains A)
Loading

File-Level Changes

Change Details Files
Add client-side workflows and dialogs to acknowledge HL7 labs and optionally file them on behalf of other providers, including a separate 'File for…' flow once the current provider has acknowledged.
  • Introduce openFileDialog/openFileOnlyDialog/openCombinedAckFileDialog JavaScript entry points to route between legacy acknowledge, combined acknowledge/file, and file-only flows based on preferences and state.
  • Add jQuery handlers to keep 'Select All' checkboxes in sync with individual provider checkboxes and to enable/disable the OK button in file-only mode until at least one provider is selected.
  • Render two new dialogs in the lab display JSP: #fileDialog for the 'File for…' button and #combinedAckFileDialog for the combined acknowledge/file workflow, including provider lists that respect each provider’s opt-out preference and exposing logged-in provider metadata via hidden fields.
  • Switch Acknowledge buttons to call the new dialog-based flow, add conditional rendering of a 'File for…' button when the logged-in provider has acknowledged but other linked providers have not, and wire acknowledgement to preserve the existing comment/skip-comment behavior via a hidden tempAckBtn when the feature is disabled.
  • Add styling tweaks for the new dialogs and accordion, use OWASP encoder taglib for safe context-path and attribute output, and pass through ackList and preference flags from the server to the JSP.
src/main/webapp/lab/CA/ALL/labDisplay.jsp
Redesign the provider HL7 lab preferences UI and backend to support three independent preferences: disabling the comment box, auto-expanding the 'file for others' accordion, and allowing others to file on your behalf.
  • Replace the legacy setLabAckComment JSP with a Bootstrap-based page that shows three toggle switches and updates preferences via AJAX, displaying a transient success message.
  • Add security checks to ensure only providers with _lab write rights can access the preferences page.
  • Extend ProviderProperty2Action to expose the new preference values to the JSP and implement setDisableAckCommentPref to persist the disable-comment preference and return JSON; wire the new method into the action dispatch map.
  • Update provider preferences entry points and resource bundle strings (including translations) to reference the new HL7 lab result preferences UI and describe default values (now defaulting to off/no).
src/main/webapp/provider/setLabAckComment.jsp
src/main/java/ca/openosp/openo/provider/web/ProviderProperty2Action.java
src/main/webapp/provider/providerpreference.jsp
src/main/webapp/provider/setHl7LabResultPrefs.jsp
src/main/resources/oscarResources_en.properties
src/main/resources/oscarResources_fr.properties
src/main/resources/oscarResources_es.properties
src/main/resources/oscarResources_pl.properties
src/main/resources/oscarResources_pt_BR.properties
Extend server-side lab management to support filing labs for a specific provider up to a flagged lab, including on-behalf-of filing with per-provider opt-out and non-destructive comment handling, and expose this via a new FileLabs2Action endpoint.
  • Add ProviderLabRoutingDao and ProviderManager2 dependencies to LabManagerImpl and implement findByLabNoAndLabTypeAndProviderNo and getProviderLabRouting wrappers with _lab read checks.
  • Implement fileLabsForProviderUpToFlaggedLab in LabManagerImpl: parse and validate the flagged lab ID, fetch ordered matching labs, enforce the target provider’s allow-others preference when filing on behalf, filter by fileUpToLabNo, skip labs already A or F when filing on behalf, and call CommonLabResultData.updateReportStatus/removeFromQueue while logging.
  • Modify CommonLabResultData.updateReportStatus to optionally skip comment updates entirely (skipCommentOnUpdate flag) and to overwrite (rather than merge) the comment when updating, and make removeFromQueue public.
  • Overload CommonLabResultData.fileLabs to accept LoggedInInfo and an optional comment while centralizing the _lab write privilege check, and propagate the comment to updateReportStatus for both single and multi-lab cases.
  • Add a new FileLabs2Action.method fileOnBehalfOfMultipleProviders that validates inputs and calls LabManager.fileLabsForProviderUpToFlaggedLab, and ensure existing fileLabAjax uses the new CommonLabResultData.fileLabs overload with security checks.
  • Expand ProviderLabRoutingDao.STATUS with F (Filed) status for routing records.
src/main/java/ca/openosp/openo/managers/LabManagerImpl.java
src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java
src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java
src/main/java/ca/openosp/openo/commn/dao/ProviderLabRoutingDao.java
Adjust lab acknowledgement behavior so filing previous lab versions during status updates does not overwrite already-acknowledged versions, aligning with the new versioning behavior described in the PR.
  • Inject LabManager into ReportStatusUpdate2Action and use it to fetch provider routing records when filing earlier versions during a version 2 acknowledge workflow.
  • Skip updating a lab to Filed status in ReportStatusUpdate2Action when the routing record for that lab+provider is already in A (acknowledged) status, preventing the A→F downgrade of older versions.
src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java
Wire the new HL7 filing logic into OLIS inbound workflows and extend the ReportStatus model to carry per-provider 'allow others to file for me' preference to the UI.
  • Update OLISAddToInbox2Action to call the new CommonLabResultData.fileLabs overload with LoggedInInfo when auto-filing labs upon import, ensuring privilege checks and updated comment behavior are applied.
  • Add a boolean isHl7AllowOthersFileForYou property with getter/setter to ReportStatus and populate it in labDisplay.jsp for each provider row so the UI can disable checkboxes for providers who have opted out.
  • Change ProviderManager2.isHl7OfferFileForOthers default from true to false, ensuring the new 'file on behalf of others' UI is opt-in by default; also update the HL7 prefs JSP helper text to match the new default.
src/main/java/ca/openosp/openo/olis/OLISAddToInbox2Action.java
src/main/java/ca/openosp/openo/mds/data/ReportStatus.java
src/main/java/ca/openosp/openo/managers/ProviderManager2.java
src/main/webapp/provider/setHl7LabResultPrefs.jsp

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@D3V41 D3V41 linked an issue Apr 17, 2026 that may be closed by this pull request
2 tasks
@github-actions

github-actions Bot commented Apr 17, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9e71611.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

@coderabbitai

coderabbitai Bot commented Apr 17, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Adds HL7 provider-aware lab routing and multi-provider filing flows: new routing status F, expanded report status flag, updated lab filing APIs and manager methods, UI changes for multi-provider filing and provider preferences, and related privilege/security checks.

Changes

Cohort / File(s) Summary
Routing enum & report model
src/main/java/ca/openosp/openo/commn/dao/ProviderLabRoutingDao.java, src/main/java/ca/openosp/openo/mds/data/ReportStatus.java
Added F to STATUS enum. Added isHl7AllowOthersFileForYou getter/setter to ReportStatus.
Core lab filing logic
src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java, src/main/java/ca/openosp/openo/olis/OLISAddToInbox2Action.java
Normalized comment handling in updateReportStatus, forwarded user comment into filing, changed fileLabs overloads to accept LoggedInInfo and comment, and made removeFromQueue(Integer) public. Updated call sites to new signatures.
Manager API & implementation
src/main/java/ca/openosp/openo/managers/LabManager.java, src/main/java/ca/openosp/openo/managers/LabManagerImpl.java
Added findByLabNoAndLabTypeAndProviderNo(...), fileLabsForProviderUpToFlaggedLab(...) (transactional, write-privileged), and getProviderLabRouting(...) with provider-routing DAO integration and on-behalf filing logic.
Action & page controllers
src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java, src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java, src/main/java/ca/openosp/openo/provider/web/ProviderProperty2Action.java
Injected LabManager in actions, added fileOnBehalfOfMultipleProviders() action, updated privilege checks to use session LoggedInInfo, conditional routing-aware status updates in ReportStatusUpdate2Action, and added setDisableAckCommentPref() AJAX handler.
Provider capability behavior
src/main/java/ca/openosp/openo/managers/ProviderManager2.java
Changed fallback for HL7 offer lookup to default false when property absent.
UI (lab display & provider prefs)
src/main/webapp/lab/CA/ALL/labDisplay.jsp, src/main/webapp/provider/setLabAckComment.jsp, src/main/webapp/provider/providerpreference.jsp, src/main/webapp/provider/setHl7LabResultPrefs.jsp
Large labDisplay.jsp changes adding multi-provider filing dialogs, JS flows, and provider-selection UI; rewrote setLabAckComment.jsp to Bootstrap/JQuery toggles with AJAX; adjusted provider preference popup sizing and default text for HL7 offer.
Localization
src/main/resources/oscarResources_en.properties, ..._es.properties, ..._fr.properties, ..._pl.properties, ..._pt_BR.properties
Added provider.btnViewHl7LabPrefs translations across multiple locales.
Small JS fixes
src/main/webapp/share/javascript/oscarMDSIndex.js
Guarded access to self.opener before referencing removeReport to avoid errors when opener is null.

Sequence Diagram(s)

sequenceDiagram
    participant User as User (Provider)
    participant UI as Lab Display UI
    participant Action as FileLabs2Action
    participant LabMgr as LabManagerImpl
    participant DAO as ProviderLabRoutingDao
    participant Queue as CommonLabResultData

    User->>UI: Open multi-provider file dialog
    UI->>User: Select providers, enter comment
    User->>UI: Submit filing
    UI->>Action: POST fileOnBehalfOfMultipleProviders(params)
    activate Action
    Action->>Action: validate params & _lab privilege (uses LoggedInInfo)
    Action->>LabMgr: fileLabsForProviderUpToFlaggedLab(loggedInInfo, providerNo, flaggedLabId, labType, comment, fileUpToLabNo)
    activate LabMgr
    LabMgr->>Queue: getMatchingLabs(flaggedLabId)
    LabMgr->>DAO: findByLabNoAndLabTypeAndProviderNo(labNo, labType, providerNo)
    DAO-->>LabMgr: routingRecords
    alt routing empty or not Acknowledged
        LabMgr->>Queue: updateReportStatus(labNo, 'F', comment)
        LabMgr->>Queue: removeFromQueue(labNo)
    else routing first status is A (and filing on-behalf)
        LabMgr-->>LabMgr: skip update
    end
    LabMgr-->>Action: complete
    deactivate LabMgr
    Action-->>UI: success
    deactivate Action
    UI->>User: show result
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

  • LiamStanziani
  • lacarmen

Poem

🐰 A rabbit scurries through routing and forms,
Filing for friends while the filing bell warms,
Comments now trimmed and permissions kept true,
Multiple providers get handled anew,
HL7 prefs set — a carrot-flavored view! 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 10.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'Allow providers to file results on behalf of other providers' directly and clearly summarizes the main feature addition across all changes—enabling providers to file lab results on behalf of other providers with opt-in controls.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/remove-flagged-providers-from-lab-updated-base-develop

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 2 issues, and left some high level feedback:

  • In ReportStatusUpdate2Action.executemain(), the new continue inside the while (idNum != labNo) loop will skip the i++/idNum = Integer.parseInt(id[i]) updates and can cause an infinite loop when an entry is already acknowledged; you likely need to advance the index before continuing.
  • In LabManagerImpl.fileLabsForProviderUpToFlaggedLab(), the condition if (onBehalfOfOtherProvider && STATUS.A.name().equals(status) || STATUS.F.name().equals(status)) relies on operator precedence and currently skips F statuses regardless of onBehalfOfOtherProvider; consider adding parentheses to make the intended logic explicit, e.g. if (onBehalfOfOtherProvider && (A || F)) or (onBehalfOfOtherProvider && A) || F.
  • The labDisplay.jsp now contains a large amount of inline JavaScript and duplicated checkbox-building markup for the two dialogs; consider extracting common JS helpers (e.g., for provider selection and dialog setup) and/or JSP fragments to reduce duplication and improve maintainability.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In ReportStatusUpdate2Action.executemain(), the new `continue` inside the `while (idNum != labNo)` loop will skip the `i++`/`idNum = Integer.parseInt(id[i])` updates and can cause an infinite loop when an entry is already acknowledged; you likely need to advance the index before continuing.
- In LabManagerImpl.fileLabsForProviderUpToFlaggedLab(), the condition `if (onBehalfOfOtherProvider && STATUS.A.name().equals(status) || STATUS.F.name().equals(status))` relies on operator precedence and currently skips `F` statuses regardless of `onBehalfOfOtherProvider`; consider adding parentheses to make the intended logic explicit, e.g. `if (onBehalfOfOtherProvider && (A || F))` or `(onBehalfOfOtherProvider && A) || F`.
- The labDisplay.jsp now contains a large amount of inline JavaScript and duplicated checkbox-building markup for the two dialogs; consider extracting common JS helpers (e.g., for provider selection and dialog setup) and/or JSP fragments to reduce duplication and improve maintainability.

## Individual Comments

### Comment 1
<location path="src/main/java/ca/openosp/openo/managers/LabManagerImpl.java" line_range="210-211" />
<code_context>
+            }
+
+            // Skip if lab is already Acknowledged or Filed
+            String status = providerLabRouting.getStatus();
+            if (onBehalfOfOtherProvider && ProviderLabRoutingDao.STATUS.A.name().equals(status) || ProviderLabRoutingDao.STATUS.F.name().equals(status)) {
+                continue;
+            }
</code_context>
<issue_to_address>
**issue (bug_risk):** Operator precedence in the status check is likely not what you intend and will allow refiling acknowledged labs.

Because of operator precedence, this condition is evaluated as `(onBehalfOfOtherProvider && status == A) || status == F`. As a result, Acknowledged labs are only skipped when `onBehalfOfOtherProvider` is true; when filing for oneself, Acknowledged labs will be re-filed.

If the intent is to always skip `F`, and skip `A` only when filing on behalf of another provider, you can make that explicit:
```java
if (ProviderLabRoutingDao.STATUS.F.name().equals(status) ||
    (onBehalfOfOtherProvider && ProviderLabRoutingDao.STATUS.A.name().equals(status))) {
    continue;
}
```
</issue_to_address>

### Comment 2
<location path="src/main/webapp/lab/CA/ALL/labDisplay.jsp" line_range="1711-1714" />
<code_context>
                         <tr>
                             <td>
-                                <input type="hidden" name="segmentID"
+                                <input type="hidden" name="segmentID" id="segmentID"
                                        value="<%= Encode.forHtmlAttribute(segmentID) %>"/>
                                 <input type="hidden" name="multiID" value="<%= Encode.forHtmlAttribute(multiLabId) %>"/>
</code_context>
<issue_to_address>
**issue (bug_risk):** Adding `id="segmentID"` and `id="labType"` inside a loop will create many duplicate IDs in the DOM.

Because this input is rendered per lab segment, the DOM will end up with multiple `segmentID`/`labType` elements sharing the same ID. Any JavaScript that queries by `#segmentID` or `#labType` will only get the first one, which can cause incorrect behavior. Either make the IDs unique per segment (e.g. `segmentID_<%=segmentID%>`) or remove the IDs and rely on `name` and form scoping instead.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Outdated
Comment thread src/main/webapp/lab/CA/ALL/labDisplay.jsp

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the ability for providers to file HL7 lab results on behalf of other linked providers, including new UI modals and user preferences. The review identified several critical issues: compilation errors due to updated method signatures, missing backend methods for UI preferences, a potential infinite loop in the lab update logic, and logic errors concerning operator precedence and status checks that could lead to incorrect data updates.

Comment thread src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java
Comment thread src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java
Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Outdated
Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Fixed
Comment thread src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java Dismissed
Comment thread src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java Dismissed
Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Fixed

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

7 issues found across 19 files

Confidence score: 1/5

  • Merge risk is critical because src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java has a confirmed infinite loop when status is "A" (continue bypasses increment/update), which can hang processing and block acknowledgements.
  • src/main/java/ca/openosp/openo/managers/LabManagerImpl.java includes a high-severity authorization flaw: trusting a request flag can bypass on-behalf filing consent checks, creating a direct permission/security risk.
  • There are additional correctness regressions in lab filing/ack logic (labNo vs idNum query target, and fileUpToLabNo=false filing too broadly), plus duplicate IDs in src/main/webapp/lab/CA/ALL/labDisplay.jsp that can break UI behavior when multiple segments render.
  • Pay close attention to src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java, src/main/java/ca/openosp/openo/managers/LabManagerImpl.java, src/main/webapp/lab/CA/ALL/labDisplay.jsp - loop safety, authorization enforcement, and filing/DOM correctness need fixes before merge.
Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/main/java/ca/openosp/openo/managers/LabManagerImpl.java">

<violation number="1" location="src/main/java/ca/openosp/openo/managers/LabManagerImpl.java:185">
P0: Do not trust the request flag for on-behalf filing permission; this allows bypassing the target provider consent check.</violation>

<violation number="2" location="src/main/java/ca/openosp/openo/managers/LabManagerImpl.java:193">
P1: `fileUpToLabNo=false` currently files all matching labs instead of only the flagged lab.</violation>
</file>

<file name="src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java">

<violation number="1" location="src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java:109">
P0: Wrong variable: the query passes `labNo` (the current lab being acknowledged) instead of `idNum` (the older version being iterated). This means the "preserve prior approvals" check always queries the wrong lab. Change `labNo` to `idNum`.</violation>

<violation number="2" location="src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java:110">
P0: Infinite loop: `continue` skips `i++` and `idNum = Integer.parseInt(id[i])`, so when the status is "A" the loop repeats forever with the same `idNum`. Move the increment before the `continue`, or restructure to use a `for` loop.</violation>
</file>

<file name="src/main/webapp/lab/CA/ALL/labDisplay.jsp">

<violation number="1" location="src/main/webapp/lab/CA/ALL/labDisplay.jsp:988">
P3: The `'ackLabAndFileForOther'` branch in `handleLab` is never invoked — no caller passes this action string. It duplicates the `'ackLab'` branch and should be removed to avoid confusion.</violation>

<violation number="2" location="src/main/webapp/lab/CA/ALL/labDisplay.jsp:1503">
P1: Dialog elements and hidden inputs (`#fileDialog`, `#combinedAckFileDialog`, `#loggedInProviderNo`, `#tempAckBtn`, etc.) are rendered inside the per-segment `for` loop, producing duplicate HTML IDs when multiple lab segments are displayed. jQuery will only find the first instance, so the file/acknowledge dialogs for the 2nd+ segments will show incorrect provider lists. These elements should either be moved outside the loop (with dynamic content injection) or have segment-specific IDs.</violation>
</file>

<file name="src/main/webapp/provider/setLabAckComment.jsp">

<violation number="1" location="src/main/webapp/provider/setLabAckComment.jsp:41">
P2: Avoid hard-coded user-facing text in this JSP; use resource-bundle keys so translated locales continue to work.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Outdated
Comment thread src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java Outdated
Comment thread src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java Outdated
Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Outdated
Comment thread src/main/webapp/lab/CA/ALL/labDisplay.jsp
Comment thread src/main/webapp/provider/setLabAckComment.jsp
Comment thread src/main/webapp/lab/CA/ALL/labDisplay.jsp Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)
src/main/webapp/provider/setHl7LabResultPrefs.jsp (1)

58-94: ⚠️ Potential issue | 🟠 Major

Add CSRF protection to AJAX requests.

The AJAX POST requests to setProviderStaleDate.do lack CSRF tokens. The application enforces OWASP CsrfGuard globally (mapped to all URLs), but this JSP does not load the csrfguard script or include CSRF tokens in the AJAX data. These requests will fail CSRF validation.

Add the following to the JSP head section:

<script src="${pageContext.request.contextPath}/csrfguard" type="text/javascript"></script>

This enables automatic CSRF token injection for AJAX requests, consistent with other preference pages in the codebase (e.g., documentsInQueues.jsp, SearchDrug3.jsp).

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/webapp/provider/setHl7LabResultPrefs.jsp` around lines 58 - 94, The
AJAX POST in updatePreference (the jQuery.ajax call inside function
updatePreference) is missing CSRF tokens and will be blocked by OWASP CsrfGuard;
to fix, add the CsrfGuard client script to this JSP so tokens are injected for
AJAX calls by including the CsrfGuard loader script in the page head (same
approach used in documentsInQueues.jsp/SearchDrug3.jsp) so the existing
updatePreference/jQuery.ajax requests to setProviderStaleDate.do carry the CSRF
token automatically.
src/main/java/ca/openosp/openo/commn/dao/ProviderLabRoutingDao.java (1)

20-71: 🛠️ Refactor suggestion | 🟠 Major

Add comprehensive JavaDoc documentation for this DAO interface.

Per coding guidelines, all public classes and methods must have comprehensive JavaDoc documentation, especially for healthcare domain classes dealing with medical data like lab result routing. The interface, both enums (LAB_TYPE, STATUS), and all method signatures currently lack any documentation.

At minimum, document:

  • Interface purpose and healthcare context
  • Each STATUS enum constant (X, N, A, D, F) with clear meanings
  • Each LAB_TYPE enum constant
  • All method parameters with specific data types
  • All method return types and what they represent
  • Healthcare domain context for lab routing operations

As per coding guidelines: "All public classes and methods MUST have comprehensive JavaDoc documentation" and "Document healthcare domain context in JavaDoc for medical data classes: patient records, prescriptions, lab results."

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/java/ca/openosp/openo/commn/dao/ProviderLabRoutingDao.java` around
lines 20 - 71, Add comprehensive JavaDoc to the ProviderLabRoutingDao interface,
its enums (LAB_TYPE, STATUS) and every public method: start with an overview
describing the DAO purpose and healthcare context (lab result routing,
privacy/PHI notes), document each STATUS constant (X, N, A, D, F) with clear
semantic meaning, each LAB_TYPE constant (DOC, HL7), and for every method (e.g.,
findByLabNoAndLabTypeAndProviderNo, getProviderLabRoutingDocuments,
getProviderLabRoutingForLabProviderType, getProviderLabRoutingForLabAndType,
findAllLabRoutingByIdandType, updateStatus, findByLabNo,
findByLabNoIncludingPotentialDuplicates, findByLabNoAndLabType,
getProviderLabRoutings, findByStatusANDLabNoType, findByProviderNo,
findByLabNoTypeAndStatus,
findLastRoutingIdGroupedByProviderAndCreatedByDocCreator,
findProviderAndLabRoutingById, findMdsResultResultDataByManyThings,
findMdsResultResultDataByDemographicNoAndLabNo, findMdsResultResultDataByDemoId,
findProviderAndLabRoutingByIdAndLabType) include param descriptions (types and
domain meaning), the return value semantics (what the List or Model contains),
thrown/side-effect behavior (e.g., updateStatus effects), and any PHI/security
considerations; keep JavaDoc concise, use `@param` and `@return` tags, and ensure
domain-specific examples/notes where behavior may be ambiguous.
src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java (1)

606-629: ⚠️ Potential issue | 🟠 Major

Add an audit event to the shared filing helper.

Now that this method receives LoggedInInfo, it has everything needed to record who filed which lab. It still changes provider routing and removes the document from the queue with no audit entry, which leaves shared filing paths unaudited.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java` around
lines 606 - 629, The fileLabs method currently updates report status and removes
queued docs but doesn't record an audit; add an audit event using the provided
LoggedInInfo whenever a lab is filed. After each call to updateReportStatus
(both inside the labArray loop and the single-lab else branch) invoke the shared
audit helper (or create one if missing) to record the lab id, action ("filed" or
equivalent), provider, comment, labType and the LoggedInInfo user identity;
ensure the audit call occurs before or immediately after removeFromQueue so
every path that calls updateReportStatus/removeFromQueue logs who filed which
lab. Reference symbols: fileLabs, LoggedInInfo,
CommonLabResultData.getMatchingLabs, updateReportStatus, removeFromQueue.
🧹 Nitpick comments (4)
src/main/webapp/provider/setHl7LabResultPrefs.jsp (2)

18-18: Consider upgrading to Bootstrap 5.3.0.

The page loads Bootstrap 5.0.2, but the coding guidelines specify Bootstrap 5.3.0 should be loaded from CDN for modern UI components in JSP templates.

📦 Proposed upgrade to Bootstrap 5.3.0
-    <link href="${pageContext.servletContext.contextPath}/library/bootstrap/5.0.2/css/bootstrap.min.css" rel="stylesheet" media="screen">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-9ndCyUaIbzAi2FUVXJi0CjmCapSmO7SnpJef0486qhLnuZ2cdeRhO02iuK6FUUVM" crossorigin="anonymous">

Also update the JavaScript reference on line 20:

-    <script src="${pageContext.servletContext.contextPath}/library/bootstrap/5.0.2/js/bootstrap.bundle.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js" integrity="sha384-geWF76RCwLtnZ8qwWowPQNguL3RmwHVBC9FhGdlKrxdiJJigb/j/68SIy3Te4Bkz" crossorigin="anonymous"></script>
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/webapp/provider/setHl7LabResultPrefs.jsp` at line 18, Update the
Bootstrap include in setHl7LabResultPrefs.jsp to use Bootstrap 5.3.0 from the
CDN: replace the existing CSS link element that references
"/library/bootstrap/5.0.2/css/bootstrap.min.css" with the official 5.3.0 CDN
stylesheet and also update the corresponding JavaScript reference on line 20 to
the 5.3.0 CDN bundle (ensure integrity and crossorigin attributes are added as
per CDN docs); locate the link tag and the script tag in
setHl7LabResultPrefs.jsp and swap their URLs to the 5.3.0 CDN versions.

1-21: Add JSP documentation header.

The file is missing comprehensive JSP comment blocks as required. Consider adding documentation after the copyright header (lines 1-4) to describe the purpose, features, parameters, and include @since tags. As per coding guidelines, JSP files should include comprehensive documentation blocks.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/webapp/provider/setHl7LabResultPrefs.jsp` around lines 1 - 21, Add a
JSP documentation header comment block at the top of setHl7LabResultPrefs.jsp
(immediately after the existing page directives/header) that summarizes the page
purpose ("Set HL7 Lab Result Preferences"), lists key features or behaviors,
describes expected input/session parameters (e.g., sessionScope.userrole,
sessionScope.user), and includes metadata tags such as `@author`, `@since`, and a
brief changelog; ensure the block is a JSP comment (<!-- ... -->) and placed
before the HTML DOCTYPE so it meets the project's JSP documentation guidelines.
src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java (1)

118-130: Use loggedInInfo as the source of the filing provider.

fileLabAjax() now resolves LoggedInInfo, but the filed provider still comes from request.getSession().getAttribute("user"). That keeps two session identity sources in play for the same action and makes the actor/provider harder to reason about.

Suggested fix
-        String providerNo = (String) request.getSession().getAttribute("user");
+        String providerNo = loggedInInfo.getLoggedInProviderNo();

Based on learnings, Always use LoggedInInfo.getLoggedInInfoFromSession(request) to extract logged-in user information in actions and services.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java` around
lines 118 - 130, The code uses request.getSession().getAttribute("user") for
providerNo while already resolving LoggedInInfo via
LoggedInInfo.getLoggedInInfoFromSession(request); replace that session lookup so
providerNo is derived from the LoggedInInfo instance (e.g., use
loggedInInfo.getUserId() / getUser() / getProviderNo() as appropriate) and pass
that value into CommonLabResultData.fileLabs(listFlaggedLabs, providerNo,
loggedInInfo) so all actor identity comes from LoggedInInfo (update the
providerNo assignment and any related variable names).
src/main/java/ca/openosp/openo/managers/LabManager.java (1)

24-28: Document the new public API methods.

These three interface methods expand the public LabManager contract, but they were added without JavaDoc. Please document parameters, return values, and behavior so the new filing/routing API is self-describing for callers and implementers.

As per coding guidelines, src/main/java/**/*.java: All public classes and methods MUST have comprehensive JavaDoc documentation.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/java/ca/openosp/openo/managers/LabManager.java` around lines 24 -
28, Add comprehensive JavaDoc for the three new public interface methods in
LabManager: findByLabNoAndLabTypeAndProviderNo,
fileLabsForProviderUpToFlaggedLab, and getProviderLabRouting. For each method
document the purpose/behavior, each parameter (LoggedInInfo loggedInInfo,
labId/flaggedLabId/labNo, labType, provider/providerNo, comment, fileUpToLabNo,
onBehalfOfOtherProvider), the return type (what the
List<ProviderLabRoutingModel> contains and when it may be empty), any side
effects (e.g., filing action performed by fileLabsForProviderUpToFlaggedLab),
thrown exceptions or error conditions, and any concurrency/authentication
considerations so callers and implementers understand expected behavior and
contracts.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/main/java/ca/openosp/openo/managers/LabManagerImpl.java`:
- Around line 162-220: The method fileLabsForProviderUpToFlaggedLab in
LabManagerImpl mutates multiple rows (calls
CommonLabResultData.updateReportStatus and CommonLabResultData.removeFromQueue
inside a loop) and must be executed in a single DB transaction to avoid partial
commits; mark the method (or the LabManagerImpl class) with Spring's
`@Transactional` (importing
org.springframework.transaction.annotation.Transactional) so the entire loop is
atomic and will rollback on exceptions, ensuring the update/remove calls and
LogAction are all within the same transaction boundary; verify LabManagerImpl is
a Spring-managed bean (e.g., `@Service`) so `@Transactional` is effective.

In `@src/main/java/ca/openosp/openo/mds/data/ReportStatus.java`:
- Around line 180-185: Add JavaDoc comments for the two new public accessors in
ReportStatus: document the getter isHl7AllowOthersFileForYou() with a brief
description and an `@return` tag describing the boolean meaning, and document the
setter setHl7AllowOthersFileForYou(boolean isHl7AllowOthersFileForYou) with a
brief description and a `@param` tag describing the parameter's purpose; place the
JavaDoc immediately above each method in src/main/java so the public API is
fully documented.

In `@src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java`:
- Around line 109-115: The loop in ReportStatusUpdate2Action uses labNo in the
guard and calls continue without advancing i, causing an infinite loop and
incorrect status checks; change the check to use the current version identifier
(idNum) instead of labNo when calling
labManager.findByLabNoAndLabTypeAndProviderNo (or the appropriate method that
accepts the version), and ensure i (and idNum parsed from id[i]) is advanced
before any continue so skipped acknowledged versions don't block the loop;
update the logic around idNum, i, providerLabRoutingModels, and the call to
CommonLabResultData.updateReportStatus accordingly.

In `@src/main/java/ca/openosp/openo/provider/web/ProviderProperty2Action.java`:
- Around line 1532-1545: The setDisableAckCommentPref method performs an AJAX
write without checking privileges; before mutating UserProperty (in
ProviderProperty2Action.setDisableAckCommentPref) call
SecurityInfoManager.hasPrivilege(...) using the same privilege used by other
lab-preference actions (or the provider self-service preference edit privilege)
and short-circuit with an appropriate error/HTTP response if the check fails;
ensure you obtain SecurityInfoManager (or use the existing instance) and enforce
the check at the start of setDisableAckCommentPref before any calls to
userPropertyDAO.getProp/saveProp.
- Around line 1522-1525: The HL7-specific lookups
providerManager2.isHl7OfferFileForOthers(...) and
providerManager2.isHl7AllowOthersFileForYou(...) can throw for non-lab providers
and should not crash viewCommentLab; wrap those calls with a safe guard: either
check a lab-read/access predicate on providerManager2 (e.g., a method like
canReadLab or isLabProvider) before calling them, or catch any exception around
the two calls and default offerFileForOthers/allowOthersFileForYou to false;
ensure ProviderProperty2Action still sets the request attributes
("offerFileForOthers" and "allowOthersFileForYou") so the UI simply hides the
HL7 toggles instead of raising a runtime error.

In `@src/main/webapp/lab/CA/ALL/labDisplay.jsp`:
- Around line 1502-1636: The dialogs and hidden inputs (loggedInProviderNo,
loggedInProviderName, isHl7OfferFileForOthers, tempAckBtn, fileDialog,
combinedAckFileDialog, skipAckComment, combinedAckComment, etc.) are being
emitted per segment causing duplicate element IDs; either render these controls
once outside the segment loop or make their IDs unique per segment (e.g., append
the segmentID) and update the JS that references them (openFileOnlyDialog(),
openCombinedAckFileDialog(), selectors like "#fileDialog",
"#combinedAckFileDialog", "#skipAckComment", "#combinedAckComment", and
tempAckBtn usage) to use the segment-scoped IDs or container-scoped selectors so
each segment targets its own dialog instance.
- Around line 1241-1249: The current flow calls
fileOnBehalfOfMultipleProviders(selectedProviders, segmentId, labType) which
internally uses Promise.allSettled and always resolves, so the caller proceeds
to acknowledgeWithComment or reload even when some filings failed; change
fileOnBehalfOfMultipleProviders to surface partial failures (either by rejecting
when any promise is rejected or returning a structured result that flags
failures), and update the caller at the if (selectedProviders.length > 0) block
to inspect that result (or catch the rejection) and only call
acknowledgeWithComment or location.reload when all filings succeeded; reference
functions fileOnBehalfOfMultipleProviders and acknowledgeWithComment and
remove/modify use of Promise.allSettled so partial failures are detected and
handled.

---

Outside diff comments:
In `@src/main/java/ca/openosp/openo/commn/dao/ProviderLabRoutingDao.java`:
- Around line 20-71: Add comprehensive JavaDoc to the ProviderLabRoutingDao
interface, its enums (LAB_TYPE, STATUS) and every public method: start with an
overview describing the DAO purpose and healthcare context (lab result routing,
privacy/PHI notes), document each STATUS constant (X, N, A, D, F) with clear
semantic meaning, each LAB_TYPE constant (DOC, HL7), and for every method (e.g.,
findByLabNoAndLabTypeAndProviderNo, getProviderLabRoutingDocuments,
getProviderLabRoutingForLabProviderType, getProviderLabRoutingForLabAndType,
findAllLabRoutingByIdandType, updateStatus, findByLabNo,
findByLabNoIncludingPotentialDuplicates, findByLabNoAndLabType,
getProviderLabRoutings, findByStatusANDLabNoType, findByProviderNo,
findByLabNoTypeAndStatus,
findLastRoutingIdGroupedByProviderAndCreatedByDocCreator,
findProviderAndLabRoutingById, findMdsResultResultDataByManyThings,
findMdsResultResultDataByDemographicNoAndLabNo, findMdsResultResultDataByDemoId,
findProviderAndLabRoutingByIdAndLabType) include param descriptions (types and
domain meaning), the return value semantics (what the List or Model contains),
thrown/side-effect behavior (e.g., updateStatus effects), and any PHI/security
considerations; keep JavaDoc concise, use `@param` and `@return` tags, and ensure
domain-specific examples/notes where behavior may be ambiguous.

In `@src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java`:
- Around line 606-629: The fileLabs method currently updates report status and
removes queued docs but doesn't record an audit; add an audit event using the
provided LoggedInInfo whenever a lab is filed. After each call to
updateReportStatus (both inside the labArray loop and the single-lab else
branch) invoke the shared audit helper (or create one if missing) to record the
lab id, action ("filed" or equivalent), provider, comment, labType and the
LoggedInInfo user identity; ensure the audit call occurs before or immediately
after removeFromQueue so every path that calls
updateReportStatus/removeFromQueue logs who filed which lab. Reference symbols:
fileLabs, LoggedInInfo, CommonLabResultData.getMatchingLabs, updateReportStatus,
removeFromQueue.

In `@src/main/webapp/provider/setHl7LabResultPrefs.jsp`:
- Around line 58-94: The AJAX POST in updatePreference (the jQuery.ajax call
inside function updatePreference) is missing CSRF tokens and will be blocked by
OWASP CsrfGuard; to fix, add the CsrfGuard client script to this JSP so tokens
are injected for AJAX calls by including the CsrfGuard loader script in the page
head (same approach used in documentsInQueues.jsp/SearchDrug3.jsp) so the
existing updatePreference/jQuery.ajax requests to setProviderStaleDate.do carry
the CSRF token automatically.

---

Nitpick comments:
In `@src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java`:
- Around line 118-130: The code uses request.getSession().getAttribute("user")
for providerNo while already resolving LoggedInInfo via
LoggedInInfo.getLoggedInInfoFromSession(request); replace that session lookup so
providerNo is derived from the LoggedInInfo instance (e.g., use
loggedInInfo.getUserId() / getUser() / getProviderNo() as appropriate) and pass
that value into CommonLabResultData.fileLabs(listFlaggedLabs, providerNo,
loggedInInfo) so all actor identity comes from LoggedInInfo (update the
providerNo assignment and any related variable names).

In `@src/main/java/ca/openosp/openo/managers/LabManager.java`:
- Around line 24-28: Add comprehensive JavaDoc for the three new public
interface methods in LabManager: findByLabNoAndLabTypeAndProviderNo,
fileLabsForProviderUpToFlaggedLab, and getProviderLabRouting. For each method
document the purpose/behavior, each parameter (LoggedInInfo loggedInInfo,
labId/flaggedLabId/labNo, labType, provider/providerNo, comment, fileUpToLabNo,
onBehalfOfOtherProvider), the return type (what the
List<ProviderLabRoutingModel> contains and when it may be empty), any side
effects (e.g., filing action performed by fileLabsForProviderUpToFlaggedLab),
thrown exceptions or error conditions, and any concurrency/authentication
considerations so callers and implementers understand expected behavior and
contracts.

In `@src/main/webapp/provider/setHl7LabResultPrefs.jsp`:
- Line 18: Update the Bootstrap include in setHl7LabResultPrefs.jsp to use
Bootstrap 5.3.0 from the CDN: replace the existing CSS link element that
references "/library/bootstrap/5.0.2/css/bootstrap.min.css" with the official
5.3.0 CDN stylesheet and also update the corresponding JavaScript reference on
line 20 to the 5.3.0 CDN bundle (ensure integrity and crossorigin attributes are
added as per CDN docs); locate the link tag and the script tag in
setHl7LabResultPrefs.jsp and swap their URLs to the 5.3.0 CDN versions.
- Around line 1-21: Add a JSP documentation header comment block at the top of
setHl7LabResultPrefs.jsp (immediately after the existing page directives/header)
that summarizes the page purpose ("Set HL7 Lab Result Preferences"), lists key
features or behaviors, describes expected input/session parameters (e.g.,
sessionScope.userrole, sessionScope.user), and includes metadata tags such as
`@author`, `@since`, and a brief changelog; ensure the block is a JSP comment (<!--
... -->) and placed before the HTML DOCTYPE so it meets the project's JSP
documentation guidelines.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5816ada4-e583-4893-a827-67d4c4d9702d

📥 Commits

Reviewing files that changed from the base of the PR and between 1ac7fc4 and b637450.

📒 Files selected for processing (19)
  • src/main/java/ca/openosp/openo/commn/dao/ProviderLabRoutingDao.java
  • src/main/java/ca/openosp/openo/lab/ca/on/CommonLabResultData.java
  • src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java
  • src/main/java/ca/openosp/openo/managers/LabManager.java
  • src/main/java/ca/openosp/openo/managers/LabManagerImpl.java
  • src/main/java/ca/openosp/openo/managers/ProviderManager2.java
  • src/main/java/ca/openosp/openo/mds/data/ReportStatus.java
  • src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java
  • src/main/java/ca/openosp/openo/olis/OLISAddToInbox2Action.java
  • src/main/java/ca/openosp/openo/provider/web/ProviderProperty2Action.java
  • src/main/resources/oscarResources_en.properties
  • src/main/resources/oscarResources_es.properties
  • src/main/resources/oscarResources_fr.properties
  • src/main/resources/oscarResources_pl.properties
  • src/main/resources/oscarResources_pt_BR.properties
  • src/main/webapp/lab/CA/ALL/labDisplay.jsp
  • src/main/webapp/provider/providerpreference.jsp
  • src/main/webapp/provider/setHl7LabResultPrefs.jsp
  • src/main/webapp/provider/setLabAckComment.jsp

Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java
Comment thread src/main/java/ca/openosp/openo/mds/data/ReportStatus.java
Comment thread src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java Outdated
Comment thread src/main/webapp/lab/CA/ALL/labDisplay.jsp
Comment thread src/main/webapp/lab/CA/ALL/labDisplay.jsp
Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Fixed
Comment thread src/main/java/ca/openosp/openo/managers/LabManagerImpl.java Dismissed

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java (1)

118-130: ⚠️ Potential issue | 🟠 Major

Fail securely when the session has expired or is missing.

LoggedInInfo.getLoggedInInfoFromSession(request) can return null; both paths immediately pass it into security/business logic. Add an explicit null/expired-session check before privilege checks so expired sessions don’t produce NPEs or inconsistent failure behavior.

🛡️ Proposed session guard
+    private LoggedInInfo requireActiveLoggedInInfo() {
+        LoggedInInfo loggedInInfo = LoggedInInfo.getLoggedInInfoFromSession(request);
+        if (loggedInInfo == null || loggedInInfo.isExpired()) {
+            request.getSession().invalidate();
+            throw new SecurityException("expired or missing logged-in session");
+        }
+        return loggedInInfo;
+    }
+
     `@SuppressWarnings`("unused")
     public String fileLabAjax() {
 
-        LoggedInInfo loggedInInfo = LoggedInInfo.getLoggedInInfoFromSession(request);
+        LoggedInInfo loggedInInfo = requireActiveLoggedInInfo();
         if(!securityInfoManager.hasPrivilege(loggedInInfo, "_lab", "w", null)) {
             throw new SecurityException("missing required sec object (_lab)");
         }
@@
 	public String fileOnBehalfOfMultipleProviders()
 	{
-        LoggedInInfo loggedInInfo = LoggedInInfo.getLoggedInInfoFromSession(request);
+        LoggedInInfo loggedInInfo = requireActiveLoggedInInfo();
         if(!securityInfoManager.hasPrivilege(loggedInInfo, "_lab", "w", null)) {
             throw new SecurityException("missing required security object (_lab)");
         }

As per coding guidelines, **/*.java: “Validate session expiration using LoggedInInfo.isExpired() and invalidate expired sessions.”

Also applies to: 138-154

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java` around
lines 118 - 130, The LoggedInInfo retrieved by
LoggedInInfo.getLoggedInInfoFromSession(request) may be null or expired; before
calling securityInfoManager.hasPrivilege or CommonLabResultData.fileLabs,
explicitly check that loggedInInfo != null and !loggedInInfo.isExpired(), and if
the check fails invalidate the HttpSession (request.getSession().invalidate()),
and handle the failure path (throw a SecurityException or return/redirect to
login) so you avoid NPEs and ensure consistent failure behavior when the session
is missing/expired.
🧹 Nitpick comments (2)
src/main/webapp/lab/CA/ALL/labDisplay.jsp (2)

1529-1562: Avoid shadowing the page-scoped providerNo attribute inside the forEach.

<c:set var="providerNo" value="${e:forHtmlAttribute(report.oscarProviderNo)}" /> (and the mirror at line 1601 for the combined dialog) writes to a page-scoped attribute that shares its name with the Java local variable providerNo used elsewhere in this JSP. After this loop finishes, any downstream ${providerNo} EL reference would return the last iteration's value rather than the logged-in provider, which is easy to introduce accidentally on future edits. No current call site reads ${providerNo} in EL, so this isn't a bug today — just a brittle name choice. Consider renaming the loop-local to something scoped like reportProviderNo / combinedReportProviderNo (the combined-dialog block already does this for combinedProviderNo, so aligning the two sections would also improve consistency).

♻️ Suggested rename for the `#fileDialog` forEach
-                        <c:set var="providerNo" value="${e:forHtmlAttribute(report.oscarProviderNo)}" />
-                        <c:set var="providerName" value="${e:forHtml(report.providerName)}" />
+                        <c:set var="reportProviderNo" value="${e:forHtmlAttribute(report.oscarProviderNo)}" />
+                        <c:set var="reportProviderName" value="${e:forHtml(report.providerName)}" />
                         
                         <input type="checkbox"
                             name="providers"
                             id="${providerId}"
-                            value="${providerNo}"
+                            value="${reportProviderNo}"
                             class="ackProviderCheckbox${isDisabled ? ' disabled-checkbox' : ''}"
                             ${isDisabled ? 'disabled' : ''} />
                         
                         <label for="${providerId}"
                             style="${isDisabled ? 'color: gray; cursor: not-allowed;' : ''}">
-                            <c:out value="${providerName}${isDisabled ? ' (opted out by user preference)' : ''}" escapeXml="false" />
+                            <c:out value="${reportProviderName}${isDisabled ? ' (opted out by user preference)' : ''}" escapeXml="false" />
                         </label>
                         
                         <input type="hidden"
                             class="ackProviderName"
-                            data-provider-no="${providerNo}"
+                            data-provider-no="${reportProviderNo}"
                             value="${e:forHtmlAttribute(report.providerName)}" /><br/>
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/webapp/lab/CA/ALL/labDisplay.jsp` around lines 1529 - 1562, The
loop-local page attribute providerNo inside the <c:forEach> is shadowing a
page-scoped name used elsewhere; rename the loop-local var to something unique
(e.g., reportProviderNo) wherever set or referenced in this block—specifically
change the <c:set var="providerNo">, the value="${providerNo}" on the checkbox
input, data-provider-no="${providerNo}" on the hidden .ackProviderName, and any
related id/value uses (providerId like ackProvider${status.index},
ackProviderCheckbox class, .ackProviderName hidden input) so they all reference
reportProviderNo; mirror the same renaming convention used in the combined
dialog (combinedProviderNo) to keep consistency.

1494-1519: Layer JS-context encoding on ackLabFunc, not just HTML-attribute encoding.

ackLabFunc is a JavaScript statement built in Java (lines 1418 / 1420) that embeds segmentID verbatim. When it's rendered with ${e:forHtmlAttribute(ackLabFunc)} inside an onclick="" attribute, the browser decodes the HTML entities before the JS runtime parses the value, so HTML-attribute encoding alone doesn't protect the JS context. In practice segmentID has to be numeric for the page to render (Factory.getHandler, ConversionUtils.fromIntString, etc.), so this isn't actively exploitable — but it leaves the defense-in-depth guarantee weaker than other onclick sites in this file (which use Encode.forJavaScript(segmentID) at the injection point).

The idiomatic layered pattern is to encode the dynamic piece with Encode.forJavaScript when composing the JS string, then let forHtmlAttribute handle the outer HTML-attribute context. Alternatively, drop the inline handler and bind via JS using a data attribute.

♻️ Suggested layered encoding
         String ackLabFunc;
         if (skipComment) {
-            ackLabFunc = "handleLab('acknowledgeForm_" + segmentID + "','" + segmentID + "','ackLab');";
+            String sidJs = Encode.forJavaScript(segmentID);
+            ackLabFunc = "handleLab('acknowledgeForm_" + sidJs + "','" + sidJs + "','ackLab');";
         } else {
-            ackLabFunc = "getComment('ackLab', " + segmentID + ");";
+            ackLabFunc = "getComment('ackLab', '" + Encode.forJavaScript(segmentID) + "');";
         }

As per coding guidelines: "Use Encode.forHtml(), Encode.forJavaScript(), Encode.forHtmlAttribute(), Encode.forJavaScriptBlock(), Encode.forUriComponent(), and Encode.forCssUrl() from OWASP Encoder for ALL user inputs in web output."

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/main/webapp/lab/CA/ALL/labDisplay.jsp` around lines 1494 - 1519, The
ackLabFunc string assigned server-side (used as the onclick for the button with
id "tempAckBtn") embeds segmentID verbatim and is only HTML-attribute encoded at
render time; update the server-side composition of ackLabFunc to apply
JavaScript-context encoding (e.g., Encode.forJavaScript(segmentID) or
equivalent) before wrapping it with forHtmlAttribute, or refactor to remove the
inline onclick by storing the handler input in a data-attribute (e.g.,
data-segment-id) and attach the click listener in client JS (openFileOnlyDialog
/ tempAckBtn) to build the safe JS call — ensure segmentID is encoded with
Encode.forJavaScript when composing any JS string and that the final value is
still passed through forHtmlAttribute for the attribute context.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java`:
- Around line 135-157: Add comprehensive JavaDoc to the public method
fileOnBehalfOfMultipleProviders in FileLabs2Action describing the method's
purpose (files labs on behalf of providers up to a flagged lab), the parameters
expected via the request (providerNo, flaggedLabId, labType, comment,
fileUpToLabNo), the return behavior (returns null / is an action endpoint), the
security requirement (requires _lab write privilege and throws SecurityException
when missing), and any side-effects (calls
labManager.fileLabsForProviderUpToFlaggedLab and may return early when inputs
are missing/empty); include tags for `@return`, `@throws` SecurityException and a
brief note about input validation and trimming.

---

Outside diff comments:
In `@src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java`:
- Around line 118-130: The LoggedInInfo retrieved by
LoggedInInfo.getLoggedInInfoFromSession(request) may be null or expired; before
calling securityInfoManager.hasPrivilege or CommonLabResultData.fileLabs,
explicitly check that loggedInInfo != null and !loggedInInfo.isExpired(), and if
the check fails invalidate the HttpSession (request.getSession().invalidate()),
and handle the failure path (throw a SecurityException or return/redirect to
login) so you avoid NPEs and ensure consistent failure behavior when the session
is missing/expired.

---

Nitpick comments:
In `@src/main/webapp/lab/CA/ALL/labDisplay.jsp`:
- Around line 1529-1562: The loop-local page attribute providerNo inside the
<c:forEach> is shadowing a page-scoped name used elsewhere; rename the
loop-local var to something unique (e.g., reportProviderNo) wherever set or
referenced in this block—specifically change the <c:set var="providerNo">, the
value="${providerNo}" on the checkbox input, data-provider-no="${providerNo}" on
the hidden .ackProviderName, and any related id/value uses (providerId like
ackProvider${status.index}, ackProviderCheckbox class, .ackProviderName hidden
input) so they all reference reportProviderNo; mirror the same renaming
convention used in the combined dialog (combinedProviderNo) to keep consistency.
- Around line 1494-1519: The ackLabFunc string assigned server-side (used as the
onclick for the button with id "tempAckBtn") embeds segmentID verbatim and is
only HTML-attribute encoded at render time; update the server-side composition
of ackLabFunc to apply JavaScript-context encoding (e.g.,
Encode.forJavaScript(segmentID) or equivalent) before wrapping it with
forHtmlAttribute, or refactor to remove the inline onclick by storing the
handler input in a data-attribute (e.g., data-segment-id) and attach the click
listener in client JS (openFileOnlyDialog / tempAckBtn) to build the safe JS
call — ensure segmentID is encoded with Encode.forJavaScript when composing any
JS string and that the final value is still passed through forHtmlAttribute for
the attribute context.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 578c3555-2bdd-468b-b155-a92d39458aee

📥 Commits

Reviewing files that changed from the base of the PR and between b637450 and 44bee44.

📒 Files selected for processing (8)
  • src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java
  • src/main/java/ca/openosp/openo/managers/LabManager.java
  • src/main/java/ca/openosp/openo/managers/LabManagerImpl.java
  • src/main/java/ca/openosp/openo/mds/data/ReportStatus.java
  • src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java
  • src/main/java/ca/openosp/openo/provider/web/ProviderProperty2Action.java
  • src/main/webapp/lab/CA/ALL/labDisplay.jsp
  • src/main/webapp/share/javascript/oscarMDSIndex.js
🚧 Files skipped from review as they are similar to previous changes (4)
  • src/main/java/ca/openosp/openo/mds/pageUtil/ReportStatusUpdate2Action.java
  • src/main/java/ca/openosp/openo/managers/LabManager.java
  • src/main/java/ca/openosp/openo/provider/web/ProviderProperty2Action.java
  • src/main/java/ca/openosp/openo/managers/LabManagerImpl.java

Comment thread src/main/java/ca/openosp/openo/lab/pageUtil/FileLabs2Action.java
@lacarmen lacarmen requested a review from LiamStanziani April 23, 2026 16:49
@lacarmen

Copy link
Copy Markdown
Collaborator

This feature looks good after testing on QA. The corresponding MHI PR (MagentaHealth#126) has been merged.

This PR will merged after:

@LiamStanziani LiamStanziani left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, some minor changes added to this version from the original hotfix version I reviewed before #2302 and this newer version looks good as well, thanks Deval.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

3 participants