HTML Assets
In a SanteDB applet, a page, partial or piece of HTML is designed around strict XHTML and must be annotated so the proper routing is setup on the AngularJS stack.
Rules for HTML assets in an applet are:
Must be well-formed XML
Root element must be in http://www.w3.org/1999/xhtml namespace
Root element must be a <div>, <table>, <span>, or <p> tag.
Empty HTML Asset Template
At a bare minimum, an empty HTML asset should appear with the following structure:
From here the asset can be loaded by the applet collection manager.
Extended Asset Tags
You can also decorate your HTML asset with a series of tags in the http://santedb.org/applet namespace in order to add functionality. Before decorating your asset, be sure to declare the namespace:
Including Scripts
One of the extended tags allows you to either inject a JavaScript include into the header of the already rendered page (a static reference) or to load the reference on demand when the asset it requested. This is done using the script tag.
The following example includes a controller JS file, dynamically loaded:
Including CSS
You can also use the style tag to inject a CSS reference into the already rendered HTML page (this is useful if you are creating a custom theme or using a third party library).
Angular Routes / States
One of the more powerful features of the SanteDB user interface, is that it uses an AngularJS SPA architecture. SanteDB's rendering engine will automatically generate a routes.js file based on the applets which are loaded into the execution context.
In order to register your page and a route, you need to create an AngularJS state, this is done by decorating your asset with an asset tag:
This registers a new state with name "example" at the URL /example into the ng-route context. This page can now be referenced by using:
The sdb:title element is used by the breadcrumb plugin to render the path to the specified page, as well as to change the title of the browser window (if applicable).
Furthermore, we can demand a specific permission be present for the current user in order to allow navigation:
This has the following behavior:
If there is no session, then the policy evaluation equates to ELEVATE and a 401 is returned (where SanteDB will by default, navigate to state 'login')
If there is a session, and the user has the policy, the evaluation is GRANT and a HTTP 200 is returned and the asset HTML is provided to the client
If there is a session, and the user has the specified policy but on when elevated, then the ELEVATE decision (401) is returned with a re-authentication request.
If there is a session and the user does not have access then DENY is evaluated and an HTTP 403 is returned.
Finally, if your route requires a controller, you can have this dynamically executed / requested by using the sdb:view element:
A completed example page may be:
Overriding Routes
There may arise a need to override a page/view that is already registered in an underlying component. This is done with the priority attribute. For example, to override the default login page:
Angular Controller
If using the default user interface framework, you must attach the AngularJS controller to the santedb module.
Content Security Policy
SanteDB applets must adhere to CSP rules, failure to adhere to these rules in your applets not working properly in deployment.
Script References
Any scripts that you want to load should be loaded with the syntax:
The SanteDB system will place a unique NONCE on this element rendered into HTML and will append the corresponding NONCE to the JS file as it is served out.
Inline Scripts
Browser APIs
SanteDB's disconnected client software blocks access to the browser APIs for camera, geolocation, accelerometer, payment, and autoplay. SanteDB provides its own APIs for calling these services.
This allows SanteDB to restrict access to these services on a per-user basis in scenarios where devices are shared between users. SanteDB also audits access to these sensitive services in its audit repository.
Last updated
Was this helpful?