A few changes needed for encounter type restrictions:
- Create a new exception type instead of reusing APIException in methods related to encounter type view/edit privileges inside org.openmrs.api.EncounterService (consider using of such names us CannotEditEncounterException and CannotViewEncounterException).
- Provide mechanism that allows us to cache the results of canViewAllEncounterTypes() and canEditAllEncounterTypes() methods.
- Add a way to "break the glass" security so that in an emergency, a user can get the encounter, but that a note is sent to a queue or an administrator saying what happening by whom. (this is probably a new ticket because this would require changing method signatures.)