Skip to content

Commit

Permalink
Clone AccessControlContext for Bundle operations (#3372)
Browse files Browse the repository at this point in the history
Clone access control for all bundle actions.

Refs AB#102910
  • Loading branch information
feordin authored Jun 23, 2023
1 parent 4536f4a commit 44b342e
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
31 changes: 30 additions & 1 deletion docs/rest/SMARTScopesExample.http
Original file line number Diff line number Diff line change
Expand Up @@ -253,4 +253,33 @@ POST https://{{hostname}}
content-type: application/json
Authorization: Bearer {{bearer.response.body.access_token}}

< ./Data/BundleTransaction.json
< ./Data/BundleTransaction.json


### Testing Transaction bundle for Smart user with Write only access
# @name bearer
POST https://{{hostname}}/connect/token
content-type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=smart-patient-A
&client_secret=smart-patient-A
&scope=patient/Observation.*

### Test a Bundle with GET request inside, should not return only patient data
POST https://{{hostname}}
content-type: application/json
Authorization: Bearer {{bearer.response.body.access_token}}

{
'type': 'batch',
'resourceType': 'Bundle',
'entry': [
{
'request': {
'method': 'GET',
'url': '/Observation'
}
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,7 @@ private void SetupContexts(RouteContext request, HttpContext httpContext)
controllerName?.ToString(),
actionName?.ToString()),
ExecutingBatchOrTransaction = true,
AccessControlContext = _originalFhirRequestContext.AccessControlContext.Clone() as AccessControlContext,
};
foreach (var scopeRestriction in _originalFhirRequestContext.AccessControlContext.AllowedResourceActions)
{
Expand Down

0 comments on commit 44b342e

Please sign in to comment.