in src/RBACHandler.ts [117:165]
private isBulkDataAccessAllowed(groups: string[], bulkDataAuth: BulkDataAuth): void {
const { operation, exportType } = bulkDataAuth;
if (['get-status-export', 'cancel-export', 'get-status-import', 'cancel-import'].includes(operation)) {
return;
}
if (operation === 'initiate-export') {
for (let index = 0; index < groups.length; index += 1) {
const group: string = groups[index];
if (this.rules.groupRules[group]) {
const rule: Rule = this.rules.groupRules[group];
if (exportType && rule.operations.includes('read')) {
if (exportType === 'system') {
// TODO: Enable supporting of different profiles by specifying the resources you would want to export
// in BASE_R4_RESOURCES
if (
(this.fhirVersion === '4.0.1' &&
isEqual(rule.resources.sort(), BASE_R4_RESOURCES.sort())) ||
(this.fhirVersion === '3.0.1' &&
isEqual(rule.resources.sort(), BASE_STU3_RESOURCES.sort()))
) {
return;
}
}
if (exportType === 'group' || exportType === 'patient') {
let matchSomeResource = false;
// Routing and Persistence package will filter the export data to only allowed resource types
if (this.fhirVersion === '4.0.1') {
matchSomeResource = R4_PATIENT_COMPARTMENT_RESOURCES.some((resource: string) => {
return rule.resources.includes(resource);
});
} else if (this.fhirVersion === '3.0.1') {
matchSomeResource = STU3_PATIENT_COMPARTMENT_RESOURCES.some((resource: string) => {
return rule.resources.includes(resource);
});
}
if (matchSomeResource) {
return;
}
throw new UnauthorizedError('Unauthorized');
}
}
}
}
} else if (operation === 'initiate-import') {
// TODO Handle `initiate-import` auth
}
throw new UnauthorizedError('Unauthorized');
}