in src/smartHandler.ts [369:387]
async isWriteRequestAuthorized(request: WriteRequestAuthorizedRequest): Promise<void> {
const { fhirUserObject, patientLaunchContext, usableScopes } = request.userIdentity;
const fhirServiceBaseUrl = request.fhirServiceBaseUrl ?? this.apiUrl;
if (
hasAccessToResource(
fhirUserObject,
patientLaunchContext,
request.resourceBody,
usableScopes,
this.adminAccessTypes,
fhirServiceBaseUrl,
this.fhirVersion,
)
) {
return;
}
throw new UnauthorizedError('User does not have permission for requested operation');
}