in src/smartHandler.ts [186:242]
async getSearchFilterBasedOnIdentity(request: GetSearchFilterBasedOnIdentityRequest): Promise<SearchFilter[]> {
const references: Set<string> = new Set();
const ids: Set<string> = new Set();
const { fhirUserObject, patientLaunchContext, usableScopes } = request.userIdentity;
const fhirServiceBaseUrl = request.fhirServiceBaseUrl ?? this.apiUrl;
if (hasSystemAccess(usableScopes, '')) {
return [];
}
if (fhirUserObject) {
const { hostname, resourceType, id } = fhirUserObject;
if (isFhirUserAdmin(fhirUserObject, this.adminAccessTypes, fhirServiceBaseUrl)) {
// if an admin do not add limiting search filters
return [];
}
references.add(`${hostname}/${resourceType}/${id}`);
if (hostname === fhirServiceBaseUrl) {
references.add(`${resourceType}/${id}`);
}
if (request.resourceType && request.resourceType === resourceType) {
ids.add(id);
}
}
if (patientLaunchContext) {
const { hostname, resourceType, id } = patientLaunchContext;
references.add(`${hostname}/${resourceType}/${id}`);
if (hostname === fhirServiceBaseUrl) {
references.add(`${resourceType}/${id}`);
}
if (request.resourceType && request.resourceType === resourceType) {
ids.add(id);
}
}
// Create a SearchFilter to limit access to only resources that are referring to the requesting user and/or context
const filters: SearchFilter[] = [];
if (references.size > 0) {
filters.push({
key: '_references',
value: [...references],
comparisonOperator: '==',
logicalOperator: 'OR',
});
}
if (ids.size > 0) {
filters.push({
key: 'id',
value: [...ids],
comparisonOperator: '==',
logicalOperator: 'OR',
});
}
return filters;
}