in src/smartHandler.ts [295:323]
async getAllowedResourceTypesForOperation(request: AllowedResourceTypesForOperationRequest): Promise<string[]> {
let allowedResources: string[] = [];
const allResourceTypes: string[] = this.fhirVersion === '4.0.1' ? BASE_R4_RESOURCES : BASE_STU3_RESOURCES;
for (let i = 0; i < request.userIdentity.scopes.length; i += 1) {
const scope = request.userIdentity.scopes[i];
try {
// We only get allowedResourceTypes for ClinicalSmartScope
const clinicalSmartScope = convertScopeToSmartScope(scope);
const validOperations = getValidOperationsForScopeTypeAndAccessType(
clinicalSmartScope.scopeType,
clinicalSmartScope.accessType,
this.config.scopeRule,
);
if (validOperations.includes(request.operation)) {
const scopeResourceType = clinicalSmartScope.resourceType;
if (scopeResourceType === '*') {
return allResourceTypes;
}
if (allResourceTypes.includes(scopeResourceType)) {
allowedResources = allowedResources.concat(scopeResourceType);
}
}
} catch (e) {
// Caused by trying to convert non-SmartScope to SmartScope, for example converting scope 'openid' or 'profile'
}
}
allowedResources = [...new Set(allowedResources)];
return allowedResources;
}