async authorizeAndFilterReadResponse()

in src/smartHandler.ts [325:367]

• 39 lines of code
• 4 McCabe index (conditional complexity)

    async authorizeAndFilterReadResponse(request: ReadResponseAuthorizedRequest): Promise<any> {
        const { fhirUserObject, patientLaunchContext, usableScopes } = request.userIdentity;
        const fhirServiceBaseUrl = request.fhirServiceBaseUrl ?? this.apiUrl;

        const { operation, readResponse } = request;
        // If request is a search treat the readResponse as a bundle
        if (SEARCH_OPERATIONS.includes(operation)) {
            const entries: any[] = (readResponse.entry ?? []).filter((entry: { resource: any }) =>
                hasAccessToResource(
                    fhirUserObject,
                    patientLaunchContext,
                    entry.resource,
                    usableScopes,
                    this.adminAccessTypes,
                    fhirServiceBaseUrl,
                    this.fhirVersion,
                ),
            );
            let numTotal: number = readResponse.total;
            if (!numTotal) {
                numTotal = entries.length;
            } else {
                numTotal -= readResponse.entry.length - entries.length;
            }
            return { ...readResponse, entry: entries, total: numTotal };
        }
        // If request is != search treat the readResponse as just a resource
        if (
            hasAccessToResource(
                fhirUserObject,
                patientLaunchContext,
                readResponse,
                usableScopes,
                this.adminAccessTypes,
                fhirServiceBaseUrl,
                this.fhirVersion,
            )
        ) {
            return readResponse;
        }

        throw new UnauthorizedError('User does not have permission for requested resource');
    }