Update conditional in Rule builder
38 views
Skip to first unread message
Ajay shekar
Apr 5, 2021, 1:16:37 AM4/5/21
to HAPI FHIR
Hello All,
I need some clarifications about RuleBuilder class.
If I have to allow the fhir API - UpdateConditional through Auth interceptor successfully then,
I have to just mention -
return new RuleBuilder()
.allow().write().allResources().withAnyId().andThen().build;
.allow().write().allResources().withAnyId().andThen().build;
Then what does this following rule signifies ?
return new RuleBuilder().allow().updateConditional().allResources().build;
When I test above rule against UpdateConditional fhir api then it throws 403 forbidden error with "issue": [
{
"severity": "error",
"code": "processing",
"diagnostics": "Access denied by default policy (no applicable rules)"
}
]
Thanks in advance,
James Agnew
Apr 5, 2021, 8:48:54 AM4/5/21
to Ajay shekar, HAPI FHIR
The first rule you quoted just means all writes are allowed, so it wouldn't make sense to combine it with the second rule since it's a superset of the second rule already.
The second rule looks correct to me. If it's not working as expected, can you please submit a PR against HAPI FHIR's "AuthorizationInterceptorJpaR4Test" class demonstrating what isn't working?
Cheers,
James
--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/c11a8311-31f8-4496-9f53-f18f780d9533n%40googlegroups.com.
Ajay shekar
Apr 5, 2021, 12:44:14 PM4/5/21
to HAPI FHIR
Okay I will do that, thanks James.
Reply all
Reply to author
Forward
0 new messages