Permissions inherit for internal requests

beda-software / fhir-sdc

http://hl7.org/fhir/uv/sdc/ implementation with python

MIT License

18 stars 4 forks source link

Permissions inherit for internal requests #6

Closed ir4y closed 3 years ago

ir4y commented 3 years ago

Now app client uses for all internal requests including sourceQuery requests during $populate and mapping $apply during $extract.

Instead of it, all these operations should be executed on behalf of Aidbox user who requested $populate and/or $extraxt operation.

ruscoder commented 3 years ago

Let's do it gradually: all current questionnaires with mappings continue to work with superuser access.

For new questionnaires add a flag something like 'use not super user access, if this flag is set to True in the particular Questionnaire all queries (populate, source queries, and mapping) must be executed on behalf of user not superuser.

ruscoder commented 3 years ago

BACKWARD INCOMPATIBLE NOTICE

Questionnaire.runOnBehalfOfRoot flag is added for a granular upgrade. For all existing questionnaires specify this attr to true if you don't wish to upgrade now.