search

google / fhir-gateway

A generic proxy server for applying access-control policies for a FHIR-store.
Other
74 stars 29 forks source link

Add support for update (PUT method) for QuestionnaireResponse resource #303

Open teseshadri opened 1 month ago

teseshadri commented 1 month ago

We want to sync the QuestionnaireResponse resource back to FHIR server. However it reports error

Query tried

curl -X PUT -H "Content-Type: application/fhir+json" -H "Authorization: Bearer ${ACCESS_TOKEN}" -d @queryresponse.json http://:/fhir/QuestionnaireResponse?subject=

querresponse.json used

{ "resourceType": "QuestionnaireResponse", "status": "in-progress", "subject": {"reference": "Patient/f48b2d13-f82e-44e5-84d0-1299480a63a6"}, "questionnaire":"c7f1b4f8-5d30-4968-b8c8-4aca4a618891" }

FHIR Info G/W validates our requests and forwards to Healthcare API and emits the logs as:

15:22:41.654 [http-nio-8080-exec-2] ERROR com.google.fhir.gateway.HttpFhirClient [HttpFhirClient.java:155] Error in FHIR resource PUT https://healthcare.googleapis.com/v1/projects//fhir/QuestionnaireResponse?subject=f48b2d13-f82e-44e5-84d0-1299480a63a6 HTTP/1.1 method PUT; status HTTP/1.1 400 Bad Request

Final response as :

"issue": [ { "code": "value", "details": { "text": "invalid_query" }, "diagnostics": "only identifier is allowed as search parameter", "severity": "error" } ], "resourceType": "OperationOutcome"

We understand QuestionnaireResponse supports only search params based requests. However after FHIR Info Gateway validates, it forwards the request with search params instead of replacing it with id based.

Please help us with a solution

bashir2 commented 4 weeks ago

Thanks for reporting this issue @teseshadri. After checking the commit in which we added the extra query parameter check, now I remember why we did it. The problem is that if the resource that is being updated (say R) has a different patient reference in it compared to the current version of R on the FHIR-server, then we may violate access rules. For example, if current version of R has a reference to a patient that the user should not have access to, but the updated version of R changes that patient reference to something that the user has access to.

To prevent the above scenario, we relied on FHIR's "conditional updates" but it seems that is not supported widely by FHIR servers. A work-around is to fetch the current version of the resource (that is being updated) from the server and check its patient references prior to accepting the update (which of course adds some overhead).

Also to be clear, this is an issue with the sample List/Patient AccessCheckers (and not a core issue) so it can be avoided by using another AccessChecker plugin for the time-being.