jamesagnew
commented
5 years ago Couldn't you just register your custom class as an allowable type in this case? That would probably perform better than doing a hierarchy check on everything in the set for every request...
The check conducted in the RuleImplOp class is a bit buggy when it comes to support inherited resource classes. If for instance I have a class that extends Appointment - e.g. MyAppointment containing the annotation of the MyAppointment profile, and I also use some flavour of the https://github.com/jamesagnew/hapi-fhir/blob/master/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java, when hitting the 'resourceCreated' method, the check at https://github.com/jamesagnew/hapi-fhir/blob/cd1e0e881cdc1c5acede548cbd633e3f0a42bf43/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java#L383 will end up returning null as the reference type (Appointment) is not in the set of 'myAppliesToTypes (MyAppointment). As such, the check should be on the parent type of the extended class or the base resource class of the extended class - not the class itself.