BMartinos
commented
5 years ago Hi @pitwegner currently there isnt a set way for checking the scopes on the routes. You would either need to add an API layer in front of Hearth that will contain all your business logic to only allow Patients to pull their own data.
The other option is to create a plugin file that will add before/after hooks for specific resources to add some custom validation https://github.com/jembi/hearth/blob/master/lib/plugins/default.js
Is there a way to configure scope checking in routes? I need to restrict patients to only access their own data.