Bug: Permissions not applied to requests appended with `/_search`

onaio / fhir-gateway-extension

This repo holds the OpenSRP permissions checker and data access checker

Other

0 stars 1 forks source link

Bug: Permissions not applied to requests appended with `/_search` #60

Closed lincmba closed 3 months ago

lincmba commented 3 months ago

Example:

.../fhir/Patient does not return data for users without correct permissions. but
.../fhir/Patient/_search returns.

This should not be the case. Permissions should be applied on both cases

lincmba commented 3 months ago

This is because there isn't a proper way to identify an operation request. To handle this, we will consider all request paths whose second section starts with an underscore as an operation request. These will have to go be synced aswell.