Closed lincmba closed 3 months ago
This is because there isn't a proper way to identify an operation request. To handle this, we will consider all request paths whose second section starts with an underscore as an operation request. These will have to go be synced aswell.
Example:
.../fhir/Patient
does not return data for users without correct permissions. but.../fhir/Patient/_search
returns.This should not be the case. Permissions should be applied on both cases