Stream: Security and Privacy
Topic: SearchNarrowingInterceptor
Victor Saad (Aug 26 2021 at 04:15):
I have implemented the SearchNarrowingInterceptor, AuthorizationInterceptor & ConsentInterceptor in my project as per the limited documentation available.
In the SearchNarrowingInterceptor, I am creating an AuthorizedList with one compartment for the patient that is sending the request to limit his access to records related to his patient Id only. So when I search for any other patient ID he gets an access denied message.
In the scenario when I am logged in as Patient 0987654321 and try to search for a Patient 1234567890 using the below URL:
http://baseurl/Patient?_id=1234567890
the SearchNarrowingInterceptor in the background is adding both patient IDs to the values Array of the _id param and since this is not acceptable I am getting the below error message
HTTP 400 Bad Request
Response Body
{
"resourceType": "OperationOutcome",
"issue": [ {
"severity": "error",
"code": "processing",
"diagnostics": "Multiple values detected for non-repeatable parameter '_id'. This server is not configured to allow multiple (AND/OR) values for this param."
} ]
}
How can I restrict the _id values to the one in the search request only, or is this a bug?
John Moehrke (Aug 26 2021 at 11:04):
seems a question better asked on #hapi
Victor Saad (Aug 26 2021 at 18:22):
Thanks, I just did.
Last updated: Apr 12 2022 at 19:14 UTC
