Stream: fhir/infrastructure-wg
Topic: CanUpdate resource
Brian Postlethwaite (Jan 21 2022 at 19:21):
Wondering if anyone else has had a need to be able to work out if a resource can be edited or deleted (to help drive a user experience and put the record in read only mode)?
I know that there is the validate operation that can be used to find this out for delete
http://hl7.org/fhir/resource-operation-validate.html
And if I do a get on the _history I can see if it is a historic version (hence not _really_ updatable) but there's no way to check if the user has permission to do update a resource.
I guess you could post the resource you just retrieved to the validate for an update and see if that returns a permission error...
John Moehrke (Jan 21 2022 at 19:24):
is it purely a permission problem, or are you also including in there business-rules?
Brian Postlethwaite (Jan 21 2022 at 21:06):
My usage is to drive global readonly behaviour - mostly a permission thing.
(I'm doing the core business rules for the individual controls on a bit by bit basis)
Gino Canessa (Jan 21 2022 at 21:08):
Is this in addition to or in replacement of what can be discovered in Capability Statements and SMART Permissions?
Brian Postlethwaite (Jan 21 2022 at 21:36):
It's specific for an actual resource - which would give the user permissions result for the specific instance.
Brian Postlethwaite (Jan 21 2022 at 21:37):
(But true, I could peek there for general read-only sense)
Josh Mandel (Jan 21 2022 at 22:21):
Kubernetes has a "can-i" command backed by an authorization API where you can ask questions about whether a particular operation will be allowed in a given authorization context https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#selfsubjectaccessreview-v1-authorization-k8s-io
Josh Mandel (Jan 21 2022 at 22:22):
We might consider an analogous FHIR operation
Last updated: Apr 12 2022 at 19:14 UTC
