Description

The FHIR API permissions check is based on the python DjangoModelPermissions.

More information can be found here:

https://www.django-rest-framework.org/api-guide/permissions/#permissions)(https://www.django-rest-framework.org/api-guide/permissions/#permissions

Implementation details:

The API_FHIR module has created FHIRApiPermissions class which extend the DjangoModelPermissions (from rest_framework.permissions).

from rest_framework.permissions import DjangoModelPermissions


class FHIRApiPermissions(DjangoModelPermissions):

    permissions_get = ['%(app_label)s.view_%(model_name)s']
    permissions_post = ['%(app_label)s.add_%(model_name)s']
    permissions_put = ['%(app_label)s.change_%(model_name)s']
    permissions_patch = ['%(app_label)s.change_%(model_name)s']
    permissions_delete = ['%(app_label)s.delete_%(model_name)s']

    def __init__(self):
        self.perms_map['GET'] = self.permissions_get
        self.perms_map['POST'] = self.permissions_post
        self.perms_map['PUT'] = self.permissions_put
        self.perms_map['PATCH'] = self.permissions_patch
        self.perms_map['DELETE'] = self.permissions_delete

The following attributes can be used to specify the list of required permissions (split by HTTP operation):

permissions_get
permissions_post
permissions_put
permissions_patch
permissions_delete

For instance, to execute GET on the Patient endpoint (OpenIMIS Insuree model) user needs to have the following permission:
insuree.view_insurees

The mentioned FHIRApiPermissions class is injected to FHIR API views using the permission_classes attribute.

Description

Implementation details:

Did you encounter a problem or do you have a suggestion?

Please contact our Service Desk

FHRI API permissions check

Description

Implementation details:

Did you encounter a problem or do you have a suggestion?

Please contact our Service Desk