FHRI API permissions check
- Arkadiusz Lalo
- Marco Kalin
Description
The FHIR API permissions check is based on the python DjangoModelPermissions.
More information can be found here:
https://www.django-rest-framework.org/api-guide/permissions/#permissions)(https://www.django-rest-framework.org/api-guide/permissions/#permissions
Implementation details:
The API_FHIR module has created FHIRApiPermissions class which extend the DjangoModelPermissions (from rest_framework.permissions).
from rest_framework.permissions import DjangoModelPermissions
class FHIRApiPermissions(DjangoModelPermissions):
permissions_get = ['%(app_label)s.view_%(model_name)s']
permissions_post = ['%(app_label)s.add_%(model_name)s']
permissions_put = ['%(app_label)s.change_%(model_name)s']
permissions_patch = ['%(app_label)s.change_%(model_name)s']
permissions_delete = ['%(app_label)s.delete_%(model_name)s']
def __init__(self):
self.perms_map['GET'] = self.permissions_get
self.perms_map['POST'] = self.permissions_post
self.perms_map['PUT'] = self.permissions_put
self.perms_map['PATCH'] = self.permissions_patch
self.perms_map['DELETE'] = self.permissions_deleteThe following attributes can be used to specify the list of required permissions (split by HTTP operation):
permissions_get
permissions_post
permissions_put
permissions_patch
permissions_delete
For instance, to execute GET on the Patient endpoint (OpenIMIS Insuree model) user needs to have the following permission:
insuree.view_insurees
The mentioned FHIRApiPermissions class is injected to FHIR API views using the permission_classes attribute.
Did you encounter a problem or do you have a suggestion?
Please contact our Service Desk
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-sa/4.0/