Trifolia-on-FHIR

Permissions for resources are stored in Resource.meta.security. A custom code is created for three types of permissions:

• Everyone - Anyone with a user account in the installation.
• Group - One or more users (Practitioners) represented as a single group. Use a group to represent a team of users. To create a group, see Accounts and Login.
• User (Practitioner) - A single person with access to the installation. Trifolia-on-FHIR (ToF) requires every user to create a Practitioner that represents their user login to open ToF to a specific FHIR server for the first time.

Two Levels of Permissions:

• Read - Allows the user to search/view the resource
• Write - Allows the user to update/delete the resource

WIth these concepts combined, the resource may have several security codes. For example:

{
  resourceType: "ImplementationGuide",
  meta: {
    security: [
      // Everyone has access to read/wite
      { system: "https://trifolia-fhir.../security", code: "everyone^read" },
      { system: "https://trifolia-fhir.../security", code: "everyone^write" },
      // Members of group test-group-id have access to read/write
      { system: "https://trifolia-fhir.../security", code: "group^test-group-id^read" },
      { system: "https://trifolia-fhir.../security", code: "group^test-group-id^write" },
      // A specific user (Practitioner) with id test-practitioner-id has access to read/write
      { system: "https://trifolia-fhir.../security", code: "user^test-practitioner-id^read" },
      { system: "https://trifolia-fhir.../security", code: "user^test-practitioner-id^write" }
    ]
  }
}

When a user searches for ImplementationGuide resources, ToF sends a search request to the FHIR server that includes a _security parameter with all possible variations applicable to the active user. For example:

// un-encoded for readability
https://some-fhir-server.com/fhir/ImplementationGuide?_security=<system>|everyone^read,<system>|group^test-group-id^read,<system>|user^test-practitioner-rid^read
// encoded
https://some-fhir-server.com/fhir/ImplementationGuide?_security=https%3A%2F%2Ftrifolia-fhir...%2Fsecurity%7Ceveryone%5Eread%2Chttps%3A%2F%2Ftrifolia-fhir...%2Fsecurity%7Cgroup%5Etest-group-id%5Eread%2Chttps%3A%2F%2Ftrifolia-fhir...%2Fsecurity%7Cuser%5Etest-practitioner-rid%5Eread

When a user clicks the Edit button on a resource, ToF retrieves a single/specific resource. The ToF server verifies whether the persisted resource grants the active user permissions to view the resource before sending the resource to the user's browser for viewing.

Similarly, when a user clicks Save or Delete, the ToF server retrieves the instance of the resource persisted on the FHIR server, verifies whether the user has permissions to modify the resource, and rejects the request with a 401 Unauthorized response if the user does not have permissions. Otherwise, the resource is updated on the FHIR server according to the request.