Fix authorization handling for Bundle resources in the output (#5953)

* Fix authorization handling for Bundle resources in the output. When the Bundle is standalone, authorization should not be checked for resources included in the Bundle. * Add some more tests to cover more use cases. * Add more tests. Exclude collection type as it can be returned by a custom operation and it is not a standalone type. * Address code review comment. Remove unused method.
hapifhir · May 28, 2024 · a9815c8 · a9815c8
1 parent 357802b
commit a9815c8
Show file tree

Hide file tree

Showing 5 changed files with 342 additions and 228 deletions.
diff --git a/...hir/changelog/7_4_0/5952-get-page-bundle-fails-forbidden-with-read-bundle-permission.yaml b/...hir/changelog/7_4_0/5952-get-page-bundle-fails-forbidden-with-read-bundle-permission.yaml
@@ -0,0 +1,6 @@
+---
+type: add
+issue: 5952
+title: "Previously, since hapi-fhir 7.0, when retrieving the consecutive pages of a Bundle resource search operation 
+using a client with read permissions for Bundle resources, the request would fail with a 403 Forbidden error. 
+This has been fixed."