ACL
Access control lists with API constructor
aidbox.rest.acl provides a set of operations supporting SQL :filters to be added on each request. :filters can be used to restrict access to resources

Examples

Code examples on this page are taken from the ACL and the multitenancy example projects

Overview

Operations

Expects the same as regular FHIR API engines and also a :filter
  • aidbox.rest.acl/search
  • aidbox.rest.acl/create
  • aidbox.rest.acl/read
  • aidbox.rest.acl/update
  • aidbox.rest.acl/delete

Example

1
search-observation
2
{:zen/tags #{aidbox.rest/op}
3
:engine aidbox.rest.acl/search
4
:resource "Observation"
5
:format "fhir"
6
:filter observation-filter}
Copied!

Filter

An ACL operation requires :filter to be specified. A filter requires to define :expression which will be added to a SQL formed by the operation. :expression is made of templates joined with :and or :or operators. A filter optionally accepts :filter-table

Example

1
observation-filter
2
{:zen/tags #{aidbox.rest.acl/filter}
3
:filter-table acl-box.acl/acl-table
4
:expression [:and acl-box.acl/user-condition
5
acl-box.acl/subject-conditon]}
Copied!

Filter table

Filter table defines SQL table to be joined or searched in with SQL templates.

Example

1
acl-table
2
{:zen/tags #{aidbox.rest.acl/filter-table}
3
:schema "public" ;; Custom resource table acl-box.custom-resources/PatientAccess
4
:name "patientaccess"}
Copied!

Template

Defines SQL template string. Accepts params. In the template string you can refer to variables with {{<var>}} syntax. Available variables:
  • params can be referred with {{params.<path>.<to>.<param>}} syntax.
  • {{filter-table}} is the :filter-table added to the filter
  • {{target-resource}} is the jsonb of a resource being checked
  • {{target-id}} is the id of the resource

Example

1
user-condition
2
{:zen/tags #{aidbox.rest.acl/sql-template}
3
:params {:user-id user-id-param}
4
:template "{{filter-table}}.resource#>>'{user, id}' = {{params.user-id}}"}
5
6
subject-conditon
7
{:zen/tags #{aidbox.rest.acl/sql-template}
8
:template "{{target-resource}}#>>'{subject, id}' = {{filter-table}}.resource#>>'{patient, id}'"}
9
10
id-conditon
11
{:zen/tags #{aidbox.rest.acl/sql-template}
12
:template "{{target-id}} = {{filter-table}}.resource#>>'{patient, id}'"}
Copied!

Parameter

Defines a path in a request where to get data. The data can be used in a SQL template

Example

1
user-id-param
2
{:zen/tags #{aidbox.rest.acl/request-param}
3
:source-schema {:type zen/string}
4
:path [:user :id]}
Copied!