fix: group export permission update (#56)

src/smartScopeHelper.test.ts

@@ -62,7 +62,7 @@ describe.each(isScopeSufficientCases)('%s: isScopeSufficient', (scopeType: Scope
         );
     });
 
-    test('scope is sufficient for bulk data access with "user" || "system" scopeType but not "patient" scopeType', () => {
+    test('scope is sufficient for system bulk data access with "user" || "system" scopeType but not "patient" scopeType', () => {
         const clonedScopeRule = emptyScopeRule();
         clonedScopeRule[scopeType].read = ['read'];
         const bulkDataAuth: BulkDataAuth = { operation: 'initiate-export', exportType: 'system' };
@@ -73,7 +73,7 @@ describe.each(isScopeSufficientCases)('%s: isScopeSufficient', (scopeType: Scope
         );
     });
 
-    test('scope is NOT sufficient for bulk data access: Scope needs to have resourceType "*"', () => {
+    test('scope is NOT sufficient for system bulk data access: Scope needs to have resourceType "*"', () => {
         const clonedScopeRule = emptyScopeRule();
         clonedScopeRule[scopeType].read = ['read'];
 
@@ -82,6 +82,23 @@ describe.each(isScopeSufficientCases)('%s: isScopeSufficient', (scopeType: Scope
             isScopeSufficient(`${scopeType}/Observation.read`, clonedScopeRule, 'read', undefined, bulkDataAuth),
         ).toEqual(false);
     });
+
+    test('scope is sufficient for group export with "system" scopeType, not "user" of "patient" scopeType', () => {
+        const clonedScopeRule = emptyScopeRule();
+        clonedScopeRule[scopeType].read = ['read'];
+        const bulkDataAuth: BulkDataAuth = { operation: 'initiate-export', exportType: 'group' };
+
+        // Only scopeType of system has bulkDataAccess
+        expect(isScopeSufficient(`${scopeType}/*.read`, clonedScopeRule, 'read', undefined, bulkDataAuth)).toEqual(
+            scopeType === 'system',
+        );
+
+        // Group export result is filtered on allowed resourceType, scope not having resourceType "*" should be passed
+        expect(
+            isScopeSufficient(`${scopeType}/Observation.read`, clonedScopeRule, 'read', undefined, bulkDataAuth),
+        ).toEqual(scopeType === 'system');
+    });
+
     test('scope is sufficient to do a search-system', () => {
         const clonedScopeRule = emptyScopeRule();
         clonedScopeRule[scopeType].read = ['search-system'];

src/smartScopeHelper.ts

@@ -84,14 +84,27 @@ function isSmartScopeSufficientForBulkDataAccess(
     smartScope: ClinicalSmartScope,
     scopeRule: ScopeRule,
 ) {
-    const bulkDataRequestHasCorrectScope =
-        bulkDataAuth.exportType === 'system' && // As of 2021-01-09 we only support System Level export
-        ['system', 'user'].includes(smartScope.scopeType) &&
-        smartScope.resourceType === '*' &&
-        ['*', 'read'].includes(smartScope.accessType) &&
-        getValidOperationsForScopeTypeAndAccessType(smartScope.scopeType, smartScope.accessType, scopeRule).includes(
-            'read',
-        );
+    let bulkDataRequestHasCorrectScope = false;
+    if (bulkDataAuth.exportType === 'system') {
+        bulkDataRequestHasCorrectScope =
+            ['system', 'user'].includes(smartScope.scopeType) &&
+            smartScope.resourceType === '*' &&
+            ['*', 'read'].includes(smartScope.accessType) &&
+            getValidOperationsForScopeTypeAndAccessType(
+                smartScope.scopeType,
+                smartScope.accessType,
+                scopeRule,
+            ).includes('read');
+    } else if (bulkDataAuth.exportType === 'group') {
+        bulkDataRequestHasCorrectScope =
+            ['system'].includes(smartScope.scopeType) &&
+            ['*', 'read'].includes(smartScope.accessType) &&
+            getValidOperationsForScopeTypeAndAccessType(
+                smartScope.scopeType,
+                smartScope.accessType,
+                scopeRule,
+            ).includes('read');
+    }
     return (
         ['initiate-export', 'get-status-export', 'cancel-export'].includes(bulkDataAuth.operation) &&
         bulkDataRequestHasCorrectScope