Skip to main content

GeneralPractitioner

This validator ensures that a patient can access only the resources referenced in their general practitioner field. It supports access to three entity types: Practitioner, PractitionerRole, and Organization. Any attempt to access other entity types will result in a GraphQL error.

For practitioner clients, this validator allows access to a patient's patient compartment if Patient.generalPractitioner matches the identity of the practitioner client.

Resource creation results in Unauthorized errors because the relationship with the general practitioner cannot be validated. These scenarios require an explicit Allowed rule.

For all other actions (read, update, delete), the validator checks if the requested resource is referenced in the patient's general practitioner field. If it is, the operation is permitted. Search is limited to entities specified in the general practitioner field.

Enable access to an Organization resource which is linked as the patient's general practitioner.
{
    "client_role": "Patient",
    "entity_name": "Organization",
    "operation": "read",
    "validator": "GeneralPractitioner",
}