Problem Statement

When we add a user authorities like so:

• FHIR_READ_ALL_OF_TYPE: Task?_tag=https://my.server.ca/provider-1%7CTEST-DQS-HIC-FILTER-1
• FHIR_READ_ALL_OF_TYPE: OperationOutcome?_tag=https://my.server.ca/provider-1%7CTEST-DQS-HIC-FILTER-1

This should indicate that this user is allowed to see the resources that have a meta.tag  that contains the matching criteria, this works fine for Task &  OperationOutcome resources, but when we apply the same for Bundle resources:

• FHIR_READ_ALL_OF_TYPE: Bundle?_tag=https://my.server.ca/provider-1%7CTEST-DQS-HIC-FILTER-1

AND the target bundle['s] are of type Collection the user is not allowed to see the resource when performing a SEARCH Request like so:

http://localhost:8000/Bundle?_tag=https://my.server.ca/provider-1%7CTEST-DQS-HIC-FILTER-1

As soon as we change the target bundle['s] type to something like Document the user is able to search for matching bundles as expected

In both cases (when the bundle type is document || collection ) if the user tries to access the bundle directly with a READ request

GET http://localhost:8000/Bundle/1504 the user is able to access the resource