honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #756 from alvinleonard/751-fix-deletebyurl 

Fix deleteByUrl to respect InCompartment Authorization
This commit is contained in:
James Agnew 2017-11-22 19:19:32 -05:00 committed by GitHub
parent 5a8e88200b 2114dd7706
commit 3aebfb575a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
View File

@ -256,6 +256,7 @@ public abstract class BaseHapiFhirResourceDao<T extends IBaseResource> extends B
ResourceTable entity = myEntityManager.find(ResourceTable.class, pid);
deletedResources.add(entity);
T resourceToDelete = toResource(myResourceType, entity, false);
validateOkToDelete(deleteConflicts, entity);
// Notify interceptors
@ -268,9 +269,9 @@ public abstract class BaseHapiFhirResourceDao<T extends IBaseResource> extends B
// Perform delete
Date updateTime = new Date();
updateEntity(null, entity, updateTime, updateTime);
resourceToDelete.setId(entity.getIdDt());
// Notify JPA interceptors
T resourceToDelete = toResource(myResourceType, entity, false);
if (theRequestDetails != null) {
theRequestDetails.getRequestOperationCallback().resourceDeleted(resourceToDelete);
ActionRequestDetails requestDetails = new ActionRequestDetails(theRequestDetails, idToDelete.getResourceType(), idToDelete);

6
hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/AuthorizationInterceptorResourceProviderDstu3Test.java
View File

@ -84,7 +84,7 @@ public class AuthorizationInterceptorResourceProviderDstu3Test extends BaseResou
/**
* See #503
* See #503 #751
*/
@Test
public void testDeleteIsAllowedForCompartment() {
@ -99,6 +99,9 @@ public class AuthorizationInterceptorResourceProviderDstu3Test extends BaseResou
obsInCompartment.getSubject().setReferenceElement(id.toUnqualifiedVersionless());
IIdType obsInCompartmentId = ourClient.create().resource(obsInCompartment).execute().getId().toUnqualifiedVersionless();
// create a 2nd observation to be deleted by url Observation?patient=id
ourClient.create().resource(obsInCompartment).execute().getId().toUnqualifiedVersionless();
Observation obsNotInCompartment = new Observation();
obsNotInCompartment.setStatus(ObservationStatus.FINAL);
IIdType obsNotInCompartmentId = ourClient.create().resource(obsNotInCompartment).execute().getId().toUnqualifiedVersionless();
@ -115,6 +118,7 @@ public class AuthorizationInterceptorResourceProviderDstu3Test extends BaseResou
});
ourClient.delete().resourceById(obsInCompartmentId.toUnqualifiedVersionless()).execute();
ourClient.delete().resourceConditionalByUrl("Observation?patient=" + id.toUnqualifiedVersionless()).execute();
try {
ourClient.delete().resourceById(obsNotInCompartmentId.toUnqualifiedVersionless()).execute();