From 6551eb0a4eb5d640d81abdf2439dea24a3047b15 Mon Sep 17 00:00:00 2001
From: Alvin Leonard <alvin@tyde.com>
Date: Wed, 11 Oct 2017 13:40:03 +1100
Subject: [PATCH 1/2] Fix deleteByUrl to respect InCompartment Authorization

Moved the assignment of the resource to delete before the actual delete as it will be used by the authorization to determine if this resource is in the compartment.
---
 .../java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java   | 2 +-
 .../AuthorizationInterceptorResourceProviderDstu3Test.java  | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java b/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
index 2c483a06092..46357a02595 100644
--- a/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
+++ b/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
@@ -255,6 +255,7 @@ public abstract class BaseHapiFhirResourceDao<T extends IBaseResource> extends B
 			deletedResources.add(entity);
 
 			validateOkToDelete(deleteConflicts, entity);
+			T resourceToDelete = toResource(myResourceType, entity, false);
 
 			// Notify interceptors
 			IdDt idToDelete = entity.getIdDt();
@@ -268,7 +269,6 @@ public abstract class BaseHapiFhirResourceDao<T extends IBaseResource> extends B
 			updateEntity(null, entity, updateTime, updateTime);
 
 			// Notify JPA interceptors
-			T resourceToDelete = toResource(myResourceType, entity, false);
 			if (theRequestDetails != null) {
 				theRequestDetails.getRequestOperationCallback().resourceDeleted(resourceToDelete);
 				ActionRequestDetails requestDetails = new ActionRequestDetails(theRequestDetails, idToDelete.getResourceType(), idToDelete);
diff --git a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/AuthorizationInterceptorResourceProviderDstu3Test.java b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/AuthorizationInterceptorResourceProviderDstu3Test.java
index cddc9ccd802..48c68698726 100644
--- a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/AuthorizationInterceptorResourceProviderDstu3Test.java
+++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/AuthorizationInterceptorResourceProviderDstu3Test.java
@@ -84,7 +84,7 @@ public class AuthorizationInterceptorResourceProviderDstu3Test extends BaseResou
 	
 
 	/**
-	 * See #503
+	 * See #503 #751
 	 */
 	@Test
 	public void testDeleteIsAllowedForCompartment() {
@@ -99,6 +99,9 @@ public class AuthorizationInterceptorResourceProviderDstu3Test extends BaseResou
 		obsInCompartment.getSubject().setReferenceElement(id.toUnqualifiedVersionless());
 		IIdType obsInCompartmentId = ourClient.create().resource(obsInCompartment).execute().getId().toUnqualifiedVersionless();
 		
+		// create a 2nd observation to be deleted by url Observation?patient=id
+        ourClient.create().resource(obsInCompartment).execute().getId().toUnqualifiedVersionless();
+		
 		Observation obsNotInCompartment = new Observation();
 		obsNotInCompartment.setStatus(ObservationStatus.FINAL);
 		IIdType obsNotInCompartmentId = ourClient.create().resource(obsNotInCompartment).execute().getId().toUnqualifiedVersionless();
@@ -115,6 +118,7 @@ public class AuthorizationInterceptorResourceProviderDstu3Test extends BaseResou
 		});
 		
 		ourClient.delete().resourceById(obsInCompartmentId.toUnqualifiedVersionless()).execute();
+		ourClient.delete().resourceConditionalByUrl("Observation?patient=" + id.toUnqualifiedVersionless()).execute();
 
 		try {
 			ourClient.delete().resourceById(obsNotInCompartmentId.toUnqualifiedVersionless()).execute();

From 2114dd77062bf023e25d53ad7629652f4e1db719 Mon Sep 17 00:00:00 2001
From: Alvin Leonard <alvin@tyde.com>
Date: Wed, 11 Oct 2017 15:09:41 +1100
Subject: [PATCH 2/2] We need to set the resource id to the entity id after the
 update entity.

---
 .../main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java b/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
index 46357a02595..6efe7f3efed 100644
--- a/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
+++ b/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/dao/BaseHapiFhirResourceDao.java
@@ -254,8 +254,8 @@ public abstract class BaseHapiFhirResourceDao<T extends IBaseResource> extends B
 			ResourceTable entity = myEntityManager.find(ResourceTable.class, pid);
 			deletedResources.add(entity);
 
-			validateOkToDelete(deleteConflicts, entity);
 			T resourceToDelete = toResource(myResourceType, entity, false);
+			validateOkToDelete(deleteConflicts, entity);
 
 			// Notify interceptors
 			IdDt idToDelete = entity.getIdDt();
@@ -267,6 +267,7 @@ public abstract class BaseHapiFhirResourceDao<T extends IBaseResource> extends B
 			// Perform delete
 			Date updateTime = new Date();
 			updateEntity(null, entity, updateTime, updateTime);
+	        resourceToDelete.setId(entity.getIdDt());
 
 			// Notify JPA interceptors
 			if (theRequestDetails != null) {