honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

undo unintended backport fix undo (#5862) 

Co-authored-by: Long Ma <long@smilecdr.com>
This commit is contained in:
longma1 2024-04-19 13:02:24 -06:00 committed by GitHub
parent 79c7820d02
commit 54d4b0fefe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 1 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
hapi-fhir-jpaserver-test-utilities/src/test/java/ca/uhn/fhir/jpa/auth/RuleImplOpTest.java
View File

@ -1,135 +0,0 @@
package ca.uhn.fhir.jpa.auth;
import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import ca.uhn.fhir.rest.api.server.SystemRequestDetails;
import ca.uhn.fhir.rest.server.exceptions.InvalidRequestException;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
import ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule;
import ca.uhn.fhir.rest.server.interceptor.auth.IRuleApplier;
import ca.uhn.fhir.rest.server.interceptor.auth.PolicyEnum;
import ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder;
import ca.uhn.fhir.util.BundleBuilder;
import org.hl7.fhir.instance.model.api.IBaseBundle;
import org.hl7.fhir.r4.model.CodeType;
import org.hl7.fhir.r4.model.IdType;
import org.hl7.fhir.r4.model.Parameters;
import org.hl7.fhir.r4.model.Patient;
import org.hl7.fhir.r4.model.StringType;
import org.junit.jupiter.api.Test;
import java.util.HashSet;
import java.util.List;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.fail;
public class RuleImplOpTest {
private static final String OPERATION = "operation";
private static final String TYPE = "type";
private static final String PATH = "path";
private static final String VALUE = "value";
private static final String REPLACE = "replace";
private static final String PATIENT_BIRTH_DATE = "Patient.birthDate";
private static final Parameters PARAMETERS = buildParameters();
private static final String DOCUMENT = "document";
private static final String ERROR_TEMPLATE = "HAPI-0339: Can not handle nested Parameters with %s operation";
private static final String ERROR_UPDATE = String.format(ERROR_TEMPLATE, "UPDATE");
private static final String ERROR_CREATE = String.format(ERROR_TEMPLATE, "CREATE");
private static final String REQUEST_RULELIST = AuthorizationInterceptor.class.getName() + "_1_RULELIST";
private final Patient myPatient = buildPatient();
private final List<IAuthRule> myRules = new RuleBuilder()
.allow()
.transaction()
.withAnyOperation()
.andApplyNormalRules()
.andThen()
.allow()
.write()
.allResources()
.withAnyId()
.build();
private final IAuthRule myRule = myRules.get(0);
private final FhirContext myFhirContext = FhirContext.forR4Cached();
private final IBaseBundle myInnerBundle = buildInnerBundler(myFhirContext);
private final RequestDetails mySystemRequestDetails = buildSystemRequestDetails(myFhirContext, myRules);
private final IRuleApplier myRuleApplier = new AuthorizationInterceptor();
@Test
void testTransactionBundleUpdateWithParameters() {
final BundleBuilder bundleBuilder = new BundleBuilder(myFhirContext);
bundleBuilder.addTransactionUpdateEntry(PARAMETERS);
try {
applyRule(bundleBuilder.getBundle());
fail("Expected an InvalidRequestException");
} catch (InvalidRequestException exception) {
assertEquals(ERROR_UPDATE, exception.getMessage());
}
}
@Test
void testTransactionBundleWithNestedBundle() {
final BundleBuilder bundleBuilder = new BundleBuilder(myFhirContext);
bundleBuilder.addTransactionCreateEntry(myInnerBundle);
try {
applyRule(bundleBuilder.getBundle());
fail("Expected an InvalidRequestException");
} catch (InvalidRequestException exception) {
assertEquals(ERROR_CREATE, exception.getMessage());
}
}
@Test
void testTransactionBundlePatchWithParameters() {
final BundleBuilder bundleBuilder = new BundleBuilder(myFhirContext);
bundleBuilder.addTransactionFhirPatchEntry(myPatient.getIdElement(), PARAMETERS);
final AuthorizationInterceptor.Verdict verdict = applyRule(bundleBuilder.getBundle());
assertThat(verdict.getDecision(), equalTo(PolicyEnum.ALLOW));
}
private AuthorizationInterceptor.Verdict applyRule(IBaseBundle theBundle) {
return myRule.applyRule(RestOperationTypeEnum.TRANSACTION, mySystemRequestDetails, theBundle, myPatient.getIdElement(), myPatient, myRuleApplier, new HashSet<>(), null);
}
private static Parameters buildParameters() {
final Parameters patch = new Parameters();
final Parameters.ParametersParameterComponent op = patch.addParameter().setName(OPERATION);
op.addPart().setName(TYPE).setValue(new CodeType(REPLACE));
op.addPart().setName(PATH).setValue(new CodeType(PATIENT_BIRTH_DATE));
op.addPart().setName(VALUE).setValue(new StringType("1912-04-14"));
return patch;
}
private static RequestDetails buildSystemRequestDetails(FhirContext theFhirContext, List<IAuthRule> theRules) {
final SystemRequestDetails systemRequestDetails = new SystemRequestDetails();
systemRequestDetails.setFhirContext(theFhirContext);
systemRequestDetails.getUserData().put(REQUEST_RULELIST, theRules);
return systemRequestDetails;
}
private static Patient buildPatient() {
final Patient patient = new Patient();
patient.setId(new IdType("Patient", "1"));
return patient;
}
private static IBaseBundle buildInnerBundler(FhirContext theFhirContext) {
final BundleBuilder innerBundleBuilder = new BundleBuilder(theFhirContext);
innerBundleBuilder.setType(DOCUMENT);
return innerBundleBuilder.getBundle();
}
}

4
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java
View File

@ -859,7 +859,6 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
*/ */
private boolean isInvalidNestedParametersRequest( private boolean isInvalidNestedParametersRequest(
FhirContext theContext, BundleEntryParts theEntry, RestOperationTypeEnum theOperation) { FhirContext theContext, BundleEntryParts theEntry, RestOperationTypeEnum theOperation) {
IBaseResource resource = theEntry.getResource(); IBaseResource resource = theEntry.getResource();
if (resource == null) { if (resource == null) {
return false; return false;
@ -867,10 +866,9 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
RuntimeResourceDefinition resourceDefinition = theContext.getResourceDefinition(resource); RuntimeResourceDefinition resourceDefinition = theContext.getResourceDefinition(resource);
final boolean isResourceParameters = PARAMETERS.equals(resourceDefinition.getName()); final boolean isResourceParameters = PARAMETERS.equals(resourceDefinition.getName());
final boolean isResourceBundle = BUNDLE.equals(resourceDefinition.getName());
final boolean isOperationPatch = theOperation == RestOperationTypeEnum.PATCH; final boolean isOperationPatch = theOperation == RestOperationTypeEnum.PATCH;
return (isResourceParameters && !isOperationPatch) || isResourceBundle; return (isResourceParameters && !isOperationPatch);
} }
private void setTargetFromResourceId(RequestDetails theRequestDetails, FhirContext ctx, RuleTarget target) { private void setTargetFromResourceId(RequestDetails theRequestDetails, FhirContext ctx, RuleTarget target) {