Cleanup

2024-09-10 10:02:52 -04:00 · 2024-09-10 10:02:52 -04:00 · 703924938f
parent 7ad2524272
commit 703924938f
3 changed files with 30 additions and 26 deletions
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
@ -593,7 +593,8 @@ public class AuthorizationInterceptor implements IRuleApplier {
 	}

 	@Nonnull
-	public static List<IBaseResource> toListOfResourcesAndExcludeContainer(IBaseResource theResponseObject, FhirContext fhirContext) {
+	public static List<IBaseResource> toListOfResourcesAndExcludeContainer(
+			IBaseResource theResponseObject, FhirContext fhirContext) {
 		List<IBaseResource> retVal;
 		retVal = fhirContext.newTerser().getAllPopulatedChildElementsOfType(theResponseObject, IBaseResource.class);

--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/OperationRule.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/OperationRule.java
@ -98,14 +98,6 @@ class OperationRule extends BaseRule implements IAuthRule {
 			Pointcut thePointcut) {
 		FhirContext ctx = theRequestDetails.getServer().getFhirContext();

-		// Operation rules apply to the execution of the operation itself, not to side effects like
-		// loading resources (that will presumably be reflected in the response). Those loads need
-		// to be explicitly authorized
-		if (!myAllowAllResourcesAccess && isResourceAccess(thePointcut)) {
-//			return null;
-			// FIXME: remove
-		}
-
 		boolean applies = false;
 		switch (theOperation) {
 			case EXTENDED_OPERATION_SERVER:
@ -174,26 +166,28 @@ class OperationRule extends BaseRule implements IAuthRule {
 		if (theOutputResource == null) {
 			// This is the request part
 			return newVerdict(
-				theOperation,
-				theRequestDetails,
-				theInputResource,
-				theInputResourceId,
-				theOutputResource,
-				theRuleApplier);
-		} else {
-			// This is the response part, so we might want to check all of the
-			// resources in the response
-			if (myAllowAllResponses) {
-				return newVerdict(
 					theOperation,
 					theRequestDetails,
 					theInputResource,
 					theInputResourceId,
 					theOutputResource,
 					theRuleApplier);
+		} else {
+			// This is the response part, so we might want to check all of the
+			// resources in the response
+			if (myAllowAllResponses) {
+				return newVerdict(
+						theOperation,
+						theRequestDetails,
+						theInputResource,
+						theInputResourceId,
+						theOutputResource,
+						theRuleApplier);
 			} else {
-				List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainer(					theOutputResource, theRequestDetails.getFhirContext());
-				return RuleImplOp.applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
+				List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainer(
+						theOutputResource, theRequestDetails.getFhirContext());
+				return RuleImplOp.applyRulesToResponseResources(
+						theRequestDetails, theRuleApplier, thePointcut, outputResources);
 			}
 		}
 	}
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java
@ -835,14 +835,23 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
 	}

 	@Nullable
-	private static Verdict applyRulesToResponseBundle(RequestDetails theRequestDetails, IBaseResource theOutputResource, IRuleApplier theRuleApplier, Pointcut thePointcut) {
-		List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainerUnlessStandalone(
-			theOutputResource, theRequestDetails.getFhirContext());
+	private static Verdict applyRulesToResponseBundle(
+			RequestDetails theRequestDetails,
+			IBaseResource theOutputResource,
+			IRuleApplier theRuleApplier,
+			Pointcut thePointcut) {
+		List<IBaseResource> outputResources =
+				AuthorizationInterceptor.toListOfResourcesAndExcludeContainerUnlessStandalone(
+						theOutputResource, theRequestDetails.getFhirContext());
 		return applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
 	}

 	@Nullable
-	public static Verdict applyRulesToResponseResources(RequestDetails theRequestDetails, IRuleApplier theRuleApplier, Pointcut thePointcut, List<IBaseResource> outputResources) {
+	public static Verdict applyRulesToResponseResources(
+			RequestDetails theRequestDetails,
+			IRuleApplier theRuleApplier,
+			Pointcut thePointcut,
+			List<IBaseResource> outputResources) {
 		Verdict verdict = null;
 		for (IBaseResource nextResource : outputResources) {
 			if (nextResource == null) {