Cleanup
This commit is contained in:
James Agnew
parent
7ad2524272
commit
703924938f
|
|
@ -593,7 +593,8 @@ public class AuthorizationInterceptor implements IRuleApplier {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nonnull
|
@Nonnull
|
||||||
public static List<IBaseResource> toListOfResourcesAndExcludeContainer(IBaseResource theResponseObject, FhirContext fhirContext) {
|
public static List<IBaseResource> toListOfResourcesAndExcludeContainer(
|
||||||
|
IBaseResource theResponseObject, FhirContext fhirContext) {
|
||||||
List<IBaseResource> retVal;
|
List<IBaseResource> retVal;
|
||||||
retVal = fhirContext.newTerser().getAllPopulatedChildElementsOfType(theResponseObject, IBaseResource.class);
|
retVal = fhirContext.newTerser().getAllPopulatedChildElementsOfType(theResponseObject, IBaseResource.class);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -98,14 +98,6 @@ class OperationRule extends BaseRule implements IAuthRule {
|
||||||
Pointcut thePointcut) {
|
Pointcut thePointcut) {
|
||||||
FhirContext ctx = theRequestDetails.getServer().getFhirContext();
|
FhirContext ctx = theRequestDetails.getServer().getFhirContext();
|
||||||
|
|
||||||
// Operation rules apply to the execution of the operation itself, not to side effects like
|
|
||||||
// loading resources (that will presumably be reflected in the response). Those loads need
|
|
||||||
// to be explicitly authorized
|
|
||||||
if (!myAllowAllResourcesAccess && isResourceAccess(thePointcut)) {
|
|
||||||
// return null;
|
|
||||||
// FIXME: remove
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean applies = false;
|
boolean applies = false;
|
||||||
switch (theOperation) {
|
switch (theOperation) {
|
||||||
case EXTENDED_OPERATION_SERVER:
|
case EXTENDED_OPERATION_SERVER:
|
||||||
|
|
@ -174,26 +166,28 @@ class OperationRule extends BaseRule implements IAuthRule {
|
||||||
if (theOutputResource == null) {
|
if (theOutputResource == null) {
|
||||||
// This is the request part
|
// This is the request part
|
||||||
return newVerdict(
|
return newVerdict(
|
||||||
theOperation,
|
|
||||||
theRequestDetails,
|
|
||||||
theInputResource,
|
|
||||||
theInputResourceId,
|
|
||||||
theOutputResource,
|
|
||||||
theRuleApplier);
|
|
||||||
} else {
|
|
||||||
// This is the response part, so we might want to check all of the
|
|
||||||
// resources in the response
|
|
||||||
if (myAllowAllResponses) {
|
|
||||||
return newVerdict(
|
|
||||||
theOperation,
|
theOperation,
|
||||||
theRequestDetails,
|
theRequestDetails,
|
||||||
theInputResource,
|
theInputResource,
|
||||||
theInputResourceId,
|
theInputResourceId,
|
||||||
theOutputResource,
|
theOutputResource,
|
||||||
theRuleApplier);
|
theRuleApplier);
|
||||||
|
} else {
|
||||||
|
// This is the response part, so we might want to check all of the
|
||||||
|
// resources in the response
|
||||||
|
if (myAllowAllResponses) {
|
||||||
|
return newVerdict(
|
||||||
|
theOperation,
|
||||||
|
theRequestDetails,
|
||||||
|
theInputResource,
|
||||||
|
theInputResourceId,
|
||||||
|
theOutputResource,
|
||||||
|
theRuleApplier);
|
||||||
} else {
|
} else {
|
||||||
List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainer( theOutputResource, theRequestDetails.getFhirContext());
|
List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainer(
|
||||||
return RuleImplOp.applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
|
theOutputResource, theRequestDetails.getFhirContext());
|
||||||
|
return RuleImplOp.applyRulesToResponseResources(
|
||||||
|
theRequestDetails, theRuleApplier, thePointcut, outputResources);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -835,14 +835,23 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
private static Verdict applyRulesToResponseBundle(RequestDetails theRequestDetails, IBaseResource theOutputResource, IRuleApplier theRuleApplier, Pointcut thePointcut) {
|
private static Verdict applyRulesToResponseBundle(
|
||||||
List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainerUnlessStandalone(
|
RequestDetails theRequestDetails,
|
||||||
theOutputResource, theRequestDetails.getFhirContext());
|
IBaseResource theOutputResource,
|
||||||
|
IRuleApplier theRuleApplier,
|
||||||
|
Pointcut thePointcut) {
|
||||||
|
List<IBaseResource> outputResources =
|
||||||
|
AuthorizationInterceptor.toListOfResourcesAndExcludeContainerUnlessStandalone(
|
||||||
|
theOutputResource, theRequestDetails.getFhirContext());
|
||||||
return applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
|
return applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
public static Verdict applyRulesToResponseResources(RequestDetails theRequestDetails, IRuleApplier theRuleApplier, Pointcut thePointcut, List<IBaseResource> outputResources) {
|
public static Verdict applyRulesToResponseResources(
|
||||||
|
RequestDetails theRequestDetails,
|
||||||
|
IRuleApplier theRuleApplier,
|
||||||
|
Pointcut thePointcut,
|
||||||
|
List<IBaseResource> outputResources) {
|
||||||
Verdict verdict = null;
|
Verdict verdict = null;
|
||||||
for (IBaseResource nextResource : outputResources) {
|
for (IBaseResource nextResource : outputResources) {
|
||||||
if (nextResource == null) {
|
if (nextResource == null) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue