Cleanup

2024-09-10 10:02:52 -04:00 · 2024-09-10 10:02:52 -04:00 · 703924938f
parent 7ad2524272
commit 703924938f
3 changed files with 30 additions and 26 deletions
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
@ -593,7 +593,8 @@ public class AuthorizationInterceptor implements IRuleApplier {
 	}

 	@Nonnull
-	public static List<IBaseResource> toListOfResourcesAndExcludeContainer(IBaseResource theResponseObject, FhirContext fhirContext) {
+	public static List<IBaseResource> toListOfResourcesAndExcludeContainer(
+			IBaseResource theResponseObject, FhirContext fhirContext) {
 		List<IBaseResource> retVal;
 		retVal = fhirContext.newTerser().getAllPopulatedChildElementsOfType(theResponseObject, IBaseResource.class);

--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/OperationRule.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/OperationRule.java
@ -98,14 +98,6 @@ class OperationRule extends BaseRule implements IAuthRule {
 			Pointcut thePointcut) {
 		FhirContext ctx = theRequestDetails.getServer().getFhirContext();

-		// Operation rules apply to the execution of the operation itself, not to side effects like
-		// loading resources (that will presumably be reflected in the response). Those loads need
-		// to be explicitly authorized
-		if (!myAllowAllResourcesAccess && isResourceAccess(thePointcut)) {
-//			return null;
-			// FIXME: remove
-		}
-
 		boolean applies = false;
 		switch (theOperation) {
 			case EXTENDED_OPERATION_SERVER:
@ -192,8 +184,10 @@ class OperationRule extends BaseRule implements IAuthRule {
 						theOutputResource,
 						theRuleApplier);
 			} else {
-				List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainer(					theOutputResource, theRequestDetails.getFhirContext());
-				return RuleImplOp.applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
+				List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainer(
+						theOutputResource, theRequestDetails.getFhirContext());
+				return RuleImplOp.applyRulesToResponseResources(
+						theRequestDetails, theRuleApplier, thePointcut, outputResources);
 			}
 		}
 	}
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java
@ -835,14 +835,23 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
 	}

 	@Nullable
-	private static Verdict applyRulesToResponseBundle(RequestDetails theRequestDetails, IBaseResource theOutputResource, IRuleApplier theRuleApplier, Pointcut thePointcut) {
-		List<IBaseResource> outputResources = AuthorizationInterceptor.toListOfResourcesAndExcludeContainerUnlessStandalone(
+	private static Verdict applyRulesToResponseBundle(
+			RequestDetails theRequestDetails,
+			IBaseResource theOutputResource,
+			IRuleApplier theRuleApplier,
+			Pointcut thePointcut) {
+		List<IBaseResource> outputResources =
+				AuthorizationInterceptor.toListOfResourcesAndExcludeContainerUnlessStandalone(
 						theOutputResource, theRequestDetails.getFhirContext());
 		return applyRulesToResponseResources(theRequestDetails, theRuleApplier, thePointcut, outputResources);
 	}

 	@Nullable
-	public static Verdict applyRulesToResponseResources(RequestDetails theRequestDetails, IRuleApplier theRuleApplier, Pointcut thePointcut, List<IBaseResource> outputResources) {
+	public static Verdict applyRulesToResponseResources(
+			RequestDetails theRequestDetails,
+			IRuleApplier theRuleApplier,
+			Pointcut thePointcut,
+			List<IBaseResource> outputResources) {
 		Verdict verdict = null;
 		for (IBaseResource nextResource : outputResources) {
 			if (nextResource == null) {