Try to fix tests

2016-04-20 09:03:43 -04:00 · 2016-04-20 09:03:43 -04:00 · a8b121d868
parent 8bb00839d0
commit a8b121d868
3 changed files with 53 additions and 2 deletions
--- a/examples/src/main/java/example/AuthorizationInterceptors.java
+++ b/examples/src/main/java/example/AuthorizationInterceptors.java
@ -0,0 +1,34 @@
+package example;
+
+import java.util.List;
+
+import ca.uhn.fhir.model.dstu2.resource.Patient;
+import ca.uhn.fhir.rest.method.RequestDetails;
+import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
+import ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule;
+import ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder;
+
+public class AuthorizationInterceptors {
+
+   public class PatientAndAdminAuthorizationInterceptor extends AuthorizationInterceptor {
+      @Override
+      public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
+         
+         String authHeader = theRequestDetails.getHeader("Authorization");
+         /* 
+          * Process authorization header - The following is a fake 
+          * implementation. Obviously we'd want something more real
+          * for a production scenario. 
+          */
+         
+         // If the authorization header was determined to be 
+         Long callerIsPatientId = null;
+         
+         return new RuleBuilder()
+            .deny("Rule 1").read().resourcesOfType(Patient.class).withAnyId().andThen()
+            .allowAll("Default Rule")
+            .build();
+      }
+   }
+
+}
--- a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/ResourceProviderDstu3Test.java
+++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/ResourceProviderDstu3Test.java
@ -171,7 +171,7 @@ public class ResourceProviderDstu3Test extends BaseResourceProviderDstu3Test {
 			client.create().resource(resBody).execute().getId();
 			fail();
 		} catch (UnprocessableEntityException e) {
-			assertThat(e.getMessage(), containsString("Unable to store a Bundle resource on this server with a Bundle.type value other than 'document' - Value was: transaction"));
+			assertThat(e.getMessage(), containsString("Unable to store a Bundle resource on this server with a Bundle.type value of: transaction"));
 		}
 	}

--- a/src/site/xdoc/doc_rest_server_security.xml
+++ b/src/site/xdoc/doc_rest_server_security.xml
@ -78,7 +78,24 @@
 				has the appropriate permission to perform a given task on a FHIR server. This is
 				done by declaring
 			</p>
-						
+			<p class="doc_info_bubble">
+				AuthorizationInterceptor is a new feature in HAPI FHIR, and has not yet
+				been heavily tested. Use with caution, and do lots of testing! We welcome
+				feedback and suggestions on this feature.
+			</p>
+			
+			<p>
+				The AuthorizationInterceptor works by allowing you to declare 
+				permissions based on an individual request coming in. In other
+				words, you could have code that examines an incoming request and
+				determines that it is being made by a Patient with ID 123. You
+				could then declare that the requesting user has access to read and
+				write any resource in compartment "Patient/123", which corresponds
+				to any Observation, MedicationOrder etc with a subject of 
+				"<code>Patient/123</code>". On the other hand, another request
+				might be detemrined to belong to an administrator user, and
+				could be declared to be allowed to do anything.
+			</p>
 		</section>
 		
 	</body>