honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #590 - Handle paging requests for AuthorizationInterceptor

This commit is contained in:
James Agnew 2017-04-20 16:11:09 -04:00
parent b0caf0c2c5
commit bc545f8e3c
4 changed files with 104 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
View File

@ -278,13 +278,12 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
case HISTORY_SYSTEM: case HISTORY_SYSTEM:
case HISTORY_TYPE: case HISTORY_TYPE:
case TRANSACTION: case TRANSACTION:
case GET_PAGE:
case EXTENDED_OPERATION_SERVER: case EXTENDED_OPERATION_SERVER:
case EXTENDED_OPERATION_TYPE: case EXTENDED_OPERATION_TYPE:
case EXTENDED_OPERATION_INSTANCE: { case EXTENDED_OPERATION_INSTANCE: {
if (theResponseObject != null) { if (theResponseObject != null) {
if (theResponseObject instanceof IBaseBundle) { if (theResponseObject instanceof IBaseBundle) {
// IBaseBundle responseBundle = (IBaseBundle) theResponseObject;
// resources = toListOfResources(fhirContext, responseBundle);
resources = toListOfResourcesAndExcludeContainer(theResponseObject, fhirContext); resources = toListOfResourcesAndExcludeContainer(theResponseObject, fhirContext);
} else if (theResponseObject instanceof IBaseParameters) { } else if (theResponseObject instanceof IBaseParameters) {
resources = toListOfResourcesAndExcludeContainer(theResponseObject, fhirContext); resources = toListOfResourcesAndExcludeContainer(theResponseObject, fhirContext);

1
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.java
View File

@ -75,7 +75,6 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
appliesToResourceId = theInputResourceId; appliesToResourceId = theInputResourceId;
appliesToResourceType = theInputResourceId.getResourceType(); appliesToResourceType = theInputResourceId.getResourceType();
break; break;
// return new Verdict(PolicyEnum.ALLOW, this);
case SEARCH_SYSTEM: case SEARCH_SYSTEM:
case SEARCH_TYPE: case SEARCH_TYPE:
case HISTORY_INSTANCE: case HISTORY_INSTANCE:

97
hapi-fhir-structures-dstu2/src/test/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptorDstu2Test.java
View File

@ -1209,6 +1209,102 @@ public class AuthorizationInterceptorDstu2Test {
} }
@Test
public void testReadPageRight() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@Override
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
return new RuleBuilder()
.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"))
.build();
}
});
HttpGet httpGet;
HttpResponse status;
String respString;
Bundle respBundle;
ourReturn = new ArrayList<IResource>();
for (int i = 0; i < 10; i++) {
ourReturn.add(createPatient(1));
}
ourHitMethod = false;
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient?_count=5&_format=json");
status = ourClient.execute(httpGet);
respString = extractResponseAndClose(status);
assertEquals(200, status.getStatusLine().getStatusCode());
assertTrue(ourHitMethod);
respBundle = ourCtx.newJsonParser().parseResource(Bundle.class, respString);
assertEquals(5, respBundle.getEntry().size());
assertEquals(10, respBundle.getTotal().intValue());
assertEquals("Patient/1", respBundle.getEntry().get(0).getResource().getIdElement().toUnqualifiedVersionless().getValue());
assertNotNull(respBundle.getLink("next"));
// Load next page
ourHitMethod = false;
httpGet = new HttpGet(respBundle.getLink("next").getUrl());
status = ourClient.execute(httpGet);
respString = extractResponseAndClose(status);
assertEquals(200, status.getStatusLine().getStatusCode());
assertFalse(ourHitMethod);
respBundle = ourCtx.newJsonParser().parseResource(Bundle.class, respString);
assertEquals(5, respBundle.getEntry().size());
assertEquals(10, respBundle.getTotal().intValue());
assertEquals("Patient/1", respBundle.getEntry().get(0).getResource().getIdElement().toUnqualifiedVersionless().getValue());
assertNull(respBundle.getLink("next"));
}
@Test
public void testReadPageWrong() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@Override
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
return new RuleBuilder()
.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"))
.build();
}
});
HttpGet httpGet;
HttpResponse status;
String respString;
Bundle respBundle;
ourReturn = new ArrayList<IResource>();
for (int i = 0; i < 5; i++) {
ourReturn.add(createPatient(1));
}
for (int i = 0; i < 5; i++) {
ourReturn.add(createPatient(2));
}
ourHitMethod = false;
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient?_count=5&_format=json");
status = ourClient.execute(httpGet);
respString = extractResponseAndClose(status);
assertEquals(200, status.getStatusLine().getStatusCode());
assertTrue(ourHitMethod);
respBundle = ourCtx.newJsonParser().parseResource(Bundle.class, respString);
assertEquals(5, respBundle.getEntry().size());
assertEquals(10, respBundle.getTotal().intValue());
assertEquals("Patient/1", respBundle.getEntry().get(0).getResource().getIdElement().toUnqualifiedVersionless().getValue());
assertNotNull(respBundle.getLink("next"));
// Load next page
ourHitMethod = false;
httpGet = new HttpGet(respBundle.getLink("next").getUrl());
status = ourClient.execute(httpGet);
respString = extractResponseAndClose(status);
assertEquals(403, status.getStatusLine().getStatusCode());
assertFalse(ourHitMethod);
}
@Test @Test
public void testReadByCompartmentWrong() throws Exception { public void testReadByCompartmentWrong() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) { ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@ -1850,6 +1946,7 @@ public class AuthorizationInterceptorDstu2Test {
ourServlet.setFhirContext(ourCtx); ourServlet.setFhirContext(ourCtx);
ourServlet.setResourceProviders(patProvider, obsProv, encProv, cpProv); ourServlet.setResourceProviders(patProvider, obsProv, encProv, cpProv);
ourServlet.setPlainProviders(plainProvider); ourServlet.setPlainProviders(plainProvider);
ourServlet.setPagingProvider(new FifoMemoryPagingProvider(100));
ServletHolder servletHolder = new ServletHolder(ourServlet); ServletHolder servletHolder = new ServletHolder(ourServlet);
proxyHandler.addServletWithMapping(servletHolder, "/*"); proxyHandler.addServletWithMapping(servletHolder, "/*");
ourServer.setHandler(proxyHandler); ourServer.setHandler(proxyHandler);

6
src/changes/changes.xml
View File

@ -6,6 +6,12 @@
<title>HAPI FHIR Changelog</title> <title>HAPI FHIR Changelog</title>
</properties> </properties>
<body> <body>
<release version="2.5" date="TBD">
<action type="fix" issue="590">
AuthorizationInterceptor did not correctly handle paging requests
(e.g. requests for the second page of results for a search operation).
Thanks to Eeva Turkka for reporting!
</action>
<release version="2.4" date="2017-04-19"> <release version="2.4" date="2017-04-19">
<action type="add"> <action type="add">
This release brings the DSTU3 structures up to FHIR R3 (FHIR 3.0.1) definitions. Note that This release brings the DSTU3 structures up to FHIR R3 (FHIR 3.0.1) definitions. Note that