Issue #590 - Handle paging requests for AuthorizationInterceptor
This commit is contained in:
parent
b0caf0c2c5
commit
bc545f8e3c
|
@ -278,13 +278,12 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
|
|||
case HISTORY_SYSTEM:
|
||||
case HISTORY_TYPE:
|
||||
case TRANSACTION:
|
||||
case GET_PAGE:
|
||||
case EXTENDED_OPERATION_SERVER:
|
||||
case EXTENDED_OPERATION_TYPE:
|
||||
case EXTENDED_OPERATION_INSTANCE: {
|
||||
if (theResponseObject != null) {
|
||||
if (theResponseObject instanceof IBaseBundle) {
|
||||
// IBaseBundle responseBundle = (IBaseBundle) theResponseObject;
|
||||
// resources = toListOfResources(fhirContext, responseBundle);
|
||||
resources = toListOfResourcesAndExcludeContainer(theResponseObject, fhirContext);
|
||||
} else if (theResponseObject instanceof IBaseParameters) {
|
||||
resources = toListOfResourcesAndExcludeContainer(theResponseObject, fhirContext);
|
||||
|
|
|
@ -75,7 +75,6 @@ class RuleImplOp extends BaseRule /* implements IAuthRule */ {
|
|||
appliesToResourceId = theInputResourceId;
|
||||
appliesToResourceType = theInputResourceId.getResourceType();
|
||||
break;
|
||||
// return new Verdict(PolicyEnum.ALLOW, this);
|
||||
case SEARCH_SYSTEM:
|
||||
case SEARCH_TYPE:
|
||||
case HISTORY_INSTANCE:
|
||||
|
|
|
@ -1209,6 +1209,102 @@ public class AuthorizationInterceptorDstu2Test {
|
|||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testReadPageRight() throws Exception {
|
||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||
@Override
|
||||
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||
return new RuleBuilder()
|
||||
.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||
.build();
|
||||
}
|
||||
});
|
||||
|
||||
HttpGet httpGet;
|
||||
HttpResponse status;
|
||||
String respString;
|
||||
Bundle respBundle;
|
||||
|
||||
ourReturn = new ArrayList<IResource>();
|
||||
for (int i = 0; i < 10; i++) {
|
||||
ourReturn.add(createPatient(1));
|
||||
}
|
||||
|
||||
ourHitMethod = false;
|
||||
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient?_count=5&_format=json");
|
||||
status = ourClient.execute(httpGet);
|
||||
respString = extractResponseAndClose(status);
|
||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||
assertTrue(ourHitMethod);
|
||||
respBundle = ourCtx.newJsonParser().parseResource(Bundle.class, respString);
|
||||
assertEquals(5, respBundle.getEntry().size());
|
||||
assertEquals(10, respBundle.getTotal().intValue());
|
||||
assertEquals("Patient/1", respBundle.getEntry().get(0).getResource().getIdElement().toUnqualifiedVersionless().getValue());
|
||||
assertNotNull(respBundle.getLink("next"));
|
||||
|
||||
// Load next page
|
||||
|
||||
ourHitMethod = false;
|
||||
httpGet = new HttpGet(respBundle.getLink("next").getUrl());
|
||||
status = ourClient.execute(httpGet);
|
||||
respString = extractResponseAndClose(status);
|
||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||
assertFalse(ourHitMethod);
|
||||
respBundle = ourCtx.newJsonParser().parseResource(Bundle.class, respString);
|
||||
assertEquals(5, respBundle.getEntry().size());
|
||||
assertEquals(10, respBundle.getTotal().intValue());
|
||||
assertEquals("Patient/1", respBundle.getEntry().get(0).getResource().getIdElement().toUnqualifiedVersionless().getValue());
|
||||
assertNull(respBundle.getLink("next"));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testReadPageWrong() throws Exception {
|
||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||
@Override
|
||||
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||
return new RuleBuilder()
|
||||
.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||
.build();
|
||||
}
|
||||
});
|
||||
|
||||
HttpGet httpGet;
|
||||
HttpResponse status;
|
||||
String respString;
|
||||
Bundle respBundle;
|
||||
|
||||
ourReturn = new ArrayList<IResource>();
|
||||
for (int i = 0; i < 5; i++) {
|
||||
ourReturn.add(createPatient(1));
|
||||
}
|
||||
for (int i = 0; i < 5; i++) {
|
||||
ourReturn.add(createPatient(2));
|
||||
}
|
||||
|
||||
ourHitMethod = false;
|
||||
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient?_count=5&_format=json");
|
||||
status = ourClient.execute(httpGet);
|
||||
respString = extractResponseAndClose(status);
|
||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||
assertTrue(ourHitMethod);
|
||||
respBundle = ourCtx.newJsonParser().parseResource(Bundle.class, respString);
|
||||
assertEquals(5, respBundle.getEntry().size());
|
||||
assertEquals(10, respBundle.getTotal().intValue());
|
||||
assertEquals("Patient/1", respBundle.getEntry().get(0).getResource().getIdElement().toUnqualifiedVersionless().getValue());
|
||||
assertNotNull(respBundle.getLink("next"));
|
||||
|
||||
// Load next page
|
||||
|
||||
ourHitMethod = false;
|
||||
httpGet = new HttpGet(respBundle.getLink("next").getUrl());
|
||||
status = ourClient.execute(httpGet);
|
||||
respString = extractResponseAndClose(status);
|
||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||
assertFalse(ourHitMethod);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testReadByCompartmentWrong() throws Exception {
|
||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||
|
@ -1850,6 +1946,7 @@ public class AuthorizationInterceptorDstu2Test {
|
|||
ourServlet.setFhirContext(ourCtx);
|
||||
ourServlet.setResourceProviders(patProvider, obsProv, encProv, cpProv);
|
||||
ourServlet.setPlainProviders(plainProvider);
|
||||
ourServlet.setPagingProvider(new FifoMemoryPagingProvider(100));
|
||||
ServletHolder servletHolder = new ServletHolder(ourServlet);
|
||||
proxyHandler.addServletWithMapping(servletHolder, "/*");
|
||||
ourServer.setHandler(proxyHandler);
|
||||
|
|
|
@ -6,6 +6,12 @@
|
|||
<title>HAPI FHIR Changelog</title>
|
||||
</properties>
|
||||
<body>
|
||||
<release version="2.5" date="TBD">
|
||||
<action type="fix" issue="590">
|
||||
AuthorizationInterceptor did not correctly handle paging requests
|
||||
(e.g. requests for the second page of results for a search operation).
|
||||
Thanks to Eeva Turkka for reporting!
|
||||
</action>
|
||||
<release version="2.4" date="2017-04-19">
|
||||
<action type="add">
|
||||
This release brings the DSTU3 structures up to FHIR R3 (FHIR 3.0.1) definitions. Note that
|
||||
|
|
Loading…
Reference in New Issue