From e6ca408f670612ac84a2b1fddf9b93af6d7ebdce Mon Sep 17 00:00:00 2001
From: James Agnew <jamesagnew@gmail.com>
Date: Thu, 12 Jul 2018 18:40:15 -0400
Subject: [PATCH] Permissions for operations

---
 .../dao/r4/FhirResourceDaoR4UpdateTest.java   |  4 +-
 ...minologyLoaderSvcIntegrationDstu3Test.java |  2 +-
 .../server/method/OperationMethodBinding.java |  2 +-
 .../AuthorizationInterceptorR4Test.java       | 59 ++++++++++++++++++-
 4 files changed, 62 insertions(+), 5 deletions(-)

diff --git a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/dao/r4/FhirResourceDaoR4UpdateTest.java b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/dao/r4/FhirResourceDaoR4UpdateTest.java
index df2d328b64a..e57b2552f44 100644
--- a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/dao/r4/FhirResourceDaoR4UpdateTest.java
+++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/dao/r4/FhirResourceDaoR4UpdateTest.java
@@ -48,7 +48,7 @@ public class FhirResourceDaoR4UpdateTest extends BaseJpaR4Test {
 		p.getPhotoFirstRep().setCreationElement(new DateTimeType("2011")); // non-indexed field
 		IIdType id = myPatientDao.create(p).getId().toUnqualifiedVersionless();
 
-		assertEquals(2, QueryCountHolder.getGrandTotal().getInsert());
+		assertEquals(3, QueryCountHolder.getGrandTotal().getInsert());
 		runInTransaction(()->{
 			assertEquals(1, myResourceTableDao.count());
 			assertEquals(1, myResourceHistoryTableDao.count());
@@ -60,7 +60,7 @@ public class FhirResourceDaoR4UpdateTest extends BaseJpaR4Test {
 		p.getPhotoFirstRep().setCreationElement(new DateTimeType("2012")); // non-indexed field
 		myPatientDao.update(p).getId().toUnqualifiedVersionless();
 
-		assertEquals(2, QueryCountHolder.getGrandTotal().getInsert());
+		assertEquals(1, QueryCountHolder.getGrandTotal().getInsert());
 		runInTransaction(()->{
 			assertEquals(1, myResourceTableDao.count());
 			assertEquals(2, myResourceHistoryTableDao.count());
diff --git a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/term/TerminologyLoaderSvcIntegrationDstu3Test.java b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/term/TerminologyLoaderSvcIntegrationDstu3Test.java
index 52a2607ee69..daf108cdded 100644
--- a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/term/TerminologyLoaderSvcIntegrationDstu3Test.java
+++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/term/TerminologyLoaderSvcIntegrationDstu3Test.java
@@ -186,7 +186,7 @@ public class TerminologyLoaderSvcIntegrationDstu3Test extends BaseJpaDstu3Test {
 		assertTrue(propertyValue.isPresent());
 		assertEquals(IHapiTerminologyLoaderSvc.LOINC_URI, propertyValue.get().getSystem());
 		assertEquals("LP19258-0", propertyValue.get().getCode());
-		assertEquals("Qn", propertyValue.get().getDisplay());
+		assertEquals("Large unstained cells/100 leukocytes", propertyValue.get().getDisplay());
 	}
 
 
diff --git a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/OperationMethodBinding.java b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/OperationMethodBinding.java
index 5deaa1209e9..a359bede97e 100644
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/OperationMethodBinding.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/OperationMethodBinding.java
@@ -122,7 +122,7 @@ public class OperationMethodBinding extends BaseResourceReturningMethodBinding {
 			myOtherOperatiopnType = RestOperationTypeEnum.EXTENDED_OPERATION_INSTANCE;
 		}
 
-		myReturnParams = new ArrayList<OperationMethodBinding.ReturnType>();
+		myReturnParams = new ArrayList<>();
 		if (theReturnParams != null) {
 			for (OperationParam next : theReturnParams) {
 				ReturnType type = new ReturnType();
diff --git a/hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java b/hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java
index 33ad4feabb9..5665c8be695 100644
--- a/hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java
+++ b/hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java
@@ -1587,6 +1587,46 @@ public class AuthorizationInterceptorR4Test {
 		assertFalse(ourHitMethod);
 	}
 
+
+	@Test
+	public void testOperationTypeLevelDifferentBodyType() throws Exception {
+		ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
+			@Override
+			public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
+				return new RuleBuilder()
+					.allow("RULE 1").operation().named("process-message").onType(MessageHeader.class).andThen()
+					.build();
+			}
+		});
+
+		HttpPost httpPost;
+		HttpResponse status;
+		String response;
+
+		Bundle input = new Bundle();
+		input.setType(Bundle.BundleType.MESSAGE);
+		String inputString = ourCtx.newJsonParser().encodeResourceToString(input);
+
+		// With body
+		ourHitMethod = false;
+		httpPost = new HttpPost("http://localhost:" + ourPort + "/MessageHeader/$process-message");
+		httpPost.setEntity(new StringEntity(inputString, ContentType.create(Constants.CT_FHIR_JSON_NEW, Charsets.UTF_8)));
+		status = ourClient.execute(httpPost);
+		response = extractResponseAndClose(status);
+		ourLog.info(response);
+		assertEquals(200, status.getStatusLine().getStatusCode());
+		assertTrue(ourHitMethod);
+
+		// With body
+		ourHitMethod = false;
+		HttpGet httpGet = new HttpGet("http://localhost:" + ourPort + "/MessageHeader/$process-message");
+		status = ourClient.execute(httpGet);
+		response = extractResponseAndClose(status);
+		ourLog.info(response);
+		assertEquals(200, status.getStatusLine().getStatusCode());
+		assertTrue(ourHitMethod);
+	}
+
 	@Test
 	public void testOperationWithTester() throws Exception {
 		ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@@ -2946,12 +2986,13 @@ public class AuthorizationInterceptorR4Test {
 		DummyEncounterResourceProvider encProv = new DummyEncounterResourceProvider();
 		DummyCarePlanResourceProvider cpProv = new DummyCarePlanResourceProvider();
 		DummyDiagnosticReportResourceProvider drProv = new DummyDiagnosticReportResourceProvider();
+		DummyMessageHeaderResourceProvider mshProv = new DummyMessageHeaderResourceProvider();
 		PlainProvider plainProvider = new PlainProvider();
 
 		ServletHandler proxyHandler = new ServletHandler();
 		ourServlet = new RestfulServer(ourCtx);
 		ourServlet.setFhirContext(ourCtx);
-		ourServlet.setResourceProviders(patProvider, obsProv, encProv, cpProv, orgProv, drProv);
+		ourServlet.setResourceProviders(patProvider, obsProv, encProv, cpProv, orgProv, drProv, mshProv);
 		ourServlet.setPlainProviders(plainProvider);
 		ourServlet.setPagingProvider(new FifoMemoryPagingProvider(100));
 		ServletHolder servletHolder = new ServletHolder(ourServlet);
@@ -3027,6 +3068,22 @@ public class AuthorizationInterceptorR4Test {
 
 	}
 
+	public static class DummyMessageHeaderResourceProvider implements IResourceProvider {
+
+
+		@Override
+		public Class<? extends IBaseResource> getResourceType() {
+			return MessageHeader.class;
+		}
+
+		@Operation(name = "process-message", idempotent = true)
+		public Parameters operation0(@OperationParam(name="content") Bundle theInput) {
+			ourHitMethod = true;
+			return (Parameters) new Parameters().setId("1");
+		}
+
+	}
+
 	public static class DummyDiagnosticReportResourceProvider implements IResourceProvider {