Merge branch 'master' of github.com:jamesagnew/hapi-fhir

2018-01-23 11:33:52 -05:00 · 2018-01-23 11:33:52 -05:00 · ede32b6acc
parent c081f7c15d 0677f35847
commit ede32b6acc
2 changed files with 17 additions and 6 deletions
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder.java
@ -131,19 +131,23 @@ public class RuleBuilder implements IAuthRuleBuilder {

 		@Override
 		public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(final Collection<String> theTenantIds) {
-			myTenantApplicabilityChecker = new ITenantApplicabilityChecker(){
+			setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
 				@Override
 				public boolean applies(RequestDetails theRequest) {
 					return theTenantIds.contains(theRequest.getTenantId());
 				}
-			};
+			});
+			return this;
+		}
+
+		private void setTenantApplicabilityChecker(ITenantApplicabilityChecker theTenantApplicabilityChecker) {
+			myTenantApplicabilityChecker = theTenantApplicabilityChecker;
 			if (myOpRule != null) {
 				myOpRule.setTenantApplicabilityChecker(myTenantApplicabilityChecker);
 			}
 			if (myOperationRule != null) {
 				myOperationRule.setTenentApplicabilityChecker(myTenantApplicabilityChecker);
 			}
-			return this;
 		}

 		@Override
@ -152,8 +156,14 @@ public class RuleBuilder implements IAuthRuleBuilder {
 		}

 		@Override
-		public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(Collection<String> theTenantIds) {
-			return null;// TODO: implement method body
+		public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(final Collection<String> theTenantIds) {
+			setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
+				@Override
+				public boolean applies(RequestDetails theRequest) {
+					return !theTenantIds.contains(theRequest.getTenantId());
+				}
+			});
+			return this;
 		}
 	}

--- a/hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java
+++ b/hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java
@ -609,6 +609,7 @@ public class AuthorizationInterceptorR4Test {
 	 */
 	@Test
 	public void testDenyActionsNotOnTenant() throws Exception {
+		ourServlet.setTenantIdentificationStrategy(new UrlBaseTenantIdentificationStrategy());
 		ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
 			@Override
 			public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
@ -634,7 +635,7 @@ public class AuthorizationInterceptorR4Test {
 		status = ourClient.execute(httpGet);
 		response = extractResponseAndClose(status);
 		ourLog.info(response);
-		assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
+		assertThat(response, containsString("Access denied by rule: (unnamed rule)"));
 		assertEquals(403, status.getStatusLine().getStatusCode());
 		assertFalse(ourHitMethod);