honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:jamesagnew/hapi-fhir

This commit is contained in:
jamesagnew 2018-01-23 11:33:52 -05:00
parent c081f7c15d 0677f35847
commit ede32b6acc
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder.java
View File

@ -131,19 +131,23 @@ public class RuleBuilder implements IAuthRuleBuilder {
@Override @Override
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(final Collection<String> theTenantIds) { public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(final Collection<String> theTenantIds) {
myTenantApplicabilityChecker = new ITenantApplicabilityChecker(){ setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
@Override @Override
public boolean applies(RequestDetails theRequest) { public boolean applies(RequestDetails theRequest) {
return theTenantIds.contains(theRequest.getTenantId()); return theTenantIds.contains(theRequest.getTenantId());
} }
}; });
return this;
}
private void setTenantApplicabilityChecker(ITenantApplicabilityChecker theTenantApplicabilityChecker) {
myTenantApplicabilityChecker = theTenantApplicabilityChecker;
if (myOpRule != null) { if (myOpRule != null) {
myOpRule.setTenantApplicabilityChecker(myTenantApplicabilityChecker); myOpRule.setTenantApplicabilityChecker(myTenantApplicabilityChecker);
} }
if (myOperationRule != null) { if (myOperationRule != null) {
myOperationRule.setTenentApplicabilityChecker(myTenantApplicabilityChecker); myOperationRule.setTenentApplicabilityChecker(myTenantApplicabilityChecker);
} }
return this;
} }
@Override @Override
@ -152,8 +156,14 @@ public class RuleBuilder implements IAuthRuleBuilder {
} }
@Override @Override
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(Collection<String> theTenantIds) { public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(final Collection<String> theTenantIds) {
return null;// TODO: implement method body setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
@Override
public boolean applies(RequestDetails theRequest) {
return !theTenantIds.contains(theRequest.getTenantId());
}
});
return this;
} }
} }

3
hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/AuthorizationInterceptorR4Test.java
View File

@ -609,6 +609,7 @@ public class AuthorizationInterceptorR4Test {
*/ */
@Test @Test
public void testDenyActionsNotOnTenant() throws Exception { public void testDenyActionsNotOnTenant() throws Exception {
ourServlet.setTenantIdentificationStrategy(new UrlBaseTenantIdentificationStrategy());
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) { ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
@Override @Override
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) { public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
@ -634,7 +635,7 @@ public class AuthorizationInterceptorR4Test {
status = ourClient.execute(httpGet); status = ourClient.execute(httpGet);
response = extractResponseAndClose(status); response = extractResponseAndClose(status);
ourLog.info(response); ourLog.info(response);
assertThat(response, containsString("Access denied by default policy (no applicable rules)")); assertThat(response, containsString("Access denied by rule: (unnamed rule)"));
assertEquals(403, status.getStatusLine().getStatusCode()); assertEquals(403, status.getStatusLine().getStatusCode());
assertFalse(ourHitMethod); assertFalse(ourHitMethod);