Work on authorization interceptor

2016-11-04 06:53:26 -04:00 · 2016-11-04 06:53:26 -04:00 · f838b80373
parent 6cb502266c
commit f838b80373
2 changed files with 42 additions and 0 deletions
--- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderOperationNamed.java
+++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderOperationNamed.java
@ -1,5 +1,7 @@
 package ca.uhn.fhir.rest.server.interceptor.auth;

+import org.apache.http.impl.client.HttpClientBuilder;
+
 /*
 * #%L
 * HAPI FHIR - Core Library
@ -40,4 +42,9 @@ public interface IAuthRuleBuilderOperationNamed {
 	 */
 	IAuthRuleBuilderRuleOpClassifierFinished onInstance(IIdType theInstanceId);

+	/**
+	 * Rule applies to invocations of this operation at the <code>instance</code> level on any instance of the given type
+	 */
+	IAuthRuleBuilderRuleOpClassifierFinished onInstancesOfType(Class<? extends IBaseResource> theType);
+
 }
--- a/hapi-fhir-structures-dstu2/src/test/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptorDstu2Test.java
+++ b/hapi-fhir-structures-dstu2/src/test/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptorDstu2Test.java
@ -212,6 +212,31 @@ public class AuthorizationInterceptorDstu2Test {
 		assertEquals(403, status.getStatusLine().getStatusCode());
 	}

+	@Test
+	public void testOperationByInstanceOfTypeAllowed() throws Exception {
+		ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
+			@Override
+			public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
+				//@formatter:off
+				return new RuleBuilder()
+					.allow("Rule 1").operation().named("everything").onInstancesOfType(Patient.class)
+					.build();
+				//@formatter:on
+			}
+		});
+
+		HttpGet httpGet;
+		HttpResponse status;
+		String response;
+
+		ourReturn = Arrays.asList();
+		ourHitMethod = false;
+		httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient/1/$everything");
+		status = ourClient.execute(httpGet);
+		response = extractResponseAndClose(status);
+		assertEquals(200, status.getStatusLine().getStatusCode());
+	}
+
 	@Test
 	public void testBatchWhenTransactionReadDenied() throws Exception {
 		ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@ -1353,6 +1378,16 @@ public class AuthorizationInterceptorDstu2Test {
 			return (Parameters) new Parameters().setId("1");
 		}

+		@Operation(name = "everything", idempotent = true)
+		public Bundle everything(@IdParam IdDt theId) {
+			ourHitMethod = true;
+			Bundle retVal = new Bundle();
+			for (IResource next : ourReturn) {
+				retVal.addEntry().setResource(next);
+			}
+			return retVal;
+		}
+
 		@Operation(name = "opName2", idempotent = true)
 		public Parameters operation2(@IdParam IdDt theId) {
 			ourHitMethod = true;