Package ca.uhn.fhir.rest.server.interceptor.consent

Interface IConsentService

    • Method Detail

      • startOperation

        ConsentOutcome startOperation​(RequestDetails theRequestDetails,
                              IConsentContextServices theContextServices)
        This method is called when an operation is initially beginning, before any significant processing occurs. The service may use this method to decide whether the request needs to be reviewed further or not.
        Parameters:
        theRequestDetails - Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (see RequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.
        theContextServices - An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.
        Returns:
        An outcome object. See ConsentOutcome

      • canSeeResource

        ConsentOutcome canSeeResource​(RequestDetails theRequestDetails,
                              org.hl7.fhir.instance.model.api.IBaseResource theResource,
                              IConsentContextServices theContextServices)
        This method is called if a user may potentially see a resource via READ operations, SEARCH operations, etc. This method may make decisions about whether or not the user should be permitted to see the resource.

        Implementations should make no attempt to modify the returned result within this method. For modification use cases (e.g. masking for consent rules) the user should use the willSeeResource(RequestDetails, IBaseResource, IConsentContextServices) method to actually make changes. This method is intended to only to make decisions.

        Performance note: Note that this method should be efficient, since it will be called once for every resource potentially returned (e.g. by searches). If this method takes a significant amount of time to execute, performance on the server will suffer.

        Parameters:
        theRequestDetails - Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (see RequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.
        theResource - The resource that will be exposed
        theContextServices - An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.
        Returns:
        An outcome object. See ConsentOutcome

      • willSeeResource

        ConsentOutcome willSeeResource​(RequestDetails theRequestDetails,
                               org.hl7.fhir.instance.model.api.IBaseResource theResource,
                               IConsentContextServices theContextServices)
        This method is called if a user is about to see a resource, either completely or partially. In other words, if the user is going to see any part of this resource via READ operations, SEARCH operations, etc., this method is called. This method may modify the resource in order to filter/mask aspects of the contents, or even to enrich it.

        The returning ConsentOutcome may optionally replace the resource with a different resource (including an OperationOutcome) by calling the resource property on the ConsentOutcome.

        In addition, the ConsentOutcome must return one of the following statuses:

        Parameters:
        theRequestDetails - Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (see RequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.
        theResource - The resource that will be exposed
        theContextServices - An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.
        Returns:
        An outcome object. See method documentation for a description.

      • completeOperationFailure

        void completeOperationFailure​(RequestDetails theRequestDetails,
                              ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException theException,
                              IConsentContextServices theContextServices)
        This method is called when an operation is complete. It can be used to perform any necessary cleanup, flush audit events, etc.

        This method will be called if the request did not complete successfully, instead of completeOperationSuccess(RequestDetails, IConsentContextServices). Typically this means that the operation failed and a failure is being returned to the client.

        Parameters:
        theRequestDetails - Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (see RequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.
        theContextServices - An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.
        See Also:
        completeOperationSuccess(RequestDetails, IConsentContextServices)