001package ca.uhn.fhir.rest.server.interceptor.auth; 002 003/* 004 * #%L 005 * HAPI FHIR - Server Framework 006 * %% 007 * Copyright (C) 2014 - 2019 University Health Network 008 * %% 009 * Licensed under the Apache License, Version 2.0 (the "License"); 010 * you may not use this file except in compliance with the License. 011 * You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, software 016 * distributed under the License is distributed on an "AS IS" BASIS, 017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 018 * See the License for the specific language governing permissions and 019 * limitations under the License. 020 * #L% 021 */ 022 023import ca.uhn.fhir.interceptor.api.Pointcut; 024import ca.uhn.fhir.rest.api.RestOperationTypeEnum; 025import ca.uhn.fhir.rest.api.server.RequestDetails; 026import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor.Verdict; 027import org.hl7.fhir.instance.model.api.IBaseResource; 028import org.hl7.fhir.instance.model.api.IIdType; 029 030import java.util.Set; 031 032public class RuleImplConditional extends BaseRule implements IAuthRule { 033 034 private AppliesTypeEnum myAppliesTo; 035 private Set<String> myAppliesToTypes; 036 private RestOperationTypeEnum myOperationType; 037 038 RuleImplConditional(String theRuleName) { 039 super(theRuleName); 040 } 041 042 @Override 043 public Verdict applyRule(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IIdType theInputResourceId, IBaseResource theOutputResource, 044 IRuleApplier theRuleApplier, Set<AuthorizationFlagsEnum> theFlags, Pointcut thePointcut) { 045 046 if (isOtherTenant(theRequestDetails)) { 047 return null; 048 } 049 050 if (theInputResourceId != null && theInputResourceId.hasIdPart()) { 051 return null; 052 } 053 054 if (theOperation == myOperationType) { 055 if (theRequestDetails.getConditionalUrl(myOperationType) == null) { 056 return null; 057 } 058 059 switch (myAppliesTo) { 060 case ALL_RESOURCES: 061 case INSTANCES: 062 break; 063 case TYPES: 064 if (myOperationType == RestOperationTypeEnum.DELETE) { 065 String resourceName = theRequestDetails.getResourceName(); 066 if (!myAppliesToTypes.contains(resourceName)) { 067 return null; 068 } 069 } else { 070 String inputResourceName = theRequestDetails.getFhirContext().getResourceDefinition(theInputResource).getName(); 071 if (theInputResource == null || !myAppliesToTypes.contains(inputResourceName)) { 072 return null; 073 } 074 } 075 break; 076 } 077 078 if (getTenantApplicabilityChecker() != null) { 079 if (!getTenantApplicabilityChecker().applies(theRequestDetails)) { 080 return null; 081 } 082 } 083 084 if (!applyTesters(theOperation, theRequestDetails, theInputResourceId, theInputResource, theOutputResource)) { 085 return null; 086 } 087 088 return newVerdict(); 089 } 090 091 return null; 092 } 093 094 void setAppliesTo(AppliesTypeEnum theAppliesTo) { 095 myAppliesTo = theAppliesTo; 096 } 097 098 void setAppliesToTypes(Set<String> theAppliesToTypes) { 099 myAppliesToTypes = theAppliesToTypes; 100 } 101 102 void setOperationType(RestOperationTypeEnum theOperationType) { 103 myOperationType = theOperationType; 104 } 105 106}