Class MultiDelegateConsentService
java.lang.Object
ca.uhn.fhir.rest.server.interceptor.consent.MultiDelegateConsentService
- All Implemented Interfaces:
IConsentService
IConsentService combiner over several delegates with pluggable combination strategy
-
Method Summary
Modifier and TypeMethodDescriptioncanSeeResource(RequestDetails theRequestDetails, org.hl7.fhir.instance.model.api.IBaseResource theResource, IConsentContextServices theContextServices) This method is called if a user may potentially see a resource via READ operations, SEARCH operations, etc.booleanshouldProcessCanSeeResource(RequestDetails theRequestDetails, IConsentContextServices theContextServices) This method will be invoked once prior to invokingIConsentService.canSeeResource(RequestDetails, IBaseResource, IConsentContextServices)and can be used to skip that phase.startOperation(RequestDetails theRequestDetails, IConsentContextServices theContextServices) This method is called when an operation is initially beginning, before any significant processing occurs.willSeeResource(RequestDetails theRequestDetails, org.hl7.fhir.instance.model.api.IBaseResource theResource, IConsentContextServices theContextServices) This method is called if a user is about to see a resource, either completely or partially.static MultiDelegateConsentServicewithParallelVoting(List<IConsentService> theDelegateConsentServices) Combine several consent services allowing any to veto.static MultiDelegateConsentServicewithSerialVoting(List<IConsentService> theDelegateConsentServices) Combine several consent services with first non-PROCEED vote win.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface ca.uhn.fhir.rest.server.interceptor.consent.IConsentService
completeOperationFailure, completeOperationSuccess
-
Method Details
-
withParallelVoting
@Nonnull public static MultiDelegateConsentService withParallelVoting(@Nonnull List<IConsentService> theDelegateConsentServices) Combine several consent services allowing any to veto. -
withSerialVoting
@Nonnull public static MultiDelegateConsentService withSerialVoting(@Nonnull List<IConsentService> theDelegateConsentServices) Combine several consent services with first non-PROCEED vote win. -
startOperation
public ConsentOutcome startOperation(RequestDetails theRequestDetails, IConsentContextServices theContextServices) Description copied from interface:IConsentServiceThis method is called when an operation is initially beginning, before any significant processing occurs. The service may use this method to decide whether the request needs to be reviewed further or not.- Specified by:
startOperationin interfaceIConsentService- Parameters:
theRequestDetails- Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (seeRequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.theContextServices- An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.- Returns:
- An outcome object. See
ConsentOutcome
-
shouldProcessCanSeeResource
public boolean shouldProcessCanSeeResource(RequestDetails theRequestDetails, IConsentContextServices theContextServices) Description copied from interface:IConsentServiceThis method will be invoked once prior to invokingIConsentService.canSeeResource(RequestDetails, IBaseResource, IConsentContextServices)and can be used to skip that phase.If this method returns false (default is true)
IConsentService.willSeeResource(RequestDetails, IBaseResource, IConsentContextServices)will be invoked for this request, butIConsentService.canSeeResource(RequestDetails, IBaseResource, IConsentContextServices)will not.- Specified by:
shouldProcessCanSeeResourcein interfaceIConsentService- Parameters:
theRequestDetails- Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (seeRequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.theContextServices- An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.- Returns:
- true if any of the delegates return true.
-
canSeeResource
public ConsentOutcome canSeeResource(RequestDetails theRequestDetails, org.hl7.fhir.instance.model.api.IBaseResource theResource, IConsentContextServices theContextServices) Description copied from interface:IConsentServiceThis method is called if a user may potentially see a resource via READ operations, SEARCH operations, etc. This method may make decisions about whether or not the user should be permitted to see the resource.Implementations should make no attempt to modify the returned result within this method. For modification use cases (e.g. masking for consent rules) the user should use the
IConsentService.willSeeResource(RequestDetails, IBaseResource, IConsentContextServices)method to actually make changes. This method is intended to only to make decisions.In addition, the
ConsentOutcomemust return one of the following statuses:ConsentOperationStatusEnum.AUTHORIZED: The resource will be returned to the client. If multiple consent service implementation are present, no further implementations will be invoked for this resource.IConsentService.willSeeResource(RequestDetails, IBaseResource, IConsentContextServices)will not be invoked for this resource.ConsentOperationStatusEnum.PROCEED: The resource will be returned to the client.ConsentOperationStatusEnum.REJECT: The resource will be stripped from the response. If multiple consent service implementation are present, no further implementations will be invoked for this resource.IConsentService.willSeeResource(RequestDetails, IBaseResource, IConsentContextServices)will not be invoked for this resource.
There are two methods the consent service may use to suppress or modify response resources:
IConsentService.canSeeResource(RequestDetails, IBaseResource, IConsentContextServices)should be used to remove resources from results in scenarios where it is important to not reveal existence of those resources. It is called prior to any paging logic, so result pages will still be normal sized even if results are filtered.IConsentService.willSeeResource(RequestDetails, IBaseResource, IConsentContextServices)should be used to filter individual elements from resources, or to remove entire resources in cases where it is not important to conceal their existence. It is called after paging logic, so any resources removed by this method may result in abnormally sized result pages. However, removing resourced using this method may also perform better so it is preferable for use in cases where revealing resource existence is not a concern.
Performance note: Note that this method should be efficient, since it will be called once for every resource potentially returned (e.g. by searches). If this method takes a significant amount of time to execute, performance on the server will suffer.
- Specified by:
canSeeResourcein interfaceIConsentService- Parameters:
theRequestDetails- Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (seeRequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.theResource- The resource that will be exposedtheContextServices- An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.- Returns:
- An outcome object. See
ConsentOutcome. Note that this method is not allowed to modify the response object, so an error will be thrown ifConsentOutcome.getResource()returns a non-null response.
-
willSeeResource
public ConsentOutcome willSeeResource(RequestDetails theRequestDetails, org.hl7.fhir.instance.model.api.IBaseResource theResource, IConsentContextServices theContextServices) Description copied from interface:IConsentServiceThis method is called if a user is about to see a resource, either completely or partially. In other words, if the user is going to see any part of this resource via READ operations, SEARCH operations, etc., this method is called. This method may modify the resource in order to filter/mask aspects of the contents, or even to enrich it.The returning
ConsentOutcomemay optionally replace the resource with a different resource (including an OperationOutcome) by calling the resource property on theConsentOutcome.In addition, the
ConsentOutcomemust return one of the following statuses:ConsentOperationStatusEnum.AUTHORIZED: The resource will be returned to the client. If multiple consent service implementation are present, no further implementations will be invoked for this resource.ConsentOperationStatusEnum.PROCEED: The resource will be returned to the client.ConsentOperationStatusEnum.REJECT: The resource will not be returned to the client. If multiple consent service implementation are present, no further implementations will be invoked for this resource.
- Specified by:
willSeeResourcein interfaceIConsentService- Parameters:
theRequestDetails- Contains details about the operation that is beginning, including details about the request type, URL, etc. Note that the RequestDetails has a generic Map (seeRequestDetails.getUserData()) that can be used to store information and state to be passed between methods in the consent service.theResource- The resource that will be exposedtheContextServices- An object passed in by the consent framework that provides utility functions relevant to acting on consent directives.- Returns:
- An outcome object. See method documentation for a description.
- See Also:
-