001/*- 002 * #%L 003 * HAPI FHIR - Server Framework 004 * %% 005 * Copyright (C) 2014 - 2024 Smile CDR, Inc. 006 * %% 007 * Licensed under the Apache License, Version 2.0 (the "License"); 008 * you may not use this file except in compliance with the License. 009 * You may obtain a copy of the License at 010 * 011 * http://www.apache.org/licenses/LICENSE-2.0 012 * 013 * Unless required by applicable law or agreed to in writing, software 014 * distributed under the License is distributed on an "AS IS" BASIS, 015 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 016 * See the License for the specific language governing permissions and 017 * limitations under the License. 018 * #L% 019 */ 020package ca.uhn.fhir.rest.server.interceptor.auth; 021 022import java.util.Collection; 023 024/** 025 * @see AuthorizationInterceptor#setFlags(Collection) 026 */ 027public enum AuthorizationFlagsEnum { 028 029 /** 030 * If this flag is set, attempts to perform read operations 031 * (read/search/history) will be matched by the interceptor before 032 * the method handler is called. 033 * <p> 034 * For example, suppose a rule set is in place that only allows read 035 * access to compartment <code>Patient/123</code>. With this flag set, 036 * any attempts 037 * to perform a FHIR read/search/history operation will be permitted 038 * to proceed to the method handler, and responses will be blocked 039 * by the AuthorizationInterceptor if the response contains a resource 040 * that is not in the given compartment. 041 * </p> 042 * <p> 043 * Setting this flag is less secure, since the interceptor can potentially leak 044 * information about the existence of data, but it is useful in some 045 * scenarios. 046 * </p> 047 * 048 * @since This flag has existed since HAPI FHIR 3.5.0. Prior to this 049 * version, this flag was the default and there was no ability to 050 * proactively block compartment read access. 051 */ 052 DO_NOT_PROACTIVELY_BLOCK_COMPARTMENT_READ_ACCESS, 053 054 ALLOW_PATCH_REQUEST_UNCHALLENGED; 055}