001package ca.uhn.fhir.rest.server.interceptor.auth;
002
003/*
004 * #%L
005 * HAPI FHIR - Server Framework
006 * %%
007 * Copyright (C) 2014 - 2021 Smile CDR, Inc.
008 * %%
009 * Licensed under the Apache License, Version 2.0 (the "License");
010 * you may not use this file except in compliance with the License.
011 * You may obtain a copy of the License at
012 *
013 *      http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing, software
016 * distributed under the License is distributed on an "AS IS" BASIS,
017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
018 * See the License for the specific language governing permissions and
019 * limitations under the License.
020 * #L%
021 */
022
023import ca.uhn.fhir.interceptor.api.Pointcut;
024import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
025import ca.uhn.fhir.rest.api.server.RequestDetails;
026import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor.Verdict;
027import org.hl7.fhir.instance.model.api.IBaseResource;
028import org.hl7.fhir.instance.model.api.IIdType;
029
030import java.util.Set;
031
032/**
033 * Note: At this time, this interface is considered internal API to HAPI FHIR,
034 * and is subject to change without warning. Create your own implementations at
035 * your own risk. If you have use cases that are not met by the current
036 * implementation, please consider raising them on the HAPI FHIR
037 * Google Group.
038 */
039public interface IAuthRule {
040
041        /**
042         * Applies the rule and returns a policy decision, or <code>null</code> if the rule does not apply
043         *
044         * @param theOperation       The operation type
045         * @param theRequestDetails  The request
046         * @param theInputResource   The resource being input by the client, or <code>null</code>
047         * @param theInputResourceId TODO
048         * @param theOutputResource  The resource being returned by the server, or <code>null</code>
049         * @param theRuleApplier     The rule applying module (this can be used by rules to apply the rule set to
050         *                           nested objects in the request, such as nested requests in a transaction)
051         * @param theFlags           The flags configured in the authorization interceptor
052         * @param thePointcut        The pointcut hook that triggered this call
053         * @return Returns a policy decision, or <code>null</code> if the rule does not apply
054         */
055        Verdict applyRule(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IIdType theInputResourceId, IBaseResource theOutputResource, IRuleApplier theRuleApplier, Set<AuthorizationFlagsEnum> theFlags, Pointcut thePointcut);
056
057        /**
058         * Returns a name for this rule, to be used in logs and error messages
059         */
060        String getName();
061
062}