001package ca.uhn.fhir.rest.server.interceptor.auth; 002 003import java.util.List; 004 005/* 006 * #%L 007 * HAPI FHIR - Server Framework 008 * %% 009 * Copyright (C) 2014 - 2022 Smile CDR, Inc. 010 * %% 011 * Licensed under the Apache License, Version 2.0 (the "License"); 012 * you may not use this file except in compliance with the License. 013 * You may obtain a copy of the License at 014 * 015 * http://www.apache.org/licenses/LICENSE-2.0 016 * 017 * Unless required by applicable law or agreed to in writing, software 018 * distributed under the License is distributed on an "AS IS" BASIS, 019 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 020 * See the License for the specific language governing permissions and 021 * limitations under the License. 022 * #L% 023 */ 024 025/** 026 * Used by {@link AuthorizationInterceptor} in order to allow user code to define authorization 027 * rules. 028 * 029 * @see AuthorizationInterceptor 030 */ 031public interface IAuthRuleBuilder { 032 033 /** 034 * Start a new rule to allow a given operation 035 */ 036 IAuthRuleBuilderRule allow(); 037 038 /** 039 * Start a new rule to allow a given operation 040 * 041 * @param theRuleName 042 * The name of this rule. The rule name is used for logging and error messages, 043 * and could be shown to the client, but has no semantic meaning within 044 * HAPI FHIR. 045 */ 046 IAuthRuleBuilderRule allow(String theRuleName); 047 048 /** 049 * This rule allows any invocation to proceed. It is intended to be 050 * used at the end of a chain that contains {@link #deny()} rules in 051 * order to specify a blacklist chain. 052 * <p> 053 * This call completes the rule and adds the rule to the chain. 054 * </p> 055 */ 056 IAuthRuleBuilderRuleOpClassifierFinished allowAll(); 057 058 /** 059 * This rule allows any invocation to proceed. It is intended to be 060 * used at the end of a chain that contains {@link #deny()} rules in 061 * order to specify a blacklist chain. 062 * <p> 063 * This call completes the rule and adds the rule to the chain. 064 * </p> 065 * @param theRuleName 066 * The name of this rule. The rule name is used for logging and error messages, 067 * and could be shown to the client, but has no semantic meaning within 068 * HAPI FHIR. 069 */ 070 IAuthRuleBuilderRuleOpClassifierFinished allowAll(String theRuleName); 071 072 /** 073 * Build the rule list 074 */ 075 List<IAuthRule> build(); 076 077 /** 078 * Start a new rule to deny a given operation 079 */ 080 IAuthRuleBuilderRule deny(); 081 082 /** 083 * Start a new rule to deny a given operation 084 * 085 * @param theRuleName 086 * The name of this rule. The rule name is used for logging and error messages, 087 * and could be shown to the client, but has no semantic meaning within 088 * HAPI FHIR. 089 */ 090 IAuthRuleBuilderRule deny(String theRuleName); 091 092 /** 093 * This rule allows any invocation to proceed. It is intended to be 094 * used at the end of a chain that contains {@link #allow()} rules in 095 * order to specify a whitelist chain. 096 * <p> 097 * This call completes the rule and adds the rule to the chain. 098 * </p> 099 */ 100 IAuthRuleBuilderRuleOpClassifierFinished denyAll(); 101 102 /** 103 * This rule allows any invocation to proceed. It is intended to be 104 * used at the end of a chain that contains {@link #allow()} rules in 105 * order to specify a whitelist chain. 106 * <p> 107 * This call completes the rule and adds the rule to the chain. 108 * </p> 109 * @param theRuleName 110 * The name of this rule. The rule name is used for logging and error messages, 111 * and could be shown to the client, but has no semantic meaning within 112 * HAPI FHIR. 113 */ 114 IAuthRuleBuilderRuleOpClassifierFinished denyAll(String theRuleName); 115 116}