001package ca.uhn.fhir.rest.server.interceptor.auth;
002
003import java.util.List;
004
005/*
006 * #%L
007 * HAPI FHIR - Server Framework
008 * %%
009 * Copyright (C) 2014 - 2021 Smile CDR, Inc.
010 * %%
011 * Licensed under the Apache License, Version 2.0 (the "License");
012 * you may not use this file except in compliance with the License.
013 * You may obtain a copy of the License at
014 *
015 *      http://www.apache.org/licenses/LICENSE-2.0
016 *
017 * Unless required by applicable law or agreed to in writing, software
018 * distributed under the License is distributed on an "AS IS" BASIS,
019 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
020 * See the License for the specific language governing permissions and
021 * limitations under the License.
022 * #L%
023 */
024
025/**
026 * Used by {@link AuthorizationInterceptor} in order to allow user code to define authorization
027 * rules.
028 * 
029 * @see AuthorizationInterceptor
030 */
031public interface IAuthRuleBuilder {
032
033        /**
034         * Start a new rule to allow a given operation
035         */
036        IAuthRuleBuilderRule allow();
037
038        /**
039         * Start a new rule to allow a given operation
040         * 
041         * @param theRuleName
042         *           The name of this rule. The rule name is used for logging and error messages,
043         *           and could be shown to the client, but has no semantic meaning within
044         *           HAPI FHIR.
045         */
046        IAuthRuleBuilderRule allow(String theRuleName);
047
048        /**
049         * This rule allows any invocation to proceed. It is intended to be
050         * used at the end of a chain that contains {@link #deny()} rules in
051         * order to specify a blacklist chain.
052         * <p>
053         * This call completes the rule and adds the rule to the chain.
054         * </p>
055         */
056        IAuthRuleBuilderRuleOpClassifierFinished allowAll();
057
058        /**
059         * This rule allows any invocation to proceed. It is intended to be
060         * used at the end of a chain that contains {@link #deny()} rules in
061         * order to specify a blacklist chain.
062         * <p>
063         * This call completes the rule and adds the rule to the chain.
064         * </p>
065         * @param theRuleName
066         *           The name of this rule. The rule name is used for logging and error messages,
067         *           and could be shown to the client, but has no semantic meaning within
068         *           HAPI FHIR.
069         */
070        IAuthRuleBuilderRuleOpClassifierFinished allowAll(String theRuleName);
071
072        /**
073         * Build the rule list
074         */
075        List<IAuthRule> build();
076
077        /**
078         * Start a new rule to deny a given operation
079         */
080        IAuthRuleBuilderRule deny();
081
082        /**
083         * Start a new rule to deny a given operation
084         * 
085         * @param theRuleName
086         *           The name of this rule. The rule name is used for logging and error messages,
087         *           and could be shown to the client, but has no semantic meaning within
088         *           HAPI FHIR.
089         */
090        IAuthRuleBuilderRule deny(String theRuleName);
091
092        /**
093         * This rule allows any invocation to proceed. It is intended to be
094         * used at the end of a chain that contains {@link #allow()} rules in
095         * order to specify a whitelist chain.
096         * <p>
097         * This call completes the rule and adds the rule to the chain.
098         * </p>
099         */
100        IAuthRuleBuilderRuleOpClassifierFinished denyAll();
101
102        /**
103         * This rule allows any invocation to proceed. It is intended to be
104         * used at the end of a chain that contains {@link #allow()} rules in
105         * order to specify a whitelist chain.
106         * <p>
107         * This call completes the rule and adds the rule to the chain.
108         * </p>
109         * @param theRuleName
110         *           The name of this rule. The rule name is used for logging and error messages,
111         *           and could be shown to the client, but has no semantic meaning within
112         *           HAPI FHIR.
113         */
114        IAuthRuleBuilderRuleOpClassifierFinished denyAll(String theRuleName);
115
116}