001package ca.uhn.fhir.rest.server.interceptor.auth;
002
003/*
004 * #%L
005 * HAPI FHIR - Server Framework
006 * %%
007 * Copyright (C) 2014 - 2021 Smile CDR, Inc.
008 * %%
009 * Licensed under the Apache License, Version 2.0 (the "License");
010 * you may not use this file except in compliance with the License.
011 * You may obtain a copy of the License at
012 *
013 *      http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing, software
016 * distributed under the License is distributed on an "AS IS" BASIS,
017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
018 * See the License for the specific language governing permissions and
019 * limitations under the License.
020 * #L%
021 */
022
023public interface IAuthRuleBuilderRule {
024
025        /**
026         * This rule applies to <code>create</code> operations with a <code>conditional</code>
027         * URL as a part of the request. Note that this rule will allow the conditional
028         * operation to proceed, but the server is expected to determine the actual target
029         * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor}
030         * in order to authorize the actual target.
031         * <p>
032         * In other words, if the server is configured correctly, this chain will allow the
033         * client to perform a conditional update, but a different rule is required to actually
034         * authorize the target that the conditional update is determined to match.
035         * </p>
036         */
037        IAuthRuleBuilderRuleConditional createConditional();
038
039        /**
040         * This rule applies to the FHIR delete operation
041         */
042        IAuthRuleBuilderRuleOpDelete delete();
043
044        /**
045         * This rule applies to <code>create</code> operations with a <code>conditional</code>
046         * URL as a part of the request. Note that this rule will allow the conditional
047         * operation to proceed, but the server is expected to determine the actual target
048         * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor}
049         * in order to authorize the actual target.
050         * <p>
051         * In other words, if the server is configured correctly, this chain will allow the
052         * client to perform a conditional update, but a different rule is required to actually
053         * authorize the target that the conditional update is determined to match.
054         * </p>
055         */
056        IAuthRuleBuilderRuleConditional deleteConditional();
057
058        /**
059         * This rules applies to the metadata operation (retrieve the
060         * server's conformance statement)
061         * <p>
062         * This call completes the rule and adds the rule to the chain.
063         * </p>
064         */
065        IAuthRuleBuilderRuleOpClassifierFinished metadata();
066
067        /**
068         * This rule applies to a FHIR operation (e.g. <code>$validate</code>)
069         */
070        IAuthRuleBuilderOperation operation();
071
072        /**
073         * This rule applies to a FHIR patch operation
074         */
075        IAuthRuleBuilderPatch patch();
076
077        /**
078         * This rule applies to any FHIR operation involving reading, including
079         * <code>read</code>, <code>vread</code>, <code>search</code>, and
080         * <code>history</code>
081         */
082        IAuthRuleBuilderRuleOp read();
083
084        /**
085         * This rule applies to the FHIR transaction operation. Transaction is a special
086         * case in that it bundles other operations. This permission also allows FHIR
087         * batch to be performed.
088         */
089        IAuthRuleBuilderRuleTransaction transaction();
090
091        /**
092         * This rule applies to <code>update</code> operations with a <code>conditional</code>
093         * URL as a part of the request. Note that this rule will allow the conditional
094         * operation to proceed, but the server is expected to determine the actual target
095         * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor}
096         * in order to authorize the actual target.
097         * <p>
098         * In other words, if the server is configured correctly, this chain will allow the
099         * client to perform a conditional update, but a different rule is required to actually
100         * authorize the target that the conditional update is determined to match.
101         * </p>
102         */
103        IAuthRuleBuilderRuleConditional updateConditional();
104
105        /**
106         * This rule applies to any FHIR operation involving writing, including
107         * <code>create</code>, and <code>update</code>
108         */
109        IAuthRuleBuilderRuleOp write();
110
111        /**
112         * This rule specifically allows a user to perform a FHIR create, but not an update or other write operations
113         *
114         * @see #write()
115         * @since 4.1.0
116         */
117        IAuthRuleBuilderRuleOp create();
118
119        /**
120         * Allow a GraphQL query
121         */
122        IAuthRuleBuilderGraphQL graphQL();
123
124        /**
125         * This rule permits the user to initiate a FHIR bulk export
126         *
127         * @since 5.5.0
128         */
129        IAuthRuleBuilderRuleBulkExport bulkExport();
130}