
001package ca.uhn.fhir.rest.server.interceptor.auth; 002 003/* 004 * #%L 005 * HAPI FHIR - Server Framework 006 * %% 007 * Copyright (C) 2014 - 2023 Smile CDR, Inc. 008 * %% 009 * Licensed under the Apache License, Version 2.0 (the "License"); 010 * you may not use this file except in compliance with the License. 011 * You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, software 016 * distributed under the License is distributed on an "AS IS" BASIS, 017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 018 * See the License for the specific language governing permissions and 019 * limitations under the License. 020 * #L% 021 */ 022 023import java.util.Collection; 024 025import org.hl7.fhir.instance.model.api.IIdType; 026 027import javax.annotation.Nonnull; 028 029public interface IAuthRuleBuilderRuleOpClassifier { 030 031 /** 032 * Rule applies to resources in the given compartment. 033 * <p> 034 * For example, to apply the rule to any observations in the patient compartment 035 * belonging to patient "123", you would invoke this with</br> 036 * <code>inCompartment("Patient", new IdType("Patient", "123"))</code> 037 * </p> 038 * <p> 039 * This call completes the rule and adds the rule to the chain. 040 * </p> 041 * 042 * @param theCompartmentName The name of the compartment (must not be null or blank) 043 * @param theOwner The owner of the compartment. Note that both the resource type and ID must be populated in this ID. 044 */ 045 IAuthRuleBuilderRuleOpClassifierFinished inCompartment(String theCompartmentName, IIdType theOwner); 046 047 /** 048 * Rule applies to resources in the given compartment. 049 * <p> 050 * For example, to apply the rule to any observations in the patient compartment 051 * belonging to patient "123", you would invoke this with</br> 052 * <code>inCompartment("Patient", new IdType("Patient", "123"))</code> 053 * 054 * This call also allows you to pass additional search parameters that count as being included in the given compartment, 055 * passed in as a list of `resourceType:search-parameter-name`. For example, if you select a compartment name of "patient", 056 * you could pass in a singleton list consisting of the string "device:patient", which would cause any devices belonging 057 * to the patient to be permitted by the authorization rule. 058 * 059 * </p> 060 * <p> 061 * This call completes the rule and adds the rule to the chain. 062 * </p> 063 * 064 * @param theCompartmentName The name of the compartment (must not be null or blank) 065 * @param theOwner The owner of the compartment. Note that both the resource type and ID must be populated in this ID. 066 * @param theAdditionalTypeSearchParamNames A list of strings for additional resource types and search parameters which count as being in the compartment, in the form "resourcetype:search-parameter-name". 067 */ 068 IAuthRuleBuilderRuleOpClassifierFinished inCompartmentWithAdditionalSearchParams(String theCompartmentName, IIdType theOwner, AdditionalCompartmentSearchParameters theAdditionalTypeSearchParamNames); 069 070 071 /** 072 * Rule applies to resources in the given compartment. 073 * <p> 074 * For example, to apply the rule to any observations in the patient compartment 075 * belonging to patient "123", you would invoke this with</br> 076 * <code>inCompartment("Patient", new IdType("Patient", "123"))</code> 077 * </p> 078 * <p> 079 * This call completes the rule and adds the rule to the chain. 080 * </p> 081 * 082 * @param theCompartmentName The name of the compartment (must not be null or blank) 083 * @param theOwners The owner of the compartment. Note that both the resource type and ID must be populated in this ID. 084 */ 085 IAuthRuleBuilderRuleOpClassifierFinished inCompartment(String theCompartmentName, Collection<? extends IIdType> theOwners); 086 087 088 /** 089 * Rule applies to resources in the given compartment. 090 * <p> 091 * For example, to apply the rule to any observations in the patient compartment 092 * belonging to patient "123", you would invoke this with</br> 093 * <code>inCompartment("Patient", new IdType("Patient", "123"))</code> 094 * 095 * This call also allows you to pass additional search parameters that count as being included in the given compartment, 096 * passed in as a list of `resourceType:search-parameter-name`. For example, if you select a compartment name of "patient", 097 * you could pass in a singleton list consisting of the string "device:patient", which would cause any devices belonging 098 * to the patient to be permitted by the authorization rule. 099 * 100 * </p> 101 * <p> 102 * This call completes the rule and adds the rule to the chain. 103 * </p> 104 * 105 * @param theCompartmentName The name of the compartment (must not be null or blank) 106 * @param theOwners The owners of the compartment. Note that both the resource type and ID must be populated in these IDs. 107 * @param theAdditionalTypeSearchParamNames A {@link AdditionalCompartmentSearchParameters} which allows you to expand the search space for what is considered "in" the compartment. 108 * 109 **/ 110 IAuthRuleBuilderRuleOpClassifierFinished inCompartmentWithAdditionalSearchParams(String theCompartmentName, Collection<? extends IIdType> theOwners, AdditionalCompartmentSearchParameters theAdditionalTypeSearchParamNames); 111 112 113 /** 114 * Rule applies to any resource instances 115 * <p> 116 * This call completes the rule and adds the rule to the chain. 117 * </p> 118 */ 119 IAuthRuleBuilderRuleOpClassifierFinished withAnyId(); 120 121 /** 122 * Rule applies to resources where the given search parameter would be satisfied by a code in the given ValueSet 123 * @param theSearchParameterName The search parameter name, e.g. <code>"code"</code> 124 * @param theValueSetUrl The valueset URL, e.g. <code>"http://my-value-set"</code> 125 * @since 6.0.0 126 */ 127 IAuthRuleBuilderRuleOpClassifierFinished withCodeInValueSet(@Nonnull String theSearchParameterName, @Nonnull String theValueSetUrl); 128 129 /** 130 * Rule applies to resources where the given search parameter would be satisfied by a code not in the given ValueSet 131 * @param theSearchParameterName The search parameter name, e.g. <code>"code"</code> 132 * @param theValueSetUrl The valueset URL, e.g. <code>"http://my-value-set"</code> 133 * @since 6.0.0 134 */ 135 IAuthRuleFinished withCodeNotInValueSet(@Nonnull String theSearchParameterName, @Nonnull String theValueSetUrl); 136 137 IAuthRuleFinished inCompartmentWithFilter(String theCompartment, IIdType theIdElement, String theFilter); 138 139 IAuthRuleFinished withFilter(String theFilter); 140}