001package ca.uhn.fhir.rest.server.interceptor.auth;
002
003/*
004 * #%L
005 * HAPI FHIR - Server Framework
006 * %%
007 * Copyright (C) 2014 - 2023 Smile CDR, Inc.
008 * %%
009 * Licensed under the Apache License, Version 2.0 (the "License");
010 * you may not use this file except in compliance with the License.
011 * You may obtain a copy of the License at
012 *
013 *      http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing, software
016 * distributed under the License is distributed on an "AS IS" BASIS,
017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
018 * See the License for the specific language governing permissions and
019 * limitations under the License.
020 * #L%
021 */
022
023import java.util.Collection;
024
025import org.hl7.fhir.instance.model.api.IIdType;
026
027import javax.annotation.Nonnull;
028
029public interface IAuthRuleBuilderRuleOpClassifier {
030
031        /**
032         * Rule applies to resources in the given compartment.
033         * <p>
034         * For example, to apply the rule to any observations in the patient compartment
035         * belonging to patient "123", you would invoke this with</br>
036         * <code>inCompartment("Patient", new IdType("Patient", "123"))</code>
037         * </p>
038         * <p>
039         * This call completes the rule and adds the rule to the chain. 
040         * </p>
041         * 
042         * @param theCompartmentName The name of the compartment (must not be null or blank)
043         * @param theOwner The owner of the compartment. Note that both the resource type and ID must be populated in this ID.
044         */
045        IAuthRuleBuilderRuleOpClassifierFinished inCompartment(String theCompartmentName, IIdType theOwner);
046
047        /**
048         * Rule applies to resources in the given compartment.
049         * <p>
050         * For example, to apply the rule to any observations in the patient compartment
051         * belonging to patient "123", you would invoke this with</br>
052         * <code>inCompartment("Patient", new IdType("Patient", "123"))</code>
053         *
054         * This call also allows you to pass additional search parameters that count as being included in the given compartment,
055         * passed in as a list of `resourceType:search-parameter-name`. For example, if you select a compartment name of "patient",
056         * you could pass in a singleton list consisting of the string "device:patient", which would cause any devices belonging
057         * to the patient to be permitted by the authorization rule.
058         *
059         * </p>
060         * <p>
061         * This call completes the rule and adds the rule to the chain.
062         * </p>
063         *
064         * @param theCompartmentName The name of the compartment (must not be null or blank)
065         * @param theOwner The owner of the compartment. Note that both the resource type and ID must be populated in this ID.
066         * @param theAdditionalTypeSearchParamNames A list of strings for additional resource types and search parameters which count as being in the compartment, in the form "resourcetype:search-parameter-name".
067         */
068        IAuthRuleBuilderRuleOpClassifierFinished inCompartmentWithAdditionalSearchParams(String theCompartmentName, IIdType theOwner, AdditionalCompartmentSearchParameters theAdditionalTypeSearchParamNames);
069
070
071        /**
072         * Rule applies to resources in the given compartment.
073         * <p>
074         * For example, to apply the rule to any observations in the patient compartment
075         * belonging to patient "123", you would invoke this with</br>
076         * <code>inCompartment("Patient", new IdType("Patient", "123"))</code>
077         * </p>
078         * <p>
079         * This call completes the rule and adds the rule to the chain. 
080         * </p>
081         * 
082         * @param theCompartmentName The name of the compartment (must not be null or blank)
083         * @param theOwners The owner of the compartment. Note that both the resource type and ID must be populated in this ID.
084         */
085        IAuthRuleBuilderRuleOpClassifierFinished inCompartment(String theCompartmentName, Collection<? extends IIdType> theOwners);
086
087
088        /**
089         * Rule applies to resources in the given compartment.
090         * <p>
091         * For example, to apply the rule to any observations in the patient compartment
092         * belonging to patient "123", you would invoke this with</br>
093         * <code>inCompartment("Patient", new IdType("Patient", "123"))</code>
094         *
095         * This call also allows you to pass additional search parameters that count as being included in the given compartment,
096         * passed in as a list of `resourceType:search-parameter-name`. For example, if you select a compartment name of "patient",
097         * you could pass in a singleton list consisting of the string "device:patient", which would cause any devices belonging
098         * to the patient to be permitted by the authorization rule.
099         *
100         * </p>
101         * <p>
102         * This call completes the rule and adds the rule to the chain.
103         * </p>
104         *
105         * @param theCompartmentName The name of the compartment (must not be null or blank)
106         * @param theOwners The owners of the compartment. Note that both the resource type and ID must be populated in these IDs.
107         * @param theAdditionalTypeSearchParamNames A {@link AdditionalCompartmentSearchParameters} which allows you to expand the search space for what is considered "in" the compartment.
108         *
109         **/
110        IAuthRuleBuilderRuleOpClassifierFinished inCompartmentWithAdditionalSearchParams(String theCompartmentName, Collection<? extends IIdType> theOwners, AdditionalCompartmentSearchParameters theAdditionalTypeSearchParamNames);
111
112
113        /**
114         * Rule applies to any resource instances
115         * <p>
116         * This call completes the rule and adds the rule to the chain. 
117         * </p>
118         */
119        IAuthRuleBuilderRuleOpClassifierFinished withAnyId();
120
121        /**
122         * Rule applies to resources where the given search parameter would be satisfied by a code in the given ValueSet
123         * @param theSearchParameterName The search parameter name, e.g. <code>"code"</code>
124         * @param theValueSetUrl The valueset URL, e.g. <code>"http://my-value-set"</code>
125         * @since 6.0.0
126         */
127        IAuthRuleBuilderRuleOpClassifierFinished withCodeInValueSet(@Nonnull String theSearchParameterName, @Nonnull String theValueSetUrl);
128
129        /**
130         * Rule applies to resources where the given search parameter would be satisfied by a code not in the given ValueSet
131         * @param theSearchParameterName The search parameter name, e.g. <code>"code"</code>
132         * @param theValueSetUrl The valueset URL, e.g. <code>"http://my-value-set"</code>
133         * @since 6.0.0
134         */
135        IAuthRuleFinished withCodeNotInValueSet(@Nonnull String theSearchParameterName, @Nonnull String theValueSetUrl);
136
137        IAuthRuleFinished inCompartmentWithFilter(String theCompartment, IIdType theIdElement, String theFilter);
138
139        IAuthRuleFinished withFilter(String theFilter);
140}