001package ca.uhn.fhir.rest.server.interceptor.auth;
002
003/*-
004 * #%L
005 * HAPI FHIR - Server Framework
006 * %%
007 * Copyright (C) 2014 - 2021 Smile CDR, Inc.
008 * %%
009 * Licensed under the Apache License, Version 2.0 (the "License");
010 * you may not use this file except in compliance with the License.
011 * You may obtain a copy of the License at
012 *
013 *      http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing, software
016 * distributed under the License is distributed on an "AS IS" BASIS,
017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
018 * See the License for the specific language governing permissions and
019 * limitations under the License.
020 * #L%
021 */
022
023import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
024import ca.uhn.fhir.rest.api.server.RequestDetails;
025import org.hl7.fhir.instance.model.api.IBaseResource;
026import org.hl7.fhir.instance.model.api.IIdType;
027
028/**
029 * Allows user-supplied logic for authorization rules.
030 * <p>
031 * THIS IS AN EXPERIMENTAL API! Feedback is welcome, and this API
032 * may change.
033 *
034 * @since 3.4.0
035 */
036public interface IAuthRuleTester {
037
038        /**
039         * Allows user-supplied logic for authorization rules.
040         * <p>
041         * THIS IS AN EXPERIMENTAL API! Feedback is welcome, and this API
042         * may change.
043         *
044         * @param theOperation The FHIR operation being performed - Note that this is not necessarily the same as the value obtained from invoking
045         *                     {@link RequestDetails#getRestOperationType()} on {@literal theRequestDetails} because multiple operations can be nested within
046         *                     an HTTP request using FHIR transaction and batch operations
047         * @since 3.4.0
048         */
049        default boolean matches(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IIdType theInputResourceId, IBaseResource theInputResource) {
050                return true;
051        }
052
053        /**
054         * Allows user-supplied logic for authorization rules.
055         * <p>
056         * THIS IS AN EXPERIMENTAL API! Feedback is welcome, and this API
057         * may change.
058         *
059         * @param theOperation The FHIR operation being performed - Note that this is not necessarily the same as the value obtained from invoking
060         *                     {@link RequestDetails#getRestOperationType()} on {@literal theRequestDetails} because multiple operations can be nested within
061         *                     an HTTP request using FHIR transaction and batch operations
062         * @since 5.0.0
063         */
064        default boolean matchesOutput(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theOutputResource) {
065                return true;
066        }
067
068}