mirror of
https://github.com/pcvolkmer/onkostar-plugin-dnpm.git
synced 2025-07-02 01:02:55 +00:00
Issue #29: Abgesicherter Zugriff auf ECOG Verlauf
This commit is contained in:
@ -1,6 +1,9 @@
|
||||
package DNPM;
|
||||
|
||||
import DNPM.analyzer.AnalyzerUtils;
|
||||
import DNPM.security.IllegalSecuredObjectAccessException;
|
||||
import DNPM.security.PermissionType;
|
||||
import DNPM.security.PersonPoolBasedPermissionEvaluator;
|
||||
import DNPM.services.systemtherapie.SystemtherapieService;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
@ -17,6 +20,7 @@ import org.hibernate.transform.Transformers;
|
||||
import org.hibernate.type.StandardBasicTypes;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
@ -31,9 +35,16 @@ public class DNPMHelper implements IProcedureAnalyzer {
|
||||
|
||||
private final SystemtherapieService systemtherapieService;
|
||||
|
||||
public DNPMHelper(final IOnkostarApi onkostarApi, final SystemtherapieService systemtherapieService) {
|
||||
private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
|
||||
|
||||
public DNPMHelper(
|
||||
final IOnkostarApi onkostarApi,
|
||||
final SystemtherapieService systemtherapieService,
|
||||
final PersonPoolBasedPermissionEvaluator permissionEvaluator
|
||||
) {
|
||||
this.onkostarApi = onkostarApi;
|
||||
this.systemtherapieService = systemtherapieService;
|
||||
this.personPoolBasedPermissionEvaluator = permissionEvaluator;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -264,6 +275,10 @@ public class DNPMHelper implements IProcedureAnalyzer {
|
||||
return List.of();
|
||||
}
|
||||
|
||||
return systemtherapieService.ecogSatus(patient);
|
||||
if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
|
||||
return systemtherapieService.ecogSatus(patient);
|
||||
}
|
||||
|
||||
throw new IllegalSecuredObjectAccessException("Kein Zugriff auf diesen Patienten");
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,8 @@
|
||||
package DNPM;
|
||||
|
||||
import DNPM.security.IllegalSecuredObjectAccessException;
|
||||
import DNPM.security.PermissionType;
|
||||
import DNPM.security.PersonPoolBasedPermissionEvaluator;
|
||||
import DNPM.services.systemtherapie.SystemtherapieService;
|
||||
import de.itc.onkostar.api.IOnkostarApi;
|
||||
import de.itc.onkostar.api.Item;
|
||||
@ -22,6 +25,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@ -31,16 +35,20 @@ class DNPMHelperTest {
|
||||
|
||||
private SystemtherapieService systemtherapieService;
|
||||
|
||||
private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
|
||||
|
||||
private DNPMHelper dnpmHelper;
|
||||
|
||||
@BeforeEach
|
||||
void setup(
|
||||
@Mock IOnkostarApi onkostarApi,
|
||||
@Mock SystemtherapieService systemtherapieService
|
||||
@Mock SystemtherapieService systemtherapieService,
|
||||
@Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator
|
||||
) {
|
||||
this.onkostarApi = onkostarApi;
|
||||
this.systemtherapieService = systemtherapieService;
|
||||
this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService);
|
||||
this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
|
||||
this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, personPoolBasedPermissionEvaluator);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -248,6 +256,9 @@ class DNPMHelperTest {
|
||||
|
||||
@Test
|
||||
void testShouldReturnEcogStatusList() {
|
||||
when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
|
||||
.thenReturn(true);
|
||||
|
||||
doAnswer(invocationOnMock -> {
|
||||
var id = invocationOnMock.getArgument(0, Integer.class);
|
||||
var patient = new Patient(onkostarApi);
|
||||
@ -263,6 +274,21 @@ class DNPMHelperTest {
|
||||
assertThat(argumentCaptor.getValue().getId()).isEqualTo(42);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testShouldNotReturnEcogStatusListIfNoPermissionGranted() {
|
||||
when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
|
||||
.thenReturn(false);
|
||||
|
||||
doAnswer(invocationOnMock -> {
|
||||
var id = invocationOnMock.getArgument(0, Integer.class);
|
||||
var patient = new Patient(onkostarApi);
|
||||
patient.setId(id);
|
||||
return patient;
|
||||
}).when(onkostarApi).getPatient(anyInt());
|
||||
|
||||
assertThrows(IllegalSecuredObjectAccessException.class, () -> dnpmHelper.getEcogStatus(Map.of("PatientId", 42)));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user