Issue #29: Abgesicherter Zugriff auf ECOG Verlauf

2025-07-03 17:52:53 +00:00 · 2023-08-28 14:39:43 +02:00
parent 74a6e7e79a
commit 35f1aa0d75
2 changed files with 45 additions and 4 deletions
--- a/src/test/java/DNPM/DNPMHelperTest.java
+++ b/src/test/java/DNPM/DNPMHelperTest.java
@ -1,5 +1,8 @@
 package DNPM;

+import DNPM.security.IllegalSecuredObjectAccessException;
+import DNPM.security.PermissionType;
+import DNPM.security.PersonPoolBasedPermissionEvaluator;
 import DNPM.services.systemtherapie.SystemtherapieService;
 import de.itc.onkostar.api.IOnkostarApi;
 import de.itc.onkostar.api.Item;
@ -22,6 +25,7 @@ import java.util.List;
 import java.util.Map;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.*;

@ExtendWith(MockitoExtension.class)
@ -31,16 +35,20 @@ class DNPMHelperTest {

    private SystemtherapieService systemtherapieService;

+    private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+
    private DNPMHelper dnpmHelper;

    @BeforeEach
    void setup(
            @Mock IOnkostarApi onkostarApi,
-            @Mock SystemtherapieService systemtherapieService
+            @Mock SystemtherapieService systemtherapieService,
+            @Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator
    ) {
        this.onkostarApi = onkostarApi;
        this.systemtherapieService = systemtherapieService;
-        this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService);
+        this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
+        this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, personPoolBasedPermissionEvaluator);
    }

    @Test
@ -248,6 +256,9 @@ class DNPMHelperTest {

        @Test
        void testShouldReturnEcogStatusList() {
+            when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
+                    .thenReturn(true);
+
            doAnswer(invocationOnMock -> {
                var id = invocationOnMock.getArgument(0, Integer.class);
                var patient = new Patient(onkostarApi);
@ -263,6 +274,21 @@ class DNPMHelperTest {
            assertThat(argumentCaptor.getValue().getId()).isEqualTo(42);
        }

+        @Test
+        void testShouldNotReturnEcogStatusListIfNoPermissionGranted() {
+            when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
+                    .thenReturn(false);
+
+            doAnswer(invocationOnMock -> {
+                var id = invocationOnMock.getArgument(0, Integer.class);
+                var patient = new Patient(onkostarApi);
+                patient.setId(id);
+                return patient;
+            }).when(onkostarApi).getPatient(anyInt());
+
+            assertThrows(IllegalSecuredObjectAccessException.class, () -> dnpmHelper.getEcogStatus(Map.of("PatientId", 42)));
+        }
+
    }

 }