pcvolkmer/onkostar-plugin-dnpm
1
0
Fork 0
mirror of https://github.com/pcvolkmer/onkostar-plugin-dnpm.git synced 2025-07-04 18:12:55 +00:00
Code Issues Activity

Issue #29: Abgesicherter Zugriff auf ECOG Verlauf

Browse Source
This commit is contained in:
Paul-Christian Volkmer
2023-08-28 14:39:43 +02:00
parent 74a6e7e79a
commit 35f1aa0d75
2 changed files with 45 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/DNPM/DNPMHelper.java
View File

@ -1,6 +1,9 @@
package DNPM; package DNPM;
import DNPM.analyzer.AnalyzerUtils; import DNPM.analyzer.AnalyzerUtils;
import DNPM.security.IllegalSecuredObjectAccessException;
import DNPM.security.PermissionType;
import DNPM.security.PersonPoolBasedPermissionEvaluator;
import DNPM.services.systemtherapie.SystemtherapieService; import DNPM.services.systemtherapie.SystemtherapieService;
import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
@ -17,6 +20,7 @@ import org.hibernate.transform.Transformers;
import org.hibernate.type.StandardBasicTypes; import org.hibernate.type.StandardBasicTypes;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
@ -31,9 +35,16 @@ public class DNPMHelper implements IProcedureAnalyzer {
private final SystemtherapieService systemtherapieService; private final SystemtherapieService systemtherapieService;
public DNPMHelper(final IOnkostarApi onkostarApi, final SystemtherapieService systemtherapieService) { private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
public DNPMHelper(
final IOnkostarApi onkostarApi,
final SystemtherapieService systemtherapieService,
final PersonPoolBasedPermissionEvaluator permissionEvaluator
) {
this.onkostarApi = onkostarApi; this.onkostarApi = onkostarApi;
this.systemtherapieService = systemtherapieService; this.systemtherapieService = systemtherapieService;
this.personPoolBasedPermissionEvaluator = permissionEvaluator;
} }
@Override @Override
@ -264,6 +275,10 @@ public class DNPMHelper implements IProcedureAnalyzer {
return List.of(); return List.of();
} }
if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
return systemtherapieService.ecogSatus(patient); return systemtherapieService.ecogSatus(patient);
} }
throw new IllegalSecuredObjectAccessException("Kein Zugriff auf diesen Patienten");
}
} }

30
src/test/java/DNPM/DNPMHelperTest.java
View File

@ -1,5 +1,8 @@
package DNPM; package DNPM;
import DNPM.security.IllegalSecuredObjectAccessException;
import DNPM.security.PermissionType;
import DNPM.security.PersonPoolBasedPermissionEvaluator;
import DNPM.services.systemtherapie.SystemtherapieService; import DNPM.services.systemtherapie.SystemtherapieService;
import de.itc.onkostar.api.IOnkostarApi; import de.itc.onkostar.api.IOnkostarApi;
import de.itc.onkostar.api.Item; import de.itc.onkostar.api.Item;
@ -22,6 +25,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
@ -31,16 +35,20 @@ class DNPMHelperTest {
private SystemtherapieService systemtherapieService; private SystemtherapieService systemtherapieService;
private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
private DNPMHelper dnpmHelper; private DNPMHelper dnpmHelper;
@BeforeEach @BeforeEach
void setup( void setup(
@Mock IOnkostarApi onkostarApi, @Mock IOnkostarApi onkostarApi,
@Mock SystemtherapieService systemtherapieService @Mock SystemtherapieService systemtherapieService,
@Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator
) { ) {
this.onkostarApi = onkostarApi; this.onkostarApi = onkostarApi;
this.systemtherapieService = systemtherapieService; this.systemtherapieService = systemtherapieService;
this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService); this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, personPoolBasedPermissionEvaluator);
} }
@Test @Test
@ -248,6 +256,9 @@ class DNPMHelperTest {
@Test @Test
void testShouldReturnEcogStatusList() { void testShouldReturnEcogStatusList() {
when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
.thenReturn(true);
doAnswer(invocationOnMock -> { doAnswer(invocationOnMock -> {
var id = invocationOnMock.getArgument(0, Integer.class); var id = invocationOnMock.getArgument(0, Integer.class);
var patient = new Patient(onkostarApi); var patient = new Patient(onkostarApi);
@ -263,6 +274,21 @@ class DNPMHelperTest {
assertThat(argumentCaptor.getValue().getId()).isEqualTo(42); assertThat(argumentCaptor.getValue().getId()).isEqualTo(42);
} }
@Test
void testShouldNotReturnEcogStatusListIfNoPermissionGranted() {
when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
.thenReturn(false);
doAnswer(invocationOnMock -> {
var id = invocationOnMock.getArgument(0, Integer.class);
var patient = new Patient(onkostarApi);
patient.setId(id);
return patient;
}).when(onkostarApi).getPatient(anyInt());
assertThrows(IllegalSecuredObjectAccessException.class, () -> dnpmHelper.getEcogStatus(Map.of("PatientId", 42)));
}
} }
} }