From b56ff9e0d8a4efc71803e1eb435848c8bb42844c Mon Sep 17 00:00:00 2001 From: Paul-Christian Volkmer Date: Sun, 9 Apr 2023 14:01:14 +0200 Subject: [PATCH] =?UTF-8?q?Issue=20#24:=20Erm=C3=B6gliche=20Berechtigungsp?= =?UTF-8?q?r=C3=BCfung=20anhand=20ID=20und=20Klassennamen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../PersonPoolBasedPermissionEvaluator.java | 47 ++++++++++++++++--- 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java b/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java index 2eac69c..0762dc9 100644 --- a/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java +++ b/src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java @@ -1,5 +1,6 @@ package DNPM.security; +import de.itc.onkostar.api.IOnkostarApi; import de.itc.onkostar.api.Patient; import de.itc.onkostar.api.Procedure; import org.springframework.jdbc.core.JdbcTemplate; @@ -18,9 +19,12 @@ import java.util.List; @Component public class PersonPoolBasedPermissionEvaluator implements PermissionEvaluator { + private final IOnkostarApi onkostarApi; + private final JdbcTemplate jdbcTemplate; - public PersonPoolBasedPermissionEvaluator(final DataSource dataSource) { + public PersonPoolBasedPermissionEvaluator(final IOnkostarApi onkostarApi, final DataSource dataSource) { + this.onkostarApi = onkostarApi; this.jdbcTemplate = new JdbcTemplate(dataSource); } @@ -46,19 +50,48 @@ public class PersonPoolBasedPermissionEvaluator implements PermissionEvaluator { } /** - * Auswertung nicht anhand der ID möglich. Gibt immer false zurück. + * Auswertung anhand der ID und des Namens des Zielobjekts. * @param authentication Authentication-Object * @param targetId ID des Objekts - * @param s - * @param o - * @return Gibt immer false zurück + * @param targetType Name der Zielobjektklasse + * @param permissionType Die angeforderte Berechtigung + * @return Gibt true zurück, wenn der Benutzer die Berechtigung hat */ @Override - public boolean hasPermission(Authentication authentication, Serializable targetId, String s, Object o) { + public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permissionType) { + if (targetId instanceof Integer) { + var personPoolCode = getPersonPoolCode((int)targetId, targetType); + if (null != personPoolCode && permissionType instanceof PermissionType) { + return getPersonPoolIdsForPermission(authentication, (PermissionType) permissionType).contains(personPoolCode); + } + } return false; } - private List getPersonPoolIdsForPermission(Authentication authentication, PermissionType permissionType) { + private String getPersonPoolCode(int id, String type) { + Patient patient = null; + switch (type) { + case "Patient": + patient = onkostarApi.getPatient(id); + break; + case "Procedure": + var procedure = onkostarApi.getProcedure(id); + if (null != procedure) { + patient = procedure.getPatient(); + } + break; + default: + break; + } + + if (null != patient) { + return patient.getPersonPoolCode(); + } + + return null; + } + + List getPersonPoolIdsForPermission(Authentication authentication, PermissionType permissionType) { var sql = "SELECT p.kennung FROM personenstamm_zugriff " + " JOIN usergroup u ON personenstamm_zugriff.benutzergruppe_id = u.id " + " JOIN akteur_usergroup au ON u.id = au.usergroup_id " +