pcvolkmer/onkostar-plugin-dnpm
1
0
Fork 0
mirror of https://github.com/pcvolkmer/onkostar-plugin-dnpm.git synced 2025-07-02 17:22:54 +00:00
Code Issues Activity

Issue #24: Ermögliche Berechtigungsprüfung anhand ID und Klassennamen

Browse Source
This commit is contained in:
Paul-Christian Volkmer
2023-04-09 14:01:14 +02:00
parent 07ff2aa316
commit b56ff9e0d8
1 changed files with 40 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/main/java/DNPM/security/PersonPoolBasedPermissionEvaluator.java
View File

@ -1,5 +1,6 @@
package DNPM.security; package DNPM.security;
import de.itc.onkostar.api.IOnkostarApi;
import de.itc.onkostar.api.Patient; import de.itc.onkostar.api.Patient;
import de.itc.onkostar.api.Procedure; import de.itc.onkostar.api.Procedure;
import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.JdbcTemplate;
@ -18,9 +19,12 @@ import java.util.List;
@Component @Component
public class PersonPoolBasedPermissionEvaluator implements PermissionEvaluator { public class PersonPoolBasedPermissionEvaluator implements PermissionEvaluator {
private final IOnkostarApi onkostarApi;
private final JdbcTemplate jdbcTemplate; private final JdbcTemplate jdbcTemplate;
public PersonPoolBasedPermissionEvaluator(final DataSource dataSource) { public PersonPoolBasedPermissionEvaluator(final IOnkostarApi onkostarApi, final DataSource dataSource) {
this.onkostarApi = onkostarApi;
this.jdbcTemplate = new JdbcTemplate(dataSource); this.jdbcTemplate = new JdbcTemplate(dataSource);
} }
@ -46,19 +50,48 @@ public class PersonPoolBasedPermissionEvaluator implements PermissionEvaluator {
} }
/** /**
* Auswertung nicht anhand der ID möglich. Gibt immer <code>false</code> zurück. * Auswertung anhand der ID und des Namens des Zielobjekts.
* @param authentication Authentication-Object * @param authentication Authentication-Object
* @param targetId ID des Objekts * @param targetId ID des Objekts
* @param s * @param targetType Name der Zielobjektklasse
* @param o * @param permissionType Die angeforderte Berechtigung
* @return Gibt immer <code>false</code> zurück * @return Gibt <code>true</code> zurück, wenn der Benutzer die Berechtigung hat
*/ */
@Override @Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String s, Object o) { public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permissionType) {
if (targetId instanceof Integer) {
var personPoolCode = getPersonPoolCode((int)targetId, targetType);
if (null != personPoolCode && permissionType instanceof PermissionType) {
return getPersonPoolIdsForPermission(authentication, (PermissionType) permissionType).contains(personPoolCode);
}
}
return false; return false;
} }
private List<String> getPersonPoolIdsForPermission(Authentication authentication, PermissionType permissionType) { private String getPersonPoolCode(int id, String type) {
Patient patient = null;
switch (type) {
case "Patient":
patient = onkostarApi.getPatient(id);
break;
case "Procedure":
var procedure = onkostarApi.getProcedure(id);
if (null != procedure) {
patient = procedure.getPatient();
}
break;
default:
break;
}
if (null != patient) {
return patient.getPersonPoolCode();
}
return null;
}
List<String> getPersonPoolIdsForPermission(Authentication authentication, PermissionType permissionType) {
var sql = "SELECT p.kennung FROM personenstamm_zugriff " + var sql = "SELECT p.kennung FROM personenstamm_zugriff " +
" JOIN usergroup u ON personenstamm_zugriff.benutzergruppe_id = u.id " + " JOIN usergroup u ON personenstamm_zugriff.benutzergruppe_id = u.id " +
" JOIN akteur_usergroup au ON u.id = au.usergroup_id " + " JOIN akteur_usergroup au ON u.id = au.usergroup_id " +