Use DelegatingDataBasedPermissionEvaluator

This will check person pool and form/procedure permissions to access ECOG status
2025-07-02 01:02:55 +00:00 · 2023-09-25 13:57:04 +02:00
parent 4949bfcc64
commit c8387c5094
2 changed files with 12 additions and 12 deletions
--- a/src/main/java/DNPM/analyzer/DNPMHelper.java
+++ b/src/main/java/DNPM/analyzer/DNPMHelper.java
@ -1,9 +1,9 @@
 package DNPM.analyzer;

 import DNPM.VerweisVon;
+import DNPM.security.DelegatingDataBasedPermissionEvaluator;
 import DNPM.security.IllegalSecuredObjectAccessException;
 import DNPM.security.PermissionType;
-import DNPM.security.PersonPoolBasedPermissionEvaluator;
 import DNPM.services.systemtherapie.SystemtherapieService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@ -33,16 +33,16 @@ public class DNPMHelper extends BackendService {

    private final SystemtherapieService systemtherapieService;

-    private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+    private final DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;

    public DNPMHelper(
            final IOnkostarApi onkostarApi,
            final SystemtherapieService systemtherapieService,
-            final PersonPoolBasedPermissionEvaluator permissionEvaluator
+            final DelegatingDataBasedPermissionEvaluator permissionEvaluator
    ) {
        this.onkostarApi = onkostarApi;
        this.systemtherapieService = systemtherapieService;
-        this.personPoolBasedPermissionEvaluator = permissionEvaluator;
+        this.delegatingDataBasedPermissionEvaluator = permissionEvaluator;
    }

    @Override
@ -237,7 +237,6 @@ public class DNPMHelper extends BackendService {

    }

-    // TODO Achtung, keine Sicherheitsprüfung, darüber kann für jeden Patienten die Liste mit ECOG-Status abgerufen werden!
    public List<SystemtherapieService.EcogStatusWithDate> getEcogStatus(final Map<String, Object> input) {
        var pid = AnalyzerUtils.getRequiredId(input, "PatientId");
        if (pid.isEmpty()) {
@ -251,7 +250,7 @@ public class DNPMHelper extends BackendService {
            return List.of();
        }

-        if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
+        if (delegatingDataBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
            return systemtherapieService.ecogStatus(patient);
        }

--- a/src/test/java/DNPM/DNPMHelperTest.java
+++ b/src/test/java/DNPM/DNPMHelperTest.java
@ -1,6 +1,7 @@
 package DNPM;

 import DNPM.analyzer.DNPMHelper;
+import DNPM.security.DelegatingDataBasedPermissionEvaluator;
 import DNPM.security.IllegalSecuredObjectAccessException;
 import DNPM.security.PermissionType;
 import DNPM.security.PersonPoolBasedPermissionEvaluator;
@ -36,7 +37,7 @@ class DNPMHelperTest {

    private SystemtherapieService systemtherapieService;

-    private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+    private DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;

    private DNPMHelper dnpmHelper;

@ -44,12 +45,12 @@ class DNPMHelperTest {
    void setup(
            @Mock IOnkostarApi onkostarApi,
            @Mock SystemtherapieService systemtherapieService,
-            @Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator
+            @Mock DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator
    ) {
        this.onkostarApi = onkostarApi;
        this.systemtherapieService = systemtherapieService;
-        this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
-        this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, personPoolBasedPermissionEvaluator);
+        this.delegatingDataBasedPermissionEvaluator = delegatingDataBasedPermissionEvaluator;
+        this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, delegatingDataBasedPermissionEvaluator);
    }

    @Test
@ -257,7 +258,7 @@ class DNPMHelperTest {

        @Test
        void testShouldReturnEcogStatusList() {
-            when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
+            when(delegatingDataBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
                    .thenReturn(true);

            doAnswer(invocationOnMock -> {
@ -277,7 +278,7 @@ class DNPMHelperTest {

        @Test
        void testShouldNotReturnEcogStatusListIfNoPermissionGranted() {
-            when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
+            when(delegatingDataBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
                    .thenReturn(false);

            doAnswer(invocationOnMock -> {