From c8387c5094d2921bac478508d1f00e29d250d772 Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <volkmer_p@ukw.de>
Date: Mon, 25 Sep 2023 13:57:04 +0200
Subject: [PATCH] Use DelegatingDataBasedPermissionEvaluator

This will check person pool and form/procedure permissions to access ECOG status
---
 src/main/java/DNPM/analyzer/DNPMHelper.java | 11 +++++------
 src/test/java/DNPM/DNPMHelperTest.java      | 13 +++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/main/java/DNPM/analyzer/DNPMHelper.java b/src/main/java/DNPM/analyzer/DNPMHelper.java
index c6d3d47..376333e 100644
--- a/src/main/java/DNPM/analyzer/DNPMHelper.java
+++ b/src/main/java/DNPM/analyzer/DNPMHelper.java
@@ -1,9 +1,9 @@
 package DNPM.analyzer;
 
 import DNPM.VerweisVon;
+import DNPM.security.DelegatingDataBasedPermissionEvaluator;
 import DNPM.security.IllegalSecuredObjectAccessException;
 import DNPM.security.PermissionType;
-import DNPM.security.PersonPoolBasedPermissionEvaluator;
 import DNPM.services.systemtherapie.SystemtherapieService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -33,16 +33,16 @@ public class DNPMHelper extends BackendService {
 
     private final SystemtherapieService systemtherapieService;
 
-    private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+    private final DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;
 
     public DNPMHelper(
             final IOnkostarApi onkostarApi,
             final SystemtherapieService systemtherapieService,
-            final PersonPoolBasedPermissionEvaluator permissionEvaluator
+            final DelegatingDataBasedPermissionEvaluator permissionEvaluator
     ) {
         this.onkostarApi = onkostarApi;
         this.systemtherapieService = systemtherapieService;
-        this.personPoolBasedPermissionEvaluator = permissionEvaluator;
+        this.delegatingDataBasedPermissionEvaluator = permissionEvaluator;
     }
 
     @Override
@@ -237,7 +237,6 @@ public class DNPMHelper extends BackendService {
 
     }
 
-    // TODO Achtung, keine Sicherheitsprüfung, darüber kann für jeden Patienten die Liste mit ECOG-Status abgerufen werden!
     public List<SystemtherapieService.EcogStatusWithDate> getEcogStatus(final Map<String, Object> input) {
         var pid = AnalyzerUtils.getRequiredId(input, "PatientId");
         if (pid.isEmpty()) {
@@ -251,7 +250,7 @@ public class DNPMHelper extends BackendService {
             return List.of();
         }
 
-        if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
+        if (delegatingDataBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
             return systemtherapieService.ecogStatus(patient);
         }
 
diff --git a/src/test/java/DNPM/DNPMHelperTest.java b/src/test/java/DNPM/DNPMHelperTest.java
index edebf7b..3bcaaef 100644
--- a/src/test/java/DNPM/DNPMHelperTest.java
+++ b/src/test/java/DNPM/DNPMHelperTest.java
@@ -1,6 +1,7 @@
 package DNPM;
 
 import DNPM.analyzer.DNPMHelper;
+import DNPM.security.DelegatingDataBasedPermissionEvaluator;
 import DNPM.security.IllegalSecuredObjectAccessException;
 import DNPM.security.PermissionType;
 import DNPM.security.PersonPoolBasedPermissionEvaluator;
@@ -36,7 +37,7 @@ class DNPMHelperTest {
 
     private SystemtherapieService systemtherapieService;
 
-    private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+    private DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;
 
     private DNPMHelper dnpmHelper;
 
@@ -44,12 +45,12 @@ class DNPMHelperTest {
     void setup(
             @Mock IOnkostarApi onkostarApi,
             @Mock SystemtherapieService systemtherapieService,
-            @Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator
+            @Mock DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator
     ) {
         this.onkostarApi = onkostarApi;
         this.systemtherapieService = systemtherapieService;
-        this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
-        this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, personPoolBasedPermissionEvaluator);
+        this.delegatingDataBasedPermissionEvaluator = delegatingDataBasedPermissionEvaluator;
+        this.dnpmHelper = new DNPMHelper(onkostarApi, systemtherapieService, delegatingDataBasedPermissionEvaluator);
     }
 
     @Test
@@ -257,7 +258,7 @@ class DNPMHelperTest {
 
         @Test
         void testShouldReturnEcogStatusList() {
-            when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
+            when(delegatingDataBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
                     .thenReturn(true);
 
             doAnswer(invocationOnMock -> {
@@ -277,7 +278,7 @@ class DNPMHelperTest {
 
         @Test
         void testShouldNotReturnEcogStatusListIfNoPermissionGranted() {
-            when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
+            when(delegatingDataBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
                     .thenReturn(false);
 
             doAnswer(invocationOnMock -> {