issue #4101 - handle patch in fhir-smart interceptor (#4103)

lmsurpre · web-flow · commit 24a1ba5d8f5b · 2022-12-09T09:15:37.000-05:00
* issue #4101 - handle patch in fhir-smart interceptor and add corresponding tests to AuthzPolicyEnforcementTest.java Signed-off-by: Lee Surprenant <lmsurpre@merative.com> * updated comment as suggested Signed-off-by: Lee Surprenant <lmsurpre@merative.com> * add clarifying comments as requested in review Signed-off-by: Lee Surprenant <lmsurpre@merative.com> Signed-off-by: Lee Surprenant <lmsurpre@merative.com>
diff --git a/fhir-smart/src/main/java/org/linuxforhealth/fhir/smart/AuthzPolicyEnforcementPersistenceInterceptor.java b/fhir-smart/src/main/java/org/linuxforhealth/fhir/smart/AuthzPolicyEnforcementPersistenceInterceptor.java
@@ -458,6 +458,15 @@ public void beforeDelete(FHIRPersistenceEvent event) throws FHIRPersistenceInter
 
     @Override
     public void beforeUpdate(FHIRPersistenceEvent event) throws FHIRPersistenceInterceptorException {
+        beforeUpdateOrPatch(event);
+    }
+
+    @Override
+    public void beforePatch(FHIRPersistenceEvent event) throws FHIRPersistenceInterceptorException {
+        beforeUpdateOrPatch(event);
+    }
+
+    private void beforeUpdateOrPatch(FHIRPersistenceEvent event) throws FHIRPersistenceInterceptorException {
         DecodedJWT jwt = JWT.decode(getAccessToken());
         Set<String> patientIdFromToken = getPatientIdFromToken(jwt);
         Map<ContextType, List<Scope>> scopesFromToken = getScopesFromToken(jwt);
diff --git a/fhir-smart/src/test/java/org/linuxforhealth/fhir/smart/test/AuthzPolicyEnforcementTest.java b/fhir-smart/src/test/java/org/linuxforhealth/fhir/smart/test/AuthzPolicyEnforcementTest.java
@@ -202,6 +202,10 @@ public void testCreate(String scopeString, List<String> contextIds, Set<Resource
         }
     }
 
+    // For the update interaction, both read and write permissions are needed.
+    // * In the "allowed" case both READ and WRITE "shouldSucceed" (or else it should not have been allowed)
+    // * In the "disallowed" (Exception) case, then either the READ or WRITE interaction was expected
+    //   to not succeed (or else it should have been allowed)
     @Test(dataProvider = "scopeStringProvider")
     public void testUpdate(String scopeString, List<String> contextIds, Set<ResourceType> resourceTypesPermittedByScope, Permission permission) {
         FHIRRequestContext.get().setHttpHeaders(buildRequestHeaders(scopeString, contextIds));
@@ -255,7 +259,8 @@ public void testUpdate(String scopeString, List<String> contextIds, Set<Resource
                         shouldSucceed(resourceTypesPermittedByScope, BINARY, WRITE_APPROVED, permission));
         }
 
-        // Test update Binary Resource which has a securityContext. Should Fail since securityContext is not supported.
+        // Test beforePatch Binary Resource which has a securityContext.
+        // It should be an exception since securityContext is not supported.
         try {
             properties.put(FHIRPersistenceEvent.PROPNAME_RESOURCE_TYPE, "Binary");
             FHIRPersistenceEvent event = new FHIRPersistenceEvent(binaryWithSecurityContext, properties);
@@ -267,9 +272,82 @@ public void testUpdate(String scopeString, List<String> contextIds, Set<Resource
                     shouldSucceed(resourceTypesPermittedByScope, BINARY, WRITE_APPROVED, permission)) {
                 assertTrue(e.getMessage().equals("securityContext is not supported for resource type Binary"));
             }
+            // else beforeUpdate was rejected due to normal fhir-smart behavior (non-securityContext-related)
+        }
+    }
+
+    // The patch interaction is just like the update interaction; both read and write permissions are needed.
+    // * In the "allowed" case both READ and WRITE "shouldSucceed" (or else it should not have been allowed)
+    // * In the "disallowed" (Exception) case, then either the READ or WRITE interaction was expected
+    //   to not succeed (or else it should have been allowed)
+    @Test(dataProvider = "scopeStringProvider")
+    public void testPatch(String scopeString, List<String> contextIds, Set<ResourceType> resourceTypesPermittedByScope, Permission permission) {
+        FHIRRequestContext.get().setHttpHeaders(buildRequestHeaders(scopeString, contextIds));
+
+        try {
+            properties.put(FHIRPersistenceEvent.PROPNAME_RESOURCE_TYPE, "Patient");
+            FHIRPersistenceEvent event = new FHIRPersistenceEvent(patient, properties);
+            event.setPrevFhirResource(patient);
+            interceptor.beforePatch(event);
+            assertTrue(shouldSucceed(resourceTypesPermittedByScope, PATIENT, READ_APPROVED, permission) &&
+                    shouldSucceed(resourceTypesPermittedByScope, PATIENT, WRITE_APPROVED, permission));
+        } catch (FHIRPersistenceInterceptorException e) {
+            assertFalse(shouldSucceed(resourceTypesPermittedByScope, PATIENT, READ_APPROVED, permission) &&
+                    shouldSucceed(resourceTypesPermittedByScope, PATIENT, WRITE_APPROVED, permission));
+        }
+
+        try {
+            properties.put(FHIRPersistenceEvent.PROPNAME_RESOURCE_TYPE, "Observation");
+            FHIRPersistenceEvent event = new FHIRPersistenceEvent(observation, properties);
+            event.setPrevFhirResource(observation);
+            interceptor.beforePatch(event);
+            assertTrue(shouldSucceed(resourceTypesPermittedByScope, OBSERVATION, READ_APPROVED, permission) &&
+                        shouldSucceed(resourceTypesPermittedByScope, OBSERVATION, WRITE_APPROVED, permission));
+        } catch (FHIRPersistenceInterceptorException e) {
+            assertFalse(shouldSucceed(resourceTypesPermittedByScope, OBSERVATION, READ_APPROVED, permission) &&
+                        shouldSucceed(resourceTypesPermittedByScope, OBSERVATION, WRITE_APPROVED, permission));
+        }
+
+        try {
+            properties.put(FHIRPersistenceEvent.PROPNAME_RESOURCE_TYPE, "Condition");
+            FHIRPersistenceEvent event = new FHIRPersistenceEvent(condition, properties);
+            event.setPrevFhirResource(condition);
+            interceptor.beforePatch(event);
+            assertTrue(shouldSucceed(resourceTypesPermittedByScope, CONDITION, READ_APPROVED, permission) &&
+                        shouldSucceed(resourceTypesPermittedByScope, CONDITION, WRITE_APPROVED, permission));
+        } catch (FHIRPersistenceInterceptorException e) {
+            assertFalse(shouldSucceed(resourceTypesPermittedByScope, CONDITION, READ_APPROVED, permission) &&
+                        shouldSucceed(resourceTypesPermittedByScope, CONDITION, WRITE_APPROVED, permission));
         }
 
+        // Test beforePatch Binary Resource which does not have a securityContext. Should Succeed
+        try {
+            properties.put(FHIRPersistenceEvent.PROPNAME_RESOURCE_TYPE, "Binary");
+            FHIRPersistenceEvent event = new FHIRPersistenceEvent(binary, properties);
+            event.setPrevFhirResource(binary);
+            interceptor.beforePatch(event);
+            assertTrue(shouldSucceed(resourceTypesPermittedByScope, BINARY, READ_APPROVED, permission) &&
+                        shouldSucceed(resourceTypesPermittedByScope, BINARY, WRITE_APPROVED, permission));
+        } catch (FHIRPersistenceInterceptorException e) {
+            assertFalse(shouldSucceed(resourceTypesPermittedByScope, BINARY, READ_APPROVED, permission) &&
+                        shouldSucceed(resourceTypesPermittedByScope, BINARY, WRITE_APPROVED, permission));
+        }
 
+        // Test beforePatch Binary Resource which has a securityContext.
+        // It should be an exception since securityContext is not supported.
+        try {
+            properties.put(FHIRPersistenceEvent.PROPNAME_RESOURCE_TYPE, "Binary");
+            FHIRPersistenceEvent event = new FHIRPersistenceEvent(binaryWithSecurityContext, properties);
+            event.setPrevFhirResource(binaryWithSecurityContext);
+            interceptor.beforePatch(event);
+            fail("Did not receive the expected FHIRPersistenceInterceptorException");
+        } catch (FHIRPersistenceInterceptorException e) {
+            if (shouldSucceed(resourceTypesPermittedByScope, BINARY, READ_APPROVED, permission) &&
+                    shouldSucceed(resourceTypesPermittedByScope, BINARY, WRITE_APPROVED, permission)) {
+                assertTrue(e.getMessage().equals("securityContext is not supported for resource type Binary"));
+            }
+            // else beforePatch was rejected due to normal fhir-smart behavior (non-securityContext-related)
+        }
     }
 
     @Test(dataProvider = "scopeStringProvider")
@@ -1559,6 +1637,7 @@ private Map<String, List<String>> buildRequestHeaders(String scopeString, List<S
 
     /**
      * @return true if the interaction should succeed, otherwise false
+     * @implNote this method is used to help establish the "expected outcome" of a given interaction
      */
     private boolean shouldSucceed(Set<ResourceType> resourceTypesPermittedByScope, ResourceType requiredResourceType,
             List<Permission> permissionsPermittedByScope, Permission requiredPermission) {
