001package ca.uhn.fhir.rest.server.interceptor.auth; 002 003/* 004 * #%L 005 * HAPI FHIR - Core Library 006 * %% 007 * Copyright (C) 2014 - 2017 University Health Network 008 * %% 009 * Licensed under the Apache License, Version 2.0 (the "License"); 010 * you may not use this file except in compliance with the License. 011 * You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, software 016 * distributed under the License is distributed on an "AS IS" BASIS, 017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 018 * See the License for the specific language governing permissions and 019 * limitations under the License. 020 * #L% 021 */ 022 023public interface IAuthRuleBuilderRule { 024 025 /** 026 * This rule applies to <code>create</code> operations with a <code>conditional</code> 027 * URL as a part of the request. Note that this rule will allow the conditional 028 * operation to proceed, but the server is expected to determine the actual target 029 * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor} 030 * in order to authorize the actual target. 031 * <p> 032 * In other words, if the server is configured correctly, this chain will allow the 033 * client to perform a conditional update, but a different rule is required to actually 034 * authorize the target that the conditional update is determined to match. 035 * </p> 036 */ 037 IAuthRuleBuilderRuleConditional createConditional(); 038 039 /** 040 * This rule applies to the FHIR delete operation 041 */ 042 IAuthRuleBuilderRuleOp delete(); 043 044 /** 045 * This rule applies to <code>create</code> operations with a <code>conditional</code> 046 * URL as a part of the request. Note that this rule will allow the conditional 047 * operation to proceed, but the server is expected to determine the actual target 048 * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor} 049 * in order to authorize the actual target. 050 * <p> 051 * In other words, if the server is configured correctly, this chain will allow the 052 * client to perform a conditional update, but a different rule is required to actually 053 * authorize the target that the conditional update is determined to match. 054 * </p> 055 */ 056 IAuthRuleBuilderRuleConditional deleteConditional(); 057 058 /** 059 * This rules applies to the metadata operation (retrieve the 060 * server's conformance statement) 061 * <p> 062 * This call completes the rule and adds the rule to the chain. 063 * </p> 064 */ 065 IAuthRuleBuilderRuleOpClassifierFinished metadata(); 066 067 /** 068 * This rule applies to a FHIR operation (e.g. <code>$validate</code>) 069 */ 070 IAuthRuleBuilderOperation operation(); 071 072 /** 073 * This rule applies to any FHIR operation involving reading, including 074 * <code>read</code>, <code>vread</code>, <code>search</code>, and 075 * <code>history</code> 076 */ 077 IAuthRuleBuilderRuleOp read(); 078 079 /** 080 * This rule applies to the FHIR transaction operation. Transaction is a special 081 * case in that it bundles other operations 082 */ 083 IAuthRuleBuilderRuleTransaction transaction(); 084 085 /** 086 * This rule applies to <code>update</code> operations with a <code>conditional</code> 087 * URL as a part of the request. Note that this rule will allow the conditional 088 * operation to proceed, but the server is expected to determine the actual target 089 * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor} 090 * in order to authorize the actual target. 091 * <p> 092 * In other words, if the server is configured correctly, this chain will allow the 093 * client to perform a conditional update, but a different rule is required to actually 094 * authorize the target that the conditional update is determined to match. 095 * </p> 096 */ 097 IAuthRuleBuilderRuleConditional updateConditional(); 098 099 /** 100 * This rule applies to any FHIR operation involving writing, including 101 * <code>create</code>, and <code>update</code> 102 */ 103 IAuthRuleBuilderRuleOp write(); 104 105}