001package ca.uhn.fhir.rest.server.interceptor.auth;
002
003/*
004 * #%L
005 * HAPI FHIR - Core Library
006 * %%
007 * Copyright (C) 2014 - 2017 University Health Network
008 * %%
009 * Licensed under the Apache License, Version 2.0 (the "License");
010 * you may not use this file except in compliance with the License.
011 * You may obtain a copy of the License at
012 * 
013 *      http://www.apache.org/licenses/LICENSE-2.0
014 * 
015 * Unless required by applicable law or agreed to in writing, software
016 * distributed under the License is distributed on an "AS IS" BASIS,
017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
018 * See the License for the specific language governing permissions and
019 * limitations under the License.
020 * #L%
021 */
022
023public interface IAuthRuleBuilderRule {
024
025        /**
026         * This rule applies to <code>create</code> operations with a <code>conditional</code>
027         * URL as a part of the request. Note that this rule will allow the conditional
028         * operation to proceed, but the server is expected to determine the actual target
029         * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor}
030         * in order to authorize the actual target.
031         * <p>
032         * In other words, if the server is configured correctly, this chain will allow the
033         * client to perform a conditional update, but a different rule is required to actually
034         * authorize the target that the conditional update is determined to match.
035         * </p>
036         */
037        IAuthRuleBuilderRuleConditional createConditional();
038
039        /**
040         * This rule applies to the FHIR delete operation
041         */
042        IAuthRuleBuilderRuleOp delete();
043
044        /**
045         * This rule applies to <code>create</code> operations with a <code>conditional</code>
046         * URL as a part of the request. Note that this rule will allow the conditional
047         * operation to proceed, but the server is expected to determine the actual target
048         * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor}
049         * in order to authorize the actual target.
050         * <p>
051         * In other words, if the server is configured correctly, this chain will allow the
052         * client to perform a conditional update, but a different rule is required to actually
053         * authorize the target that the conditional update is determined to match.
054         * </p>
055         */
056        IAuthRuleBuilderRuleConditional deleteConditional();
057
058        /**
059         * This rules applies to the metadata operation (retrieve the
060         * server's conformance statement)
061         * <p>
062         * This call completes the rule and adds the rule to the chain.
063         * </p>
064         */
065        IAuthRuleBuilderRuleOpClassifierFinished metadata();
066
067        /**
068         * This rule applies to a FHIR operation (e.g. <code>$validate</code>)
069         */
070        IAuthRuleBuilderOperation operation();
071
072        /**
073         * This rule applies to any FHIR operation involving reading, including
074         * <code>read</code>, <code>vread</code>, <code>search</code>, and
075         * <code>history</code>
076         */
077        IAuthRuleBuilderRuleOp read();
078
079        /**
080         * This rule applies to the FHIR transaction operation. Transaction is a special
081         * case in that it bundles other operations
082         */
083        IAuthRuleBuilderRuleTransaction transaction();
084
085        /**
086         * This rule applies to <code>update</code> operations with a <code>conditional</code>
087         * URL as a part of the request. Note that this rule will allow the conditional
088         * operation to proceed, but the server is expected to determine the actual target
089         * of the conditional request and send a subsequent event to the {@link AuthorizationInterceptor}
090         * in order to authorize the actual target.
091         * <p>
092         * In other words, if the server is configured correctly, this chain will allow the
093         * client to perform a conditional update, but a different rule is required to actually
094         * authorize the target that the conditional update is determined to match.
095         * </p>
096         */
097        IAuthRuleBuilderRuleConditional updateConditional();
098
099        /**
100         * This rule applies to any FHIR operation involving writing, including
101         * <code>create</code>, and <code>update</code>
102         */
103        IAuthRuleBuilderRuleOp write();
104
105}