diff options
| author | Paul-Christian Volkmer | 2023-09-25 13:57:04 +0200 |
|---|---|---|
| committer | Paul-Christian Volkmer | 2023-09-25 13:57:04 +0200 |
| commit | c8387c5094d2921bac478508d1f00e29d250d772 (patch) | |
| tree | 9ec9879a673442acd4ad7768c669b1f316619d22 /src/main/java/DNPM/analyzer | |
| parent | 4949bfcc64fe7323458884121f10d2fdf95b1a73 (diff) | |
Use DelegatingDataBasedPermissionEvaluator
This will check person pool and form/procedure permissions to access ECOG status
Diffstat (limited to 'src/main/java/DNPM/analyzer')
| -rw-r--r-- | src/main/java/DNPM/analyzer/DNPMHelper.java | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/main/java/DNPM/analyzer/DNPMHelper.java b/src/main/java/DNPM/analyzer/DNPMHelper.java index c6d3d47..376333e 100644 --- a/src/main/java/DNPM/analyzer/DNPMHelper.java +++ b/src/main/java/DNPM/analyzer/DNPMHelper.java @@ -1,9 +1,9 @@ package DNPM.analyzer; import DNPM.VerweisVon; +import DNPM.security.DelegatingDataBasedPermissionEvaluator; import DNPM.security.IllegalSecuredObjectAccessException; import DNPM.security.PermissionType; -import DNPM.security.PersonPoolBasedPermissionEvaluator; import DNPM.services.systemtherapie.SystemtherapieService; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; @@ -33,16 +33,16 @@ public class DNPMHelper extends BackendService { private final SystemtherapieService systemtherapieService; - private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator; + private final DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator; public DNPMHelper( final IOnkostarApi onkostarApi, final SystemtherapieService systemtherapieService, - final PersonPoolBasedPermissionEvaluator permissionEvaluator + final DelegatingDataBasedPermissionEvaluator permissionEvaluator ) { this.onkostarApi = onkostarApi; this.systemtherapieService = systemtherapieService; - this.personPoolBasedPermissionEvaluator = permissionEvaluator; + this.delegatingDataBasedPermissionEvaluator = permissionEvaluator; } @Override @@ -237,7 +237,6 @@ public class DNPMHelper extends BackendService { } - // TODO Achtung, keine Sicherheitsprüfung, darüber kann für jeden Patienten die Liste mit ECOG-Status abgerufen werden! public List<SystemtherapieService.EcogStatusWithDate> getEcogStatus(final Map<String, Object> input) { var pid = AnalyzerUtils.getRequiredId(input, "PatientId"); if (pid.isEmpty()) { @@ -251,7 +250,7 @@ public class DNPMHelper extends BackendService { return List.of(); } - if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) { + if (delegatingDataBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) { return systemtherapieService.ecogStatus(patient); } |