Issue #29: Abgesicherter Zugriff auf ECOG Verlauf

author: Paul-Christian Volkmer 2023-08-28 14:39:43 +0200
committer: Paul-Christian Volkmer 2023-08-28 14:39:43 +0200
commit: 35f1aa0d757900e1a5d22d04ab85c9b22882a07b (patch)
tree: edb1be1dd7a4395a91774424cb4d940d17bfea8e /src/main/java
parent: 74a6e7e79a56b016781d5eb07f85f1d40ef5b511 (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/src/main/java/DNPM/DNPMHelper.java b/src/main/java/DNPM/DNPMHelper.java
index 50b153e..838ca9a 100644
--- a/src/main/java/DNPM/DNPMHelper.java
+++ b/src/main/java/DNPM/DNPMHelper.java
@@ -1,6 +1,9 @@
 package DNPM;
 
 import DNPM.analyzer.AnalyzerUtils;
+import DNPM.security.IllegalSecuredObjectAccessException;
+import DNPM.security.PermissionType;
+import DNPM.security.PersonPoolBasedPermissionEvaluator;
 import DNPM.services.systemtherapie.SystemtherapieService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -17,6 +20,7 @@ import org.hibernate.transform.Transformers;
 import org.hibernate.type.StandardBasicTypes;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -31,9 +35,16 @@ public class DNPMHelper implements IProcedureAnalyzer {
 
     private final SystemtherapieService systemtherapieService;
 
-    public DNPMHelper(final IOnkostarApi onkostarApi, final SystemtherapieService systemtherapieService) {
+    private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+
+    public DNPMHelper(
+            final IOnkostarApi onkostarApi,
+            final SystemtherapieService systemtherapieService,
+            final PersonPoolBasedPermissionEvaluator permissionEvaluator
+            ) {
         this.onkostarApi = onkostarApi;
         this.systemtherapieService = systemtherapieService;
+        this.personPoolBasedPermissionEvaluator = permissionEvaluator;
     }
 
     @Override
@@ -264,6 +275,10 @@ public class DNPMHelper implements IProcedureAnalyzer {
             return List.of();
         }
 
-        return systemtherapieService.ecogSatus(patient);
+        if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
+            return systemtherapieService.ecogSatus(patient);
+        }
+
+        throw new IllegalSecuredObjectAccessException("Kein Zugriff auf diesen Patienten");
     }
 }
 \ No newline at end of file
author	Paul-Christian Volkmer	2023-08-28 14:39:43 +0200
committer	Paul-Christian Volkmer	2023-08-28 14:39:43 +0200
commit	35f1aa0d757900e1a5d22d04ab85c9b22882a07b (patch)
tree	edb1be1dd7a4395a91774424cb4d940d17bfea8e /src/main/java
parent	74a6e7e79a56b016781d5eb07f85f1d40ef5b511 (diff)