From c8387c5094d2921bac478508d1f00e29d250d772 Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer
Date: Mon, 25 Sep 2023 13:57:04 +0200
Subject: Use DelegatingDataBasedPermissionEvaluator

This will check person pool and form/procedure permissions to access ECOG status
---
 src/main/java/DNPM/analyzer/DNPMHelper.java | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'src/main/java')

diff --git a/src/main/java/DNPM/analyzer/DNPMHelper.java b/src/main/java/DNPM/analyzer/DNPMHelper.java
index c6d3d47..376333e 100644
--- a/src/main/java/DNPM/analyzer/DNPMHelper.java
+++ b/src/main/java/DNPM/analyzer/DNPMHelper.java
@@ -1,9 +1,9 @@
 package DNPM.analyzer;
 
 import DNPM.VerweisVon;
+import DNPM.security.DelegatingDataBasedPermissionEvaluator;
 import DNPM.security.IllegalSecuredObjectAccessException;
 import DNPM.security.PermissionType;
-import DNPM.security.PersonPoolBasedPermissionEvaluator;
 import DNPM.services.systemtherapie.SystemtherapieService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -33,16 +33,16 @@ public class DNPMHelper extends BackendService {
 
     private final SystemtherapieService systemtherapieService;
 
-    private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+    private final DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;
 
     public DNPMHelper(
             final IOnkostarApi onkostarApi,
             final SystemtherapieService systemtherapieService,
-            final PersonPoolBasedPermissionEvaluator permissionEvaluator
+            final DelegatingDataBasedPermissionEvaluator permissionEvaluator
     ) {
         this.onkostarApi = onkostarApi;
         this.systemtherapieService = systemtherapieService;
-        this.personPoolBasedPermissionEvaluator = permissionEvaluator;
+        this.delegatingDataBasedPermissionEvaluator = permissionEvaluator;
     }
 
     @Override
@@ -237,7 +237,6 @@ public class DNPMHelper extends BackendService {
 
     }
 
-    // TODO Achtung, keine Sicherheitsprüfung, darüber kann für jeden Patienten die Liste mit ECOG-Status abgerufen werden!
     public List<SystemtherapieService.EcogStatusWithDate> getEcogStatus(final Map<String, Object> input) {
         var pid = AnalyzerUtils.getRequiredId(input, "PatientId");
         if (pid.isEmpty()) {
@@ -251,7 +250,7 @@ public class DNPMHelper extends BackendService {
             return List.of();
         }
 
-        if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
+        if (delegatingDataBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
             return systemtherapieService.ecogStatus(patient);
         }
 
-- 
cgit v1.2.3