Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4941 performing javascript reject operation during consent validation does not return 403 #4951

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

4941 performing javascript reject operation during consent validation does not return 403 #4951

wants to merge 8 commits into from

Conversation

SouradeepSahaSmile
Copy link
Contributor

@SouradeepSahaSmile SouradeepSahaSmile commented May 31, 2023
edited
Loading

What was done:

  • Forbid method was added to return error 403 instead of status code 200
  • Tests were added

@SouradeepSahaSmile SouradeepSahaSmile linked an issue May 31, 2023 that may be closed by this pull request
Draft: Performing JavaScript Reject Operation during consent validation does not return 403 #4941
Open
@codecov
Copy link

codecov bot commented May 31, 2023
edited
Loading

Codecov Report

Patch coverage has no change and project coverage change: +1.83 🎉

Comparison is base (2f5ffe7) 81.32% compared to head (2c2989d) 83.16%.

❗ Current head 2c2989d differs from pull request most recent head cf3f7f4. Consider uploading reports for the commit cf3f7f4 to get more accurate results

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #4951      +/-   ##
============================================
+ Coverage     81.32%   83.16%   +1.83%     
- Complexity    23650    25558    +1908     
============================================
  Files          1425     1557     +132     
  Lines         86399    93239    +6840     
  Branches      11677    12423     +746     
============================================
+ Hits          70265    77541    +7276     
+ Misses        10947    10232     -715     
- Partials       5187     5466     +279

see 1514 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

epeartree
epeartree reviewed May 31, 2023
View reviewed changes
Copy link
Collaborator

@epeartree epeartree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and u'll need a changelog.

hapi-fhir-docs/src/main/java/ca/uhn/hapi/fhir/docs/ConsentInterceptors.java Outdated
@@ -58,6 +58,7 @@ public ConsentOutcome canSeeResource(RequestDetails theRequestDetails, IBaseReso
Observation obs = (Observation)theResource;
if (obs.getCategoryFirstRep().hasCoding("http:https://hl7.org/fhir/codesystem-observation-category.html", "laboratory")) {
return ConsentOutcome.REJECT;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove commented code.

instead, add to the documentation (line 54-56):
A real interceptor might do something more nuance or entirely forbid the operation by returning ConsentOutcome.FORBID;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

...hir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/consent/ConsentInterceptor.java Outdated Show resolved Hide resolved
...hir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/consent/ConsentInterceptor.java Show resolved Hide resolved
...-structures-r4/src/test/java/ca/uhn/fhir/rest/server/interceptor/ConsentInterceptorTest.java Show resolved Hide resolved
jamesagnew
jamesagnew reviewed Jun 1, 2023
View reviewed changes
...er/src/main/java/ca/uhn/fhir/rest/server/interceptor/consent/ConsentOperationStatusEnum.java
* The requested operation cannot proceed, and an operation outcome suitable for
* the user is available
*/
FORBID
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dont' understand what this change is for. How is FORBID different from REJECT? It has identical javadocs which suggests that it is the same. If it's not the same, the javadocs need to be updated to reflect exactly when someone would use one vs the other, and the actual documentation on hapifhir.io/hapi-fhir/docs should also be updated to make this clear. Also Unit Tests should be added that exercize the differences.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The intend behind adding the FORBID operation outcome is to permit a client to specify that the server should return 403 from any of the consent service javascript callback as REJECT will only trigger a 403 from 'consentStartOperation'.

Comment and documentation will be updated.

@hapifhir hapifhir deleted a comment from SouradeepSahaSmile Jun 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamesagnew jamesagnew jamesagnew left review comments

@epeartree epeartree epeartree left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Draft: Performing JavaScript Reject Operation during consent validation does not return 403
3 participants
@SouradeepSahaSmile @jamesagnew @epeartree