add check for resource type and request method for bundle entries

Author: wetret

src/main/java/dev/dsf/bpe/ConstantsAllowList.java

@@ -20,4 +20,7 @@ public interface ConstantsAllowList
 	String PROFILE_DSF_TASK_UPDATE_ALLOW_LIST = "http://dsf.dev/fhir/StructureDefinition/task-update-allow-list";
 	String PROFILE_DSF_TASK_UPDATE_ALLOW_LIST_PROCESS_URI = PROCESS_DSF_URI_BASE + PROCESS_NAME_UPDATE_ALLOW_LIST;
 	String PROFILE_DSF_TASK_UPDATE_ALLOW_LIST_MESSAGE_NAME = "updateAllowListMessage";
+
+	String BPMN_EXECUTION_VARIABLE_BUNDLE = "bundle";
+	String BPMN_EXECUTION_VARIABLE_BUNDLE_URL = "bundleUrl";
 }

src/main/java/dev/dsf/bpe/service/CheckAllowList.java

@@ -0,0 +1,108 @@
+package dev.dsf.bpe.service;
+
+import java.util.EnumSet;
+import java.util.function.Predicate;
+
+import org.camunda.bpm.engine.delegate.DelegateExecution;
+import org.hl7.fhir.r4.model.Bundle;
+import org.hl7.fhir.r4.model.Bundle.BundleEntryComponent;
+import org.hl7.fhir.r4.model.Bundle.HTTPVerb;
+import org.hl7.fhir.r4.model.Endpoint;
+import org.hl7.fhir.r4.model.Organization;
+import org.hl7.fhir.r4.model.OrganizationAffiliation;
+import org.hl7.fhir.r4.model.Resource;
+import org.hl7.fhir.r4.model.StringType;
+import org.hl7.fhir.r4.model.Task;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import dev.dsf.bpe.ConstantsAllowList;
+import dev.dsf.bpe.v1.ProcessPluginApi;
+import dev.dsf.bpe.v1.activity.AbstractServiceDelegate;
+import dev.dsf.bpe.v1.constants.CodeSystems;
+import dev.dsf.bpe.v1.variables.Variables;
+
+public class CheckAllowList extends AbstractServiceDelegate
+{
+	private static final Logger logger = LoggerFactory.getLogger(CheckAllowList.class);
+
+	public CheckAllowList(ProcessPluginApi api)
+	{
+		super(api);
+	}
+
+	@Override
+	protected void doExecute(DelegateExecution execution, Variables variables)
+	{
+		Bundle bundle = variables.getResource(ConstantsAllowList.BPMN_EXECUTION_VARIABLE_BUNDLE);
+		String bundleUrl = variables.getString(ConstantsAllowList.BPMN_EXECUTION_VARIABLE_BUNDLE_URL);
+
+		if (!EnumSet.of(Bundle.BundleType.TRANSACTION, Bundle.BundleType.BATCH).contains(bundle.getType()))
+		{
+			logger.error("Bundle type TRANSACTION or BATCH expected, but got '{}' in Bundle with id '{}'",
+					bundle.getType(), bundleUrl);
+			throw new RuntimeException("Bundle type TRANSACTION or BATCH expected, but got '" + bundle.getType()
+					+ "' in Bundle with id '" + bundleUrl + "'");
+		}
+
+		Task task = variables.getStartTask();
+
+		if (bundle.getEntry().stream().anyMatch(entryNotAllowedWithError(task, bundleUrl)))
+		{
+			variables.updateTask(task);
+
+			logger.error("Expected Bundle with id '{}' containing only resource types Organization, "
+					+ "OrganizationAffiliation or Endpoint and request methods PUT or DELETE, but found different "
+					+ "types or methods.", bundleUrl);
+			throw new RuntimeException("Expected Bundle with id '" + bundleUrl + "'containing only resource "
+					+ "types Organization, OrganizationAffiliation or Endpoint and "
+					+ "request methods PUT or DELETE, but found different types or methods.");
+		}
+	}
+
+	private Predicate<BundleEntryComponent> entryNotAllowedWithError(Task task, String bundleUrl)
+	{
+		return entry ->
+		{
+			boolean resourceNotAllowed = resourceNotAllowedWithError(entry, task, bundleUrl);
+			boolean requestNotAllowed = requestNotAllowedWithError(entry, task, bundleUrl);
+
+			// Split into two method calls and not inline to ensure that both methods
+			// are executed so that all given error messages can be written to Task.output
+			return resourceNotAllowed || requestNotAllowed;
+		};
+	}
+
+	private boolean resourceNotAllowedWithError(BundleEntryComponent entry, Task task, String bundleUrl)
+	{
+		Resource resource = entry.getResource();
+		boolean resourceAllowed = (resource instanceof Organization || resource instanceof OrganizationAffiliation
+				|| resource instanceof Endpoint);
+
+		if (!resourceAllowed)
+			addError(task, "Resource of type '" + resource.getResourceType().name()
+					+ "' not allowed in Bundle with id '" + bundleUrl + "'");
+
+		return !resourceAllowed;
+	}
+
+	private boolean requestNotAllowedWithError(BundleEntryComponent entry, Task task, String bundleUrl)
+	{
+		boolean requestAllowed = false;
+
+		if (entry.hasRequest())
+			requestAllowed = EnumSet.of(HTTPVerb.PUT, HTTPVerb.DELETE).contains(entry.getRequest().getMethod());
+
+		if (!requestAllowed)
+			addError(task, "Request with Method '" + entry.getRequest().getMethod()
+					+ "' not allowed in Bundle with id '" + bundleUrl + "'");
+
+		return !requestAllowed;
+	}
+
+	private void addError(Task task, String message)
+	{
+		logger.warn(message);
+		task.addOutput(api.getTaskHelper().createOutput(new StringType(message), CodeSystems.BpmnMessage.error()));
+	}
+}

src/main/java/dev/dsf/bpe/service/DownloadAllowList.java

@@ -1,11 +1,9 @@
 package dev.dsf.bpe.service;
 
-import java.util.EnumSet;
 import java.util.List;
 
 import org.camunda.bpm.engine.delegate.DelegateExecution;
 import org.hl7.fhir.r4.model.Bundle;
-import org.hl7.fhir.r4.model.Bundle.BundleType;
 import org.hl7.fhir.r4.model.IdType;
 import org.hl7.fhir.r4.model.Reference;
 import org.hl7.fhir.r4.model.Task;
@@ -29,47 +27,31 @@ public DownloadAllowList(ProcessPluginApi api)
 	}
 
 	@Override
-	protected void doExecute(DelegateExecution execution, Variables variables) throws Exception
+	protected void doExecute(DelegateExecution execution, Variables variables)
 	{
 		Task task = variables.getStartTask();
 		IdType bundleId = getBundleId(task);
 		FhirWebserviceClient requesterClient = api.getFhirWebserviceClientProvider()
 				.getWebserviceClient(bundleId.getBaseUrl());
 
-		Bundle bundle;
 		try
 		{
+			Bundle bundle;
+
 			if (bundleId.hasVersionIdPart())
 				bundle = requesterClient.read(Bundle.class, bundleId.getIdPart(), bundleId.getVersionIdPart());
 			else
 				bundle = requesterClient.read(Bundle.class, bundleId.getIdPart());
+
+			variables.setString(ConstantsAllowList.BPMN_EXECUTION_VARIABLE_BUNDLE_URL, bundleId.getValue());
+			variables.setResource(ConstantsAllowList.BPMN_EXECUTION_VARIABLE_BUNDLE, bundle);
 		}
 		catch (WebApplicationException e)
 		{
-			logger.error("Error while reading Bundle with id {} from organization {}: {}", bundleId.getValue(),
+			logger.error("Error while reading Bundle with id '{}' from organization {}: {}", bundleId.getValue(),
 					task.getRequester().getReference(), e.getMessage());
-			throw new RuntimeException("Error while reading Bundle with id " + bundleId.getValue()
-					+ " from organization " + task.getRequester().getReference() + ", " + e.getMessage(), e);
-		}
-
-		if (!EnumSet.of(BundleType.TRANSACTION, BundleType.BATCH).contains(bundle.getType()))
-		{
-			logger.error("Bundle type TRANSACTION or BATCH expected, but got {}", bundle.getType());
-			throw new RuntimeException("Bundle type TRANSACTION or BATCH expected, but got " + bundle.getType());
-		}
-
-		try
-		{
-			logger.debug("Posting bundle to local endpoint: {}",
-					api.getFhirContext().newXmlParser().encodeResourceToString(bundle));
-			api.getFhirWebserviceClientProvider().getLocalWebserviceClient().withMinimalReturn().postBundle(bundle);
-		}
-		catch (Exception e)
-		{
-			logger.error("Error while executing Bundle with id {} from organization {} locally: {}",
-					bundleId.getValue(), task.getRequester().getReference(), e.getMessage());
-			throw new RuntimeException("Error while executing Bundle with id " + bundleId.getValue()
-					+ " from organization " + task.getRequester().getReference() + " locally, " + e.getMessage(), e);
+			throw new RuntimeException("Error while reading Bundle with id '" + bundleId.getValue()
+					+ "' from organization " + task.getRequester().getReference() + ": " + e.getMessage(), e);
 		}
 	}
 
@@ -82,19 +64,19 @@ private IdType getBundleId(Task task)
 
 		if (bundleReferences.size() != 1)
 		{
-			logger.error("Task input parameter {} contains unexpected number of Bundle IDs, expected 1, got {}",
+			logger.error("Task input parameter '{}' contains unexpected number of Bundle IDs, expected 1, got {}",
 					ConstantsAllowList.CODESYSTEM_DSF_ALLOW_LIST_VALUE_ALLOW_LIST, bundleReferences.size());
 			throw new RuntimeException(
-					"Task input parameter " + ConstantsAllowList.CODESYSTEM_DSF_ALLOW_LIST_VALUE_ALLOW_LIST
-							+ " contains unexpected number of Bundle IDs, expected 1, got " + bundleReferences.size());
+					"Task input parameter '" + ConstantsAllowList.CODESYSTEM_DSF_ALLOW_LIST_VALUE_ALLOW_LIST
+							+ "' contains unexpected number of Bundle IDs, expected 1, got " + bundleReferences.size());
 		}
 		else if (!bundleReferences.get(0).hasReference()
 				|| !bundleReferences.get(0).getReference().contains("/Bundle/"))
 		{
-			logger.error("Task input parameter {} has no Bundle reference",
+			logger.error("Task input parameter '{}' has no Bundle reference",
 					ConstantsAllowList.CODESYSTEM_DSF_ALLOW_LIST_VALUE_ALLOW_LIST);
-			throw new RuntimeException("Task input parameter "
-					+ ConstantsAllowList.CODESYSTEM_DSF_ALLOW_LIST_VALUE_ALLOW_LIST + " has no Bundle reference");
+			throw new RuntimeException("Task input parameter '"
+					+ ConstantsAllowList.CODESYSTEM_DSF_ALLOW_LIST_VALUE_ALLOW_LIST + "' has no Bundle reference");
 		}
 
 		return new IdType(bundleReferences.get(0).getReference());

src/main/java/dev/dsf/bpe/service/InsertAllowList.java

@@ -0,0 +1,44 @@
+package dev.dsf.bpe.service;
+
+import org.camunda.bpm.engine.delegate.DelegateExecution;
+import org.hl7.fhir.r4.model.Bundle;
+import org.hl7.fhir.r4.model.Task;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import dev.dsf.bpe.ConstantsAllowList;
+import dev.dsf.bpe.v1.ProcessPluginApi;
+import dev.dsf.bpe.v1.activity.AbstractServiceDelegate;
+import dev.dsf.bpe.v1.variables.Variables;
+
+public class InsertAllowList extends AbstractServiceDelegate
+{
+	private static final Logger logger = LoggerFactory.getLogger(InsertAllowList.class);
+
+	public InsertAllowList(ProcessPluginApi api)
+	{
+		super(api);
+	}
+
+	@Override
+	protected void doExecute(DelegateExecution execution, Variables variables)
+	{
+		Task task = variables.getStartTask();
+		Bundle bundle = variables.getResource(ConstantsAllowList.BPMN_EXECUTION_VARIABLE_BUNDLE);
+		String bundleUrl = variables.getString(ConstantsAllowList.BPMN_EXECUTION_VARIABLE_BUNDLE_URL);
+
+		try
+		{
+			logger.debug("Posting bundle to local endpoint: {}",
+					api.getFhirContext().newXmlParser().encodeResourceToString(bundle));
+			api.getFhirWebserviceClientProvider().getLocalWebserviceClient().withMinimalReturn().postBundle(bundle);
+		}
+		catch (Exception e)
+		{
+			logger.error("Error while executing Bundle with id '{}' from organization {} locally: {}", bundleUrl,
+					task.getRequester().getReference(), e.getMessage());
+			throw new RuntimeException("Error while executing Bundle with id '" + bundleUrl + "' from organization "
+					+ task.getRequester().getReference() + " locally, " + e.getMessage(), e);
+		}
+	}
+}

src/main/java/dev/dsf/bpe/spring/config/AllowListConfig.java

@@ -6,7 +6,9 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
 
+import dev.dsf.bpe.service.CheckAllowList;
 import dev.dsf.bpe.service.DownloadAllowList;
+import dev.dsf.bpe.service.InsertAllowList;
 import dev.dsf.bpe.service.UpdateAllowList;
 import dev.dsf.bpe.v1.ProcessPluginApi;
 
@@ -29,4 +31,18 @@ public DownloadAllowList downloadAllowList()
 	{
 		return new DownloadAllowList(api);
 	}
+
+	@Bean
+	@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
+	public CheckAllowList checkAllowList()
+	{
+		return new CheckAllowList(api);
+	}
+
+	@Bean
+	@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
+	public InsertAllowList insertAllowList()
+	{
+		return new InsertAllowList(api);
+	}
 }

src/main/resources/bpe/download-allow-list.bpmn

@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bpmn:definitions xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:camunda="http://camunda.org/schema/1.0/bpmn" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" id="Definitions_1yb5vw3" targetNamespace="http://bpmn.io/schema/bpmn" exporter="Camunda Modeler" exporterVersion="4.8.1">
+<bpmn:definitions xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:camunda="http://camunda.org/schema/1.0/bpmn" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" id="Definitions_1yb5vw3" targetNamespace="http://bpmn.io/schema/bpmn" exporter="Camunda Modeler" exporterVersion="5.0.0">
   <bpmn:process id="dsfdev_downloadAllowList" isExecutable="true" camunda:versionTag="#{version}">
     <bpmn:sequenceFlow id="SequenceFlow_0bbhq2r" sourceRef="StartEvent_1" targetRef="downloadAllowListTask" />
     <bpmn:endEvent id="EndEvent_0xd0x8k">
-      <bpmn:incoming>SequenceFlow_0oyvmcd</bpmn:incoming>
+      <bpmn:incoming>Flow_0g4jed4</bpmn:incoming>
     </bpmn:endEvent>
-    <bpmn:sequenceFlow id="SequenceFlow_0oyvmcd" sourceRef="downloadAllowListTask" targetRef="EndEvent_0xd0x8k" />
+    <bpmn:sequenceFlow id="SequenceFlow_0oyvmcd" sourceRef="downloadAllowListTask" targetRef="checkAllowListTask" />
     <bpmn:serviceTask id="downloadAllowListTask" name="downloadAllowList" camunda:class="dev.dsf.bpe.service.DownloadAllowList">
       <bpmn:incoming>SequenceFlow_0bbhq2r</bpmn:incoming>
       <bpmn:outgoing>SequenceFlow_0oyvmcd</bpmn:outgoing>
@@ -14,27 +14,51 @@
       <bpmn:outgoing>SequenceFlow_0bbhq2r</bpmn:outgoing>
       <bpmn:messageEventDefinition messageRef="Message_1nn2wdw" />
     </bpmn:startEvent>
+    <bpmn:sequenceFlow id="Flow_0kev1xq" sourceRef="checkAllowListTask" targetRef="insertAllowListTask" />
+    <bpmn:sequenceFlow id="Flow_0g4jed4" sourceRef="insertAllowListTask" targetRef="EndEvent_0xd0x8k" />
+    <bpmn:serviceTask id="checkAllowListTask" name="checkAllowList" camunda:class="dev.dsf.bpe.service.CheckAllowList">
+      <bpmn:incoming>SequenceFlow_0oyvmcd</bpmn:incoming>
+      <bpmn:outgoing>Flow_0kev1xq</bpmn:outgoing>
+    </bpmn:serviceTask>
+    <bpmn:serviceTask id="insertAllowListTask" name="insertAllowList" camunda:class="dev.dsf.bpe.service.InsertAllowList">
+      <bpmn:incoming>Flow_0kev1xq</bpmn:incoming>
+      <bpmn:outgoing>Flow_0g4jed4</bpmn:outgoing>
+    </bpmn:serviceTask>
   </bpmn:process>
   <bpmn:message id="Message_1nn2wdw" name="downloadAllowListMessage" />
   <bpmndi:BPMNDiagram id="BPMNDiagram_1">
     <bpmndi:BPMNPlane id="BPMNPlane_1" bpmnElement="dsfdev_downloadAllowList">
       <bpmndi:BPMNEdge id="SequenceFlow_0oyvmcd_di" bpmnElement="SequenceFlow_0oyvmcd">
         <di:waypoint x="365" y="121" />
-        <di:waypoint x="415" y="121" />
+        <di:waypoint x="430" y="121" />
       </bpmndi:BPMNEdge>
       <bpmndi:BPMNEdge id="SequenceFlow_0bbhq2r_di" bpmnElement="SequenceFlow_0bbhq2r">
         <di:waypoint x="215" y="121" />
         <di:waypoint x="265" y="121" />
       </bpmndi:BPMNEdge>
-      <bpmndi:BPMNShape id="EndEvent_0xd0x8k_di" bpmnElement="EndEvent_0xd0x8k">
-        <dc:Bounds x="415" y="103" width="36" height="36" />
-      </bpmndi:BPMNShape>
+      <bpmndi:BPMNEdge id="Flow_0kev1xq_di" bpmnElement="Flow_0kev1xq">
+        <di:waypoint x="530" y="121" />
+        <di:waypoint x="590" y="121" />
+      </bpmndi:BPMNEdge>
+      <bpmndi:BPMNEdge id="Flow_0g4jed4_di" bpmnElement="Flow_0g4jed4">
+        <di:waypoint x="690" y="121" />
+        <di:waypoint x="742" y="121" />
+      </bpmndi:BPMNEdge>
       <bpmndi:BPMNShape id="ServiceTask_0um3ad2_di" bpmnElement="downloadAllowListTask">
         <dc:Bounds x="265" y="81" width="100" height="80" />
       </bpmndi:BPMNShape>
       <bpmndi:BPMNShape id="StartEvent_0x5gijn_di" bpmnElement="StartEvent_1">
         <dc:Bounds x="179" y="103" width="36" height="36" />
       </bpmndi:BPMNShape>
+      <bpmndi:BPMNShape id="EndEvent_0xd0x8k_di" bpmnElement="EndEvent_0xd0x8k">
+        <dc:Bounds x="742" y="103" width="36" height="36" />
+      </bpmndi:BPMNShape>
+      <bpmndi:BPMNShape id="Activity_1lr62lt_di" bpmnElement="checkAllowListTask">
+        <dc:Bounds x="430" y="81" width="100" height="80" />
+      </bpmndi:BPMNShape>
+      <bpmndi:BPMNShape id="Activity_0bpyxjl_di" bpmnElement="insertAllowListTask">
+        <dc:Bounds x="590" y="81" width="100" height="80" />
+      </bpmndi:BPMNShape>
     </bpmndi:BPMNPlane>
   </bpmndi:BPMNDiagram>
 </bpmn:definitions>