1 /*
2 * Copyright 2017 the original author or authors.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.openehealth.ipf.commons.audit.model;
17
18 import lombok.EqualsAndHashCode;
19 import lombok.Getter;
20 import lombok.NonNull;
21 import lombok.Setter;
22 import org.openehealth.ipf.commons.audit.codes.NetworkAccessPointTypeCode;
23 import org.openehealth.ipf.commons.audit.types.ActiveParticipantRoleId;
24 import org.openehealth.ipf.commons.audit.types.MediaType;
25
26 import java.io.Serializable;
27 import java.util.ArrayList;
28 import java.util.List;
29
30 import static java.util.Objects.requireNonNull;
31
32 /**
33 * @author Christian Ohr
34 * @since 3.5
35 */
36 @EqualsAndHashCode
37 public class ActiveParticipantType implements Serializable, Validateable {
38
39 /**
40 * <p>Indicator that the user is or is not the requestor, or initiator, for the event being audited.</p>
41 * <p>Used to identify which of the participants initiated the transaction being audited.
42 * If the audit source cannot determine which of the participants is the requestor,
43 * then the field shall be present with the value FALSE in all participants. The system shall not identify
44 * multiple participants as UserIsRequestor. If there are several known requestors, the reporting system shall pick
45 * only one as UserIsRequestor.</p>
46 */
47 @Getter @Setter
48 private boolean userIsRequestor;
49
50 /**
51 * <p>Unique identifier for the user actively participating in the event.</p>
52 * <p>
53 * If the participant is a person, then the User ID shall be the identifier used for that person on this particular system,
54 * in the form of loginName@domain-name. If the participant is an identifiable process, the UserID selected shall be one of the
55 * identifiers used in the internal system logs. For example, the User ID may be the process ID as used within the local
56 * operating system in the local system logs. If the participant is a node, then User ID may be the node name assigned by the
57 * system administrator. Other participants such as threads, relocatable processes, web service end-points,
58 * web server dispatchable threads, etc. will have an appropriate identifier.
59 * </p>
60 * <p>
61 * The implementation shall document in the conformance statement the identifiers used, see Section A.6.
62 * The purpose of this requirement is to allow matching of the audit log identifiers with internal system logs on the reporting systems.
63 * </p>
64 * <p>
65 * When importing or exporting data, e.g., by means of media, the UserID field is used both to identify people and to
66 * identify the media itself. When the Role ID Code is EV(110154, DCM, "Destination Media") or EV(110155, DCM, "Source Media"),
67 * the UserID may be:
68 * <ul>
69 * <li>a URI (the preferred form) identifying the source or destination</li>
70 * <li>an email address of the form "mailto:user@address"</li>
71 * <li>a description of the media type (e.g., DVD) together with a description of its identifying label, as a free text field</li>
72 * <li>a description of the media type (e.g., paper, film) together with a description of the location of the media creator (i.e., the printer)</li>
73 * </ul>
74 * <p>
75 * The UserID field for Media needs to be highly flexible given the large variety of media and transports that might be used.
76 * </p>
77 */
78 @Getter @Setter @NonNull
79 private String userID;
80
81 /**
82 * <p>
83 * Alternative unique identifier for the user.
84 * </p>
85 * <p>
86 * If the participant is a person, then Alternative User ID shall be the identifier used for that person within an enterprise
87 * for authentication purposes, for example, a Kerberos Username (user@realm). If the participant is a DICOM application,
88 * then Alternative User ID shall be one or more of the AE Titles that participated in the event.
89 * </p>
90 * <p>
91 * Multiple AE titles shall be encoded as:
92 * </p>
93 * <pre>
94 * AETITLES= aetitle1;aetitle2;…
95 * </pre>
96 * <p>
97 * When importing or exporting data, e.g., by means of media, the Alternative UserID field is used either to identify people
98 * or to identify the media itself. When the Role ID Code is (110154, DCM, "Destination Media") or (110155, DCM, "Source Media"),
99 * the Alternative UserID may be any machine readable identifications on the media, such as media serial number, volume label,
100 * or DICOMDIR SOP Instance UID.
101 * </p>
102 */
103 @Getter
104 @Setter
105 private String alternativeUserID;
106
107 /**
108 * A human readable identification of the participant. If the participant is a person, the person's name shall be used.
109 * If the participant is a process, then the process name shall be used.
110 */
111 @Getter
112 @Setter
113 private String userName;
114
115 /**
116 * <p>
117 * An identifier for the network access point of the user device This could be a device id, IP address,
118 * or some other identifier associated with a device.
119 * </p>
120 * <p>
121 * The NetworkAccessPointTypeCode and NetworkAccessPointID can be ambiguous for systems that have multiple physical network
122 * connections. For these multi-homed nodes a single DNS name or IP address shall be selected and used when reporting audit
123 * events. DICOM does not require the use of a specific method for selecting the network connection to be used for identification,
124 * but it must be the same for all of the audit messages generated for events on that node.
125 * </p>
126 */
127 @Getter
128 @Setter
129 private String networkAccessPointID;
130
131 /**
132 * An identifier for the type of network access point.
133 */
134 @Getter
135 @Setter
136 private NetworkAccessPointTypeCode networkAccessPointTypeCode;
137
138 private List<ActiveParticipantRoleId> roleIDCodes;
139
140 /**
141 * Volume ID, URI, or other identifier for media. Often required if digital media. May be present otherwise.
142 */
143 @Getter
144 @Setter
145 private String mediaIdentifier;
146
147 @Getter
148 @Setter
149 private MediaType mediaType;
150
151 public ActiveParticipantType(String userId, boolean userIsRequestor) {
152 this.userID = requireNonNull(userId, "userId must be not null");
153 this.userIsRequestor = userIsRequestor;
154 }
155
156 /**
157 * Specification of the role(s) the user plays when performing the event,
158 * as assigned in role-based access control security.
159 *
160 * @return the role(s) the user plays when performing the event
161 */
162 public List<ActiveParticipantRoleId> getRoleIDCodes() {
163 if (roleIDCodes == null) {
164 roleIDCodes = new ArrayList<>();
165 }
166 return this.roleIDCodes;
167 }
168
169 @Override
170 public void validate() {
171 // no special rules
172 }
173 }