Mercurial > hg > orthanc-authorization

annotate Plugin/Plugin.cpp @ 111:2b1a95c7d263

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wip: adjust tools/find queries
author Alain Mazy <am@osimis.io>
date Wed, 30 Aug 2023 18:10:09 +0200
parents 7381a7674b36
children 572955904411
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 /**
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2 * Advanced authorization plugin for Orthanc
68
1a13c4fbc9a1 copyrights
Alain Mazy <am@osimis.io>
parents: 66
diff changeset
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 *
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5 * This program is free software: you can redistribute it and/or
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 * modify it under the terms of the GNU Affero General Public License
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 * as published by the Free Software Foundation, either version 3 of
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 * the License, or (at your option) any later version.
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 *
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 * This program is distributed in the hope that it will be useful, but
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * Affero General Public License for more details.
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 *
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 * You should have received a copy of the GNU Affero General Public License
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 **/
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 #include "AssociativeArray.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 #include "DefaultAuthorizationParser.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 #include "CachedAuthorizationService.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 #include "AuthorizationWebService.h"
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
23 #include "PermissionParser.h"
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 #include "MemoryCache.h"
34
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
25 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
26
36
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 35
diff changeset
27 #include <Compatibility.h> // For std::unique_ptr<>
32
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 31
diff changeset
28 #include <Logging.h>
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 31
diff changeset
29 #include <Toolbox.h>
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
30 #include <SerializationToolbox.h>
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
31 #include <EmbeddedResources.h>
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 // Configuration of the authorization plugin
36
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 35
diff changeset
35 static std::unique_ptr<OrthancPlugins::IAuthorizationParser> authorizationParser_;
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 35
diff changeset
36 static std::unique_ptr<OrthancPlugins::IAuthorizationService> authorizationService_;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
37 static std::unique_ptr<OrthancPlugins::PermissionParser> permissionParser_;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 static std::set<std::string> uncheckedResources_;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 static std::list<std::string> uncheckedFolders_;
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
40 static std::set<OrthancPlugins::Token> tokens_;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41 static std::set<OrthancPlugins::AccessLevel> uncheckedLevels_;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
44 static std::string JoinStrings(const std::set<std::string>& values)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
45 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
46 std::string out;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
47 std::set<std::string> copy = values; // TODO: remove after upgrading to OrthancFramework 1.11.3+
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
48 Orthanc::Toolbox::JoinStrings(out, copy, "|");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
49 return out;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
50 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
51
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
52 class TokenAndValue
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
53 {
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
54 private:
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
55 OrthancPlugins::Token token_;
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
56 std::string value_;
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
57
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
58 public:
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
59 TokenAndValue(const OrthancPlugins::Token& token, const std::string& value) :
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
60 token_(token),
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
61 value_(value)
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
62 {
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
63 }
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
64
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
65 const OrthancPlugins::Token& GetToken() const
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
66 {
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
67 return token_;
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
68 }
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
69
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
70 const std::string& GetValue() const
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
71 {
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
72 return value_;
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
73 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
74 };
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
75
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
76
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
77 static int32_t FilterHttpRequests(OrthancPluginHttpMethod method,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
78 const char *uri,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
79 const char *ip,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
80 uint32_t headersCount,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
81 const char *const *headersKeys,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
82 const char *const *headersValues,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
83 uint32_t getArgumentsCount,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
84 const char *const *getArgumentsKeys,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
85 const char *const *getArgumentsValues)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
86 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
87 try
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
88 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
89 unsigned int validity; // ignored
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
90
109
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
91 // Allow GET accesses to unchecked resources/folders (usually static resources)
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
92 ////////////////////////////////////////////////////////////////
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
93
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
94 if (method == OrthancPluginHttpMethod_Get)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
95 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
96 if (uncheckedResources_.find(uri) != uncheckedResources_.end())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
97 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
98 return 1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
99 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
100
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
101 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
102 it = uncheckedFolders_.begin(); it != uncheckedFolders_.end(); ++it)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
103 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
104 if (Orthanc::Toolbox::StartsWith(uri, *it))
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
105 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
106 return 1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
107 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
108 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
109 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
110
109
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
111 // Extract auth tokens from headers and url get arguments
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
112 ////////////////////////////////////////////////////////////////
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
113
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
114 OrthancPlugins::AssociativeArray headers(headersCount, headersKeys, headersValues, false);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
115 OrthancPlugins::AssociativeArray getArguments(getArgumentsCount, getArgumentsKeys, getArgumentsValues, true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
116
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
117 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
118
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
119 for (std::set<OrthancPlugins::Token>::const_iterator token = tokens_.begin(); token != tokens_.end(); ++token)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
120 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
121 std::string value;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
122
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
123 bool hasValue = false;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
124 switch (token->GetType())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
125 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
126 case OrthancPlugins::TokenType_HttpHeader:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
127 hasValue = headers.GetValue(value, token->GetKey());
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
128 break;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
129
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
130 case OrthancPlugins::TokenType_GetArgument:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
131 hasValue = getArguments.GetValue(value, token->GetKey());
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
132 break;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
133
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
134 default:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
135 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
136 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
137
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
138 if (hasValue)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
139 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
140 authTokens.push_back(TokenAndValue(*token, value));
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
141 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
142 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
143
109
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
144 // Based on the tokens, check if the user has access based on its permissions and the mapping between urls and permissions
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
145 ////////////////////////////////////////////////////////////////
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
146
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
147 if (permissionParser_.get() != NULL &&
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
148 authorizationService_.get() != NULL)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
149 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
150 std::set<std::string> requiredPermissions;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
151 std::string matchedPattern;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
152 if (permissionParser_->Parse(requiredPermissions, matchedPattern, method, uri))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
153 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
154 if (authTokens.empty())
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
155 {
103
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
156 std::string msg = std::string("Testing whether anonymous user has any of the required permissions '") + JoinStrings(requiredPermissions) + "'";
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
157 LOG(INFO) << msg;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
158 if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
159 {
103
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
160 LOG(INFO) << msg << " -> granted";
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
161 return 1;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
162 }
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
163 else
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
164 {
103
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
165 LOG(INFO) << msg << " -> not granted";
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
166 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
167 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
168 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
169 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
170 for (size_t i = 0; i < authTokens.size(); ++i)
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
171 {
103
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
172 std::string msg = std::string("Testing whether user has the required permissions '") + JoinStrings(requiredPermissions) + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "' required to match '" + matchedPattern + "'";
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
173
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
174 LOG(INFO) << msg;
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
175 if (authorizationService_->HasUserPermission(validity, requiredPermissions, authTokens[i].GetToken(), authTokens[i].GetValue()))
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
176 {
109
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
177 // TODO: check labels permissions
103
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
178 LOG(INFO) << msg << " -> granted";
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
179 return 1;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
180 }
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
181 else
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
182 {
103
fcc4542a0c38 cleanup
Alain Mazy <am@osimis.io>
parents: 102
diff changeset
183 LOG(INFO) << msg << " -> not granted";
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
184 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
185 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
186 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
187 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
188 }
109
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
189
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
190
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
191 //
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
192
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
193 if (authorizationParser_.get() != NULL &&
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
194 authorizationService_.get() != NULL)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
195 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
196 // Parse the resources that are accessed through this URI
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
197 OrthancPlugins::IAuthorizationParser::AccessedResources accesses;
56
c02f0646297d added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents: 54
diff changeset
198
57
55539d564f4f added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
199 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap()))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
200 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
201 return 0; // Unable to parse this URI
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
202 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
203
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
204 // Loop over all the accessed resources to ensure access is
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
205 // granted to each of them
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
206 for (OrthancPlugins::IAuthorizationParser::AccessedResources::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
207 access = accesses.begin(); access != accesses.end(); ++access)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
208 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
209 // Ignored the access levels that are unchecked
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
210 // (cf. "UncheckedLevels" option)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
211 if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
212 {
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
213 std::string msg = std::string("Testing whether access to ") + OrthancPlugins::EnumerationToString(access->GetLevel()) + " \"" + access->GetOrthancId() + "\" is allowed with a resource token";
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
214 LOG(INFO) << msg;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
215
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
216 bool granted = false;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
217
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
218 if (authTokens.empty())
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
219 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
220 granted = authorizationService_->IsGrantedToAnonymousUser(validity, method, *access);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
221 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
222 else
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
223 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
224 // Loop over all the authorization tokens in the request until finding one that is granted
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
225 for (size_t i = 0; i < authTokens.size(); ++i)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
226 {
86
e2c3c497eb8d fix LSB build
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 82
diff changeset
227 if (authorizationService_->IsGranted(validity, method, *access, authTokens[i].GetToken(), authTokens[i].GetValue()))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
228 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
229 granted = true;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
230 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
231 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
232 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
233 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
234
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
235 if (!granted)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
236 {
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
237 LOG(INFO) << msg << " -> not granted";
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
238 return 0;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
239 }
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
240 else
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
241 {
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
242 LOG(INFO) << msg << " -> granted";
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
243 }
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
244 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
245 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
246
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
247 // Access is granted to all the resources
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
248 return 1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
249 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
250
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
251 // By default, forbid access to all the resources
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
252 return 0;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
253 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
254 catch (std::runtime_error& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
255 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
256 LOG(ERROR) << e.what();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
257 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
258 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
259 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
260 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
261 LOG(ERROR) << e.What();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
262 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
263 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
264 catch (...)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
265 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
266 LOG(ERROR) << "Unhandled internal exception";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
267 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
268 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
269 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
270
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
271
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
272 #if !ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
273 static int32_t FilterHttpRequestsFallback(OrthancPluginHttpMethod method,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
274 const char *uri,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
275 const char *ip,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
276 uint32_t headersCount,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
277 const char *const *headersKeys,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
278 const char *const *headersValues)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
279 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
280 // Fallback wrapper function for Orthanc <= 1.2.0, where the GET
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
281 // arguments were not available in the HTTP filters
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
282 return FilterHttpRequests(method, uri, ip,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
283 headersCount, headersKeys, headersValues,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
284 0, NULL, NULL);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
285 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
286 #endif
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
287
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
288
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
289 static OrthancPluginErrorCode OnChangeCallback(OrthancPluginChangeType changeType,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
290 OrthancPluginResourceType resourceType,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
291 const char* resourceId)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
292 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
293 try
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
294 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
295 if (authorizationParser_.get() == NULL)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
296 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
297 return OrthancPluginErrorCode_Success;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
298 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
299
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
300 if (changeType == OrthancPluginChangeType_Deleted)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
301 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
302 switch (resourceType)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
303 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
304 case OrthancPluginResourceType_Patient:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
305 authorizationParser_->Invalidate(Orthanc::ResourceType_Patient, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
306 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
307
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
308 case OrthancPluginResourceType_Study:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
309 authorizationParser_->Invalidate(Orthanc::ResourceType_Study, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
310 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
311
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
312 case OrthancPluginResourceType_Series:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
313 authorizationParser_->Invalidate(Orthanc::ResourceType_Series, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
314 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
315
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
316 case OrthancPluginResourceType_Instance:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
317 authorizationParser_->Invalidate(Orthanc::ResourceType_Instance, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
318 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
319
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
320 default:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
321 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
322 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
323 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
324
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
325 return OrthancPluginErrorCode_Success;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
326 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
327 catch (std::runtime_error& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
328 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
329 LOG(ERROR) << e.what();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
330 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
331 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
332 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
333 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
334 LOG(ERROR) << e.What();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
335 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
336 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
337 catch (...)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
338 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
339 LOG(ERROR) << "Unhandled internal exception";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
340 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
341 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
342 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
343
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
344
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
345 bool GetUserProfileInternal(OrthancPlugins::IAuthorizationService::UserProfile& profile, const OrthancPluginHttpRequest* request)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
346 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
347 OrthancPlugins::AssociativeArray headers
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
348 (request->headersCount, request->headersKeys, request->headersValues, false);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
349
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
350 OrthancPlugins::AssociativeArray getArguments
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
351 (request->getCount, request->getKeys, request->getValues, true);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
352
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
353 // Loop over all the authorization tokens stored in the HTTP
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
354 // headers, until finding one that is granted
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
355 for (std::set<OrthancPlugins::Token>::const_iterator
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
356 token = tokens_.begin(); token != tokens_.end(); ++token)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
357 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
358 OrthancPlugins::IAuthorizationService::UserProfile tryProfile;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
359
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
360 std::string value;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
361
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
362 bool hasValue = false;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
363 switch (token->GetType())
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
364 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
365 case OrthancPlugins::TokenType_HttpHeader:
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
366 hasValue = headers.GetValue(value, token->GetKey());
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
367 break;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
368
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
369 case OrthancPlugins::TokenType_GetArgument:
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
370 hasValue = getArguments.GetValue(value, token->GetKey());
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
371 break;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
372
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
373 default:
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
374 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
375 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
376
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
377 if (hasValue)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
378 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
379 unsigned int validity; // not used
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
380 if (authorizationService_->GetUserProfile(validity, tryProfile, *token, value))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
381 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
382 profile = tryProfile;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
383 return true;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
384 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
385 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
386 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
387
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
388 return false;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
389 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
390
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
391
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
392 void AdjustToolsFindQueryLabels(Json::Value& query, const OrthancPlugins::IAuthorizationService::UserProfile& profile)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
393 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
394 std::set<std::string> labelsToFind;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
395 std::string labelsConstraint = "Invalid";
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
396
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
397 if (query.isMember("Labels") && query.isMember("LabelsConstraint"))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
398 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
399 Orthanc::SerializationToolbox::ReadSetOfStrings(labelsToFind, query, "Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
400 labelsConstraint = Orthanc::SerializationToolbox::ReadString(query, "LabelsConstraint");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
401 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
402 else if (query.isMember("Labels") || query.isMember("LabelsConstraint"))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
403 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
404 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Auth plugin: unable to transform tools/find query, both 'Labels' and 'LabelsConstraint' must be defined together if one of them is defined.");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
405 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
406
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
407 if (profile.authorizedLabels.size() > 0 || profile.forbiddenLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
408 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
409 // if the user has access to all labels: no need to transform the tools/find body, we keep it as is
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
410 if (profile.authorizedLabels.find("*") == profile.authorizedLabels.end())
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
411 { // the user does not have access to all labels -> transform the tools/find body
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
412
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
413 if (labelsToFind.size() == 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
414 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
415 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
416 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
417 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.authorizedLabels, "Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
418 query["LabelsConstraint"] = "Any";
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
419 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
420 else if (profile.forbiddenLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
421 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
422 if (labelsToFind.size() == 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
423 { // in this case, we can add a None constraint
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
424 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.forbiddenLabels, "Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
425 query["LabelsConstraint"] = "None";
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
426 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
427 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
428 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
429 else if (labelsConstraint == "All")
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
430 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
431 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
432 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
433 if (!Orthanc::Toolbox::IsSetInSet(labelsToFind, profile.authorizedLabels))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
434 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
435 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user does not have access to all listed labels.");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
436 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
437 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
438 else if (profile.forbiddenLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
439 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
440 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user has forbidden labels.");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
441 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
442 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
443 else if (labelsConstraint == "Any")
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
444 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
445 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
446 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
447 std::set<std::string> newLabelsToFind;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
448 for (std::set<std::string>::const_iterator itLabel = labelsToFind.begin(); itLabel != labelsToFind.end(); ++itLabel)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
449 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
450 if (profile.authorizedLabels.find(*itLabel) != profile.authorizedLabels.end())
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
451 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
452 newLabelsToFind.insert(*itLabel);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
453 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
454 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
455
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
456 if (newLabelsToFind.size() == 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
457 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
458 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when none of the labels to find is authorized for the user.");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
459 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
460
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
461 query.removeMember("Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
462 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
463 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
464 else if (profile.forbiddenLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
465 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
466 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Auth plugin: unable to transform tools/find query with 'Any' labels constraint when the user has forbidden labels.");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
467 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
468 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
469 else if (labelsConstraint == "None")
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
470 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
471 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
472 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
473 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Auth plugin: unable to transform tools/find query with 'None' labels constraint when the user only has authorized_labels.");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
474 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
475 else if (profile.forbiddenLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
476 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
477 std::set<std::string> newLabelsToFind = labelsToFind;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
478 Orthanc::Toolbox::AppendSets(newLabelsToFind, profile.forbiddenLabels);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
479
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
480 query.removeMember("Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
481 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
482 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
483 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
484 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
485 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
486 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
487
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
488 void ToolsFind(OrthancPluginRestOutput* output,
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
489 const char* /*url*/,
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
490 const OrthancPluginHttpRequest* request)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
491 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
492 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
493
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
494 if (request->method != OrthancPluginHttpMethod_Post)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
495 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
496 OrthancPluginSendMethodNotAllowed(context, output, "POST");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
497 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
498 else
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
499 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
500 // The filtering to this route is performed by this plugin as it is done for any other route before we get here.
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
501
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
502 Json::Value body;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
503 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
504 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
505 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
506 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
507
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
508 // If the logged in user has restrictions on the labels he can access, modify the tools/find payload before reposting it to Orthanc
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
509 OrthancPlugins::IAuthorizationService::UserProfile profile;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
510 if (GetUserProfileInternal(profile, request))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
511 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
512 AdjustToolsFindQueryLabels(body, profile);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
513
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
514 Json::Value result;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
515 if (OrthancPlugins::RestApiPost(result, "/tools/find", body, false))
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
516 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
517 OrthancPlugins::AnswerJson(result, output);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
518 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
519
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
520 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
521 else
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
522 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
523 OrthancPluginSendHttpStatusCode(context, output, 403); // TODO: check
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
524 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
525
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
526
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
527 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
528 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
529
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
530
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
531 void CreateToken(OrthancPluginRestOutput* output,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
532 const char* /*url*/,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
533 const OrthancPluginHttpRequest* request)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
534 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
535 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
536
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
537 if (request->method != OrthancPluginHttpMethod_Put)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
538 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
539 OrthancPluginSendMethodNotAllowed(context, output, "PUT");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
540 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
541 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
542 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
543 // The filtering to this route is performed by this plugin as it is done for any other route before we get here.
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
544 // Since the route contains the tokenType, we can allow/forbid creating them based on the url
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
545
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
546 // simply forward the request to the auth-service
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
547 std::string tokenType;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
548 if (request->groupsCount == 1)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
549 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
550 tokenType = request->groups[0];
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
551 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
552 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
553 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
554 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
555 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
556
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
557 // convert from Orthanc flavored API to WebService API
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
558 Json::Value body;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
559 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
560 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
561 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
562 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
563
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
564 std::string id;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
565 std::vector<OrthancPlugins::IAuthorizationService::OrthancResource> resources;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
566 std::string expirationDateString;
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
567 uint64_t validityDuration;
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
568
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
569 if (body.isMember("ID"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
570 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
571 id = body["ID"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
572 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
573
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
574 for (Json::ArrayIndex i = 0; i < body["Resources"].size(); ++i)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
575 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
576 const Json::Value& jsonResource = body["Resources"][i];
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
577 OrthancPlugins::IAuthorizationService::OrthancResource resource;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
578
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
579 if (jsonResource.isMember("DicomUid"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
580 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
581 resource.dicomUid = jsonResource["DicomUid"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
582 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
583
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
584 if (jsonResource.isMember("OrthancId"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
585 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
586 resource.orthancId = jsonResource["OrthancId"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
587 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
588
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
589 if (jsonResource.isMember("Url"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
590 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
591 resource.url = jsonResource["Url"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
592 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
593
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
594 resource.level = jsonResource["Level"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
595 resources.push_back(resource);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
596 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
597
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
598 if (body.isMember("ExpirationDate"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
599 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
600 expirationDateString = body["ExpirationDate"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
601 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
602
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
603 if (body.isMember("ValidityDuration"))
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
604 {
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
605 validityDuration = body["ValidityDuration"].asUInt64();
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
606 }
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
607
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
608 OrthancPlugins::IAuthorizationService::CreatedToken createdToken;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
609 if (authorizationService_->CreateToken(createdToken,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
610 tokenType,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
611 id,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
612 resources,
73
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
613 expirationDateString,
512247750f0a new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents: 72
diff changeset
614 validityDuration))
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
615 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
616 Json::Value createdJsonToken;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
617 createdJsonToken["Token"] = createdToken.token;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
618
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
619 if (!createdToken.url.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
620 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
621 createdJsonToken["Url"] = createdToken.url;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
622 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
623 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
624 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
625 createdJsonToken["Url"] = Json::nullValue;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
626 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
627
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
628 OrthancPlugins::AnswerJson(createdJsonToken, output);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
629 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
630
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
631
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
632 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
633 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
634
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
635 void DecodeToken(OrthancPluginRestOutput* output,
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
636 const char* /*url*/,
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
637 const OrthancPluginHttpRequest* request)
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
638 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
639 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
640
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
641 if (request->method != OrthancPluginHttpMethod_Post)
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
642 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
643 OrthancPluginSendMethodNotAllowed(context, output, "POST");
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
644 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
645 else
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
646 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
647 // convert from Orthanc flavored API to WebService API
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
648 Json::Value body;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
649 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
650 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
651 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
652 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
653
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
654 Json::Value authPayload;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
655
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
656 authPayload["token-key"] = body["TokenKey"].asString();
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
657 authPayload["token-value"] = body["TokenValue"].asString();
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
658
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
659 OrthancPlugins::IAuthorizationService::DecodedToken decodedToken;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
660 if (authorizationService_->DecodeToken(decodedToken,
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
661 body["TokenKey"].asString(),
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
662 body["TokenValue"].asString()))
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
663 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
664 Json::Value decodedJsonToken;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
665
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
666 if (!decodedToken.redirectUrl.empty())
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
667 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
668 decodedJsonToken["RedirectUrl"] = decodedToken.redirectUrl;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
669 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
670
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
671 if (!decodedToken.errorCode.empty())
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
672 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
673 decodedJsonToken["ErrorCode"] = decodedToken.errorCode;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
674 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
675
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
676 if (!decodedToken.tokenType.empty())
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
677 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
678 decodedJsonToken["TokenType"] = decodedToken.tokenType;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
679 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
680
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
681 OrthancPlugins::AnswerJson(decodedJsonToken, output);
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
682 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
683 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
684 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
685
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
686
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
687 void GetUserProfile(OrthancPluginRestOutput* output,
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
688 const char* /*url*/,
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
689 const OrthancPluginHttpRequest* request)
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
690 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
691 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
692
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
693 if (request->method != OrthancPluginHttpMethod_Get)
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
694 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
695 OrthancPluginSendMethodNotAllowed(context, output, "GET");
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
696 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
697 else
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
698 {
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
699 OrthancPlugins::IAuthorizationService::UserProfile profile;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
700 if (GetUserProfileInternal(profile, request))
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
701 {
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
702 Json::Value jsonProfile;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
703 jsonProfile["name"] = profile.name;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
704 jsonProfile["permissions"] = Json::arrayValue;
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
705 for (std::set<std::string>::const_iterator it = profile.permissions.begin(); it != profile.permissions.end(); ++it)
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
706 {
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
707 jsonProfile["permissions"].append(*it);
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
708 }
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
709 for (std::set<std::string>::const_iterator it = profile.authorizedLabels.begin(); it != profile.authorizedLabels.end(); ++it)
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
710 {
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
711 jsonProfile["authorized-labels"].append(*it);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
712 }
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
713 for (std::set<std::string>::const_iterator it = profile.forbiddenLabels.begin(); it != profile.forbiddenLabels.end(); ++it)
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
714 {
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
715 jsonProfile["forbidden-labels"].append(*it);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
716 }
109
7381a7674b36 wip: adding labels
Alain Mazy <am@osimis.io>
parents: 103
diff changeset
717
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
718 OrthancPlugins::AnswerJson(jsonProfile, output);
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
719 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
720 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
721 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
722
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
723 void MergeJson(Json::Value &a, const Json::Value &b) {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
724
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
725 if (!a.isObject() || !b.isObject())
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
726 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
727 return;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
728 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
729
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
730 Json::Value::Members members = b.getMemberNames();
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
731
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
732 for (size_t i = 0; i < members.size(); i++)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
733 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
734 std::string key = members[i];
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
735
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
736 if (!a[key].isNull() && a[key].type() == Json::objectValue && b[key].type() == Json::objectValue)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
737 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
738 MergeJson(a[key], b[key]);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
739 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
740 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
741 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
742 a[key] = b[key];
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
743 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
744 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
745 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
746
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
747
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
748 extern "C"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
749 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
750 ORTHANC_PLUGINS_API int32_t OrthancPluginInitialize(OrthancPluginContext* context)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
751 {
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
752 OrthancPlugins::SetGlobalContext(context);
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
753 OrthancPluginLogWarning(context, "Initializing the authorization plugin");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
754
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
755 /* Check the version of the Orthanc core */
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
756 if (OrthancPluginCheckVersion(context) == 0)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
757 {
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
758 OrthancPlugins::ReportMinimalOrthancVersion(ORTHANC_PLUGINS_MINIMAL_MAJOR_NUMBER,
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
759 ORTHANC_PLUGINS_MINIMAL_MINOR_NUMBER,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
760 ORTHANC_PLUGINS_MINIMAL_REVISION_NUMBER);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
761 return -1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
762 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
763
41
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 36
diff changeset
764 #if ORTHANC_FRAMEWORK_VERSION_IS_ABOVE(1, 7, 2)
32
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 31
diff changeset
765 Orthanc::Logging::InitializePluginContext(context);
33
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
766 #else
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
767 Orthanc::Logging::Initialize(context);
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
768 #endif
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
769
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
770 OrthancPluginSetDescription(context, "Advanced authorization plugin for Orthanc.");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
771
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
772 try
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
773 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
774 static const char* PLUGIN_SECTION = "Authorization";
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
775
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
776 OrthancPlugins::OrthancConfiguration orthancFullConfiguration;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
777
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
778 // read default configuration
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
779 std::string defaultConfigurationFileContent;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
780 Orthanc::EmbeddedResources::GetFileResource(defaultConfigurationFileContent, Orthanc::EmbeddedResources::DEFAULT_CONFIGURATION);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
781 Json::Value pluginJsonDefaultConfiguration;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
782 OrthancPlugins::ReadJsonWithoutComments(pluginJsonDefaultConfiguration, defaultConfigurationFileContent);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
783 Json::Value pluginJsonConfiguration = pluginJsonDefaultConfiguration[PLUGIN_SECTION];
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
784
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
785 OrthancPlugins::OrthancConfiguration pluginProvidedConfiguration;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
786
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
787 if (orthancFullConfiguration.IsSection(PLUGIN_SECTION))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
788 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
789 // get the configuration provided by the user
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
790 orthancFullConfiguration.GetSection(pluginProvidedConfiguration, PLUGIN_SECTION);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
791
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
792 // merge it with the default configuration. This is a way to apply the all default values in a single step
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
793 MergeJson(pluginJsonConfiguration, pluginProvidedConfiguration.GetJson());
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
794
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
795 // recreate a OrthancConfiguration object from the merged configuration
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
796 OrthancPlugins::OrthancConfiguration pluginConfiguration(pluginJsonConfiguration, PLUGIN_SECTION);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
797
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
798 // TODO - The size of the caches is set to 10,000 items. Maybe add a configuration option?
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
799 OrthancPlugins::MemoryCache::Factory factory(10000);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
800
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
801 std::string dicomWebRoot = "/dicom-web/";
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
802 std::string oe2Root = "/ui/";
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
803
81
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
804 bool hasBasicAuthEnabled = orthancFullConfiguration.GetBooleanValue("AuthenticationEnabled", "true");
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
805
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
806 if (orthancFullConfiguration.IsSection("DicomWeb"))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
807 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
808 OrthancPlugins::OrthancConfiguration dicomWeb;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
809 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
810 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
811 }
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
812
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
813 if (orthancFullConfiguration.IsSection("OrthancExplorer2"))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
814 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
815 OrthancPlugins::OrthancConfiguration oe2;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
816 oe2.GetSection(orthancFullConfiguration, "OrthancExplorer2");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
817 oe2Root = oe2.GetStringValue("Root", "/ui/");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
818 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
819
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
820 std::list<std::string> tmp;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
821
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
822 pluginConfiguration.LookupListOfStrings(tmp, "TokenHttpHeaders", true);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
823 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
824 it = tmp.begin(); it != tmp.end(); ++it)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
825 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
826 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it));
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
827 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
828
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
829 pluginConfiguration.LookupListOfStrings(tmp, "TokenGetArguments", true);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
830
8
4362026afddf orthanc 1.2.1 renamed as 1.3.0
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 1
diff changeset
831 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 3, 0)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
832 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
833 it = tmp.begin(); it != tmp.end(); ++it)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
834 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
835 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it));
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
836 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
837 #else
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
838 if (!tmp.empty())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
839 {
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
840 throw Orthanc::OrthancException(
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
841 Orthanc::ErrorCode_Plugin,
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
842 "The option \"TokenGetArguments\" of the authorization plugin "
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
843 "is only valid if compiled against Orthanc >= 1.3.0"
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
844 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
845 #endif
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
846
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
847 pluginConfiguration.LookupSetOfStrings(uncheckedResources_, "UncheckedResources", false);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
848 pluginConfiguration.LookupListOfStrings(uncheckedFolders_, "UncheckedFolders", false);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
849
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
850 std::string urlTokenDecoder;
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
851 std::string urlTokenValidation;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
852 std::string urlTokenCreationBase;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
853 std::string urlUserProfile;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
854 std::string urlRoot;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
855
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
856 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl";
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
857 static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl";
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
858 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
859 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
860 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
861 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
862 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT))
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
863 {
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
864 urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode");
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
865 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
866 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
867 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile");
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
868 }
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
869 else
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
870 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
871 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION);
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
872 pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER);
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
873 if (urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
874 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
875 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
876 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
877
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
878 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
879 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
880 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
881
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
882 if (!urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
883 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
884 LOG(WARNING) << "Authorization plugin: url defined for Token Validation: " << urlTokenValidation;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
885 authorizationParser_.reset
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
886 (new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot));
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
887 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
888 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
889 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
890 LOG(WARNING) << "Authorization plugin: no url defined for Token Validation";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
891 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
892
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
893 if (!urlUserProfile.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
894 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
895 LOG(WARNING) << "Authorization plugin: url defined for User Profile: " << urlUserProfile;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
896
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
897 static const char* PERMISSIONS = "Permissions";
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
898 if (!pluginConfiguration.GetJson().isMember(PERMISSIONS))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
899 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
900 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: Missing required \"" + std::string(PERMISSIONS) +
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
901 "\" option since you have defined the \"" + std::string(WEB_SERVICE_ROOT) + "\" option");
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
902 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
903 permissionParser_.reset
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
904 (new OrthancPlugins::PermissionParser(dicomWebRoot, oe2Root));
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
905
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
906 permissionParser_->Add(pluginConfiguration.GetJson()[PERMISSIONS]);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
907 }
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
908 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
909 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
910 LOG(WARNING) << "Authorization plugin: no url defined for User Profile";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
911 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
912
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
913 if (!urlTokenCreationBase.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
914 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
915 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
916 // TODO Token Creation
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
917 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
918 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
919 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
920 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
921 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
922
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
923 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
924 {
81
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
925 if (hasBasicAuthEnabled)
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
926 {
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
927 LOG(WARNING) << "Authorization plugin: No Token Validation or User Profile url defined -> will only be able to generate tokens. All API routes are accessible to all registered users.";
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
928 }
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
929 else
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
930 {
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
931 LOG(WARNING) << "Authorization plugin: ----------- insecure setup ---------- No Token Validation or User Profile url defined -> will only be able to generate tokens. Authentication is not enabled -> anyone will have access to all API routes.";
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
932 }
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
933 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
934
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
935 std::set<std::string> standardConfigurations;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
936 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false))
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
937 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
938 if (standardConfigurations.find("osimis-web-viewer") != standardConfigurations.end())
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
939 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
940 uncheckedFolders_.push_back("/osimis-viewer/app/");
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
941 uncheckedFolders_.push_back("/osimis-viewer/languages/");
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
942 uncheckedResources_.insert("/osimis-viewer/config.js");
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
943
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
944 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token"));
95
dff72e397f90 fix standard configuration 'orthanc-explorer-2' for TokenGetArguments
Alain Mazy <am@osimis.io>
parents: 86
diff changeset
945 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, "token")); // for download links in Webviewer
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
946 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
947
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
948 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end())
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
949 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
950 uncheckedFolders_.push_back("/stone-webviewer/");
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
951 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
952
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
953 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization"));
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
954 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
955
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
956 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end())
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
957 {
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
958 uncheckedFolders_.push_back("/ui/app/");
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
959 uncheckedFolders_.push_back("/ui/landing/");
76
d301047ee3c4 fix unchecked resource
Alain Mazy <am@osimis.io>
parents: 74
diff changeset
960 uncheckedResources_.insert("/"); // for the redirect to /ui/app/
66
b7fd466764cc fix path for oe2 keycloak
Alain Mazy <am@osimis.io>
parents: 65
diff changeset
961 uncheckedResources_.insert("/ui/api/pre-login-configuration"); // for the UI to know, i.e. if Keycloak is enabled or not
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
962 uncheckedResources_.insert("/ui/api/configuration");
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
963 uncheckedResources_.insert("/auth/user-profile");
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
964
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
965 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); // for basic-auth
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
966 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token")); // for keycloak
95
dff72e397f90 fix standard configuration 'orthanc-explorer-2' for TokenGetArguments
Alain Mazy <am@osimis.io>
parents: 86
diff changeset
967 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, "token")); // for download links in OE2
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
968 }
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
969
102
18d3f7bd18db new standard configuration 'ohif'
Alain Mazy <am@osimis.io>
parents: 95
diff changeset
970 if (standardConfigurations.find("ohif") != standardConfigurations.end())
18d3f7bd18db new standard configuration 'ohif'
Alain Mazy <am@osimis.io>
parents: 95
diff changeset
971 {
18d3f7bd18db new standard configuration 'ohif'
Alain Mazy <am@osimis.io>
parents: 95
diff changeset
972 uncheckedFolders_.push_back("/ohif/");
18d3f7bd18db new standard configuration 'ohif'
Alain Mazy <am@osimis.io>
parents: 95
diff changeset
973 }
18d3f7bd18db new standard configuration 'ohif'
Alain Mazy <am@osimis.io>
parents: 95
diff changeset
974
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
975 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
976
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
977 std::string checkedLevelString;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
978 if (pluginConfiguration.LookupStringValue(checkedLevelString, "CheckedLevel"))
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
979 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
980 OrthancPlugins::AccessLevel checkedLevel = OrthancPlugins::StringToAccessLevel(checkedLevelString);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
981 if (checkedLevel == OrthancPlugins::AccessLevel_Instance)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
982 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
983 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
984 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
985 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
986 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
987 else if (checkedLevel == OrthancPlugins::AccessLevel_Series)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
988 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
989 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
990 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
991 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
992 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
993 else if (checkedLevel == OrthancPlugins::AccessLevel_Study)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
994 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
995 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
996 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
997 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
998 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
999 else if (checkedLevel == OrthancPlugins::AccessLevel_Patient)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1000 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1001 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1002 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1003 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1004 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1005 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1006
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
1007 if (pluginConfiguration.LookupListOfStrings(tmp, "UncheckedLevels", false))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1008 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1009 if (uncheckedLevels_.size() == 0)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1010 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1011 for (std::list<std::string>::const_iterator
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1012 it = tmp.begin(); it != tmp.end(); ++it)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1013 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1014 uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it));
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1015 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1016 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1017 else
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1018 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1019 LOG(ERROR) << "Authorization plugin: you may only provide one of 'CheckedLevel' or 'UncheckedLevels' configurations";
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
1020 return -1;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1021 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1022 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1023
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1024 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1025 urlTokenCreationBase,
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1026 urlUserProfile,
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1027 urlTokenDecoder));
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1028
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1029 std::string webServiceIdentifier;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
1030 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier"))
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1031 {
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1032 webService->SetIdentifier(webServiceIdentifier);
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1033 }
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1034
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1035 std::string webServiceUsername;
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1036 std::string webServicePassword;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
1037 if (pluginConfiguration.LookupStringValue(webServiceUsername, "WebServiceUsername") && pluginConfiguration.LookupStringValue(webServicePassword, "WebServicePassword"))
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1038 {
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1039 webService->SetCredentials(webServiceUsername, webServicePassword);
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1040 }
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1041
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1042 authorizationService_.reset
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1043 (new OrthancPlugins::CachedAuthorizationService
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
1044 (webService.release(), factory));
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1045
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1046 if (!urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1047 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1048 OrthancPluginRegisterOnChangeCallback(context, OnChangeCallback);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1049 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1050
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1051 if (!urlTokenDecoder.empty())
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1052 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1053 OrthancPlugins::RegisterRestCallback<DecodeToken>("/auth/tokens/decode", true);
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1054 }
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1055
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1056 if (!urlUserProfile.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1057 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1058 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1059 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1060
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1061 if (!urlTokenCreationBase.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1062 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1063 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
1064 }
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1065
111
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
1066 OrthancPlugins::RegisterRestCallback<ToolsFind>("/tools/find", true);
2b1a95c7d263 wip: adjust tools/find queries
Alain Mazy <am@osimis.io>
parents: 109
diff changeset
1067
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 73
diff changeset
1068
81
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1069 if (authorizationParser_.get() != NULL || permissionParser_.get() != NULL)
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1070 {
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1071 if (hasBasicAuthEnabled)
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1072 {
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1073 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: you are using the plugin to grant access to resources or handle user permissions. This is not compatible with \"AuthenticationEnabled\" = true");
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1074 }
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1075
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1076 LOG(WARNING) << "Authorization plugin: Registering Incoming HTTP Request Filter";
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1077
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1078 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
81
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1079 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1080 #else
81
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1081 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1082 #endif
81
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1083 }
fac45493d547 more flexibility wrt configuration
Alain Mazy <am@osimis.io>
parents: 77
diff changeset
1084
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1085 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1086 else
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1087 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
1088 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, "
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1089 << "the authorization plugin is disabled";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1090 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1091 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1092 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1093 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1094 LOG(ERROR) << e.What();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1095 return -1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1096 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1097
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1098 return 0;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1099 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1100
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1101
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1102 ORTHANC_PLUGINS_API void OrthancPluginFinalize()
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1103 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1104 authorizationParser_.reset(NULL);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1105 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1106
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1107
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1108 ORTHANC_PLUGINS_API const char* OrthancPluginGetName()
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1109 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1110 return "authorization";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1111 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1112
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1113
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1114 ORTHANC_PLUGINS_API const char* OrthancPluginGetVersion()
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1115 {
22
c44013681a51 now using the Orthanc framework
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 8
diff changeset
1116 return ORTHANC_PLUGIN_VERSION;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1117 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1118 }