Mercurial > hg > orthanc-authorization
annotate Plugin/CachedAuthorizationService.cpp @ 71:30fb3ce960d9
configurable user permissions
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 22 Feb 2023 13:13:38 +0100 |
parents | af44dce56328 |
children | e381ba725669 |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
1 | 4 * |
5 * This program is free software: you can redistribute it and/or | |
6 * modify it under the terms of the GNU Affero General Public License | |
7 * as published by the Free Software Foundation, either version 3 of | |
8 * the License, or (at your option) any later version. | |
9 * | |
10 * This program is distributed in the hope that it will be useful, but | |
11 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 * Affero General Public License for more details. | |
14 * | |
15 * You should have received a copy of the GNU Affero General Public License | |
16 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 **/ | |
18 | |
19 #include "CachedAuthorizationService.h" | |
20 | |
32 | 21 #include <OrthancException.h> |
71 | 22 #include <Toolbox.h> |
1 | 23 |
24 #include <boost/lexical_cast.hpp> | |
25 | |
26 namespace OrthancPlugins | |
27 { | |
28 std::string CachedAuthorizationService::ComputeKey(OrthancPluginHttpMethod method, | |
29 const AccessedResource& access, | |
30 const Token& token, | |
31 const std::string& tokenValue) const | |
32 { | |
33 return (boost::lexical_cast<std::string>(method) + "|" + | |
34 boost::lexical_cast<std::string>(access.GetLevel()) + "|" + | |
35 access.GetOrthancId() + "|" + token.GetKey() + "|" + tokenValue); | |
36 } | |
37 | |
38 | |
71 | 39 std::string CachedAuthorizationService::ComputeKey(const std::string& permission, |
40 const Token& token, | |
41 const std::string& tokenValue) const | |
42 { | |
43 return (permission + "|" + token.GetKey() + "|" + tokenValue); | |
44 } | |
45 | |
46 | |
47 CachedAuthorizationService::CachedAuthorizationService(BaseAuthorizationService* decorated /* takes ownership */, | |
1 | 48 ICacheFactory& factory) : |
49 decorated_(decorated), | |
50 cache_(factory.Create()) | |
51 { | |
52 if (decorated_.get() == NULL) | |
53 { | |
54 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError); | |
55 } | |
56 } | |
57 | |
58 | |
71 | 59 bool CachedAuthorizationService::IsGrantedInternal(unsigned int& validity, |
60 OrthancPluginHttpMethod method, | |
61 const AccessedResource& access, | |
62 const Token* token, | |
63 const std::string& tokenValue) | |
1 | 64 { |
65 assert(decorated_.get() != NULL); | |
66 | |
71 | 67 std::string key = ComputeKey(method, access, *token, tokenValue); |
1 | 68 std::string value; |
69 | |
70 if (cache_->Retrieve(value, key)) | |
71 { | |
72 // Return the previously cached value | |
73 return (value == "1"); | |
74 } | |
75 | |
71 | 76 bool granted = decorated_->IsGrantedInternal(validity, method, access, token, tokenValue); |
1 | 77 |
78 if (granted) | |
79 { | |
80 if (validity > 0) | |
81 { | |
82 cache_->Store(key, "1", validity); | |
83 } | |
84 | |
85 return true; | |
86 } | |
87 else | |
88 { | |
89 if (validity > 0) | |
90 { | |
91 cache_->Store(key, "0", validity); | |
92 } | |
93 | |
94 return false; | |
95 } | |
96 } | |
97 | |
98 | |
71 | 99 bool CachedAuthorizationService::GetUserProfileInternal(unsigned int& validity, |
100 Json::Value& profile /* out */, | |
101 const Token* token, | |
102 const std::string& tokenValue) | |
103 { | |
104 // no cache used when retrieving the full user profile | |
105 return decorated_->GetUserProfileInternal(validity, profile, token, tokenValue); | |
106 } | |
107 | |
108 bool CachedAuthorizationService::HasUserPermissionInternal(unsigned int& validity, | |
109 const std::string& permission, | |
110 const Token* token, | |
111 const std::string& tokenValue) | |
1 | 112 { |
113 assert(decorated_.get() != NULL); | |
114 | |
71 | 115 std::string key = ComputeKey(permission, *token, tokenValue); |
116 std::string value; | |
117 | |
118 if (cache_->Retrieve(value, key)) | |
119 { | |
120 // Return the previously cached value | |
121 return (value == "1"); | |
122 } | |
123 | |
124 bool granted = decorated_->HasUserPermissionInternal(validity, permission, token, tokenValue); | |
125 | |
126 if (granted) | |
127 { | |
128 if (validity > 0) | |
129 { | |
130 cache_->Store(key, "1", validity); | |
131 } | |
132 | |
133 return true; | |
134 } | |
135 else | |
136 { | |
137 if (validity > 0) | |
138 { | |
139 cache_->Store(key, "0", validity); | |
140 } | |
141 | |
142 return false; | |
143 } | |
1 | 144 } |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
145 |
71 | 146 |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
147 |
1 | 148 } |