Mercurial > hg > orthanc-authorization

annotate Plugin/PermissionParser.cpp @ 71:30fb3ce960d9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
configurable user permissions
author Alain Mazy <am@osimis.io>
date Wed, 22 Feb 2023 13:13:38 +0100
parents
children aa73b10c2db9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
1 /**
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
2 * Advanced authorization plugin for Orthanc
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
4 *
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
5 * This program is free software: you can redistribute it and/or
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
6 * modify it under the terms of the GNU Affero General Public License
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
7 * as published by the Free Software Foundation, either version 3 of
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
8 * the License, or (at your option) any later version.
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
9 *
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
10 * This program is distributed in the hope that it will be useful, but
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
13 * Affero General Public License for more details.
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
14 *
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
15 * You should have received a copy of the GNU Affero General Public License
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
17 **/
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
18
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
19 #include "PermissionParser.h"
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
20
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
21 #include <Toolbox.h>
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
22 #include <OrthancException.h>
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
23 #include <Logging.h>
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
24
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
25 namespace OrthancPlugins
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
26 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
27 PermissionPattern::PermissionPattern(const OrthancPluginHttpMethod& method, const std::string& patternRegex, const std::string& permissions) :
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
28 method(method),
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
29 pattern(patternRegex)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
30 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
31 std::vector<std::string> permissionsVector;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
32 Orthanc::Toolbox::TokenizeString(permissionsVector, permissions, '|');
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
33
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
34 for (size_t i = 0; i < permissionsVector.size(); ++i)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
35 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
36 this->permissions.insert(permissionsVector[i]);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
37 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
38 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
39
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
40
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
41 static void Replace(std::string& text, const std::string& findText, const std::string& replaceText)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
42 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
43 size_t pos = text.find(findText);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
44 if (pos != std::string::npos)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
45 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
46 text = text.replace(pos, findText.size(), replaceText);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
47 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
48 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
49
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
50
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
51 static void StripLeadingAndTrailingSlashes(std::string& text)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
52 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
53 if (text.size() > 1 && text[0] == '/')
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
54 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
55 text = text.substr(1, text.size() -1);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
56 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
57 if (text.size() > 1 && text[text.size() - 1] == '/')
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
58 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
59 text = text.substr(0, text.size() -1);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
60 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
61 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
62
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
63
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
64 PermissionParser::PermissionParser(const std::string& dicomWebRoot, const std::string& oe2Root) :
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
65 dicomWebRoot_(dicomWebRoot),
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
66 oe2Root_(oe2Root)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
67 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
68 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
69
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
70 void PermissionParser::Add(const Json::Value& configuration)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
71 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
72 if (configuration.type() != Json::arrayValue)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
73 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
74 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions should be an array.");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
75 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
76
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
77 for (Json::ArrayIndex i = 0; i < configuration.size(); ++i)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
78 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
79 const Json::Value& permission = configuration[i];
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
80 if (permission.type() != Json::arrayValue || permission.size() < 3)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
81 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
82 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions elements should be an array of min size 3.");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
83 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
84
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
85 Add(permission[0].asString(), // 0 = HTTP method
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
86 permission[1].asString(), // 1 = pattern
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
87 permission[2].asString() // 2 = list of | separated permissions (no space)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
88 // 3 = optional comment
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
89 );
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
90 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
91
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
92 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
93
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
94 void PermissionParser::Add(const std::string& method,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
95 const std::string& patternRegex,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
96 const std::string& permission)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
97 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
98 std::string lowerCaseMethod;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
99 Orthanc::Toolbox::ToLowerCase(lowerCaseMethod, method);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
100 OrthancPluginHttpMethod parsedMethod = OrthancPluginHttpMethod_Get;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
101
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
102 if (lowerCaseMethod == "post")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
103 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
104 parsedMethod = OrthancPluginHttpMethod_Post;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
105 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
106 else if (lowerCaseMethod == "put")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
107 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
108 parsedMethod = OrthancPluginHttpMethod_Put;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
109 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
110 else if (lowerCaseMethod == "delete")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
111 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
112 parsedMethod = OrthancPluginHttpMethod_Delete;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
113 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
114 else if (lowerCaseMethod == "get")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
115 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
116 parsedMethod = OrthancPluginHttpMethod_Get;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
117 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
118 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
119 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
120 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange, std::string("Invalid HTTP method ") + method);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
121 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
122
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
123 std::string regex = patternRegex;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
124 std::string strippedDicomWebRoot = dicomWebRoot_;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
125
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
126 StripLeadingAndTrailingSlashes(strippedDicomWebRoot);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
127 Replace(regex, "DICOM_WEB_ROOT", strippedDicomWebRoot);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
128
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
129 LOG(WARNING) << "Authorization plugin: adding a new permission pattern: " << lowerCaseMethod << " " << regex << " - " << permission;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
130
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
131 permissionsPattern_.push_back(PermissionPattern(parsedMethod, regex, permission));
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
132 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
133
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
134 bool PermissionParser::Parse(std::set<std::string>& permissions,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
135 std::string& matchedPattern,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
136 const OrthancPluginHttpMethod& method,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
137 const std::string& uri) const
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
138 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
139 // The mutex below should not be necessary, but we prefer to
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
140 // ensure thread safety in boost::regex
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
141 boost::mutex::scoped_lock lock(mutex_);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
142
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
143
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
144 for (std::list<PermissionPattern>::const_iterator it = permissionsPattern_.begin();
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
145 it != permissionsPattern_.end(); ++it)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
146 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
147 if (method == it->method)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
148 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
149 boost::smatch what;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
150 if (boost::regex_match(uri, what, it->pattern))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
151 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
152 matchedPattern = it->pattern.expression();
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
153 permissions = it->permissions;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
154 return true;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
155 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
156 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
157 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
158
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
159 return false;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
160 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
161 }