Mercurial > hg > orthanc-authorization
annotate Plugin/ResourceHierarchyCache.cpp @ 202:3c56c3f0059a default tip
Fix forbidden access when the PatientID and StudyInstanceUID are identical
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Mon, 23 Sep 2024 12:43:33 +0200 |
parents | c4b908970ae4 |
children |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
150 | 4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
188
c4b908970ae4
updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
150
diff
changeset
|
5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium |
1 | 6 * |
7 * This program is free software: you can redistribute it and/or | |
8 * modify it under the terms of the GNU Affero General Public License | |
9 * as published by the Free Software Foundation, either version 3 of | |
10 * the License, or (at your option) any later version. | |
11 * | |
12 * This program is distributed in the hope that it will be useful, but | |
13 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 * Affero General Public License for more details. | |
16 * | |
17 * You should have received a copy of the GNU Affero General Public License | |
18 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 **/ | |
20 | |
21 #include "ResourceHierarchyCache.h" | |
22 | |
32 | 23 #include <Logging.h> |
24 #include <OrthancException.h> | |
1 | 25 |
26 #include <boost/lexical_cast.hpp> | |
109 | 27 #include <Toolbox.h> |
1 | 28 |
29 namespace OrthancPlugins | |
30 { | |
31 std::string ResourceHierarchyCache::ComputeKey(Orthanc::ResourceType level, | |
43 | 32 const std::string& identifier) const |
1 | 33 { |
34 return boost::lexical_cast<std::string>(level) + "|" + identifier; | |
35 } | |
36 | |
37 | |
38 void ResourceHierarchyCache::LinkParent(const OrthancResource& child, | |
39 const OrthancResource& parent) | |
40 { | |
41 LOG(INFO) << "Linking " << Orthanc::EnumerationToString(child.GetLevel()) | |
42 << " \"" << child.GetIdentifier() << "\" to its parent " | |
43 << Orthanc::EnumerationToString(parent.GetLevel()) | |
44 << " \"" << parent.GetIdentifier() << "\""; | |
45 | |
46 cache_->Store(ComputeKey(child), parent.GetIdentifier(), 0 /* no expiration */); | |
47 } | |
48 | |
109 | 49 void ResourceHierarchyCache::GetLabels(std::set<std::string>& labels, |
50 const OrthancResource& resource) | |
51 { | |
52 labels.clear(); | |
53 | |
54 std::string key = ComputeKey(resource); | |
55 | |
56 std::string serializedLabels; | |
57 if (!labels_->Retrieve(serializedLabels, key)) | |
58 { | |
59 // The labels were not already stored in the cache or they have expired | |
60 OrthancResource parent; | |
61 UpdateResourceFromOrthanc(parent, labels, resource); | |
62 } | |
63 else | |
64 { | |
65 Orthanc::Toolbox::SplitString(labels, serializedLabels, ','); | |
66 } | |
67 } | |
68 | |
69 | |
70 void ResourceHierarchyCache::UpdateResourceFromOrthanc(OrthancResource& parent, | |
71 std::set<std::string>& labels, | |
72 const OrthancResource& resource) | |
73 { | |
74 std::string key = ComputeKey(resource); | |
75 | |
76 // Not in the cache, reading the resource from the Orthanc store | |
77 std::string dicomUid; | |
78 std::list<OrthancResource> children; | |
79 | |
80 if (!resource.GetHierarchy(dicomUid, parent, children, labels)) | |
81 { | |
82 // The resource is non-existing (*) | |
83 return; | |
84 } | |
85 | |
86 orthancToDicom_->Store(key, dicomUid, 0 /* no expiration */); | |
87 dicomToOrthanc_->Store(ComputeKey(resource.GetLevel(), dicomUid), | |
88 resource.GetIdentifier(), 0 /* no expiration */); | |
89 std::string serializedLabels; | |
90 Orthanc::Toolbox::JoinStrings(serializedLabels, labels, ","); | |
91 labels_->Store(key, serializedLabels, 60); | |
92 | |
93 for (std::list<OrthancResource>::const_iterator | |
94 it = children.begin(); it != children.end(); ++it) | |
95 { | |
96 // Cache the relation of the resource with its children | |
97 LinkParent(*it, resource); | |
98 } | |
99 | |
100 if (parent.IsValid()) | |
101 { | |
102 LinkParent(resource, parent); | |
103 } | |
104 } | |
105 | |
1 | 106 |
107 bool ResourceHierarchyCache::LookupParent(std::string& target, | |
108 const OrthancResource& resource) | |
109 { | |
110 std::string key = ComputeKey(resource); | |
111 | |
112 if (cache_->Retrieve(target, key)) | |
113 { | |
114 // The parent was already stored in the cache | |
115 return true; | |
116 } | |
117 | |
118 OrthancResource parent; | |
109 | 119 std::set<std::string> labels; |
120 UpdateResourceFromOrthanc(parent, labels, resource); | |
1 | 121 |
122 if (parent.IsValid()) | |
123 { | |
124 target = parent.GetIdentifier(); | |
125 return true; | |
126 } | |
127 else | |
128 { | |
129 // We reached the patient level, or the resource was removed | |
130 // from Orthanc since (*) | |
131 return false; | |
132 } | |
133 } | |
134 | |
135 | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
136 ResourceHierarchyCache::ResourceHierarchyCache(ICacheFactory& factory) : |
1 | 137 cache_(factory.Create()), |
138 orthancToDicom_(factory.Create()), | |
109 | 139 dicomToOrthanc_(factory.Create()), |
140 labels_(factory.Create()) | |
1 | 141 { |
142 if (cache_.get() == NULL) | |
143 { | |
144 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError); | |
145 } | |
146 } | |
147 | |
148 | |
149 void ResourceHierarchyCache::Invalidate(Orthanc::ResourceType level, | |
150 const std::string& identifier) | |
151 { | |
152 LOG(INFO) << "Invalidating " << Orthanc::EnumerationToString(level) | |
153 << " resource with ID: " << identifier; | |
154 | |
155 std::string key = ComputeKey(level, identifier); | |
156 cache_->Invalidate(key); | |
157 orthancToDicom_->Invalidate(key); | |
109 | 158 labels_->Invalidate(key); |
1 | 159 } |
160 | |
161 | |
162 bool ResourceHierarchyCache::LookupSeries(std::string& patient, | |
163 std::string& study, | |
164 const std::string& series) | |
165 { | |
166 if (LookupParent(study, Orthanc::ResourceType_Series, series)) | |
167 { | |
168 return LookupStudy(patient, study); | |
169 } | |
170 else | |
171 { | |
172 return false; | |
173 } | |
174 } | |
175 | |
176 | |
177 bool ResourceHierarchyCache::LookupInstance(std::string& patient, | |
178 std::string& study, | |
179 std::string& series, | |
180 const std::string& instance) | |
181 { | |
182 if (LookupParent(series, Orthanc::ResourceType_Instance, instance)) | |
183 { | |
184 return LookupSeries(patient, study, series); | |
185 } | |
186 else | |
187 { | |
188 return false; | |
189 } | |
190 } | |
191 | |
192 | |
193 bool ResourceHierarchyCache::LookupDicomUid(std::string& target, | |
194 Orthanc::ResourceType level, | |
195 const std::string& orthancId) | |
196 { | |
197 std::string key = ComputeKey(level, orthancId); | |
198 | |
199 if (orthancToDicom_->Retrieve(target, key)) | |
200 { | |
201 return true; | |
202 } | |
203 | |
204 OrthancResource resource(level, orthancId); | |
205 | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
206 if (resource.GetDicomUid(target)) |
1 | 207 { |
208 orthancToDicom_->Store(key, target, 0 /* no expiration */); | |
209 return true; | |
210 } | |
211 else | |
212 { | |
213 return false; | |
214 } | |
215 } | |
216 | |
217 | |
218 bool ResourceHierarchyCache::LookupOrthancId(std::string& target, | |
219 Orthanc::ResourceType level, | |
220 const std::string& dicomUid) | |
221 { | |
222 std::string key = ComputeKey(level, dicomUid); | |
223 | |
224 if (dicomToOrthanc_->Retrieve(target, key)) | |
225 { | |
226 return true; | |
227 } | |
228 | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
229 if (OrthancResource::LookupOrthancId(target, level, dicomUid)) |
1 | 230 { |
231 dicomToOrthanc_->Store(key, target, 0 /* no expiration */); | |
232 return true; | |
233 } | |
234 else | |
235 { | |
236 return false; | |
237 } | |
238 } | |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
239 |
78 | 240 #if BUILD_UNIT_TESTS == 1 |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
241 void ResourceHierarchyCache::AddOrthancDicomMapping(Orthanc::ResourceType level, |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
242 const std::string& orthancId, |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
243 const std::string& dicomUid) |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
244 { |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
245 dicomToOrthanc_->Store(ComputeKey(level, dicomUid), orthancId, 0 /* no expiration */); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
246 orthancToDicom_->Store(ComputeKey(level, orthancId), dicomUid, 0 /* no expiration */); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
247 } |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
248 |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
249 void ResourceHierarchyCache::AddParentLink(Orthanc::ResourceType childLevel, |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
250 const std::string& childOrthancId, |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
251 const std::string& parentOrthancId) |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
252 { |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
253 cache_->Store(ComputeKey(childLevel, childOrthancId), parentOrthancId, 0 /* no expiration */); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
254 } |
110 | 255 |
256 void ResourceHierarchyCache::AddLabels(Orthanc::ResourceType level, | |
257 const std::string& orthancId, | |
258 const std::string& serializedLabels) | |
259 { | |
260 labels_->Store(ComputeKey(level, orthancId), serializedLabels, 0 /* no expiration */); | |
261 } | |
262 | |
78 | 263 #endif |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
264 |
1 | 265 } |