orthanc-authorization: Plugin/Plugin.cpp annotate

annotate Plugin/Plugin.cpp @ 114:546aea509427

fix + Forbidden error code

author	Alain Mazy <am@osimis.io>
date	Wed, 06 Sep 2023 17:02:41 +0200
parents	43154740ea2e
children	0eed78c1e177

rev	line source
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1 /**
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	2 * Advanced authorization plugin for Orthanc
68 1a13c4fbc9a1 copyrights Alain Mazy <am@osimis.io> parents: 66 diff changeset	3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	4 *
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	5 * This program is free software: you can redistribute it and/or
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	6 * modify it under the terms of the GNU Affero General Public License
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	7 * as published by the Free Software Foundation, either version 3 of
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	8 * the License, or (at your option) any later version.
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	9 *
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	10 * This program is distributed in the hope that it will be useful, but
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	11 * WITHOUT ANY WARRANTY; without even the implied warranty of
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	13 * Affero General Public License for more details.
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	14 *
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	15 * You should have received a copy of the GNU Affero General Public License
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	17 **/
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	18
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	19 #include "AssociativeArray.h"
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	20 #include "DefaultAuthorizationParser.h"
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	21 #include "CachedAuthorizationService.h"
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	22 #include "AuthorizationWebService.h"
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	23 #include "PermissionParser.h"
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	24 #include "MemoryCache.h"
34 53dbed29949a sync Sebastien Jodogne <s.jodogne@gmail.com> parents: 32 diff changeset	25 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h"
53dbed29949a sync Sebastien Jodogne <s.jodogne@gmail.com> parents: 32 diff changeset	26
36 8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr Sebastien Jodogne <s.jodogne@gmail.com> parents: 35 diff changeset	27 #include <Compatibility.h> // For std::unique_ptr<>
32 79d871605ffd sync Sebastien Jodogne <s.jodogne@gmail.com> parents: 31 diff changeset	28 #include <Logging.h>
79d871605ffd sync Sebastien Jodogne <s.jodogne@gmail.com> parents: 31 diff changeset	29 #include <Toolbox.h>
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	30 #include <SerializationToolbox.h>
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	31 #include <EmbeddedResources.h>
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	32
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	33
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	34 // Configuration of the authorization plugin
36 8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr Sebastien Jodogne <s.jodogne@gmail.com> parents: 35 diff changeset	35 static std::unique_ptr<OrthancPlugins::IAuthorizationParser> authorizationParser_;
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr Sebastien Jodogne <s.jodogne@gmail.com> parents: 35 diff changeset	36 static std::unique_ptr<OrthancPlugins::IAuthorizationService> authorizationService_;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	37 static std::unique_ptr<OrthancPlugins::PermissionParser> permissionParser_;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	38 static std::set<std::string> uncheckedResources_;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	39 static std::list<std::string> uncheckedFolders_;
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	40 static std::set<OrthancPlugins::Token> tokens_;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	41 static std::set<OrthancPlugins::AccessLevel> uncheckedLevels_;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	42
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	43
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	44 static std::string JoinStrings(const std::set<std::string>& values)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	45 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	46 std::string out;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	47 std::set<std::string> copy = values; // TODO: remove after upgrading to OrthancFramework 1.11.3+
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	48 Orthanc::Toolbox::JoinStrings(out, copy, "\|");
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	49 return out;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	50 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	51
86 e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	52 class TokenAndValue
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	53 {
86 e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	54 private:
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	55 OrthancPlugins::Token token_;
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	56 std::string value_;
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	57
86 e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	58 public:
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	59 TokenAndValue(const OrthancPlugins::Token& token, const std::string& value) :
86 e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	60 token_(token),
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	61 value_(value)
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	62 {
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	63 }
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	64
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	65 const OrthancPlugins::Token& GetToken() const
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	66 {
86 e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	67 return token_;
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	68 }
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	69
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	70 const std::string& GetValue() const
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	71 {
e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	72 return value_;
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	73 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	74 };
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	75
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	76 bool HasAccessToAllLabels(const OrthancPlugins::IAuthorizationService::UserProfile& profile)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	77 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	78 return (profile.authorizedLabels.find("*") != profile.authorizedLabels.end());
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	79 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	80
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	81 bool HasAccessToSomeLabels(const OrthancPlugins::IAuthorizationService::UserProfile& profile)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	82 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	83 return (profile.authorizedLabels.size() > 0);
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	84 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	85
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	86
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	87 static bool CheckAuthorizedLabelsForResource(const std::string& uri,
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	88 const OrthancPlugins::AssociativeArray& getArguments,
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	89 const OrthancPlugins::IAuthorizationService::UserProfile& profile)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	90 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	91 if (HasAccessToAllLabels(profile))
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	92 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	93 return true;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	94 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	95
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	96 if (authorizationParser_.get() != NULL &&
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	97 authorizationService_.get() != NULL)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	98 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	99 // Parse the resources that are accessed through this URI
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	100 OrthancPlugins::IAuthorizationParser::AccessedResources accesses;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	101
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	102 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap()))
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	103 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	104 return false; // Unable to parse this URI
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	105 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	106
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	107 // Loop over all the accessed resources to ensure access is
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	108 // granted to each of them
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	109 for (OrthancPlugins::IAuthorizationParser::AccessedResources::const_iterator
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	110 access = accesses.begin(); access != accesses.end(); ++access)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	111 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	112 // Ignored the access levels that are unchecked
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	113 // (cf. "UncheckedLevels" option)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	114 if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end())
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	115 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	116 std::string msg = std::string("Testing whether access to ") + OrthancPlugins::EnumerationToString(access->GetLevel()) + " \"" + access->GetOrthancId() + "\" is allowed wrt Labels for User '" + profile.name + "'";
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	117 const std::set<std::string>& resourceLabels = access->GetLabels();
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	118 std::set<std::string> authorizedResourceLabels;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	119
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	120 Orthanc::Toolbox::GetIntersection(authorizedResourceLabels, resourceLabels, profile.authorizedLabels);
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	121
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	122 if (authorizedResourceLabels.size() == 0)
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	123 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	124 LOG(INFO) << msg << " -> not granted, no authorized labels";
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	125 return false;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	126 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	127 else
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	128 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	129 LOG(INFO) << msg << " -> granted, at least one authorized labels";
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	130 return true;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	131 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	132 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	133 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	134
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	135 // Access is granted to all the resources that are 'unchecked'
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	136 return true;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	137 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	138
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	139 return false; // TODO or true ???
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	140 }
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	141
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	142 static int32_t FilterHttpRequests(OrthancPluginHttpMethod method,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	143 const char *uri,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	144 const char *ip,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	145 uint32_t headersCount,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	146 const char const headersKeys,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	147 const char const headersValues,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	148 uint32_t getArgumentsCount,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	149 const char const getArgumentsKeys,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	150 const char const getArgumentsValues)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	151 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	152 try
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	153 {
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	154 unsigned int validity; // ignored
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	155
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	156 // Allow GET accesses to unchecked resources/folders (usually static resources)
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	157 ////////////////////////////////////////////////////////////////
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	158
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	159 if (method == OrthancPluginHttpMethod_Get)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	160 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	161 if (uncheckedResources_.find(uri) != uncheckedResources_.end())
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	162 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	163 return 1;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	164 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	165
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	166 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	167 it = uncheckedFolders_.begin(); it != uncheckedFolders_.end(); ++it)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	168 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	169 if (Orthanc::Toolbox::StartsWith(uri, *it))
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	170 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	171 return 1;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	172 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	173 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	174 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	175
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	176 // Extract auth tokens from headers and url get arguments
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	177 ////////////////////////////////////////////////////////////////
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	178
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	179 OrthancPlugins::AssociativeArray headers(headersCount, headersKeys, headersValues, false);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	180 OrthancPlugins::AssociativeArray getArguments(getArgumentsCount, getArgumentsKeys, getArgumentsValues, true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	181
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	182 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	183
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	184 for (std::set<OrthancPlugins::Token>::const_iterator token = tokens_.begin(); token != tokens_.end(); ++token)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	185 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	186 std::string value;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	187
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	188 bool hasValue = false;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	189 switch (token->GetType())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	190 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	191 case OrthancPlugins::TokenType_HttpHeader:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	192 hasValue = headers.GetValue(value, token->GetKey());
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	193 break;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	194
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	195 case OrthancPlugins::TokenType_GetArgument:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	196 hasValue = getArguments.GetValue(value, token->GetKey());
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	197 break;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	198
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	199 default:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	200 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	201 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	202
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	203 if (hasValue)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	204 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	205 authTokens.push_back(TokenAndValue(*token, value));
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	206 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	207 }
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	208
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	209 // Based on the tokens, check if the user has access based on its permissions and the mapping between urls and permissions
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	210 ////////////////////////////////////////////////////////////////
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	211
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	212 if (permissionParser_.get() != NULL &&
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	213 authorizationService_.get() != NULL)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	214 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	215 std::set<std::string> requiredPermissions;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	216 std::string matchedPattern;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	217 if (permissionParser_->Parse(requiredPermissions, matchedPattern, method, uri))
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	218 {
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	219 if (authTokens.empty())
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	220 {
103 fcc4542a0c38 cleanup Alain Mazy <am@osimis.io> parents: 102 diff changeset	221 std::string msg = std::string("Testing whether anonymous user has any of the required permissions '") + JoinStrings(requiredPermissions) + "'";
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	222
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	223 // TODO: how to handle anonymous user ?
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	224
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	225 // LOG(INFO) << msg;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	226 // if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions))
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	227 // {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	228 // // TODO: check labels permissions
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	229 // LOG(INFO) << msg << " -> granted";
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	230
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	231 // if (CheckAuthorizedLabelsForResource(uri, getArguments, profile))
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	232 // {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	233 // return 1;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	234 // }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	235 // }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	236 // else
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	237 // {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	238 // LOG(INFO) << msg << " -> not granted";
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	239 // }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	240 LOG(INFO) << msg << " -> not granted, TODO ????";
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	241 return 0;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	242 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	243 else
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	244 {
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	245 for (size_t i = 0; i < authTokens.size(); ++i)
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	246 {
103 fcc4542a0c38 cleanup Alain Mazy <am@osimis.io> parents: 102 diff changeset	247 std::string msg = std::string("Testing whether user has the required permissions '") + JoinStrings(requiredPermissions) + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "' required to match '" + matchedPattern + "'";
fcc4542a0c38 cleanup Alain Mazy <am@osimis.io> parents: 102 diff changeset	248
fcc4542a0c38 cleanup Alain Mazy <am@osimis.io> parents: 102 diff changeset	249 LOG(INFO) << msg;
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	250
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	251 OrthancPlugins::IAuthorizationService::UserProfile profile;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	252 unsigned int validityNotUsed;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	253 authorizationService_->GetUserProfile(validityNotUsed, profile, authTokens[i].GetToken(), authTokens[i].GetValue());
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	254
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	255 if (authorizationService_->HasUserPermission(validity, requiredPermissions, profile))
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	256 {
103 fcc4542a0c38 cleanup Alain Mazy <am@osimis.io> parents: 102 diff changeset	257 LOG(INFO) << msg << " -> granted";
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	258
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	259 // check labels permissions
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	260 if (CheckAuthorizedLabelsForResource(uri, getArguments, profile))
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	261 {
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	262 return 1;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	263 }
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	264 // not granted, but continue and check if a resource tokens grant access
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	265 }
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	266 else
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	267 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	268 LOG(INFO) << msg << " -> not granted"; // but continue and check if a resource tokens grant access
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	269 }
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	270 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	271 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	272 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	273 }
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	274
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	275
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	276 //
7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	277
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	278 if (authorizationParser_.get() != NULL &&
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	279 authorizationService_.get() != NULL)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	280 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	281 // Parse the resources that are accessed through this URI
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	282 OrthancPlugins::IAuthorizationParser::AccessedResources accesses;
56 c02f0646297d added support for /dicom-web/studies?0020000D=1.2.3&... Alain Mazy <am@osimis.io> parents: 54 diff changeset	283
57 55539d564f4f added support for /dicom-web/series? & /dicom-web/instances? Alain Mazy <am@osimis.io> parents: 56 diff changeset	284 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap()))
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	285 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	286 return 0; // Unable to parse this URI
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	287 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	288
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	289 // Loop over all the accessed resources to ensure access is
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	290 // granted to each of them
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	291 for (OrthancPlugins::IAuthorizationParser::AccessedResources::const_iterator
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	292 access = accesses.begin(); access != accesses.end(); ++access)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	293 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	294 // Ignored the access levels that are unchecked
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	295 // (cf. "UncheckedLevels" option)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	296 if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end())
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	297 {
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	298 std::string msg = std::string("Testing whether access to ") + OrthancPlugins::EnumerationToString(access->GetLevel()) + " \"" + access->GetOrthancId() + "\" is allowed with a resource token";
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	299 LOG(INFO) << msg;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	300
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	301 bool granted = false;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	302
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	303 if (authTokens.empty())
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	304 {
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	305 granted = authorizationService_->IsGrantedToAnonymousUser(validity, method, *access);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	306 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	307 else
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	308 {
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	309 // Loop over all the authorization tokens in the request until finding one that is granted
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	310 for (size_t i = 0; i < authTokens.size(); ++i)
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	311 {
86 e2c3c497eb8d fix LSB build Sebastien Jodogne <s.jodogne@gmail.com> parents: 82 diff changeset	312 if (authorizationService_->IsGranted(validity, method, *access, authTokens[i].GetToken(), authTokens[i].GetValue()))
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	313 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	314 granted = true;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	315 break;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	316 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	317 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	318 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	319
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	320 if (!granted)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	321 {
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	322 LOG(INFO) << msg << " -> not granted";
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	323 return 0;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	324 }
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	325 else
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	326 {
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	327 LOG(INFO) << msg << " -> granted";
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	328 }
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	329 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	330 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	331
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	332 // Access is granted to all the resources
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	333 return 1;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	334 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	335
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	336 // By default, forbid access to all the resources
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	337 return 0;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	338 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	339 catch (std::runtime_error& e)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	340 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	341 LOG(ERROR) << e.what();
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	342 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	343 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	344 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	345 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	346 LOG(ERROR) << e.What();
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	347 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	348 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	349 catch (...)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	350 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	351 LOG(ERROR) << "Unhandled internal exception";
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	352 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	353 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	354 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	355
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	356
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	357 #if !ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	358 static int32_t FilterHttpRequestsFallback(OrthancPluginHttpMethod method,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	359 const char *uri,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	360 const char *ip,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	361 uint32_t headersCount,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	362 const char const headersKeys,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	363 const char const headersValues)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	364 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	365 // Fallback wrapper function for Orthanc <= 1.2.0, where the GET
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	366 // arguments were not available in the HTTP filters
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	367 return FilterHttpRequests(method, uri, ip,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	368 headersCount, headersKeys, headersValues,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	369 0, NULL, NULL);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	370 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	371 #endif
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	372
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	373
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	374 static OrthancPluginErrorCode OnChangeCallback(OrthancPluginChangeType changeType,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	375 OrthancPluginResourceType resourceType,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	376 const char* resourceId)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	377 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	378 try
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	379 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	380 if (authorizationParser_.get() == NULL)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	381 {
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	382 return OrthancPluginErrorCode_Success;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	383 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	384
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	385 if (changeType == OrthancPluginChangeType_Deleted)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	386 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	387 switch (resourceType)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	388 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	389 case OrthancPluginResourceType_Patient:
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	390 authorizationParser_->Invalidate(Orthanc::ResourceType_Patient, resourceId);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	391 break;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	392
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	393 case OrthancPluginResourceType_Study:
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	394 authorizationParser_->Invalidate(Orthanc::ResourceType_Study, resourceId);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	395 break;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	396
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	397 case OrthancPluginResourceType_Series:
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	398 authorizationParser_->Invalidate(Orthanc::ResourceType_Series, resourceId);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	399 break;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	400
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	401 case OrthancPluginResourceType_Instance:
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	402 authorizationParser_->Invalidate(Orthanc::ResourceType_Instance, resourceId);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	403 break;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	404
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	405 default:
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	406 break;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	407 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	408 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	409
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	410 return OrthancPluginErrorCode_Success;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	411 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	412 catch (std::runtime_error& e)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	413 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	414 LOG(ERROR) << e.what();
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	415 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	416 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	417 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	418 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	419 LOG(ERROR) << e.What();
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	420 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	421 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	422 catch (...)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	423 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	424 LOG(ERROR) << "Unhandled internal exception";
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	425 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	426 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	427 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	428
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	429
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	430 bool GetUserProfileInternal(OrthancPlugins::IAuthorizationService::UserProfile& profile, const OrthancPluginHttpRequest* request)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	431 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	432 OrthancPlugins::AssociativeArray headers
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	433 (request->headersCount, request->headersKeys, request->headersValues, false);
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	434
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	435 OrthancPlugins::AssociativeArray getArguments
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	436 (request->getCount, request->getKeys, request->getValues, true);
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	437
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	438 // Loop over all the authorization tokens stored in the HTTP
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	439 // headers, until finding one that is granted
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	440 for (std::set<OrthancPlugins::Token>::const_iterator
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	441 token = tokens_.begin(); token != tokens_.end(); ++token)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	442 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	443 OrthancPlugins::IAuthorizationService::UserProfile tryProfile;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	444
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	445 std::string value;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	446
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	447 bool hasValue = false;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	448 switch (token->GetType())
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	449 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	450 case OrthancPlugins::TokenType_HttpHeader:
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	451 hasValue = headers.GetValue(value, token->GetKey());
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	452 break;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	453
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	454 case OrthancPlugins::TokenType_GetArgument:
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	455 hasValue = getArguments.GetValue(value, token->GetKey());
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	456 break;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	457
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	458 default:
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	459 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange);
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	460 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	461
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	462 if (hasValue)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	463 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	464 unsigned int validity; // not used
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	465 if (authorizationService_->GetUserProfile(validity, tryProfile, *token, value))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	466 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	467 profile = tryProfile;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	468 return true;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	469 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	470 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	471 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	472
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	473 return false;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	474 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	475
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	476 void AdjustToolsFindQueryLabels(Json::Value& query, const OrthancPlugins::IAuthorizationService::UserProfile& profile)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	477 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	478 std::set<std::string> labelsToFind;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	479 std::string labelsConstraint = "Invalid";
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	480
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	481 if (query.isMember("Labels") && query.isMember("LabelsConstraint"))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	482 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	483 Orthanc::SerializationToolbox::ReadSetOfStrings(labelsToFind, query, "Labels");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	484 labelsConstraint = Orthanc::SerializationToolbox::ReadString(query, "LabelsConstraint");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	485 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	486 else if (query.isMember("Labels") \|\| query.isMember("LabelsConstraint"))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	487 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	488 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query, both 'Labels' and 'LabelsConstraint' must be defined together if one of them is defined.");
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	489 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	490
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	491 if (!HasAccessToSomeLabels(profile))
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	492 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	493 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels.");
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	494 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	495 else if (profile.authorizedLabels.size() > 0)
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	496 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	497 // if the user has access to all labels: no need to transform the tools/find body, we keep it as is
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	498 if (!HasAccessToAllLabels(profile))
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	499 { // the user does not have access to all labels -> transform the tools/find body
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	500
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	501 if (labelsToFind.size() == 0)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	502 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	503 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	504 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	505 query.removeMember("Labels");
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	506 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.authorizedLabels, "Labels");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	507 query["LabelsConstraint"] = "Any";
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	508 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	509 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	510 else if (labelsConstraint == "All")
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	511 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	512 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	513 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	514 if (!Orthanc::Toolbox::IsSetInSet(labelsToFind, profile.authorizedLabels))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	515 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	516 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user does not have access to all listed labels.");
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	517 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	518 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	519 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	520 else if (labelsConstraint == "Any")
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	521 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	522 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	523 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	524 std::set<std::string> newLabelsToFind;
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	525 Orthanc::Toolbox::GetIntersection(newLabelsToFind, labelsToFind, profile.authorizedLabels);
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	526
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	527 if (newLabelsToFind.size() == 0)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	528 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	529 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when none of the labels to find is authorized for the user.");
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	530 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	531
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	532 query.removeMember("Labels");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	533 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	534 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	535 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	536 else if (labelsConstraint == "None")
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	537 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	538 if (profile.authorizedLabels.size() > 0)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	539 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	540 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'None' labels constraint when the user only has authorized_labels.");
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	541 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	542 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	543 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	544 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	545 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	546
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	547 void ToolsFind(OrthancPluginRestOutput* output,
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	548 const char* /url/,
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	549 const OrthancPluginHttpRequest* request)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	550 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	551 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	552
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	553 if (request->method != OrthancPluginHttpMethod_Post)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	554 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	555 OrthancPluginSendMethodNotAllowed(context, output, "POST");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	556 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	557 else
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	558 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	559 // The filtering to this route is performed by this plugin as it is done for any other route before we get here.
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	560
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	561 Json::Value body;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	562 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	563 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	564 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	565 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	566
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	567 // If the logged in user has restrictions on the labels he can access, modify the tools/find payload before reposting it to Orthanc
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	568 OrthancPlugins::IAuthorizationService::UserProfile profile;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	569 if (GetUserProfileInternal(profile, request))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	570 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	571 AdjustToolsFindQueryLabels(body, profile);
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	572
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	573 Json::Value result;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	574 if (OrthancPlugins::RestApiPost(result, "/tools/find", body, false))
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	575 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	576 OrthancPlugins::AnswerJson(result, output);
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	577 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	578
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	579 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	580 else
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	581 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	582 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: no user profile found, access to tools/find is forbidden.");
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	583 }
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	584 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	585 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	586
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	587 void ToolsLabels(OrthancPluginRestOutput* output,
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	588 const char* /url/,
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	589 const OrthancPluginHttpRequest* request)
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	590 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	591 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	592
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	593 if (request->method != OrthancPluginHttpMethod_Get)
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	594 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	595 OrthancPluginSendMethodNotAllowed(context, output, "GET");
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	596 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	597 else
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	598 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	599 // The filtering to this route is performed by this plugin as it is done for any other route before we get here.
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	600
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	601 // If the logged in user has restrictions on the labels he can access, modify the tools/labels response before answering
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	602 OrthancPlugins::IAuthorizationService::UserProfile profile;
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	603 if (GetUserProfileInternal(profile, request))
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	604 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	605 if (!HasAccessToSomeLabels(profile))
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	606 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	607 Json::Value emptyLabels;
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	608 OrthancPlugins::AnswerJson(emptyLabels, output);
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	609 return;
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	610 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	611
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	612 Json::Value jsonLabels;
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	613 if (OrthancPlugins::RestApiGet(jsonLabels, "/tools/labels", false))
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	614 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	615 std::set<std::string> allLabels;
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	616 Orthanc::SerializationToolbox::ReadSetOfStrings(allLabels, jsonLabels);
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	617
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	618 if (!HasAccessToAllLabels(profile))
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	619 {
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	620 std::set<std::string> authorizedLabels;
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	621
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	622 Orthanc::Toolbox::GetIntersection(authorizedLabels, allLabels, profile.authorizedLabels);
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	623 Orthanc::SerializationToolbox::WriteSetOfStrings(jsonLabels, authorizedLabels);
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	624 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	625 OrthancPlugins::AnswerJson(jsonLabels, output);
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	626 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	627
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	628 }
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	629 else
572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	630 {
114 546aea509427 fix + Forbidden error code Alain Mazy <am@osimis.io> parents: 113 diff changeset	631 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: no user profile found, access to tools/labels is forbidden.");
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	632 }
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	633 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	634 }
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	635
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	636
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	637 void CreateToken(OrthancPluginRestOutput* output,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	638 const char* /url/,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	639 const OrthancPluginHttpRequest* request)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	640 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	641 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	642
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	643 if (request->method != OrthancPluginHttpMethod_Put)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	644 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	645 OrthancPluginSendMethodNotAllowed(context, output, "PUT");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	646 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	647 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	648 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	649 // The filtering to this route is performed by this plugin as it is done for any other route before we get here.
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	650 // Since the route contains the tokenType, we can allow/forbid creating them based on the url
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	651
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	652 // simply forward the request to the auth-service
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	653 std::string tokenType;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	654 if (request->groupsCount == 1)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	655 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	656 tokenType = request->groups[0];
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	657 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	658 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	659 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	660 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	661 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	662
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	663 // convert from Orthanc flavored API to WebService API
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	664 Json::Value body;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	665 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	666 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	667 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	668 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	669
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	670 std::string id;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	671 std::vector<OrthancPlugins::IAuthorizationService::OrthancResource> resources;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	672 std::string expirationDateString;
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	673 uint64_t validityDuration;
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	674
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	675 if (body.isMember("ID"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	676 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	677 id = body["ID"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	678 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	679
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	680 for (Json::ArrayIndex i = 0; i < body["Resources"].size(); ++i)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	681 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	682 const Json::Value& jsonResource = body["Resources"][i];
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	683 OrthancPlugins::IAuthorizationService::OrthancResource resource;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	684
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	685 if (jsonResource.isMember("DicomUid"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	686 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	687 resource.dicomUid = jsonResource["DicomUid"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	688 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	689
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	690 if (jsonResource.isMember("OrthancId"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	691 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	692 resource.orthancId = jsonResource["OrthancId"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	693 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	694
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	695 if (jsonResource.isMember("Url"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	696 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	697 resource.url = jsonResource["Url"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	698 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	699
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	700 resource.level = jsonResource["Level"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	701 resources.push_back(resource);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	702 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	703
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	704 if (body.isMember("ExpirationDate"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	705 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	706 expirationDateString = body["ExpirationDate"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	707 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	708
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	709 if (body.isMember("ValidityDuration"))
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	710 {
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	711 validityDuration = body["ValidityDuration"].asUInt64();
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	712 }
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	713
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	714 OrthancPlugins::IAuthorizationService::CreatedToken createdToken;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	715 if (authorizationService_->CreateToken(createdToken,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	716 tokenType,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	717 id,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	718 resources,
73 512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	719 expirationDateString,
512247750f0a new ValidityDuration arg in create token API Alain Mazy <am@osimis.io> parents: 72 diff changeset	720 validityDuration))
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	721 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	722 Json::Value createdJsonToken;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	723 createdJsonToken["Token"] = createdToken.token;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	724
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	725 if (!createdToken.url.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	726 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	727 createdJsonToken["Url"] = createdToken.url;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	728 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	729 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	730 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	731 createdJsonToken["Url"] = Json::nullValue;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	732 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	733
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	734 OrthancPlugins::AnswerJson(createdJsonToken, output);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	735 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	736
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	737
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	738 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	739 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	740
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	741 void DecodeToken(OrthancPluginRestOutput* output,
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	742 const char* /url/,
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	743 const OrthancPluginHttpRequest* request)
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	744 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	745 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	746
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	747 if (request->method != OrthancPluginHttpMethod_Post)
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	748 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	749 OrthancPluginSendMethodNotAllowed(context, output, "POST");
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	750 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	751 else
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	752 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	753 // convert from Orthanc flavored API to WebService API
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	754 Json::Value body;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	755 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	756 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	757 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	758 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	759
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	760 Json::Value authPayload;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	761
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	762 authPayload["token-key"] = body["TokenKey"].asString();
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	763 authPayload["token-value"] = body["TokenValue"].asString();
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	764
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	765 OrthancPlugins::IAuthorizationService::DecodedToken decodedToken;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	766 if (authorizationService_->DecodeToken(decodedToken,
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	767 body["TokenKey"].asString(),
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	768 body["TokenValue"].asString()))
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	769 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	770 Json::Value decodedJsonToken;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	771
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	772 if (!decodedToken.redirectUrl.empty())
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	773 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	774 decodedJsonToken["RedirectUrl"] = decodedToken.redirectUrl;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	775 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	776
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	777 if (!decodedToken.errorCode.empty())
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	778 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	779 decodedJsonToken["ErrorCode"] = decodedToken.errorCode;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	780 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	781
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	782 if (!decodedToken.tokenType.empty())
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	783 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	784 decodedJsonToken["TokenType"] = decodedToken.tokenType;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	785 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	786
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	787 OrthancPlugins::AnswerJson(decodedJsonToken, output);
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	788 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	789 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	790 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	791
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	792
69 af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	793 void GetUserProfile(OrthancPluginRestOutput* output,
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	794 const char* /url/,
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	795 const OrthancPluginHttpRequest* request)
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	796 {
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	797 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	798
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	799 if (request->method != OrthancPluginHttpMethod_Get)
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	800 {
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	801 OrthancPluginSendMethodNotAllowed(context, output, "GET");
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	802 }
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	803 else
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	804 {
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	805 OrthancPlugins::IAuthorizationService::UserProfile profile;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	806 if (GetUserProfileInternal(profile, request))
69 af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	807 {
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	808 Json::Value jsonProfile;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	809 jsonProfile["name"] = profile.name;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	810 jsonProfile["permissions"] = Json::arrayValue;
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	811 for (std::set<std::string>::const_iterator it = profile.permissions.begin(); it != profile.permissions.end(); ++it)
69 af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	812 {
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	813 jsonProfile["permissions"].append(*it);
69 af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	814 }
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	815 for (std::set<std::string>::const_iterator it = profile.authorizedLabels.begin(); it != profile.authorizedLabels.end(); ++it)
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	816 {
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	817 jsonProfile["authorized-labels"].append(*it);
2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	818 }
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 103 diff changeset	819
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	820 OrthancPlugins::AnswerJson(jsonProfile, output);
69 af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	821 }
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	822 }
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	823 }
af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	824
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	825 void MergeJson(Json::Value &a, const Json::Value &b) {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	826
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	827 if (!a.isObject() \|\| !b.isObject())
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	828 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	829 return;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	830 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	831
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	832 Json::Value::Members members = b.getMemberNames();
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	833
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	834 for (size_t i = 0; i < members.size(); i++)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	835 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	836 std::string key = members[i];
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	837
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	838 if (!a[key].isNull() && a[key].type() == Json::objectValue && b[key].type() == Json::objectValue)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	839 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	840 MergeJson(a[key], b[key]);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	841 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	842 else
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	843 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	844 a[key] = b[key];
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	845 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	846 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	847 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	848
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	849
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	850 extern "C"
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	851 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	852 ORTHANC_PLUGINS_API int32_t OrthancPluginInitialize(OrthancPluginContext* context)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	853 {
29 bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	854 OrthancPlugins::SetGlobalContext(context);
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	855 OrthancPluginLogWarning(context, "Initializing the authorization plugin");
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	856
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	857 /* Check the version of the Orthanc core */
29 bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	858 if (OrthancPluginCheckVersion(context) == 0)
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	859 {
29 bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	860 OrthancPlugins::ReportMinimalOrthancVersion(ORTHANC_PLUGINS_MINIMAL_MAJOR_NUMBER,
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	861 ORTHANC_PLUGINS_MINIMAL_MINOR_NUMBER,
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	862 ORTHANC_PLUGINS_MINIMAL_REVISION_NUMBER);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	863 return -1;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	864 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	865
41 af7da36e68f5 sync Sebastien Jodogne <s.jodogne@gmail.com> parents: 36 diff changeset	866 #if ORTHANC_FRAMEWORK_VERSION_IS_ABOVE(1, 7, 2)
32 79d871605ffd sync Sebastien Jodogne <s.jodogne@gmail.com> parents: 31 diff changeset	867 Orthanc::Logging::InitializePluginContext(context);
33 b9c536bf598b improved Orthanc::Logging::Initialize() Sebastien Jodogne <s.jodogne@gmail.com> parents: 32 diff changeset	868 #else
b9c536bf598b improved Orthanc::Logging::Initialize() Sebastien Jodogne <s.jodogne@gmail.com> parents: 32 diff changeset	869 Orthanc::Logging::Initialize(context);
b9c536bf598b improved Orthanc::Logging::Initialize() Sebastien Jodogne <s.jodogne@gmail.com> parents: 32 diff changeset	870 #endif
b9c536bf598b improved Orthanc::Logging::Initialize() Sebastien Jodogne <s.jodogne@gmail.com> parents: 32 diff changeset	871
29 bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	872 OrthancPluginSetDescription(context, "Advanced authorization plugin for Orthanc.");
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	873
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	874 try
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	875 {
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	876 static const char* PLUGIN_SECTION = "Authorization";
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	877
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	878 OrthancPlugins::OrthancConfiguration orthancFullConfiguration;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	879
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	880 // read default configuration
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	881 std::string defaultConfigurationFileContent;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	882 Orthanc::EmbeddedResources::GetFileResource(defaultConfigurationFileContent, Orthanc::EmbeddedResources::DEFAULT_CONFIGURATION);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	883 Json::Value pluginJsonDefaultConfiguration;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	884 OrthancPlugins::ReadJsonWithoutComments(pluginJsonDefaultConfiguration, defaultConfigurationFileContent);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	885 Json::Value pluginJsonConfiguration = pluginJsonDefaultConfiguration[PLUGIN_SECTION];
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	886
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	887 OrthancPlugins::OrthancConfiguration pluginProvidedConfiguration;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	888
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	889 if (orthancFullConfiguration.IsSection(PLUGIN_SECTION))
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	890 {
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	891 // get the configuration provided by the user
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	892 orthancFullConfiguration.GetSection(pluginProvidedConfiguration, PLUGIN_SECTION);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	893
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	894 // merge it with the default configuration. This is a way to apply the all default values in a single step
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	895 MergeJson(pluginJsonConfiguration, pluginProvidedConfiguration.GetJson());
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	896
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	897 // recreate a OrthancConfiguration object from the merged configuration
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	898 OrthancPlugins::OrthancConfiguration pluginConfiguration(pluginJsonConfiguration, PLUGIN_SECTION);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	899
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	900 // TODO - The size of the caches is set to 10,000 items. Maybe add a configuration option?
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	901 OrthancPlugins::MemoryCache::Factory factory(10000);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	902
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	903 std::string dicomWebRoot = "/dicom-web/";
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	904 std::string oe2Root = "/ui/";
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	905
81 fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	906 bool hasBasicAuthEnabled = orthancFullConfiguration.GetBooleanValue("AuthenticationEnabled", "true");
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	907
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	908 if (orthancFullConfiguration.IsSection("DicomWeb"))
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	909 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	910 OrthancPlugins::OrthancConfiguration dicomWeb;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	911 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb");
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	912 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/");
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	913 }
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	914
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	915 if (orthancFullConfiguration.IsSection("OrthancExplorer2"))
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	916 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	917 OrthancPlugins::OrthancConfiguration oe2;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	918 oe2.GetSection(orthancFullConfiguration, "OrthancExplorer2");
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	919 oe2Root = oe2.GetStringValue("Root", "/ui/");
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	920 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	921
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	922 std::list<std::string> tmp;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	923
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	924 pluginConfiguration.LookupListOfStrings(tmp, "TokenHttpHeaders", true);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	925 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	926 it = tmp.begin(); it != tmp.end(); ++it)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	927 {
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	928 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it));
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	929 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	930
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	931 pluginConfiguration.LookupListOfStrings(tmp, "TokenGetArguments", true);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	932
8 4362026afddf orthanc 1.2.1 renamed as 1.3.0 Sebastien Jodogne <s.jodogne@gmail.com> parents: 1 diff changeset	933 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 3, 0)
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	934 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	935 it = tmp.begin(); it != tmp.end(); ++it)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	936 {
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	937 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it));
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	938 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	939 #else
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	940 if (!tmp.empty())
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	941 {
29 bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	942 throw Orthanc::OrthancException(
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	943 Orthanc::ErrorCode_Plugin,
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	944 "The option \"TokenGetArguments\" of the authorization plugin "
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	945 "is only valid if compiled against Orthanc >= 1.3.0"
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	946 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	947 #endif
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	948
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	949 pluginConfiguration.LookupSetOfStrings(uncheckedResources_, "UncheckedResources", false);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	950 pluginConfiguration.LookupListOfStrings(uncheckedFolders_, "UncheckedFolders", false);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	951
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	952 std::string urlTokenDecoder;
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	953 std::string urlTokenValidation;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	954 std::string urlTokenCreationBase;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	955 std::string urlUserProfile;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	956 std::string urlRoot;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	957
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	958 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl";
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	959 static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl";
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	960 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	961 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	962 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	963 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	964 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT))
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	965 {
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	966 urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode");
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	967 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	968 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	969 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile");
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	970 }
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	971 else
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	972 {
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	973 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION);
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	974 pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER);
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	975 if (urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	976 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	977 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	978 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	979
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	980 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	981 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	982 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	983
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	984 if (!urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	985 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	986 LOG(WARNING) << "Authorization plugin: url defined for Token Validation: " << urlTokenValidation;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	987 authorizationParser_.reset
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	988 (new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot));
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	989 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	990 else
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	991 {
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	992 LOG(WARNING) << "Authorization plugin: no url defined for Token Validation";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	993 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	994
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	995 if (!urlUserProfile.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	996 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	997 LOG(WARNING) << "Authorization plugin: url defined for User Profile: " << urlUserProfile;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	998
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	999 static const char* PERMISSIONS = "Permissions";
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1000 if (!pluginConfiguration.GetJson().isMember(PERMISSIONS))
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1001 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1002 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: Missing required \"" + std::string(PERMISSIONS) +
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1003 "\" option since you have defined the \"" + std::string(WEB_SERVICE_ROOT) + "\" option");
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1004 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1005 permissionParser_.reset
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1006 (new OrthancPlugins::PermissionParser(dicomWebRoot, oe2Root));
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1007
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1008 permissionParser_->Add(pluginConfiguration.GetJson()[PERMISSIONS]);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1009 }
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1010 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1011 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1012 LOG(WARNING) << "Authorization plugin: no url defined for User Profile";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1013 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1014
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1015 if (!urlTokenCreationBase.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1016 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1017 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1018 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1019 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1020 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1021 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1022 }
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1023
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1024 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1025 {
81 fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1026 if (hasBasicAuthEnabled)
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1027 {
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1028 LOG(WARNING) << "Authorization plugin: No Token Validation or User Profile url defined -> will only be able to generate tokens. All API routes are accessible to all registered users.";
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1029 }
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1030 else
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1031 {
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1032 LOG(WARNING) << "Authorization plugin: ----------- insecure setup ---------- No Token Validation or User Profile url defined -> will only be able to generate tokens. Authentication is not enabled -> anyone will have access to all API routes.";
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1033 }
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1034 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1035
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1036 std::set<std::string> standardConfigurations;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1037 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false))
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1038 {
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1039 if (standardConfigurations.find("osimis-web-viewer") != standardConfigurations.end())
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1040 {
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1041 uncheckedFolders_.push_back("/osimis-viewer/app/");
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1042 uncheckedFolders_.push_back("/osimis-viewer/languages/");
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1043 uncheckedResources_.insert("/osimis-viewer/config.js");
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1044
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1045 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token"));
95 dff72e397f90 fix standard configuration 'orthanc-explorer-2' for TokenGetArguments Alain Mazy <am@osimis.io> parents: 86 diff changeset	1046 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, "token")); // for download links in Webviewer
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1047 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1048
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1049 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end())
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1050 {
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1051 uncheckedFolders_.push_back("/stone-webviewer/");
65 a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1052 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1053
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1054 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization"));
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1055 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1056
65 a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1057 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end())
a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1058 {
a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1059 uncheckedFolders_.push_back("/ui/app/");
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1060 uncheckedFolders_.push_back("/ui/landing/");
76 d301047ee3c4 fix unchecked resource Alain Mazy <am@osimis.io> parents: 74 diff changeset	1061 uncheckedResources_.insert("/"); // for the redirect to /ui/app/
66 b7fd466764cc fix path for oe2 keycloak Alain Mazy <am@osimis.io> parents: 65 diff changeset	1062 uncheckedResources_.insert("/ui/api/pre-login-configuration"); // for the UI to know, i.e. if Keycloak is enabled or not
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1063 uncheckedResources_.insert("/ui/api/configuration");
69 af44dce56328 new 'auth/user-profile' Rest API route Alain Mazy <am@osimis.io> parents: 68 diff changeset	1064 uncheckedResources_.insert("/auth/user-profile");
65 a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1065
a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1066 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); // for basic-auth
a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1067 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token")); // for keycloak
95 dff72e397f90 fix standard configuration 'orthanc-explorer-2' for TokenGetArguments Alain Mazy <am@osimis.io> parents: 86 diff changeset	1068 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, "token")); // for download links in OE2
65 a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1069 }
a89e1fcf56b1 new oe2 standard configuration Alain Mazy <am@osimis.io> parents: 62 diff changeset	1070
102 18d3f7bd18db new standard configuration 'ohif' Alain Mazy <am@osimis.io> parents: 95 diff changeset	1071 if (standardConfigurations.find("ohif") != standardConfigurations.end())
18d3f7bd18db new standard configuration 'ohif' Alain Mazy <am@osimis.io> parents: 95 diff changeset	1072 {
18d3f7bd18db new standard configuration 'ohif' Alain Mazy <am@osimis.io> parents: 95 diff changeset	1073 uncheckedFolders_.push_back("/ohif/");
18d3f7bd18db new standard configuration 'ohif' Alain Mazy <am@osimis.io> parents: 95 diff changeset	1074 }
18d3f7bd18db new standard configuration 'ohif' Alain Mazy <am@osimis.io> parents: 95 diff changeset	1075
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1076 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1077
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1078 std::string checkedLevelString;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1079 if (pluginConfiguration.LookupStringValue(checkedLevelString, "CheckedLevel"))
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1080 {
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1081 OrthancPlugins::AccessLevel checkedLevel = OrthancPlugins::StringToAccessLevel(checkedLevelString);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1082 if (checkedLevel == OrthancPlugins::AccessLevel_Instance)
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1083 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	1084 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_System);
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1085 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1086 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1087 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1088 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1089 else if (checkedLevel == OrthancPlugins::AccessLevel_Series)
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1090 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	1091 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_System);
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1092 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1093 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1094 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1095 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1096 else if (checkedLevel == OrthancPlugins::AccessLevel_Study)
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1097 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	1098 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_System);
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1099 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1100 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1101 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1102 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1103 else if (checkedLevel == OrthancPlugins::AccessLevel_Patient)
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1104 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 112 diff changeset	1105 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_System);
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1106 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1107 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1108 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1109 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1110 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1111
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1112 if (pluginConfiguration.LookupListOfStrings(tmp, "UncheckedLevels", false))
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1113 {
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1114 if (uncheckedLevels_.size() == 0)
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1115 {
58 ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1116 for (std::list<std::string>::const_iterator
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1117 it = tmp.begin(); it != tmp.end(); ++it)
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1118 {
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1119 uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it));
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1120 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1121 }
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1122 else
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1123 {
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1124 LOG(ERROR) << "Authorization plugin: you may only provide one of 'CheckedLevel' or 'UncheckedLevels' configurations";
ad279c70c22d added a new configuration 'StandardConfigurations' Alain Mazy <am@osimis.io> parents: 57 diff changeset	1125 return -1;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1126 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1127 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1128
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1129 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1130 urlTokenCreationBase,
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1131 urlUserProfile,
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1132 urlTokenDecoder));
54 317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1133
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1134 std::string webServiceIdentifier;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1135 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier"))
54 317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1136 {
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1137 webService->SetIdentifier(webServiceIdentifier);
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1138 }
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1139
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1140 std::string webServiceUsername;
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1141 std::string webServicePassword;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1142 if (pluginConfiguration.LookupStringValue(webServiceUsername, "WebServiceUsername") && pluginConfiguration.LookupStringValue(webServicePassword, "WebServicePassword"))
54 317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1143 {
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1144 webService->SetCredentials(webServiceUsername, webServicePassword);
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1145 }
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1146
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1147 authorizationService_.reset
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1148 (new OrthancPlugins::CachedAuthorizationService
54 317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field Alain Mazy <am@osimis.io> parents: 51 diff changeset	1149 (webService.release(), factory));
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1150
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1151 if (!urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1152 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1153 OrthancPluginRegisterOnChangeCallback(context, OnChangeCallback);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1154 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1155
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1156 if (!urlTokenDecoder.empty())
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1157 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1158 OrthancPlugins::RegisterRestCallback<DecodeToken>("/auth/tokens/decode", true);
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1159 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1160
72 e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1161 if (!urlUserProfile.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1162 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1163 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1164 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1165
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1166 if (!urlTokenCreationBase.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1167 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1168 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService Alain Mazy <am@osimis.io> parents: 71 diff changeset	1169 }
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1170
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	1171 OrthancPlugins::RegisterRestCallback<ToolsFind>("/tools/find", true);
112 572955904411 added tools/labels + removed forbidden_labels Alain Mazy <am@osimis.io> parents: 111 diff changeset	1172 OrthancPlugins::RegisterRestCallback<ToolsLabels>("/tools/labels", true);
111 2b1a95c7d263 wip: adjust tools/find queries Alain Mazy <am@osimis.io> parents: 109 diff changeset	1173
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 73 diff changeset	1174
81 fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1175 if (authorizationParser_.get() != NULL \|\| permissionParser_.get() != NULL)
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1176 {
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1177 if (hasBasicAuthEnabled)
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1178 {
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1179 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: you are using the plugin to grant access to resources or handle user permissions. This is not compatible with \"AuthenticationEnabled\" = true");
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1180 }
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1181
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1182 LOG(WARNING) << "Authorization plugin: Registering Incoming HTTP Request Filter";
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1183
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1184 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
81 fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1185 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1186 #else
81 fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1187 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback);
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1188 #endif
81 fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1189 }
fac45493d547 more flexibility wrt configuration Alain Mazy <am@osimis.io> parents: 77 diff changeset	1190
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1191 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1192 else
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1193 {
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: 69 diff changeset	1194 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, "
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1195 << "the authorization plugin is disabled";
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1196 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1197 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1198 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1199 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1200 LOG(ERROR) << e.What();
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1201 return -1;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1202 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1203
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1204 return 0;
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1205 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1206
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1207
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1208 ORTHANC_PLUGINS_API void OrthancPluginFinalize()
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1209 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1210 authorizationParser_.reset(NULL);
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1211 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1212
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1213
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1214 ORTHANC_PLUGINS_API const char* OrthancPluginGetName()
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1215 {
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1216 return "authorization";
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1217 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1218
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1219
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1220 ORTHANC_PLUGINS_API const char* OrthancPluginGetVersion()
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1221 {
22 c44013681a51 now using the Orthanc framework Sebastien Jodogne <s.jodogne@gmail.com> parents: 8 diff changeset	1222 return ORTHANC_PLUGIN_VERSION;
1 d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1223 }
d5d3cb00556a initial release Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1224 }

Mercurial > hg > orthanc-authorization

annotate Plugin/Plugin.cpp @ 114:546aea509427