71
|
1 /**
|
|
2 * Advanced authorization plugin for Orthanc
|
|
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
|
150
|
4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium
|
71
|
5 *
|
|
6 * This program is free software: you can redistribute it and/or
|
|
7 * modify it under the terms of the GNU Affero General Public License
|
|
8 * as published by the Free Software Foundation, either version 3 of
|
|
9 * the License, or (at your option) any later version.
|
|
10 *
|
|
11 * This program is distributed in the hope that it will be useful, but
|
|
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
14 * Affero General Public License for more details.
|
|
15 *
|
|
16 * You should have received a copy of the GNU Affero General Public License
|
|
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
18 **/
|
|
19
|
|
20 #pragma once
|
|
21
|
|
22 #include "IAuthorizationService.h"
|
|
23
|
|
24
|
|
25 namespace OrthancPlugins
|
|
26 {
|
|
27 class CachedAuthorizationService;
|
|
28
|
|
29 class BaseAuthorizationService : public IAuthorizationService
|
|
30 {
|
|
31 friend CachedAuthorizationService;
|
|
32 protected:
|
|
33 virtual bool IsGrantedInternal(unsigned int& validity,
|
|
34 OrthancPluginHttpMethod method,
|
|
35 const AccessedResource& access,
|
|
36 const Token* token,
|
|
37 const std::string& tokenValue) = 0;
|
|
38
|
|
39 virtual bool GetUserProfileInternal(unsigned int& validity,
|
109
|
40 UserProfile& profile /* out */,
|
71
|
41 const Token* token,
|
|
42 const std::string& tokenValue) = 0;
|
|
43
|
|
44 virtual bool HasUserPermissionInternal(unsigned int& validity,
|
|
45 const std::string& permission,
|
113
|
46 const UserProfile& profile) = 0;
|
71
|
47
|
|
48 public:
|
|
49 virtual ~BaseAuthorizationService()
|
|
50 {
|
|
51 }
|
|
52
|
|
53 virtual bool IsGranted(unsigned int& validity,
|
|
54 OrthancPluginHttpMethod method,
|
|
55 const AccessedResource& access,
|
|
56 const Token& token,
|
|
57 const std::string& tokenValue)
|
|
58 {
|
|
59 return IsGrantedInternal(validity, method, access, &token, tokenValue);
|
|
60 }
|
|
61
|
|
62 virtual bool IsGrantedToAnonymousUser(unsigned int& validity,
|
|
63 OrthancPluginHttpMethod method,
|
|
64 const AccessedResource& access)
|
|
65 {
|
|
66 return IsGrantedInternal(validity, method, access, NULL, "");
|
|
67 }
|
|
68
|
|
69 virtual bool GetUserProfile(unsigned int& validity,
|
109
|
70 UserProfile& profile /* out */,
|
71
|
71 const Token& token,
|
|
72 const std::string& tokenValue)
|
|
73 {
|
|
74 return GetUserProfileInternal(validity, profile, &token, tokenValue);
|
|
75 }
|
|
76
|
|
77 virtual bool GetAnonymousUserProfile(unsigned int& validity /* out */,
|
109
|
78 UserProfile& profile /* out */)
|
71
|
79 {
|
|
80 return GetUserProfileInternal(validity, profile, NULL, "");
|
|
81 }
|
|
82
|
|
83 virtual bool HasUserPermission(unsigned int& validity /* out */,
|
|
84 const std::set<std::string>& anyOfPermissions,
|
113
|
85 const UserProfile& profile)
|
71
|
86 {
|
74
|
87 if (anyOfPermissions.size() == 0)
|
|
88 {
|
|
89 return true;
|
|
90 }
|
|
91
|
71
|
92 for (std::set<std::string>::const_iterator it = anyOfPermissions.begin(); it != anyOfPermissions.end(); ++it)
|
|
93 {
|
113
|
94 if (HasUserPermissionInternal(validity, *it, profile))
|
71
|
95 {
|
|
96 return true;
|
|
97 }
|
|
98 }
|
|
99 return false;
|
|
100 }
|
|
101
|
|
102 virtual bool HasAnonymousUserPermission(unsigned int& validity /* out */,
|
|
103 const std::set<std::string>& anyOfPermissions)
|
|
104 {
|
74
|
105 if (anyOfPermissions.size() == 0)
|
|
106 {
|
|
107 return true;
|
|
108 }
|
|
109
|
113
|
110 UserProfile anonymousUserProfile;
|
|
111 anonymousUserProfile.tokenType = TokenType_None;
|
|
112
|
71
|
113 for (std::set<std::string>::const_iterator it = anyOfPermissions.begin(); it != anyOfPermissions.end(); ++it)
|
|
114 {
|
113
|
115 if (HasUserPermissionInternal(validity, *it, anonymousUserProfile))
|
71
|
116 {
|
|
117 return true;
|
|
118 }
|
|
119 }
|
|
120 return false;
|
|
121 }
|
|
122 };
|
|
123 }
|