Mercurial > hg > orthanc-authorization
annotate NEWS @ 168:66c43e0021c1 0.7.2
0.7.2
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Thu, 16 May 2024 10:25:32 +0200 |
parents | e406ef204e3a |
children | 85859ec3aa7e |
rev | line source |
---|---|
168 | 1 2024-05-16 - v 0.7.2 |
2 ==================== | |
159 | 3 |
165
99bdc05012c0
fix wrong forbidden access to dicom-web resources for users with access to all labels
Alain Mazy <am@orthanc.team>
parents:
159
diff
changeset
|
4 * Fix wrong forbidden access to /dicom-web/studies/../series for users who |
99bdc05012c0
fix wrong forbidden access to dicom-web resources for users with access to all labels
Alain Mazy <am@orthanc.team>
parents:
159
diff
changeset
|
5 had "authorized_labels"=="*" |
167
e406ef204e3a
new default permissions for create-dicom + stl routes
Alain Mazy <am@orthanc.team>
parents:
165
diff
changeset
|
6 * Added new default permissions for /tools/create-dicom, |
e406ef204e3a
new default permissions for create-dicom + stl routes
Alain Mazy <am@orthanc.team>
parents:
165
diff
changeset
|
7 /stl/encode-rtstruct, /stl/encode-nifti |
159 | 8 |
158 | 9 2024-03-25 - v 0.7.1 |
10 ==================== | |
152
9f686ee4b158
Added missing parsing of /dicom-web/studies/.../instances
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
11 |
9f686ee4b158
Added missing parsing of /dicom-web/studies/.../instances
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
12 * Added missing parsing of /dicom-web/studies/.../instances |
153
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
13 * Clarification: the "authorized_labels" field of the user profile |
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
14 is actually a list of studies authorized labels ! |
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
15 * The tools/find has been updated to take this into account and will |
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
16 possibly refuse to perform tools/find at instance or series level if there |
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
17 is no StudyInstanceUID in the query. |
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
18 This fixes forbidden access to e.g. /dicom-web/studies/../series/../instances/.. |
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
19 on studies that have at least one authorized_labels. |
154
ae1bd3d15f81
add GET argument tokens as HTTP headers in the query to the auth-service
Alain Mazy <am@osimis.io>
parents:
153
diff
changeset
|
20 * The GET argument tokens are now also added as HTTP headers in the query to the |
ae1bd3d15f81
add GET argument tokens as HTTP headers in the query to the auth-service
Alain Mazy <am@osimis.io>
parents:
153
diff
changeset
|
21 auth-service (this was already done only for Header tokens). |
157
9434bb40e27c
The default permissions have been updated to handle /system & /plugins/...
Alain Mazy <am@osimis.io>
parents:
154
diff
changeset
|
22 * The default permissions have been updated to handle /system & /plugins/... |
153
3683f3d083bd
fix tools/find to allow accessing /dicom-web/studies/../series/../instances/.. on studies that have at least one authorized_labels
Alain Mazy <am@osimis.io>
parents:
152
diff
changeset
|
23 |
152
9f686ee4b158
Added missing parsing of /dicom-web/studies/.../instances
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
24 |
150 | 25 2024-02-16 - v 0.7.0 |
26 ==================== | |
146
f294a3c6dbe6
Added 2 new default permissions for dicom-web (get and post on dicom-web/studies)
Alain Mazy <am@osimis.io>
parents:
142
diff
changeset
|
27 |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
28 * Added new default permissions "SINGLE_RESOURCE_PATTERNS" and |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
29 reorganized the permissions accordingly. |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
30 This notably facilitate accessing a single resource with a user token. |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
31 The plugins first check that the user has the right permissions to access the route |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
32 and then, the plugins check if the study has one of the authorized_labels |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
33 of the user. This notably improves user token handling outside of OE2 |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
34 e.g when using api-key. |
146
f294a3c6dbe6
Added 2 new default permissions for dicom-web (get and post on dicom-web/studies)
Alain Mazy <am@osimis.io>
parents:
142
diff
changeset
|
35 |
f294a3c6dbe6
Added 2 new default permissions for dicom-web (get and post on dicom-web/studies)
Alain Mazy <am@osimis.io>
parents:
142
diff
changeset
|
36 |
142 | 37 2023-12-19 - v 0.6.2 |
140 | 38 ==================== |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
39 |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
40 * Now handling new GET /tools/create-archive and sibling routes. |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
41 |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
42 |
140 | 43 2023-11-13 - v 0.6.1 |
44 ==================== | |
126
8b123c2adb69
now overriding /tools/find and /tools/labels only if the auth-service is providing user profile
Alain Mazy <am@osimis.io>
parents:
122
diff
changeset
|
45 |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
46 * Updated default "Permissions" configuration to take the "/merge" routes |
127
8591a0c1fa2a
updated default 'Permissions' configuration to take the '/merge' routes into account
Alain Mazy <am@osimis.io>
parents:
126
diff
changeset
|
47 into account. |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
48 * Now overriding /tools/find and /tools/labels only if the auth-service |
126
8b123c2adb69
now overriding /tools/find and /tools/labels only if the auth-service is providing user profile
Alain Mazy <am@osimis.io>
parents:
122
diff
changeset
|
49 is providing user profiles ("WebServiceUserProfileUrl" has been configured). |
8b123c2adb69
now overriding /tools/find and /tools/labels only if the auth-service is providing user profile
Alain Mazy <am@osimis.io>
parents:
122
diff
changeset
|
50 |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
51 |
140 | 52 2023-09-18 - v 0.6.0 |
53 ==================== | |
121 | 54 |
55 * Now handling permissions based on labels from a user profile: | |
56 - filter the results from tools/find to grant access only to the | |
57 authorized_labels from the user profile | |
58 - grants access to resources (studies) based on their labels and | |
59 the authorized_labels from the user profile. | |
60 - check the https://github.com/orthanc-team/orthanc-auth-service | |
61 sample project for more details | |
135
c14b49c6eb6b
migration to UCLouvain servers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
129
diff
changeset
|
62 * Added integration tests in the https://orthanc.uclouvain.be/hg/orthanc-tests/ |
121 | 63 repository. |
64 | |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
65 |
104 | 66 2023-06-21 - v 0.5.3 |
67 ==================== | |
68 | |
102
18d3f7bd18db
new standard configuration 'ohif'
Alain Mazy <am@osimis.io>
parents:
100
diff
changeset
|
69 * New standard configuration "ohif" |
100
760fd9ad7007
new default permissions for labels
Alain Mazy <am@osimis.io>
parents:
98
diff
changeset
|
70 * new default permissions for labels |
98
c82f0c7d2c6a
Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes
Alain Mazy <am@osimis.io>
parents:
96
diff
changeset
|
71 * Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes |
c82f0c7d2c6a
Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes
Alain Mazy <am@osimis.io>
parents:
96
diff
changeset
|
72 |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
73 |
96 | 74 2023-05-15 - v 0.5.2 |
75 ==================== | |
95
dff72e397f90
fix standard configuration 'orthanc-explorer-2' for TokenGetArguments
Alain Mazy <am@osimis.io>
parents:
93
diff
changeset
|
76 |
dff72e397f90
fix standard configuration 'orthanc-explorer-2' for TokenGetArguments
Alain Mazy <am@osimis.io>
parents:
93
diff
changeset
|
77 * Fix standard configuration "orthanc-explorer-2": consider the "token" |
dff72e397f90
fix standard configuration 'orthanc-explorer-2' for TokenGetArguments
Alain Mazy <am@osimis.io>
parents:
93
diff
changeset
|
78 Get arguments |
dff72e397f90
fix standard configuration 'orthanc-explorer-2' for TokenGetArguments
Alain Mazy <am@osimis.io>
parents:
93
diff
changeset
|
79 |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
137
diff
changeset
|
80 |
93 | 81 2023-04-15 - v 0.5.1 |
82 ==================== | |
89 | 83 |
90
bb4c32b25c5d
Added a default permission for /changes
Alain Mazy <am@osimis.io>
parents:
89
diff
changeset
|
84 * Added a default permission for /toolk/bulk-delete |
bb4c32b25c5d
Added a default permission for /changes
Alain Mazy <am@osimis.io>
parents:
89
diff
changeset
|
85 * Added a default permission for /changes |
91
50b18e7a254d
Added a default permission for /auth/tokens/ohif-viewer-publication
Alain Mazy <am@osimis.io>
parents:
90
diff
changeset
|
86 * Added a default permission for /auth/tokens/ohif-viewer-publication |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
91
diff
changeset
|
87 * QIDO-RS now supports named tags in get arguments |
89 | 88 |
89 | |
84 | 90 2023-03-17 - v 0.5.0 |
91 ==================== | |
92 | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
93 * BREAKING-CHANGE: the API between the authorization plugin and the |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
94 WebService has slightly changed. Check the samples in the README (TODO). |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
95 - "identifier" has been renamed into "server-id" |
71 | 96 * new user-permission based authorization model. This is enabled if you |
97 define the new "WebServiceUserProfileUrl" configuration. | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
98 * new "orthanc-explorer-2" StandardConfigurations |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
99 * new GET "auth/user/profile" Rest API route to retrieve user permissions |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
100 * new PUT "auth/tokens/{token-type}" Rest API route to create tokens |
74 | 101 * new POST "auth/tokens/decode" Rest API route to decode tokens |
84 | 102 * these 3 new routes required an updated auth-web-service. |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
103 * SECURITY FIX: in prior versions, it was possible to browse remote |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
104 dicom-web servers without being authenticated. (The API routes |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
105 /dicom-web/servers/.../studies were unprotected). The local |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
106 dicom-web server was correctly protected. |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
107 |
65 | 108 |
63 | 109 2022-11-16 - v 0.4.1 |
62
222f0652025f
fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents:
60
diff
changeset
|
110 ==================== |
222f0652025f
fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents:
60
diff
changeset
|
111 |
222f0652025f
fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents:
60
diff
changeset
|
112 * fix: get argument values were transformed to lower case |
222f0652025f
fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents:
60
diff
changeset
|
113 * the "osimis-web-viewer" StandardConfigurations now take into account |
222f0652025f
fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents:
60
diff
changeset
|
114 the token get argument used when downloading a study from the UI |
222f0652025f
fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents:
60
diff
changeset
|
115 |
60 | 116 2022-11-10 - v 0.4.0 |
117 ==================== | |
53 | 118 |
58
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
119 * new configuration option "CheckedLevel" that is clearer than "UncheckedLevels". |
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
120 "UncheckedLevels" remains for backward compatibility. |
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
121 Allowed values: "patients", "studies", "series", "instances" |
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
122 * new configuration option "StandardConfigurations" to replace multiple configurations. |
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
123 Allowed values: "osimis-web-viewer", "stone-webviewer" |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
124 * added support for QIDO-RS query arguments (e.g: /dicom-web/studies?0020000D=1.2.3&...) |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
58
diff
changeset
|
125 * possible BREAKING_CHANGE: if "TokenHttpHeaders" is set to "Authorization" and if |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
58
diff
changeset
|
126 "WebServiceUsername" is defined, the "Authorization" header of the HTTP request |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
58
diff
changeset
|
127 sent to the auth-service will contain the basic auth info from WebServiceUsername and |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
58
diff
changeset
|
128 WebServicePassword. You should get the "Authorization" value from the token-value field |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
58
diff
changeset
|
129 of the payload sent to the auth-service. |
58
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
130 |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
131 2022-09-26 - v 0.3.0 |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
132 ==================== |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
133 |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
134 * Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
135 * The WebServiceIdentifier is now included in the payload sent to the WebService as the |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
136 "identifier" field. |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
53
diff
changeset
|
137 |
53 | 138 |
52 | 139 2022-05-13 - v 0.2.5 |
140 ==================== | |
1 | 141 |
50 | 142 * Fix osimis-viewer route |
43 | 143 |
58
ad279c70c22d
added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
144 |
43 | 145 2020-12-10 - v 0.2.4 |
146 ==================== | |
147 | |
28
ae19947abf68
Added support for Osimis Web Viewer new route (osimis-viewer/custom-command/)
am@osimis.io
parents:
25
diff
changeset
|
148 * Added support for Osimis Web Viewer new route (osimis-viewer/custom-command/) |
38 | 149 * Support of dynamic linking against the system-wide Orthanc framework library |
28
ae19947abf68
Added support for Osimis Web Viewer new route (osimis-viewer/custom-command/)
am@osimis.io
parents:
25
diff
changeset
|
150 |
43 | 151 |
25 | 152 2018-08-13 - v 0.2.3 |
153 ==================== | |
154 | |
24 | 155 * Compatibility with Linux Standard Base |
156 * Now using the Orthanc framework | |
1 | 157 |
43 | 158 |
25 | 159 2018-07-19 - v 0.2.2 |
160 ==================== | |
161 | |
162 * Added automated build | |
163 | |
43 | 164 |
16 | 165 2018-03-09 - v 0.2.1 |
166 ==================== | |
167 | |
168 * Upgraded sdk to 1.3.1 | |
169 | |
43 | 170 |
12 | 171 2018-03-08 - v 0.2.0 |
172 ==================== | |
173 | |
174 * Added support for Osimis Web Viewer | |
175 | |
1 | 176 |
177 2017-03-22 | |
178 ========== | |
179 | |
180 * Initial release |