Mercurial > hg > orthanc-authorization
annotate Plugin/PermissionParser.cpp @ 194:85859ec3aa7e
added support for roles/permissions edition
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Fri, 14 Jun 2024 16:26:53 +0200 |
parents | c4b908970ae4 |
children | 2f1e872e8eaa |
rev | line source |
---|---|
71 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium | |
150 | 4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
188
c4b908970ae4
updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
150
diff
changeset
|
5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium |
71 | 6 * |
7 * This program is free software: you can redistribute it and/or | |
8 * modify it under the terms of the GNU Affero General Public License | |
9 * as published by the Free Software Foundation, either version 3 of | |
10 * the License, or (at your option) any later version. | |
11 * | |
12 * This program is distributed in the hope that it will be useful, but | |
13 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 * Affero General Public License for more details. | |
16 * | |
17 * You should have received a copy of the GNU Affero General Public License | |
18 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 **/ | |
20 | |
21 #include "PermissionParser.h" | |
22 | |
23 #include <Toolbox.h> | |
24 #include <OrthancException.h> | |
25 #include <Logging.h> | |
26 | |
27 namespace OrthancPlugins | |
28 { | |
29 PermissionPattern::PermissionPattern(const OrthancPluginHttpMethod& method, const std::string& patternRegex, const std::string& permissions) : | |
30 method(method), | |
31 pattern(patternRegex) | |
32 { | |
74 | 33 if (!permissions.empty()) |
34 { | |
35 std::vector<std::string> permissionsVector; | |
36 Orthanc::Toolbox::TokenizeString(permissionsVector, permissions, '|'); | |
71 | 37 |
74 | 38 for (size_t i = 0; i < permissionsVector.size(); ++i) |
39 { | |
40 this->permissions.insert(permissionsVector[i]); | |
41 } | |
71 | 42 } |
43 } | |
44 | |
45 | |
46 static void Replace(std::string& text, const std::string& findText, const std::string& replaceText) | |
47 { | |
48 size_t pos = text.find(findText); | |
49 if (pos != std::string::npos) | |
50 { | |
51 text = text.replace(pos, findText.size(), replaceText); | |
52 } | |
53 } | |
54 | |
55 | |
56 static void StripLeadingAndTrailingSlashes(std::string& text) | |
57 { | |
58 if (text.size() > 1 && text[0] == '/') | |
59 { | |
60 text = text.substr(1, text.size() -1); | |
61 } | |
62 if (text.size() > 1 && text[text.size() - 1] == '/') | |
63 { | |
64 text = text.substr(0, text.size() -1); | |
65 } | |
66 } | |
67 | |
68 | |
69 PermissionParser::PermissionParser(const std::string& dicomWebRoot, const std::string& oe2Root) : | |
70 dicomWebRoot_(dicomWebRoot), | |
71 oe2Root_(oe2Root) | |
72 { | |
73 } | |
74 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
75 void PermissionParser::Add(const Json::Value& configuration, const IAuthorizationParser* authorizationParser) |
71 | 76 { |
77 if (configuration.type() != Json::arrayValue) | |
78 { | |
79 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions should be an array."); | |
80 } | |
81 | |
82 for (Json::ArrayIndex i = 0; i < configuration.size(); ++i) | |
83 { | |
84 const Json::Value& permission = configuration[i]; | |
85 if (permission.type() != Json::arrayValue || permission.size() < 3) | |
86 { | |
87 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions elements should be an array of min size 3."); | |
88 } | |
89 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
90 if (permission[1].asString() == "SINGLE_RESOURCE_PATTERNS") |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
91 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
92 std::vector<boost::regex> singleResourcePatterns; |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
93 authorizationParser->GetSingleResourcePatterns(singleResourcePatterns); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
94 |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
95 for (std::vector<boost::regex>::const_iterator it = singleResourcePatterns.begin(); it != singleResourcePatterns.end(); ++it) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
96 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
97 Add(permission[0].asString(), // 0 = HTTP method |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
98 it->str(), // 1 = pattern |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
99 permission[2].asString() // 2 = list of | separated permissions (no space) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
100 // 3 = optional comment |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
101 ); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
102 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
103 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
104 else |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
105 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
106 Add(permission[0].asString(), // 0 = HTTP method |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
107 permission[1].asString(), // 1 = pattern |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
108 permission[2].asString() // 2 = list of | separated permissions (no space) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
109 // 3 = optional comment |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
110 ); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
111 } |
71 | 112 } |
113 | |
114 } | |
115 | |
116 void PermissionParser::Add(const std::string& method, | |
117 const std::string& patternRegex, | |
118 const std::string& permission) | |
119 { | |
120 std::string lowerCaseMethod; | |
121 Orthanc::Toolbox::ToLowerCase(lowerCaseMethod, method); | |
122 OrthancPluginHttpMethod parsedMethod = OrthancPluginHttpMethod_Get; | |
123 | |
124 if (lowerCaseMethod == "post") | |
125 { | |
126 parsedMethod = OrthancPluginHttpMethod_Post; | |
127 } | |
128 else if (lowerCaseMethod == "put") | |
129 { | |
130 parsedMethod = OrthancPluginHttpMethod_Put; | |
131 } | |
132 else if (lowerCaseMethod == "delete") | |
133 { | |
134 parsedMethod = OrthancPluginHttpMethod_Delete; | |
135 } | |
136 else if (lowerCaseMethod == "get") | |
137 { | |
138 parsedMethod = OrthancPluginHttpMethod_Get; | |
139 } | |
140 else | |
141 { | |
142 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange, std::string("Invalid HTTP method ") + method); | |
143 } | |
144 | |
145 std::string regex = patternRegex; | |
146 std::string strippedDicomWebRoot = dicomWebRoot_; | |
147 | |
148 StripLeadingAndTrailingSlashes(strippedDicomWebRoot); | |
149 Replace(regex, "DICOM_WEB_ROOT", strippedDicomWebRoot); | |
150 | |
151 LOG(WARNING) << "Authorization plugin: adding a new permission pattern: " << lowerCaseMethod << " " << regex << " - " << permission; | |
152 | |
153 permissionsPattern_.push_back(PermissionPattern(parsedMethod, regex, permission)); | |
194
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
154 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
155 { // extract individual permissions |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
156 std::set<std::string> permissions; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
157 Orthanc::Toolbox::SplitString(permissions, permission, '|'); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
158 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
159 for (std::set<std::string>::const_iterator it = permissions.begin(); it != permissions.end(); ++it) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
160 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
161 if (!it->empty()) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
162 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
163 permissionsList_.insert(*it); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
164 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
165 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
166 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
167 } |
71 | 168 } |
169 | |
170 bool PermissionParser::Parse(std::set<std::string>& permissions, | |
171 std::string& matchedPattern, | |
172 const OrthancPluginHttpMethod& method, | |
173 const std::string& uri) const | |
174 { | |
175 // The mutex below should not be necessary, but we prefer to | |
176 // ensure thread safety in boost::regex | |
177 boost::mutex::scoped_lock lock(mutex_); | |
178 | |
179 | |
180 for (std::list<PermissionPattern>::const_iterator it = permissionsPattern_.begin(); | |
181 it != permissionsPattern_.end(); ++it) | |
182 { | |
183 if (method == it->method) | |
184 { | |
185 boost::smatch what; | |
186 if (boost::regex_match(uri, what, it->pattern)) | |
187 { | |
188 matchedPattern = it->pattern.expression(); | |
189 permissions = it->permissions; | |
190 return true; | |
191 } | |
192 } | |
193 } | |
194 | |
195 return false; | |
196 } | |
197 } |