Mercurial > hg > orthanc-authorization
annotate Plugin/AuthorizationWebService.cpp @ 150:9be1ee2b8fe1 0.7.0
0.7.0
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 16 Feb 2024 08:39:33 +0100 |
parents | 89eddd4b2f6a |
children | ae1bd3d15f81 |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
150 | 4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
1 | 5 * |
6 * This program is free software: you can redistribute it and/or | |
7 * modify it under the terms of the GNU Affero General Public License | |
8 * as published by the Free Software Foundation, either version 3 of | |
9 * the License, or (at your option) any later version. | |
10 * | |
11 * This program is distributed in the hope that it will be useful, but | |
12 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 * Affero General Public License for more details. | |
15 * | |
16 * You should have received a copy of the GNU Affero General Public License | |
17 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
18 **/ | |
19 | |
20 #include "AuthorizationWebService.h" | |
21 | |
34 | 22 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" |
23 | |
32 | 24 #include <Logging.h> |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
25 #include <Toolbox.h> |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
26 #include <HttpClient.h> |
71 | 27 #include <algorithm> |
109 | 28 #include "SerializationToolbox.h" |
1 | 29 |
30 namespace OrthancPlugins | |
31 { | |
71 | 32 static const char* GRANTED = "granted"; |
33 static const char* VALIDITY = "validity"; | |
34 static const char* PERMISSIONS = "permissions"; | |
109 | 35 static const char* AUTHORIZED_LABELS = "authorized-labels"; |
36 static const char* USER_NAME = "name"; | |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
37 |
71 | 38 |
1 | 39 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
40 OrthancPluginHttpMethod method, | |
41 const AccessedResource& access, | |
42 const Token* token, | |
43 const std::string& tokenValue) | |
44 { | |
45 Json::Value body = Json::objectValue; | |
46 | |
47 switch (method) | |
48 { | |
49 case OrthancPluginHttpMethod_Get: | |
50 body["method"] ="get"; | |
51 break; | |
52 | |
53 case OrthancPluginHttpMethod_Post: | |
54 body["method"] ="post"; | |
55 break; | |
56 | |
57 case OrthancPluginHttpMethod_Put: | |
58 body["method"] ="put"; | |
59 break; | |
60 | |
61 case OrthancPluginHttpMethod_Delete: | |
62 body["method"] ="delete"; | |
63 break; | |
64 | |
65 default: | |
66 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange); | |
67 } | |
68 | |
69 body["level"] = EnumerationToString(access.GetLevel()); | |
70 | |
71 if (access.GetLevel() == AccessLevel_System) | |
72 { | |
73 body["uri"] = access.GetOrthancId(); | |
74 } | |
75 else | |
76 { | |
77 body["orthanc-id"] = access.GetOrthancId(); | |
78 body["dicom-uid"] = access.GetDicomUid(); | |
79 } | |
80 | |
81 if (token != NULL) | |
82 { | |
83 body["token-key"] = token->GetKey(); | |
84 body["token-value"] = tokenValue; | |
85 } | |
86 | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
87 if (!identifier_.empty()) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
88 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
89 body["server-id"] = identifier_; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
90 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
91 else |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
92 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
93 body["server-id"] = Json::nullValue; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
94 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
95 |
109 | 96 if (access.GetLabels().size() > 0) |
97 { | |
98 Orthanc::SerializationToolbox::WriteSetOfStrings(body, access.GetLabels(), "labels"); | |
99 } | |
100 | |
70 | 101 Orthanc::WebServiceParameters authWebservice; |
102 | |
103 if (!username_.empty()) | |
104 { | |
105 authWebservice.SetCredentials(username_, password_); | |
106 } | |
1 | 107 |
70 | 108 std::string bodyAsString; |
109 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
110 | |
111 Orthanc::HttpClient authClient(authWebservice, ""); | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
112 authClient.SetUrl(tokenValidationUrl_); |
70 | 113 authClient.AssignBody(bodyAsString); |
114 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
115 authClient.AddHeader("Content-Type", "application/json"); | |
116 authClient.AddHeader("Expect", ""); | |
117 authClient.SetTimeout(10); | |
118 | |
1 | 119 if (token != NULL && |
120 token->GetType() == TokenType_HttpHeader) | |
121 { | |
122 // If the token source is a HTTP header, forward it also as a | |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
123 // HTTP header except if it is the Authorization header that might conflict with username_ and password_ |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
124 std::string lowerTokenKey; |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
125 Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey()); |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
126 |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
127 if (!(lowerTokenKey == "authorization" && !username_.empty())) |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
128 { |
70 | 129 authClient.AddHeader(token->GetKey(), tokenValue); |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
130 } |
1 | 131 } |
132 | |
133 Json::Value answer; | |
70 | 134 authClient.ApplyAndThrowException(answer); |
1 | 135 |
136 if (answer.type() != Json::objectValue || | |
137 !answer.isMember(GRANTED) || | |
138 answer[GRANTED].type() != Json::booleanValue || | |
139 (answer.isMember(VALIDITY) && | |
140 answer[VALIDITY].type() != Json::intValue)) | |
141 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
142 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
143 "Syntax error in the result of the Web service"); |
1 | 144 } |
145 | |
146 validity = 0; | |
147 if (answer.isMember(VALIDITY)) | |
148 { | |
149 int tmp = answer[VALIDITY].asInt(); | |
150 if (tmp < 0) | |
151 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
152 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
153 "A validity duration cannot be negative"); |
1 | 154 } |
155 | |
156 validity = static_cast<unsigned int>(tmp); | |
157 } | |
158 | |
159 return answer[GRANTED].asBool(); | |
160 } | |
161 | |
162 | |
163 void AuthorizationWebService::SetCredentials(const std::string& username, | |
164 const std::string& password) | |
165 { | |
166 username_ = username; | |
167 password_ = password; | |
168 } | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
169 |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
170 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
171 { |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
172 identifier_ = webServiceIdentifier; |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
173 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
174 |
74 | 175 |
176 bool AuthorizationWebService::DecodeToken(DecodedToken& response, | |
177 const std::string& tokenKey, | |
178 const std::string& tokenValue) | |
179 { | |
180 if (tokenDecoderUrl_.empty()) | |
181 { | |
182 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenValidationUrl' is not configured"); | |
183 } | |
184 Orthanc::WebServiceParameters authWebservice; | |
185 | |
186 if (!username_.empty()) | |
187 { | |
188 authWebservice.SetCredentials(username_, password_); | |
189 } | |
190 | |
191 Json::Value body; | |
192 | |
193 body["token-key"] = tokenKey; | |
194 body["token-value"] = tokenValue; | |
195 | |
196 std::string bodyAsString; | |
197 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
198 | |
199 Json::Value tokenResponse; | |
200 try | |
201 { | |
202 Orthanc::HttpClient authClient(authWebservice, ""); | |
203 authClient.SetUrl(tokenDecoderUrl_); | |
204 authClient.AssignBody(bodyAsString); | |
205 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
206 authClient.AddHeader("Content-Type", "application/json"); | |
207 authClient.AddHeader("Expect", ""); | |
208 authClient.SetTimeout(10); | |
209 | |
210 authClient.ApplyAndThrowException(tokenResponse); | |
211 | |
212 if (tokenResponse.isMember("redirect-url")) | |
213 { | |
214 response.redirectUrl = tokenResponse["redirect-url"].asString(); | |
215 } | |
216 | |
217 if (tokenResponse.isMember("error-code")) | |
218 { | |
219 response.errorCode = tokenResponse["error-code"].asString(); | |
220 } | |
221 | |
222 if (tokenResponse.isMember("token-type")) | |
223 { | |
224 response.tokenType = tokenResponse["token-type"].asString(); | |
225 } | |
226 | |
227 return true; | |
228 } | |
229 catch (Orthanc::OrthancException& ex) | |
230 { | |
231 return false; | |
232 } | |
233 | |
234 } | |
235 | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
236 bool AuthorizationWebService::CreateToken(IAuthorizationService::CreatedToken& response, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
237 const std::string& tokenType, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
238 const std::string& id, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
239 const std::vector<IAuthorizationService::OrthancResource>& resources, |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
240 const std::string& expirationDateString, |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
241 const uint64_t& validityDuration) |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
242 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
243 if (tokenCreationBaseUrl_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
244 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
245 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenCreationBaseUrl' is not configured"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
246 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
247 std::string url = Orthanc::Toolbox::JoinUri(tokenCreationBaseUrl_, tokenType); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
248 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
249 Orthanc::WebServiceParameters authWebservice; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
250 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
251 if (!username_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
252 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
253 authWebservice.SetCredentials(username_, password_); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
254 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
255 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
256 Json::Value body; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
257 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
258 if (!id.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
259 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
260 body["id"] = id; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
261 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
262 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
263 body["resources"] = Json::arrayValue; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
264 for (size_t i = 0; i < resources.size(); ++i) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
265 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
266 Json::Value resource; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
267 if (!resources[i].dicomUid.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
268 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
269 resource["dicom-uid"] = resources[i].dicomUid; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
270 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
271 if (!resources[i].orthancId.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
272 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
273 resource["orthanc-id"] = resources[i].orthancId; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
274 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
275 if (!resources[i].url.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
276 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
277 resource["url"] = resources[i].url; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
278 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
279 if (!resources[i].level.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
280 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
281 resource["level"] = resources[i].level; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
282 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
283 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
284 body["resources"].append(resource); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
285 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
286 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
287 body["type"] = tokenType; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
288 if (!expirationDateString.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
289 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
290 body["expiration-date"] = expirationDateString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
291 } |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
292 if (validityDuration > 0) |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
293 { |
86 | 294 body["validity-duration"] = Json::UInt64(validityDuration); |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
295 } |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
296 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
297 std::string bodyAsString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
298 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
299 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
300 Json::Value tokenResponse; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
301 try |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
302 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
303 Orthanc::HttpClient authClient(authWebservice, ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
304 authClient.SetUrl(url); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
305 authClient.AssignBody(bodyAsString); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
306 authClient.SetMethod(Orthanc::HttpMethod_Put); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
307 authClient.AddHeader("Content-Type", "application/json"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
308 authClient.AddHeader("Expect", ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
309 authClient.SetTimeout(10); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
310 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
311 authClient.ApplyAndThrowException(tokenResponse); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
312 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
313 response.token = tokenResponse["token"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
314 response.url = tokenResponse["url"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
315 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
316 return true; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
317 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
318 catch (Orthanc::OrthancException& ex) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
319 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
320 return false; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
321 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
322 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
323 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
324 |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
325 void AuthorizationWebService::ToJson(Json::Value& jsonProfile, const UserProfile& profile) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
326 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
327 jsonProfile = Json::objectValue; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
328 jsonProfile[USER_NAME] = profile.name; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
329 Orthanc::SerializationToolbox::WriteSetOfStrings(jsonProfile, profile.authorizedLabels, AUTHORIZED_LABELS); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
330 Orthanc::SerializationToolbox::WriteSetOfStrings(jsonProfile, profile.permissions, PERMISSIONS); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
331 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
332 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
333 void AuthorizationWebService::FromJson(UserProfile& profile, const Json::Value& jsonProfile) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
334 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
335 if (jsonProfile.type() != Json::objectValue || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
336 !jsonProfile.isMember(PERMISSIONS) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
337 !jsonProfile.isMember(AUTHORIZED_LABELS) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
338 !jsonProfile.isMember(USER_NAME) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
339 jsonProfile[PERMISSIONS].type() != Json::arrayValue || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
340 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
341 jsonProfile[USER_NAME].type() != Json::stringValue) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
342 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
343 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
344 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
345 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
346 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
347 profile.name = jsonProfile[USER_NAME].asString(); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
348 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
349 for (Json::ArrayIndex i = 0; i < jsonProfile[PERMISSIONS].size(); ++i) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
350 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
351 profile.permissions.insert(jsonProfile[PERMISSIONS][i].asString()); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
352 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
353 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
354 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
355 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
356 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
357 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
358 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
359 |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
360 |
71 | 361 bool AuthorizationWebService::GetUserProfileInternal(unsigned int& validity, |
109 | 362 UserProfile& profile /* out */, |
71 | 363 const Token* token, |
364 const std::string& tokenValue) | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
365 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
366 if (userProfileUrl_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
367 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
368 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
369 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
370 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
371 Orthanc::WebServiceParameters authWebservice; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
372 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
373 if (!username_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
374 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
375 authWebservice.SetCredentials(username_, password_); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
376 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
377 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
378 Json::Value body; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
379 |
71 | 380 if (token != NULL) |
381 { | |
382 body["token-key"] = token->GetKey(); | |
383 body["token-value"] = tokenValue; | |
384 } | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
385 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
386 if (!identifier_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
387 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
388 body["identifier"] = identifier_; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
389 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
390 else |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
391 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
392 body["identifier"] = Json::nullValue; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
393 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
394 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
395 std::string bodyAsString; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
396 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
397 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
398 try |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
399 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
400 Orthanc::HttpClient authClient(authWebservice, ""); |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
401 authClient.SetUrl(userProfileUrl_); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
402 authClient.AssignBody(bodyAsString); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
403 authClient.SetMethod(Orthanc::HttpMethod_Post); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
404 authClient.AddHeader("Content-Type", "application/json"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
405 authClient.AddHeader("Expect", ""); |
70 | 406 authClient.SetTimeout(10); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
407 |
109 | 408 Json::Value jsonProfile; |
409 authClient.ApplyAndThrowException(jsonProfile); | |
71 | 410 |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
411 if (!jsonProfile.isMember(VALIDITY) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
412 jsonProfile[VALIDITY].type() != Json::intValue) |
71 | 413 { |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
414 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, |
109 | 415 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); |
416 } | |
417 validity = jsonProfile[VALIDITY].asUInt(); | |
113 | 418 profile.tokenKey = token->GetKey(); |
419 profile.tokenType = token->GetType(); | |
420 profile.tokenValue = tokenValue; | |
421 | |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
422 FromJson(profile, jsonProfile); |
109 | 423 |
112
572955904411
added tools/labels + removed forbidden_labels
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
424 if (profile.authorizedLabels.size() == 0) |
71 | 425 { |
116
89eddd4b2f6a
tested resource token for WADO-RS
Alain Mazy <am@osimis.io>
parents:
115
diff
changeset
|
426 LOG(WARNING) << "The UserProfile for '" << profile.name << "' does not contain any authorized labels"; |
71 | 427 } |
428 | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
429 return true; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
430 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
431 catch (Orthanc::OrthancException& ex) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
432 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
433 return false; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
434 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
435 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
436 |
71 | 437 bool AuthorizationWebService::HasUserPermissionInternal(unsigned int& validity, |
438 const std::string& permission, | |
113 | 439 const UserProfile& profile) |
71 | 440 { |
113 | 441 const std::set<std::string>& permissions = profile.permissions; |
442 for (std::set<std::string>::const_iterator it = permissions.begin(); it != permissions.end(); ++it) | |
71 | 443 { |
113 | 444 if (permission == *it) |
71 | 445 { |
113 | 446 return true; |
71 | 447 } |
448 } | |
449 | |
450 return false; | |
451 } | |
452 | |
1 | 453 } |