orthanc-authorization: Plugin/BaseAuthorizationService.h annotate

annotate Plugin/BaseAuthorizationService.h @ 188:c4b908970ae4

updated copyright, as Orthanc Team now replaces Osimis

author	Sebastien Jodogne <s.jodogne@gmail.com>
date	Thu, 30 May 2024 21:59:01 +0200
parents	9be1ee2b8fe1
children	de232f9b3a60

rev	line source
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	1 /**
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	2 * Advanced authorization plugin for Orthanc
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
150 9be1ee2b8fe1 0.7.0 Alain Mazy <am@osimis.io> parents: 113 diff changeset	4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium
188 c4b908970ae4 updated copyright, as Orthanc Team now replaces Osimis Sebastien Jodogne <s.jodogne@gmail.com> parents: 150 diff changeset	5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	6 *
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	7 * This program is free software: you can redistribute it and/or
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	8 * modify it under the terms of the GNU Affero General Public License
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	9 * as published by the Free Software Foundation, either version 3 of
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	10 * the License, or (at your option) any later version.
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	11 *
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	12 * This program is distributed in the hope that it will be useful, but
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	13 * WITHOUT ANY WARRANTY; without even the implied warranty of
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	15 * Affero General Public License for more details.
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	16 *
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	17 * You should have received a copy of the GNU Affero General Public License
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	19 **/
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	20
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	21 #pragma once
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	22
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	23 #include "IAuthorizationService.h"
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	24
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	25
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	26 namespace OrthancPlugins
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	27 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	28 class CachedAuthorizationService;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	29
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	30 class BaseAuthorizationService : public IAuthorizationService
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	31 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	32 friend CachedAuthorizationService;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	33 protected:
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	34 virtual bool IsGrantedInternal(unsigned int& validity,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	35 OrthancPluginHttpMethod method,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	36 const AccessedResource& access,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	37 const Token* token,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	38 const std::string& tokenValue) = 0;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	39
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	40 virtual bool GetUserProfileInternal(unsigned int& validity,
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 74 diff changeset	41 UserProfile& profile /* out */,
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	42 const Token* token,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	43 const std::string& tokenValue) = 0;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	44
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	45 virtual bool HasUserPermissionInternal(unsigned int& validity,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	46 const std::string& permission,
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	47 const UserProfile& profile) = 0;
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	48
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	49 public:
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	50 virtual ~BaseAuthorizationService()
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	51 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	52 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	53
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	54 virtual bool IsGranted(unsigned int& validity,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	55 OrthancPluginHttpMethod method,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	56 const AccessedResource& access,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	57 const Token& token,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	58 const std::string& tokenValue)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	59 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	60 return IsGrantedInternal(validity, method, access, &token, tokenValue);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	61 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	62
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	63 virtual bool IsGrantedToAnonymousUser(unsigned int& validity,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	64 OrthancPluginHttpMethod method,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	65 const AccessedResource& access)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	66 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	67 return IsGrantedInternal(validity, method, access, NULL, "");
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	68 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	69
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	70 virtual bool GetUserProfile(unsigned int& validity,
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 74 diff changeset	71 UserProfile& profile /* out */,
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	72 const Token& token,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	73 const std::string& tokenValue)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	74 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	75 return GetUserProfileInternal(validity, profile, &token, tokenValue);
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	76 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	77
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	78 virtual bool GetAnonymousUserProfile(unsigned int& validity /* out */,
109 7381a7674b36 wip: adding labels Alain Mazy <am@osimis.io> parents: 74 diff changeset	79 UserProfile& profile /* out */)
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	80 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	81 return GetUserProfileInternal(validity, profile, NULL, "");
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	82 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	83
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	84 virtual bool HasUserPermission(unsigned int& validity /* out */,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	85 const std::set<std::string>& anyOfPermissions,
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	86 const UserProfile& profile)
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	87 {
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	88 if (anyOfPermissions.size() == 0)
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	89 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	90 return true;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	91 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	92
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	93 for (std::set<std::string>::const_iterator it = anyOfPermissions.begin(); it != anyOfPermissions.end(); ++it)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	94 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	95 if (HasUserPermissionInternal(validity, *it, profile))
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	96 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	97 return true;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	98 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	99 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	100 return false;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	101 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	102
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	103 virtual bool HasAnonymousUserPermission(unsigned int& validity /* out */,
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	104 const std::set<std::string>& anyOfPermissions)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	105 {
74 aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	106 if (anyOfPermissions.size() == 0)
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	107 {
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	108 return true;
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	109 }
aa73b10c2db9 new API route to decode tokens Alain Mazy <am@osimis.io> parents: 71 diff changeset	110
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	111 UserProfile anonymousUserProfile;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	112 anonymousUserProfile.tokenType = TokenType_None;
43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	113
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	114 for (std::set<std::string>::const_iterator it = anyOfPermissions.begin(); it != anyOfPermissions.end(); ++it)
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	115 {
113 43154740ea2e wip: checking labels Alain Mazy <am@osimis.io> parents: 109 diff changeset	116 if (HasUserPermissionInternal(validity, *it, anonymousUserProfile))
71 30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	117 {
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	118 return true;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	119 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	120 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	121 return false;
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	122 }
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	123 };
30fb3ce960d9 configurable user permissions Alain Mazy <am@osimis.io> parents: diff changeset	124 }

Mercurial > hg > orthanc-authorization

annotate Plugin/BaseAuthorizationService.h @ 188:c4b908970ae4