Mercurial > hg > orthanc-authorization

annotate Plugin/Plugin.cpp @ 72:e381ba725669

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new PUT auth/tokens/{token-type} API route + updated interface with WebService
author Alain Mazy <am@osimis.io>
date Fri, 24 Feb 2023 18:13:36 +0100
parents 30fb3ce960d9
children 512247750f0a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 /**
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2 * Advanced authorization plugin for Orthanc
68
1a13c4fbc9a1 copyrights
Alain Mazy <am@osimis.io>
parents: 66
diff changeset
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 *
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5 * This program is free software: you can redistribute it and/or
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 * modify it under the terms of the GNU Affero General Public License
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 * as published by the Free Software Foundation, either version 3 of
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 * the License, or (at your option) any later version.
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 *
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 * This program is distributed in the hope that it will be useful, but
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * Affero General Public License for more details.
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 *
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 * You should have received a copy of the GNU Affero General Public License
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 **/
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 #include "AssociativeArray.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 #include "DefaultAuthorizationParser.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 #include "CachedAuthorizationService.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 #include "AuthorizationWebService.h"
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
23 #include "PermissionParser.h"
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 #include "MemoryCache.h"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25
34
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
26 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
27
36
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 35
diff changeset
28 #include <Compatibility.h> // For std::unique_ptr<>
32
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 31
diff changeset
29 #include <Logging.h>
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 31
diff changeset
30 #include <Toolbox.h>
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
31 #include <EmbeddedResources.h>
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 // Configuration of the authorization plugin
36
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 35
diff changeset
35 static std::unique_ptr<OrthancPlugins::IAuthorizationParser> authorizationParser_;
8ada1b669194 replacing deprecated std::auto_ptr by std::unique_ptr
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 35
diff changeset
36 static std::unique_ptr<OrthancPlugins::IAuthorizationService> authorizationService_;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
37 static std::unique_ptr<OrthancPlugins::PermissionParser> permissionParser_;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 static std::set<std::string> uncheckedResources_;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 static std::list<std::string> uncheckedFolders_;
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
40 static std::set<OrthancPlugins::Token> tokens_;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41 static std::set<OrthancPlugins::AccessLevel> uncheckedLevels_;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
44 static std::string JoinStrings(const std::set<std::string>& values)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
45 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
46 std::string out;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
47 std::set<std::string> copy = values; // TODO: remove after upgrading to OrthancFramework 1.11.3+
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
48 Orthanc::Toolbox::JoinStrings(out, copy, "|");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
49 return out;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
50 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
51
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
52 struct TokenAndValue
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
53 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
54 const OrthancPlugins::Token& token;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
55 std::string value;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
56
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
57 TokenAndValue(const OrthancPlugins::Token& token, const std::string& value) :
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
58 token(token),
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
59 value(value)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
60 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
61 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
62 };
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
63
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
64
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
65 static int32_t FilterHttpRequests(OrthancPluginHttpMethod method,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
66 const char *uri,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
67 const char *ip,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
68 uint32_t headersCount,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
69 const char *const *headersKeys,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
70 const char *const *headersValues,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
71 uint32_t getArgumentsCount,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
72 const char *const *getArgumentsKeys,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
73 const char *const *getArgumentsValues)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
74 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
75 try
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
76 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
77 unsigned int validity; // ignored
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
78
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
79 if (method == OrthancPluginHttpMethod_Get)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
80 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
81 // Allow GET accesses to static resources
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
82 if (uncheckedResources_.find(uri) != uncheckedResources_.end())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
83 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
84 return 1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
85 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
86
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
87 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
88 it = uncheckedFolders_.begin(); it != uncheckedFolders_.end(); ++it)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
89 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
90 if (Orthanc::Toolbox::StartsWith(uri, *it))
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
91 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
92 return 1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
93 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
94 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
95 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
96
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
97 OrthancPlugins::AssociativeArray headers(headersCount, headersKeys, headersValues, false);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
98 OrthancPlugins::AssociativeArray getArguments(getArgumentsCount, getArgumentsKeys, getArgumentsValues, true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
99
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
100 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
101
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
102 for (std::set<OrthancPlugins::Token>::const_iterator token = tokens_.begin(); token != tokens_.end(); ++token)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
103 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
104 std::string value;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
105
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
106 bool hasValue = false;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
107 switch (token->GetType())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
108 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
109 case OrthancPlugins::TokenType_HttpHeader:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
110 hasValue = headers.GetValue(value, token->GetKey());
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
111 break;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
112
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
113 case OrthancPlugins::TokenType_GetArgument:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
114 hasValue = getArguments.GetValue(value, token->GetKey());
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
115 break;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
116
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
117 default:
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
118 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
119 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
120
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
121 if (hasValue)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
122 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
123 authTokens.push_back(TokenAndValue(*token, value));
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
124 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
125 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
126
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
127 // check if the user permissions grants him access
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
128 if (permissionParser_.get() != NULL &&
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
129 authorizationService_.get() != NULL)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
130 // && uncheckedLevels_.find(OrthancPlugins::AccessLevel_UserPermissions) == uncheckedLevels_.end())
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
131 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
132 std::set<std::string> requiredPermissions;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
133 std::string matchedPattern;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
134 if (permissionParser_->Parse(requiredPermissions, matchedPattern, method, uri))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
135 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
136 if (authTokens.empty())
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
137 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
138 LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "'";
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
139 if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
140 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
141 return 1;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
142 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
143 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
144 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
145 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
146 for (size_t i = 0; i < authTokens.size(); ++i)
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
147 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
148 LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "'";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
149 if (authorizationService_->HasUserPermission(validity, requiredPermissions, authTokens[i].token, authTokens[i].value))
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
150 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
151 return 1;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
152 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
153 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
154 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
155 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
156 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
157
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
158 if (authorizationParser_.get() != NULL &&
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
159 authorizationService_.get() != NULL)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
160 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
161 // Parse the resources that are accessed through this URI
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
162 OrthancPlugins::IAuthorizationParser::AccessedResources accesses;
56
c02f0646297d added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents: 54
diff changeset
163
57
55539d564f4f added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
164 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap()))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
165 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
166 return 0; // Unable to parse this URI
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
167 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
168
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
169 // Loop over all the accessed resources to ensure access is
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
170 // granted to each of them
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
171 for (OrthancPlugins::IAuthorizationParser::AccessedResources::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
172 access = accesses.begin(); access != accesses.end(); ++access)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
173 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
174 // Ignored the access levels that are unchecked
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
175 // (cf. "UncheckedLevels" option)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
176 if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
177 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
178 LOG(INFO) << "Testing whether access to "
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
179 << OrthancPlugins::EnumerationToString(access->GetLevel())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
180 << " \"" << access->GetOrthancId() << "\" is allowed";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
181
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
182 bool granted = false;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
183
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
184 if (authTokens.empty())
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
185 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
186 granted = authorizationService_->IsGrantedToAnonymousUser(validity, method, *access);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
187 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
188 else
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
189 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
190 // Loop over all the authorization tokens in the request until finding one that is granted
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
191 for (size_t i = 0; i < authTokens.size(); ++i)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
192 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
193 if (authorizationService_->IsGranted(validity, method, *access, authTokens[i].token, authTokens[i].value))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
194 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
195 granted = true;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
196 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
197 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
198 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
199 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
200
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
201 if (!granted)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
202 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
203 return 0;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
204 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
205 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
206 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
207
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
208 // Access is granted to all the resources
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
209 return 1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
210 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
211
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
212 // By default, forbid access to all the resources
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
213 return 0;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
214 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
215 catch (std::runtime_error& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
216 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
217 LOG(ERROR) << e.what();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
218 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
219 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
220 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
221 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
222 LOG(ERROR) << e.What();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
223 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
224 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
225 catch (...)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
226 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
227 LOG(ERROR) << "Unhandled internal exception";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
228 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
229 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
230 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
231
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
232
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
233 #if !ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
234 static int32_t FilterHttpRequestsFallback(OrthancPluginHttpMethod method,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
235 const char *uri,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
236 const char *ip,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
237 uint32_t headersCount,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
238 const char *const *headersKeys,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
239 const char *const *headersValues)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
240 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
241 // Fallback wrapper function for Orthanc <= 1.2.0, where the GET
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
242 // arguments were not available in the HTTP filters
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
243 return FilterHttpRequests(method, uri, ip,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
244 headersCount, headersKeys, headersValues,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
245 0, NULL, NULL);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
246 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
247 #endif
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
248
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
249
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
250 static OrthancPluginErrorCode OnChangeCallback(OrthancPluginChangeType changeType,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
251 OrthancPluginResourceType resourceType,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
252 const char* resourceId)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
253 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
254 try
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
255 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
256 if (authorizationParser_.get() == NULL)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
257 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
258 return OrthancPluginErrorCode_Success;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
259 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
260
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
261 if (changeType == OrthancPluginChangeType_Deleted)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
262 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
263 switch (resourceType)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
264 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
265 case OrthancPluginResourceType_Patient:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
266 authorizationParser_->Invalidate(Orthanc::ResourceType_Patient, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
267 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
268
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
269 case OrthancPluginResourceType_Study:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
270 authorizationParser_->Invalidate(Orthanc::ResourceType_Study, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
271 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
272
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
273 case OrthancPluginResourceType_Series:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
274 authorizationParser_->Invalidate(Orthanc::ResourceType_Series, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
275 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
276
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
277 case OrthancPluginResourceType_Instance:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
278 authorizationParser_->Invalidate(Orthanc::ResourceType_Instance, resourceId);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
279 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
280
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
281 default:
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
282 break;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
283 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
284 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
285
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
286 return OrthancPluginErrorCode_Success;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
287 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
288 catch (std::runtime_error& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
289 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
290 LOG(ERROR) << e.what();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
291 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
292 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
293 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
294 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
295 LOG(ERROR) << e.What();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
296 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
297 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
298 catch (...)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
299 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
300 LOG(ERROR) << "Unhandled internal exception";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
301 return OrthancPluginErrorCode_Success; // Ignore error
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
302 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
303 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
304
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
305 void CreateToken(OrthancPluginRestOutput* output,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
306 const char* /*url*/,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
307 const OrthancPluginHttpRequest* request)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
308 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
309 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
310
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
311 if (request->method != OrthancPluginHttpMethod_Put)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
312 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
313 OrthancPluginSendMethodNotAllowed(context, output, "PUT");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
314 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
315 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
316 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
317 // The filtering to this route is performed by this plugin as it is done for any other route before we get here.
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
318 // Since the route contains the tokenType, we can allow/forbid creating them based on the url
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
319
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
320 // simply forward the request to the auth-service
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
321 std::string tokenType;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
322 if (request->groupsCount == 1)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
323 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
324 tokenType = request->groups[0];
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
325 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
326 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
327 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
328 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
329 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
330
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
331 // convert from Orthanc flavored API to WebService API
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
332 Json::Value body;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
333 if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
334 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
335 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
336 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
337
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
338 std::string id;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
339 std::vector<OrthancPlugins::IAuthorizationService::OrthancResource> resources;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
340 std::string expirationDateString;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
341
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
342 if (body.isMember("ID"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
343 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
344 id = body["ID"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
345 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
346
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
347 for (Json::ArrayIndex i = 0; i < body["Resources"].size(); ++i)
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
348 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
349 const Json::Value& jsonResource = body["Resources"][i];
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
350 OrthancPlugins::IAuthorizationService::OrthancResource resource;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
351
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
352 if (jsonResource.isMember("DicomUid"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
353 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
354 resource.dicomUid = jsonResource["DicomUid"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
355 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
356
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
357 if (jsonResource.isMember("OrthancId"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
358 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
359 resource.orthancId = jsonResource["OrthancId"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
360 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
361
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
362 if (jsonResource.isMember("Url"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
363 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
364 resource.url = jsonResource["Url"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
365 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
366
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
367 resource.level = jsonResource["Level"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
368 resources.push_back(resource);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
369 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
370
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
371 if (body.isMember("ExpirationDate"))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
372 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
373 expirationDateString = body["ExpirationDate"].asString();
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
374 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
375
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
376 OrthancPlugins::IAuthorizationService::CreatedToken createdToken;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
377 if (authorizationService_->CreateToken(createdToken,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
378 tokenType,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
379 id,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
380 resources,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
381 expirationDateString))
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
382 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
383 Json::Value createdJsonToken;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
384 createdJsonToken["Token"] = createdToken.token;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
385
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
386 if (!createdToken.url.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
387 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
388 createdJsonToken["Url"] = createdToken.url;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
389 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
390 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
391 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
392 createdJsonToken["Url"] = Json::nullValue;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
393 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
394
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
395 OrthancPlugins::AnswerJson(createdJsonToken, output);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
396 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
397
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
398
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
399 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
400 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
401
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
402 void GetUserProfile(OrthancPluginRestOutput* output,
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
403 const char* /*url*/,
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
404 const OrthancPluginHttpRequest* request)
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
405 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
406 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
407
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
408 if (request->method != OrthancPluginHttpMethod_Get)
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
409 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
410 OrthancPluginSendMethodNotAllowed(context, output, "GET");
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
411 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
412 else
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
413 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
414 OrthancPlugins::AssociativeArray headers
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
415 (request->headersCount, request->headersKeys, request->headersValues, false);
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
416
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
417 OrthancPlugins::AssociativeArray getArguments
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
418 (request->getCount, request->getKeys, request->getValues, true);
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
419
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
420 // Loop over all the authorization tokens stored in the HTTP
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
421 // headers, until finding one that is granted
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
422 for (std::set<OrthancPlugins::Token>::const_iterator
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
423 token = tokens_.begin(); token != tokens_.end(); ++token)
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
424 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
425 Json::Value profile;
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
426
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
427 std::string value;
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
428
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
429 bool hasValue = false;
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
430 switch (token->GetType())
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
431 {
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
432 case OrthancPlugins::TokenType_HttpHeader:
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
433 hasValue = headers.GetValue(value, token->GetKey());
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
434 break;
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
435
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
436 case OrthancPlugins::TokenType_GetArgument:
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
437 hasValue = getArguments.GetValue(value, token->GetKey());
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
438 break;
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
439
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
440 default:
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
441 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange);
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
442 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
443
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
444 if (hasValue)
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
445 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
446 unsigned int validity; // not used
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
447 authorizationService_->GetUserProfile(validity, profile, *token, value);
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
448
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
449 OrthancPlugins::AnswerJson(profile, output);
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
450 break;
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
451 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
452 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
453
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
454 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
455 }
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
456
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
457 void MergeJson(Json::Value &a, const Json::Value &b) {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
458
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
459 if (!a.isObject() || !b.isObject())
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
460 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
461 return;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
462 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
463
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
464 Json::Value::Members members = b.getMemberNames();
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
465
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
466 for (size_t i = 0; i < members.size(); i++)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
467 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
468 std::string key = members[i];
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
469
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
470 if (!a[key].isNull() && a[key].type() == Json::objectValue && b[key].type() == Json::objectValue)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
471 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
472 MergeJson(a[key], b[key]);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
473 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
474 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
475 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
476 a[key] = b[key];
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
477 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
478 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
479 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
480
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
481
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
482 extern "C"
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
483 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
484 ORTHANC_PLUGINS_API int32_t OrthancPluginInitialize(OrthancPluginContext* context)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
485 {
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
486 OrthancPlugins::SetGlobalContext(context);
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
487 OrthancPluginLogWarning(context, "Initializing the authorization plugin");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
488
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
489 /* Check the version of the Orthanc core */
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
490 if (OrthancPluginCheckVersion(context) == 0)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
491 {
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
492 OrthancPlugins::ReportMinimalOrthancVersion(ORTHANC_PLUGINS_MINIMAL_MAJOR_NUMBER,
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
493 ORTHANC_PLUGINS_MINIMAL_MINOR_NUMBER,
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
494 ORTHANC_PLUGINS_MINIMAL_REVISION_NUMBER);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
495 return -1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
496 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
497
41
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 36
diff changeset
498 #if ORTHANC_FRAMEWORK_VERSION_IS_ABOVE(1, 7, 2)
32
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 31
diff changeset
499 Orthanc::Logging::InitializePluginContext(context);
33
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
500 #else
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
501 Orthanc::Logging::Initialize(context);
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
502 #endif
b9c536bf598b improved Orthanc::Logging::Initialize()
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 32
diff changeset
503
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
504 OrthancPluginSetDescription(context, "Advanced authorization plugin for Orthanc.");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
505
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
506 try
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
507 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
508 static const char* PLUGIN_SECTION = "Authorization";
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
509
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
510 OrthancPlugins::OrthancConfiguration orthancFullConfiguration;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
511
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
512 // read default configuration
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
513 std::string defaultConfigurationFileContent;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
514 Orthanc::EmbeddedResources::GetFileResource(defaultConfigurationFileContent, Orthanc::EmbeddedResources::DEFAULT_CONFIGURATION);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
515 Json::Value pluginJsonDefaultConfiguration;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
516 OrthancPlugins::ReadJsonWithoutComments(pluginJsonDefaultConfiguration, defaultConfigurationFileContent);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
517 Json::Value pluginJsonConfiguration = pluginJsonDefaultConfiguration[PLUGIN_SECTION];
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
518
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
519 OrthancPlugins::OrthancConfiguration pluginProvidedConfiguration;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
520
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
521 if (orthancFullConfiguration.IsSection(PLUGIN_SECTION))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
522 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
523 // get the configuration provided by the user
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
524 orthancFullConfiguration.GetSection(pluginProvidedConfiguration, PLUGIN_SECTION);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
525
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
526 // merge it with the default configuration. This is a way to apply the all default values in a single step
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
527 MergeJson(pluginJsonConfiguration, pluginProvidedConfiguration.GetJson());
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
528
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
529 // recreate a OrthancConfiguration object from the merged configuration
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
530 OrthancPlugins::OrthancConfiguration pluginConfiguration(pluginJsonConfiguration, PLUGIN_SECTION);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
531
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
532 // TODO - The size of the caches is set to 10,000 items. Maybe add a configuration option?
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
533 OrthancPlugins::MemoryCache::Factory factory(10000);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
534
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
535 std::string dicomWebRoot = "/dicom-web/";
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
536 std::string oe2Root = "/ui/";
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
537
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
538 if (orthancFullConfiguration.IsSection("DicomWeb"))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
539 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
540 OrthancPlugins::OrthancConfiguration dicomWeb;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
541 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
542 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
543 }
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
544
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
545 if (orthancFullConfiguration.IsSection("OrthancExplorer2"))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
546 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
547 OrthancPlugins::OrthancConfiguration oe2;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
548 oe2.GetSection(orthancFullConfiguration, "OrthancExplorer2");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
549 oe2Root = oe2.GetStringValue("Root", "/ui/");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
550 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
551
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
552 std::list<std::string> tmp;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
553
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
554 pluginConfiguration.LookupListOfStrings(tmp, "TokenHttpHeaders", true);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
555 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
556 it = tmp.begin(); it != tmp.end(); ++it)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
557 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
558 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it));
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
559 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
560
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
561 pluginConfiguration.LookupListOfStrings(tmp, "TokenGetArguments", true);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
562
8
4362026afddf orthanc 1.2.1 renamed as 1.3.0
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 1
diff changeset
563 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 3, 0)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
564 for (std::list<std::string>::const_iterator
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
565 it = tmp.begin(); it != tmp.end(); ++it)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
566 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
567 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it));
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
568 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
569 #else
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
570 if (!tmp.empty())
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
571 {
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
572 throw Orthanc::OrthancException(
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
573 Orthanc::ErrorCode_Plugin,
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
574 "The option \"TokenGetArguments\" of the authorization plugin "
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
575 "is only valid if compiled against Orthanc >= 1.3.0"
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
576 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
577 #endif
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
578
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
579 pluginConfiguration.LookupSetOfStrings(uncheckedResources_, "UncheckedResources", false);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
580 pluginConfiguration.LookupListOfStrings(uncheckedFolders_, "UncheckedFolders", false);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
581
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
582 std::string urlTokenValidation;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
583 std::string urlTokenCreationBase;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
584 std::string urlUserProfile;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
585 std::string urlRoot;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
586
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
587 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
588 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
589 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
590 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
591 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
592 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT))
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
593 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
594 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
595 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/");
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
596 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile");
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
597 }
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
598 else
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
599 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
600 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
601 if (urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
602 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
603 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
604 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
605
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
606 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
607 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
608 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
609
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
610 if (!urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
611 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
612 LOG(WARNING) << "Authorization plugin: url defined for Token Validation: " << urlTokenValidation;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
613 authorizationParser_.reset
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
614 (new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot));
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
615 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
616 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
617 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
618 LOG(WARNING) << "Authorization plugin: no url defined for Token Validation";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
619 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
620
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
621 if (!urlUserProfile.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
622 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
623 LOG(WARNING) << "Authorization plugin: url defined for User Profile: " << urlUserProfile;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
624
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
625 static const char* PERMISSIONS = "Permissions";
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
626 if (!pluginConfiguration.GetJson().isMember(PERMISSIONS))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
627 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
628 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: Missing required \"" + std::string(PERMISSIONS) +
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
629 "\" option since you have defined the \"" + std::string(WEB_SERVICE_ROOT) + "\" option");
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
630 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
631 permissionParser_.reset
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
632 (new OrthancPlugins::PermissionParser(dicomWebRoot, oe2Root));
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
633
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
634 permissionParser_->Add(pluginConfiguration.GetJson()[PERMISSIONS]);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
635 }
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
636 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
637 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
638 LOG(WARNING) << "Authorization plugin: no url defined for User Profile";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
639 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
640
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
641 if (!urlTokenCreationBase.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
642 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
643 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase;
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
644 // TODO Token Creation
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
645 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
646 else
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
647 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
648 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation";
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
649 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
650
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
651 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
652 {
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
653 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: No Token Validation or User Profile url defined");
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
654 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
655
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
656 std::set<std::string> standardConfigurations;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
657 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false))
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
658 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
659 if (standardConfigurations.find("osimis-web-viewer") != standardConfigurations.end())
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
660 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
661 uncheckedFolders_.push_back("/osimis-viewer/app/");
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
662 uncheckedFolders_.push_back("/osimis-viewer/languages/");
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
663 uncheckedResources_.insert("/osimis-viewer/config.js");
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
664
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
665 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token"));
62
222f0652025f fix get argument values that were transformed to lowercase
Alain Mazy <am@osimis.io>
parents: 58
diff changeset
666 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, "token")); // for download links
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
667 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
668
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
669 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end())
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
670 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
671 uncheckedFolders_.push_back("/stone-webviewer/");
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
672 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
673 uncheckedResources_.insert("/tools/lookup"); // for Downloads (we consider that having access to tools/lookup can not give information about other patients/studies since it only return IDs, no patient data)
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
674
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
675 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization"));
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
676 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
677
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
678 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end())
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
679 {
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
680 uncheckedFolders_.push_back("/ui/app/");
66
b7fd466764cc fix path for oe2 keycloak
Alain Mazy <am@osimis.io>
parents: 65
diff changeset
681 uncheckedResources_.insert("/ui/api/pre-login-configuration"); // for the UI to know, i.e. if Keycloak is enabled or not
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
682 uncheckedResources_.insert("/ui/api/configuration");
69
af44dce56328 new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents: 68
diff changeset
683 uncheckedResources_.insert("/auth/user-profile");
65
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
684
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
685 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); // for basic-auth
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
686 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token")); // for keycloak
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
687 }
a89e1fcf56b1 new oe2 standard configuration
Alain Mazy <am@osimis.io>
parents: 62
diff changeset
688
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
689 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
690
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
691 std::string checkedLevelString;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
692 if (pluginConfiguration.LookupStringValue(checkedLevelString, "CheckedLevel"))
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
693 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
694 OrthancPlugins::AccessLevel checkedLevel = OrthancPlugins::StringToAccessLevel(checkedLevelString);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
695 if (checkedLevel == OrthancPlugins::AccessLevel_Instance)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
696 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
697 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
698 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
699 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
700 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
701 else if (checkedLevel == OrthancPlugins::AccessLevel_Series)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
702 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
703 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
704 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
705 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
706 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
707 else if (checkedLevel == OrthancPlugins::AccessLevel_Study)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
708 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
709 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
710 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
711 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
712 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
713 else if (checkedLevel == OrthancPlugins::AccessLevel_Patient)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
714 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
715 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
716 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
717 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance);
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
718 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
719 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
720
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
721 if (pluginConfiguration.LookupListOfStrings(tmp, "UncheckedLevels", false))
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
722 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
723 if (uncheckedLevels_.size() == 0)
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
724 {
58
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
725 for (std::list<std::string>::const_iterator
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
726 it = tmp.begin(); it != tmp.end(); ++it)
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
727 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
728 uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it));
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
729 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
730 }
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
731 else
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
732 {
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
733 LOG(ERROR) << "Authorization plugin: you may only provide one of 'CheckedLevel' or 'UncheckedLevels' configurations";
ad279c70c22d added a new configuration 'StandardConfigurations'
Alain Mazy <am@osimis.io>
parents: 57
diff changeset
734 return -1;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
735 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
736 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
737
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
738 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
739 urlTokenCreationBase,
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
740 urlUserProfile));
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
741
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
742 std::string webServiceIdentifier;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
743 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier"))
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
744 {
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
745 webService->SetIdentifier(webServiceIdentifier);
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
746 }
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
747
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
748 std::string webServiceUsername;
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
749 std::string webServicePassword;
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
750 if (pluginConfiguration.LookupStringValue(webServiceUsername, "WebServiceUsername") && pluginConfiguration.LookupStringValue(webServicePassword, "WebServicePassword"))
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
751 {
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
752 webService->SetCredentials(webServiceUsername, webServicePassword);
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
753 }
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
754
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
755 authorizationService_.reset
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
756 (new OrthancPlugins::CachedAuthorizationService
54
317b31e99501 Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents: 51
diff changeset
757 (webService.release(), factory));
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
758
72
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
759 if (!urlTokenValidation.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
760 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
761 OrthancPluginRegisterOnChangeCallback(context, OnChangeCallback);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
762 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
763
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
764 if (!urlUserProfile.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
765 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
766 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
767 }
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
768
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
769 if (!urlTokenCreationBase.empty())
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
770 {
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
771 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true);
e381ba725669 new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
772 }
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
773
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
774 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
775 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
776 #else
29
bc0431cb6b8f fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 22
diff changeset
777 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback);
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
778 #endif
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
779 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
780 else
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
781 {
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents: 69
diff changeset
782 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, "
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
783 << "the authorization plugin is disabled";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
784 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
785 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
786 catch (Orthanc::OrthancException& e)
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
787 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
788 LOG(ERROR) << e.What();
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
789 return -1;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
790 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
791
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
792 return 0;
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
793 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
794
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
795
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
796 ORTHANC_PLUGINS_API void OrthancPluginFinalize()
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
797 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
798 authorizationParser_.reset(NULL);
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
799 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
800
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
801
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
802 ORTHANC_PLUGINS_API const char* OrthancPluginGetName()
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
803 {
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
804 return "authorization";
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
805 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
806
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
807
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
808 ORTHANC_PLUGINS_API const char* OrthancPluginGetVersion()
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
809 {
22
c44013681a51 now using the Orthanc framework
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 8
diff changeset
810 return ORTHANC_PLUGIN_VERSION;
1
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
811 }
d5d3cb00556a initial release
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
812 }