Mercurial > hg > orthanc-authorization

annotate Plugin/PermissionParser.cpp @ 81:fac45493d547

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
more flexibility wrt configuration
author Alain Mazy <am@osimis.io>
date Thu, 16 Mar 2023 17:38:03 +0100
parents aa73b10c2db9
children 423531fb1200
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
1 /**
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
2 * Advanced authorization plugin for Orthanc
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
4 *
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
5 * This program is free software: you can redistribute it and/or
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
6 * modify it under the terms of the GNU Affero General Public License
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
7 * as published by the Free Software Foundation, either version 3 of
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
8 * the License, or (at your option) any later version.
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
9 *
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
10 * This program is distributed in the hope that it will be useful, but
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
13 * Affero General Public License for more details.
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
14 *
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
15 * You should have received a copy of the GNU Affero General Public License
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
17 **/
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
18
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
19 #include "PermissionParser.h"
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
20
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
21 #include <Toolbox.h>
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
22 #include <OrthancException.h>
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
23 #include <Logging.h>
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
24
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
25 namespace OrthancPlugins
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
26 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
27 PermissionPattern::PermissionPattern(const OrthancPluginHttpMethod& method, const std::string& patternRegex, const std::string& permissions) :
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
28 method(method),
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
29 pattern(patternRegex)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
30 {
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
31 if (!permissions.empty())
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
32 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
33 std::vector<std::string> permissionsVector;
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
34 Orthanc::Toolbox::TokenizeString(permissionsVector, permissions, '|');
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
35
74
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
36 for (size_t i = 0; i < permissionsVector.size(); ++i)
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
37 {
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
38 this->permissions.insert(permissionsVector[i]);
aa73b10c2db9 new API route to decode tokens
Alain Mazy <am@osimis.io>
parents: 71
diff changeset
39 }
71
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
40 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
41 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
42
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
43
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
44 static void Replace(std::string& text, const std::string& findText, const std::string& replaceText)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
45 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
46 size_t pos = text.find(findText);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
47 if (pos != std::string::npos)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
48 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
49 text = text.replace(pos, findText.size(), replaceText);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
50 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
51 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
52
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
53
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
54 static void StripLeadingAndTrailingSlashes(std::string& text)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
55 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
56 if (text.size() > 1 && text[0] == '/')
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
57 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
58 text = text.substr(1, text.size() -1);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
59 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
60 if (text.size() > 1 && text[text.size() - 1] == '/')
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
61 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
62 text = text.substr(0, text.size() -1);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
63 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
64 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
65
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
66
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
67 PermissionParser::PermissionParser(const std::string& dicomWebRoot, const std::string& oe2Root) :
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
68 dicomWebRoot_(dicomWebRoot),
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
69 oe2Root_(oe2Root)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
70 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
71 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
72
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
73 void PermissionParser::Add(const Json::Value& configuration)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
74 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
75 if (configuration.type() != Json::arrayValue)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
76 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
77 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions should be an array.");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
78 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
79
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
80 for (Json::ArrayIndex i = 0; i < configuration.size(); ++i)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
81 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
82 const Json::Value& permission = configuration[i];
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
83 if (permission.type() != Json::arrayValue || permission.size() < 3)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
84 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
85 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions elements should be an array of min size 3.");
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
86 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
87
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
88 Add(permission[0].asString(), // 0 = HTTP method
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
89 permission[1].asString(), // 1 = pattern
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
90 permission[2].asString() // 2 = list of | separated permissions (no space)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
91 // 3 = optional comment
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
92 );
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
93 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
94
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
95 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
96
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
97 void PermissionParser::Add(const std::string& method,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
98 const std::string& patternRegex,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
99 const std::string& permission)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
100 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
101 std::string lowerCaseMethod;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
102 Orthanc::Toolbox::ToLowerCase(lowerCaseMethod, method);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
103 OrthancPluginHttpMethod parsedMethod = OrthancPluginHttpMethod_Get;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
104
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
105 if (lowerCaseMethod == "post")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
106 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
107 parsedMethod = OrthancPluginHttpMethod_Post;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
108 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
109 else if (lowerCaseMethod == "put")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
110 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
111 parsedMethod = OrthancPluginHttpMethod_Put;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
112 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
113 else if (lowerCaseMethod == "delete")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
114 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
115 parsedMethod = OrthancPluginHttpMethod_Delete;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
116 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
117 else if (lowerCaseMethod == "get")
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
118 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
119 parsedMethod = OrthancPluginHttpMethod_Get;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
120 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
121 else
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
122 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
123 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange, std::string("Invalid HTTP method ") + method);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
124 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
125
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
126 std::string regex = patternRegex;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
127 std::string strippedDicomWebRoot = dicomWebRoot_;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
128
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
129 StripLeadingAndTrailingSlashes(strippedDicomWebRoot);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
130 Replace(regex, "DICOM_WEB_ROOT", strippedDicomWebRoot);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
131
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
132 LOG(WARNING) << "Authorization plugin: adding a new permission pattern: " << lowerCaseMethod << " " << regex << " - " << permission;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
133
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
134 permissionsPattern_.push_back(PermissionPattern(parsedMethod, regex, permission));
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
135 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
136
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
137 bool PermissionParser::Parse(std::set<std::string>& permissions,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
138 std::string& matchedPattern,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
139 const OrthancPluginHttpMethod& method,
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
140 const std::string& uri) const
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
141 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
142 // The mutex below should not be necessary, but we prefer to
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
143 // ensure thread safety in boost::regex
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
144 boost::mutex::scoped_lock lock(mutex_);
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
145
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
146
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
147 for (std::list<PermissionPattern>::const_iterator it = permissionsPattern_.begin();
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
148 it != permissionsPattern_.end(); ++it)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
149 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
150 if (method == it->method)
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
151 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
152 boost::smatch what;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
153 if (boost::regex_match(uri, what, it->pattern))
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
154 {
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
155 matchedPattern = it->pattern.expression();
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
156 permissions = it->permissions;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
157 return true;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
158 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
159 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
160 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
161
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
162 return false;
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
163 }
30fb3ce960d9 configurable user permissions
Alain Mazy <am@osimis.io>
parents:
diff changeset
164 }