Mercurial > hg > orthanc-authorization
annotate Plugin/DefaultAuthorizationParser.cpp @ 201:8c79c3b026ce default tip
back to mainline
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Wed, 03 Jul 2024 09:00:01 +0200 |
parents | c4b908970ae4 |
children |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
150 | 4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
188
c4b908970ae4
updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
152
diff
changeset
|
5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium |
1 | 6 * |
7 * This program is free software: you can redistribute it and/or | |
8 * modify it under the terms of the GNU Affero General Public License | |
9 * as published by the Free Software Foundation, either version 3 of | |
10 * the License, or (at your option) any later version. | |
11 * | |
12 * This program is distributed in the hope that it will be useful, but | |
13 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 * Affero General Public License for more details. | |
16 * | |
17 * You should have received a copy of the GNU Affero General Public License | |
18 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 **/ | |
20 | |
21 #include "DefaultAuthorizationParser.h" | |
22 | |
32 | 23 #include <OrthancException.h> |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
24 #include <HttpServer/HttpToolbox.h> |
128
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
25 #include <Logging.h> |
1 | 26 |
27 namespace OrthancPlugins | |
28 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
28
diff
changeset
|
29 DefaultAuthorizationParser::DefaultAuthorizationParser(ICacheFactory& factory, |
1 | 30 const std::string& dicomWebRoot) : |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
28
diff
changeset
|
31 AuthorizationParserBase(factory), |
1 | 32 resourcesPattern_("^/(patients|studies|series|instances)/([a-f0-9-]+)(|/.*)$"), |
33 seriesPattern_("^/(web-viewer/series|web-viewer/is-stable-series|wsi/pyramids|wsi/tiles)/([a-f0-9-]+)(|/.*)$"), | |
11 | 34 instancesPattern_("^/web-viewer/instances/[a-z0-9]+-([a-f0-9-]+)_[0-9]+$"), |
35 osimisViewerSeries_("^/osimis-viewer/series/([a-f0-9-]+)(|/.*)$"), | |
28
ae19947abf68
Added support for Osimis Web Viewer new route (osimis-viewer/custom-command/)
am@osimis.io
parents:
22
diff
changeset
|
36 osimisViewerImages_("^/osimis-viewer/(images|custom-command)/([a-f0-9-]+)(|/.*)$"), |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
37 osimisViewerStudies_("^/osimis-viewer/studies/([a-f0-9-]+)(|/.*)$"), |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
38 listOfResourcesPattern_("^/(patients|studies|series|instances)(|/)$"), |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
39 createBulkPattern_("^/tools/(create-archive|create-media|create-media-extended)(|/)$") |
1 | 40 { |
41 std::string tmp = dicomWebRoot; | |
42 while (!tmp.empty() && | |
43 tmp[tmp.size() - 1] == '/') | |
44 { | |
45 tmp = tmp.substr(0, tmp.size() - 1); | |
46 } | |
47 | |
148
20c638fa8b07
new permissions for QIDO-RS & WADO-RS
Alain Mazy <am@osimis.io>
parents:
138
diff
changeset
|
48 // note: if you add new DICOMWeb routes here, add them in the DefaultConfiguration.json too |
1 | 49 dicomWebStudies_ = boost::regex( |
152
9f686ee4b158
Added missing parsing of /dicom-web/studies/.../instances
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
50 "^" + tmp + "/studies/([.0-9]+)(|/series|/metadata|/instances)(|/)$"); |
1 | 51 |
52 dicomWebSeries_ = boost::regex( | |
80 | 53 "^" + tmp + "/studies/([.0-9]+)/series/([.0-9]+)(|/instances|/rendered|/metadata)(|/)$"); |
1 | 54 |
55 dicomWebInstances_ = boost::regex( | |
98
c82f0c7d2c6a
Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes
Alain Mazy <am@osimis.io>
parents:
92
diff
changeset
|
56 "^" + tmp + "/studies/([.0-9]+)/series/([.0-9]+)/instances/([.0-9]+)(|/|/frames/.*|/rendered|/metadata|/bulk/.*)(|/)$"); |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
57 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
58 dicomWebQidoRsFind_ = boost::regex( |
80 | 59 "^" + tmp + "/(studies|series|instances)(|/)$"); |
1 | 60 } |
61 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
62 void DefaultAuthorizationParser::GetSingleResourcePatterns(std::vector<boost::regex>& patterns) const |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
63 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
64 patterns.push_back(resourcesPattern_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
65 patterns.push_back(seriesPattern_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
66 patterns.push_back(instancesPattern_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
67 patterns.push_back(osimisViewerSeries_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
68 patterns.push_back(osimisViewerImages_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
69 patterns.push_back(osimisViewerStudies_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
70 patterns.push_back(dicomWebStudies_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
71 patterns.push_back(dicomWebSeries_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
72 patterns.push_back(dicomWebInstances_); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
73 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
74 |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
148
diff
changeset
|
75 bool DefaultAuthorizationParser::IsListOfResources(const std::string& uri) const |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
76 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
77 if (boost::regex_match(uri, listOfResourcesPattern_)) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
78 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
79 return true; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
80 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
81 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
82 return false; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
83 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
84 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
85 |
1 | 86 |
87 bool DefaultAuthorizationParser::Parse(AccessedResources& target, | |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
88 const std::string& uri, |
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
89 const std::map<std::string, std::string>& getArguments) |
1 | 90 { |
91 // The mutex below should not be necessary, but we prefer to | |
92 // ensure thread safety in boost::regex | |
93 boost::mutex::scoped_lock lock(mutex_); | |
94 | |
95 boost::smatch what; | |
96 | |
97 if (boost::regex_match(uri, what, resourcesPattern_)) | |
98 { | |
99 AccessLevel level = StringToAccessLevel(what[1]); | |
100 | |
101 switch (level) | |
102 { | |
103 case AccessLevel_Instance: | |
104 AddOrthancInstance(target, what[2]); | |
105 break; | |
106 | |
107 case AccessLevel_Series: | |
108 AddOrthancSeries(target, what[2]); | |
109 break; | |
110 | |
111 case AccessLevel_Study: | |
112 AddOrthancStudy(target, what[2]); | |
113 break; | |
114 | |
115 case AccessLevel_Patient: | |
116 AddOrthancPatient(target, what[2]); | |
117 break; | |
118 | |
119 default: | |
120 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError); | |
121 } | |
122 | |
123 return true; | |
124 } | |
125 else if (boost::regex_match(uri, what, seriesPattern_)) | |
126 { | |
127 AddOrthancSeries(target, what[2]); | |
128 return true; | |
129 } | |
130 else if (boost::regex_match(uri, what, instancesPattern_)) | |
131 { | |
132 AddOrthancInstance(target, what[1]); | |
133 return true; | |
134 } | |
135 else if (boost::regex_match(uri, what, dicomWebStudies_)) | |
136 { | |
137 AddDicomStudy(target, what[1]); | |
138 return true; | |
139 } | |
140 else if (boost::regex_match(uri, what, dicomWebSeries_)) | |
141 { | |
142 AddDicomSeries(target, what[1], what[2]); | |
143 return true; | |
144 } | |
145 else if (boost::regex_match(uri, what, dicomWebInstances_)) | |
146 { | |
147 AddDicomInstance(target, what[1], what[2], what[3]); | |
148 return true; | |
149 } | |
11 | 150 else if (boost::regex_match(uri, what, osimisViewerSeries_)) |
151 { | |
152 AddOrthancSeries(target, what[1]); | |
153 return true; | |
154 } | |
155 else if (boost::regex_match(uri, what, osimisViewerStudies_)) | |
156 { | |
157 AddOrthancStudy(target, what[1]); | |
158 return true; | |
159 } | |
160 else if (boost::regex_match(uri, what, osimisViewerImages_)) | |
161 { | |
50 | 162 AddOrthancInstance(target, what[2]); |
11 | 163 return true; |
164 } | |
138
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
165 else if (boost::regex_match(uri, what, createBulkPattern_)) |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
166 { |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
167 std::string resourcesIdsString = Orthanc::HttpToolbox::GetArgument(getArguments, "resources", ""); |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
168 std::set<std::string> resourcesIds; |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
169 Orthanc::Toolbox::SplitString(resourcesIds, resourcesIdsString, ','); |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
170 |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
171 for (std::set<std::string>::const_iterator it = resourcesIds.begin(); it != resourcesIds.end(); ++it) |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
172 { |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
173 AddOrthancUnknownResource(target, *it); |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
174 } |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
175 |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
176 return true; |
f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
Alain Mazy <am@osimis.io>
parents:
128
diff
changeset
|
177 } |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
178 else if (boost::regex_match(uri, what, dicomWebQidoRsFind_)) |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
179 { |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
180 std::string studyInstanceUid, seriesInstanceUid, sopInstanceUid, patientId; |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
181 |
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
182 studyInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "0020000D", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
183 if (studyInstanceUid.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
184 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
185 studyInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "StudyInstanceUID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
186 } |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
187 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
188 seriesInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "0020000E", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
189 if (seriesInstanceUid.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
190 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
191 seriesInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "SeriesInstanceUID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
192 } |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
193 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
194 sopInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "00080018", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
195 if (sopInstanceUid.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
196 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
197 sopInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "SOPInstanceUID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
198 } |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
199 |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
200 patientId = Orthanc::HttpToolbox::GetArgument(getArguments, "00100010", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
201 if (patientId.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
202 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
203 patientId = Orthanc::HttpToolbox::GetArgument(getArguments, "PatientID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
204 } |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
205 |
128
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
206 if (!sopInstanceUid.empty() && sopInstanceUid.find('*') != std::string::npos) |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
207 { |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
208 LOG(WARNING) << "Authorization plugin: unable to handle wildcards in SOPInstanceUID"; |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
209 sopInstanceUid = ""; // remove the constrain, it will be considered as a 'system' access |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
210 } |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
211 |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
212 if (!seriesInstanceUid.empty() && seriesInstanceUid.find('*') != std::string::npos) |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
213 { |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
214 LOG(WARNING) << "Authorization plugin: unable to handle wildcards in SeriesInstanceUID"; |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
215 seriesInstanceUid = ""; // remove the constrain, it will be considered as a 'system' access |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
216 } |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
217 |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
218 if (!studyInstanceUid.empty() && studyInstanceUid.find('*') != std::string::npos) |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
219 { |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
220 LOG(WARNING) << "Authorization plugin: unable to handle wildcards in StudyInstanceUID"; |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
221 studyInstanceUid = ""; // remove the constrain, it will be considered as a 'system' access |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
222 } |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
223 |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
224 if (!patientId.empty() && patientId.find('*') != std::string::npos) |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
225 { |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
226 LOG(WARNING) << "Authorization plugin: unable to handle wildcards in PatientID"; |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
227 patientId = ""; // remove the constrain, it will be considered as a 'system' access |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
228 } |
0205e9efaca8
detect wildcards in query args like '/dicom-web/studies?PatientID=*' and consider these routes as system routes
Alain Mazy <am@osimis.io>
parents:
116
diff
changeset
|
229 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
230 if (!sopInstanceUid.empty() && !seriesInstanceUid.empty() && !studyInstanceUid.empty()) |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
231 { |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
232 AddDicomInstance(target, studyInstanceUid, seriesInstanceUid, sopInstanceUid); |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
233 return true; |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
234 } |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
235 else if (!seriesInstanceUid.empty() && !studyInstanceUid.empty()) |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
236 { |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
237 AddDicomSeries(target, studyInstanceUid, seriesInstanceUid); |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
238 return true; |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
239 } |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
240 else if (!studyInstanceUid.empty()) |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
241 { |
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
242 AddDicomStudy(target, studyInstanceUid); |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
243 return true; |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
244 } |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
245 else if (!patientId.empty()) |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
246 { |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
247 AddDicomPatient(target, patientId); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
248 return true; |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
249 } |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
250 } |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
251 |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
252 // Unknown type of resource: Consider it as a system access |
1 | 253 |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
254 // Remove the trailing slashes if need be |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
255 std::string s = uri; |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
256 while (!s.empty() && |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
257 s[s.length() - 1] == '/') |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
258 { |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
259 s = s.substr(0, s.length() - 1); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
260 } |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
261 |
109 | 262 std::set<std::string> labels; |
263 | |
264 target.push_back(AccessedResource(AccessLevel_System, s, "", labels)); | |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
265 return true; |
1 | 266 } |
267 } |