Mercurial > hg > orthanc-authorization
comparison UnitTestsSources/UnitTestsMain.cpp @ 111:2b1a95c7d263
wip: adjust tools/find queries
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 30 Aug 2023 18:10:09 +0200 |
parents | aa56dcf599b9 |
children | 572955904411 |
comparison
equal
deleted
inserted
replaced
110:aa56dcf599b9 | 111:2b1a95c7d263 |
---|---|
24 #include <boost/algorithm/string/predicate.hpp> | 24 #include <boost/algorithm/string/predicate.hpp> |
25 | 25 |
26 #include "../Plugin/DefaultAuthorizationParser.h" | 26 #include "../Plugin/DefaultAuthorizationParser.h" |
27 #include "../Plugin/AssociativeArray.h" | 27 #include "../Plugin/AssociativeArray.h" |
28 #include "../Plugin/AccessedResource.h" | 28 #include "../Plugin/AccessedResource.h" |
29 #include "../Plugin/IAuthorizationService.h" | |
29 #include "../Plugin/MemoryCache.h" | 30 #include "../Plugin/MemoryCache.h" |
30 #include "../Plugin/PermissionParser.h" | 31 #include "../Plugin/PermissionParser.h" |
31 #include "../Plugin/ResourceHierarchyCache.h" | 32 #include "../Plugin/ResourceHierarchyCache.h" |
33 | |
34 extern void AdjustToolsFindQueryLabels(Json::Value& query, const OrthancPlugins::IAuthorizationService::UserProfile& profile); | |
32 | 35 |
33 using namespace OrthancPlugins; | 36 using namespace OrthancPlugins; |
34 | 37 |
35 std::string instanceOrthancId = "44444444-44444444-44444444-44444444-44444444"; | 38 std::string instanceOrthancId = "44444444-44444444-44444444-44444444-44444444"; |
36 std::string seriesOrthancId = "33333333-33333333-33333333-33333333-33333333"; | 39 std::string seriesOrthancId = "33333333-33333333-33333333-33333333-33333333"; |
296 accesses.clear(); | 299 accesses.clear(); |
297 parser.Parse(accesses, "/dicom-web/servers/test/qido", noGetArguments.GetMap()); | 300 parser.Parse(accesses, "/dicom-web/servers/test/qido", noGetArguments.GetMap()); |
298 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/servers/test/qido")); | 301 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/servers/test/qido")); |
299 | 302 |
300 } | 303 } |
304 | |
305 bool IsInJsonArray(const char* needle, const Json::Value& array) | |
306 { | |
307 for (Json::ArrayIndex i = 0; i < array.size(); ++i) | |
308 { | |
309 if (array[i].asString() == needle) | |
310 { | |
311 return true; | |
312 } | |
313 } | |
314 return false; | |
315 } | |
316 | |
317 TEST(ToolsFindLabels, AdjustQueryForUserWithoutRestrictions) | |
318 { | |
319 // user who has access to all labels | |
320 OrthancPlugins::IAuthorizationService::UserProfile profile; | |
321 profile.authorizedLabels.insert("*"); | |
322 | |
323 { // no labels before transformation -> no labels after | |
324 Json::Value query; | |
325 query["Query"] = Json::objectValue; | |
326 query["Query"]["PatientID"] = "*"; | |
327 | |
328 AdjustToolsFindQueryLabels(query, profile); | |
329 | |
330 ASSERT_FALSE(query.isMember("Labels")); | |
331 ASSERT_FALSE(query.isMember("LabelsConstraint")); | |
332 } | |
333 | |
334 { // missing LabelsConstraint -> throw | |
335 Json::Value query; | |
336 query["Query"] = Json::objectValue; | |
337 query["Query"]["PatientID"] = "*"; | |
338 query["Labels"] = Json::arrayValue; | |
339 query["Labels"].append("a"); | |
340 | |
341 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
342 } | |
343 | |
344 { // simple 'All' label constraint is not modified since user has access to all labels | |
345 Json::Value query; | |
346 query["Query"] = Json::objectValue; | |
347 query["Query"]["PatientID"] = "*"; | |
348 query["Labels"] = Json::arrayValue; | |
349 query["Labels"].append("a"); | |
350 query["Labels"].append("b"); | |
351 query["LabelsConstraint"] = "All"; | |
352 | |
353 AdjustToolsFindQueryLabels(query, profile); | |
354 | |
355 ASSERT_EQ(2u, query["Labels"].size()); | |
356 ASSERT_TRUE(IsInJsonArray("a", query["Labels"])); | |
357 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
358 ASSERT_EQ("All", query["LabelsConstraint"].asString()); | |
359 } | |
360 | |
361 { // simple 'Any' label constraint is not modified since user has access to all labels | |
362 Json::Value query; | |
363 query["Query"] = Json::objectValue; | |
364 query["Query"]["PatientID"] = "*"; | |
365 query["Labels"] = Json::arrayValue; | |
366 query["Labels"].append("a"); | |
367 query["Labels"].append("b"); | |
368 query["LabelsConstraint"] = "Any"; | |
369 | |
370 AdjustToolsFindQueryLabels(query, profile); | |
371 | |
372 ASSERT_EQ(2u, query["Labels"].size()); | |
373 ASSERT_TRUE(IsInJsonArray("a", query["Labels"])); | |
374 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
375 ASSERT_EQ("Any", query["LabelsConstraint"].asString()); | |
376 } | |
377 | |
378 { // simple 'None' label constraint is not modified since user has access to all labels | |
379 Json::Value query; | |
380 query["Query"] = Json::objectValue; | |
381 query["Query"]["PatientID"] = "*"; | |
382 query["Labels"] = Json::arrayValue; | |
383 query["Labels"].append("a"); | |
384 query["Labels"].append("b"); | |
385 query["LabelsConstraint"] = "None"; | |
386 | |
387 AdjustToolsFindQueryLabels(query, profile); | |
388 | |
389 ASSERT_EQ(2u, query["Labels"].size()); | |
390 ASSERT_TRUE(IsInJsonArray("a", query["Labels"])); | |
391 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
392 ASSERT_EQ("None", query["LabelsConstraint"].asString()); | |
393 } | |
394 | |
395 } | |
396 | |
397 | |
398 TEST(ToolsFindLabels, AdjustQueryForUserWithAuthorizedLabelsRestrictions) | |
399 { | |
400 // user who has access only to "b" and "c" | |
401 OrthancPlugins::IAuthorizationService::UserProfile profile; | |
402 profile.authorizedLabels.insert("b"); | |
403 profile.authorizedLabels.insert("c"); | |
404 | |
405 { // no labels before transformation -> "b", "c" label after | |
406 Json::Value query; | |
407 query["Query"] = Json::objectValue; | |
408 query["Query"]["PatientID"] = "*"; | |
409 | |
410 AdjustToolsFindQueryLabels(query, profile); | |
411 | |
412 ASSERT_EQ(2u, query["Labels"].size()); | |
413 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
414 ASSERT_TRUE(IsInJsonArray("c", query["Labels"])); | |
415 ASSERT_EQ("Any", query["LabelsConstraint"].asString()); | |
416 } | |
417 | |
418 { // missing LabelsConstraint -> throw | |
419 Json::Value query; | |
420 query["Query"] = Json::objectValue; | |
421 query["Query"]["PatientID"] = "*"; | |
422 query["Labels"] = Json::arrayValue; | |
423 query["Labels"].append("a"); | |
424 | |
425 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
426 } | |
427 | |
428 { // 'All' label constraint is not modified if it contains the labels that are accessible to the user | |
429 Json::Value query; | |
430 query["Query"] = Json::objectValue; | |
431 query["Query"]["PatientID"] = "*"; | |
432 query["Labels"] = Json::arrayValue; | |
433 query["Labels"].append("b"); | |
434 query["Labels"].append("c"); | |
435 query["LabelsConstraint"] = "All"; | |
436 | |
437 AdjustToolsFindQueryLabels(query, profile); | |
438 | |
439 ASSERT_EQ(2u, query["Labels"].size()); | |
440 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
441 ASSERT_TRUE(IsInJsonArray("c", query["Labels"])); | |
442 ASSERT_EQ("All", query["LabelsConstraint"].asString()); | |
443 } | |
444 | |
445 { // 'All' label constraint is not modified if it contains a subset of the labels that are accessible to the user | |
446 Json::Value query; | |
447 query["Query"] = Json::objectValue; | |
448 query["Query"]["PatientID"] = "*"; | |
449 query["Labels"] = Json::arrayValue; | |
450 query["Labels"].append("b"); | |
451 query["LabelsConstraint"] = "All"; | |
452 | |
453 AdjustToolsFindQueryLabels(query, profile); | |
454 | |
455 ASSERT_EQ(1u, query["Labels"].size()); | |
456 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
457 ASSERT_EQ("All", query["LabelsConstraint"].asString()); | |
458 } | |
459 | |
460 { // 'All' label constraint becomes invalid if it contains a label that is not accessible to the user | |
461 Json::Value query; | |
462 query["Query"] = Json::objectValue; | |
463 query["Query"]["PatientID"] = "*"; | |
464 query["Labels"] = Json::arrayValue; | |
465 query["Labels"].append("a"); | |
466 query["Labels"].append("b"); | |
467 query["LabelsConstraint"] = "All"; | |
468 | |
469 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
470 } | |
471 | |
472 { // 'Any' label constraint is not modified if it contains the labels that are accessible to the user | |
473 Json::Value query; | |
474 query["Query"] = Json::objectValue; | |
475 query["Query"]["PatientID"] = "*"; | |
476 query["Labels"] = Json::arrayValue; | |
477 query["Labels"].append("b"); | |
478 query["Labels"].append("c"); | |
479 query["LabelsConstraint"] = "Any"; | |
480 | |
481 AdjustToolsFindQueryLabels(query, profile); | |
482 | |
483 ASSERT_EQ(2u, query["Labels"].size()); | |
484 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
485 ASSERT_TRUE(IsInJsonArray("c", query["Labels"])); | |
486 ASSERT_EQ("Any", query["LabelsConstraint"].asString()); | |
487 } | |
488 | |
489 { // 'Any' label constraint is not modified if it contains a subset of the labels that are accessible to the user | |
490 Json::Value query; | |
491 query["Query"] = Json::objectValue; | |
492 query["Query"]["PatientID"] = "*"; | |
493 query["Labels"] = Json::arrayValue; | |
494 query["Labels"].append("b"); | |
495 query["LabelsConstraint"] = "Any"; | |
496 | |
497 AdjustToolsFindQueryLabels(query, profile); | |
498 | |
499 ASSERT_EQ(1u, query["Labels"].size()); | |
500 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
501 ASSERT_EQ("Any", query["LabelsConstraint"].asString()); | |
502 } | |
503 | |
504 { // 'Any' label constraint only contains the intersection of the initial requested labels and the ones authorized to the user | |
505 Json::Value query; | |
506 query["Query"] = Json::objectValue; | |
507 query["Query"]["PatientID"] = "*"; | |
508 query["Labels"] = Json::arrayValue; | |
509 query["Labels"].append("a"); | |
510 query["Labels"].append("b"); | |
511 query["LabelsConstraint"] = "Any"; | |
512 | |
513 AdjustToolsFindQueryLabels(query, profile); | |
514 | |
515 ASSERT_EQ(1u, query["Labels"].size()); | |
516 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
517 ASSERT_EQ("Any", query["LabelsConstraint"].asString()); | |
518 } | |
519 | |
520 { // 'Any' label constraint can not be modified if the initial requested labels have nothing in common with the authorized labels | |
521 Json::Value query; | |
522 query["Query"] = Json::objectValue; | |
523 query["Query"]["PatientID"] = "*"; | |
524 query["Labels"] = Json::arrayValue; | |
525 query["Labels"].append("d"); | |
526 query["Labels"].append("e"); | |
527 query["LabelsConstraint"] = "Any"; | |
528 | |
529 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
530 } | |
531 | |
532 { // 'None' label constraint can not be modified since the user has only 'authorized_labels' -> throw | |
533 Json::Value query; | |
534 query["Query"] = Json::objectValue; | |
535 query["Query"]["PatientID"] = "*"; | |
536 query["Labels"] = Json::arrayValue; | |
537 query["Labels"].append("b"); | |
538 query["Labels"].append("c"); | |
539 query["LabelsConstraint"] = "None"; | |
540 | |
541 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
542 } | |
543 } | |
544 | |
545 TEST(ToolsFindLabels, AdjustQueryForUserWithForbiddenLabelsRestrictions) | |
546 { | |
547 // user who has forbidden access to "b" and "c" | |
548 OrthancPlugins::IAuthorizationService::UserProfile profile; | |
549 profile.forbiddenLabels.insert("b"); | |
550 profile.forbiddenLabels.insert("c"); | |
551 | |
552 { // no labels before transformation -> "b", "c" label after (with a 'None' constraint) | |
553 Json::Value query; | |
554 query["Query"] = Json::objectValue; | |
555 query["Query"]["PatientID"] = "*"; | |
556 | |
557 AdjustToolsFindQueryLabels(query, profile); | |
558 | |
559 ASSERT_EQ(2u, query["Labels"].size()); | |
560 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
561 ASSERT_TRUE(IsInJsonArray("c", query["Labels"])); | |
562 ASSERT_EQ("None", query["LabelsConstraint"].asString()); | |
563 } | |
564 | |
565 { // missing LabelsConstraint -> throw | |
566 Json::Value query; | |
567 query["Query"] = Json::objectValue; | |
568 query["Query"]["PatientID"] = "*"; | |
569 query["Labels"] = Json::arrayValue; | |
570 query["Labels"].append("a"); | |
571 | |
572 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
573 } | |
574 | |
575 { // 'All' label constraint can not be modified for user with forbidden labels | |
576 Json::Value query; | |
577 query["Query"] = Json::objectValue; | |
578 query["Query"]["PatientID"] = "*"; | |
579 query["Labels"] = Json::arrayValue; | |
580 query["Labels"].append("b"); | |
581 query["Labels"].append("c"); | |
582 query["LabelsConstraint"] = "All"; | |
583 | |
584 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
585 } | |
586 | |
587 { // 'Any' label constraint can not be modified for user with forbidden labels | |
588 Json::Value query; | |
589 query["Query"] = Json::objectValue; | |
590 query["Query"]["PatientID"] = "*"; | |
591 query["Labels"] = Json::arrayValue; | |
592 query["Labels"].append("b"); | |
593 query["Labels"].append("c"); | |
594 query["LabelsConstraint"] = "Any"; | |
595 | |
596 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException); | |
597 } | |
598 | |
599 { // 'None' label constraint are modified to always contain at least all forbidden_labels of the user | |
600 Json::Value query; | |
601 query["Query"] = Json::objectValue; | |
602 query["Query"]["PatientID"] = "*"; | |
603 query["Labels"] = Json::arrayValue; | |
604 query["Labels"].append("b"); | |
605 query["LabelsConstraint"] = "None"; | |
606 | |
607 AdjustToolsFindQueryLabels(query, profile); | |
608 ASSERT_EQ(2u, query["Labels"].size()); | |
609 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
610 ASSERT_TRUE(IsInJsonArray("c", query["Labels"])); | |
611 ASSERT_EQ("None", query["LabelsConstraint"].asString()); | |
612 } | |
613 | |
614 { // 'None' label constraint are modified to always contain at least all forbidden_labels of the user | |
615 Json::Value query; | |
616 query["Query"] = Json::objectValue; | |
617 query["Query"]["PatientID"] = "*"; | |
618 query["Labels"] = Json::arrayValue; | |
619 query["Labels"].append("d"); | |
620 query["LabelsConstraint"] = "None"; | |
621 | |
622 AdjustToolsFindQueryLabels(query, profile); | |
623 ASSERT_EQ(3u, query["Labels"].size()); | |
624 ASSERT_TRUE(IsInJsonArray("b", query["Labels"])); | |
625 ASSERT_TRUE(IsInJsonArray("c", query["Labels"])); | |
626 ASSERT_TRUE(IsInJsonArray("d", query["Labels"])); | |
627 ASSERT_EQ("None", query["LabelsConstraint"].asString()); | |
628 } | |
629 } | |
630 | |
301 } | 631 } |
302 | 632 |
303 int main(int argc, char **argv) | 633 int main(int argc, char **argv) |
304 { | 634 { |
305 ::testing::InitGoogleTest(&argc, argv); | 635 ::testing::InitGoogleTest(&argc, argv); |