Mercurial > hg > orthanc-authorization

comparison UnitTestsSources/UnitTestsMain.cpp @ 111:2b1a95c7d263

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wip: adjust tools/find queries
author Alain Mazy <am@osimis.io>
date Wed, 30 Aug 2023 18:10:09 +0200
parents aa56dcf599b9
children 572955904411
comparison
equal deleted inserted replaced
110:aa56dcf599b9 111:2b1a95c7d263
24 #include <boost/algorithm/string/predicate.hpp> 24 #include <boost/algorithm/string/predicate.hpp>
25 25
26 #include "../Plugin/DefaultAuthorizationParser.h" 26 #include "../Plugin/DefaultAuthorizationParser.h"
27 #include "../Plugin/AssociativeArray.h" 27 #include "../Plugin/AssociativeArray.h"
28 #include "../Plugin/AccessedResource.h" 28 #include "../Plugin/AccessedResource.h"
29 #include "../Plugin/IAuthorizationService.h"
29 #include "../Plugin/MemoryCache.h" 30 #include "../Plugin/MemoryCache.h"
30 #include "../Plugin/PermissionParser.h" 31 #include "../Plugin/PermissionParser.h"
31 #include "../Plugin/ResourceHierarchyCache.h" 32 #include "../Plugin/ResourceHierarchyCache.h"
33
34 extern void AdjustToolsFindQueryLabels(Json::Value& query, const OrthancPlugins::IAuthorizationService::UserProfile& profile);
32 35
33 using namespace OrthancPlugins; 36 using namespace OrthancPlugins;
34 37
35 std::string instanceOrthancId = "44444444-44444444-44444444-44444444-44444444"; 38 std::string instanceOrthancId = "44444444-44444444-44444444-44444444-44444444";
36 std::string seriesOrthancId = "33333333-33333333-33333333-33333333-33333333"; 39 std::string seriesOrthancId = "33333333-33333333-33333333-33333333-33333333";
296 accesses.clear(); 299 accesses.clear();
297 parser.Parse(accesses, "/dicom-web/servers/test/qido", noGetArguments.GetMap()); 300 parser.Parse(accesses, "/dicom-web/servers/test/qido", noGetArguments.GetMap());
298 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/servers/test/qido")); 301 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/servers/test/qido"));
299 302
300 } 303 }
304
305 bool IsInJsonArray(const char* needle, const Json::Value& array)
306 {
307 for (Json::ArrayIndex i = 0; i < array.size(); ++i)
308 {
309 if (array[i].asString() == needle)
310 {
311 return true;
312 }
313 }
314 return false;
315 }
316
317 TEST(ToolsFindLabels, AdjustQueryForUserWithoutRestrictions)
318 {
319 // user who has access to all labels
320 OrthancPlugins::IAuthorizationService::UserProfile profile;
321 profile.authorizedLabels.insert("*");
322
323 { // no labels before transformation -> no labels after
324 Json::Value query;
325 query["Query"] = Json::objectValue;
326 query["Query"]["PatientID"] = "*";
327
328 AdjustToolsFindQueryLabels(query, profile);
329
330 ASSERT_FALSE(query.isMember("Labels"));
331 ASSERT_FALSE(query.isMember("LabelsConstraint"));
332 }
333
334 { // missing LabelsConstraint -> throw
335 Json::Value query;
336 query["Query"] = Json::objectValue;
337 query["Query"]["PatientID"] = "*";
338 query["Labels"] = Json::arrayValue;
339 query["Labels"].append("a");
340
341 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
342 }
343
344 { // simple 'All' label constraint is not modified since user has access to all labels
345 Json::Value query;
346 query["Query"] = Json::objectValue;
347 query["Query"]["PatientID"] = "*";
348 query["Labels"] = Json::arrayValue;
349 query["Labels"].append("a");
350 query["Labels"].append("b");
351 query["LabelsConstraint"] = "All";
352
353 AdjustToolsFindQueryLabels(query, profile);
354
355 ASSERT_EQ(2u, query["Labels"].size());
356 ASSERT_TRUE(IsInJsonArray("a", query["Labels"]));
357 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
358 ASSERT_EQ("All", query["LabelsConstraint"].asString());
359 }
360
361 { // simple 'Any' label constraint is not modified since user has access to all labels
362 Json::Value query;
363 query["Query"] = Json::objectValue;
364 query["Query"]["PatientID"] = "*";
365 query["Labels"] = Json::arrayValue;
366 query["Labels"].append("a");
367 query["Labels"].append("b");
368 query["LabelsConstraint"] = "Any";
369
370 AdjustToolsFindQueryLabels(query, profile);
371
372 ASSERT_EQ(2u, query["Labels"].size());
373 ASSERT_TRUE(IsInJsonArray("a", query["Labels"]));
374 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
375 ASSERT_EQ("Any", query["LabelsConstraint"].asString());
376 }
377
378 { // simple 'None' label constraint is not modified since user has access to all labels
379 Json::Value query;
380 query["Query"] = Json::objectValue;
381 query["Query"]["PatientID"] = "*";
382 query["Labels"] = Json::arrayValue;
383 query["Labels"].append("a");
384 query["Labels"].append("b");
385 query["LabelsConstraint"] = "None";
386
387 AdjustToolsFindQueryLabels(query, profile);
388
389 ASSERT_EQ(2u, query["Labels"].size());
390 ASSERT_TRUE(IsInJsonArray("a", query["Labels"]));
391 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
392 ASSERT_EQ("None", query["LabelsConstraint"].asString());
393 }
394
395 }
396
397
398 TEST(ToolsFindLabels, AdjustQueryForUserWithAuthorizedLabelsRestrictions)
399 {
400 // user who has access only to "b" and "c"
401 OrthancPlugins::IAuthorizationService::UserProfile profile;
402 profile.authorizedLabels.insert("b");
403 profile.authorizedLabels.insert("c");
404
405 { // no labels before transformation -> "b", "c" label after
406 Json::Value query;
407 query["Query"] = Json::objectValue;
408 query["Query"]["PatientID"] = "*";
409
410 AdjustToolsFindQueryLabels(query, profile);
411
412 ASSERT_EQ(2u, query["Labels"].size());
413 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
414 ASSERT_TRUE(IsInJsonArray("c", query["Labels"]));
415 ASSERT_EQ("Any", query["LabelsConstraint"].asString());
416 }
417
418 { // missing LabelsConstraint -> throw
419 Json::Value query;
420 query["Query"] = Json::objectValue;
421 query["Query"]["PatientID"] = "*";
422 query["Labels"] = Json::arrayValue;
423 query["Labels"].append("a");
424
425 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
426 }
427
428 { // 'All' label constraint is not modified if it contains the labels that are accessible to the user
429 Json::Value query;
430 query["Query"] = Json::objectValue;
431 query["Query"]["PatientID"] = "*";
432 query["Labels"] = Json::arrayValue;
433 query["Labels"].append("b");
434 query["Labels"].append("c");
435 query["LabelsConstraint"] = "All";
436
437 AdjustToolsFindQueryLabels(query, profile);
438
439 ASSERT_EQ(2u, query["Labels"].size());
440 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
441 ASSERT_TRUE(IsInJsonArray("c", query["Labels"]));
442 ASSERT_EQ("All", query["LabelsConstraint"].asString());
443 }
444
445 { // 'All' label constraint is not modified if it contains a subset of the labels that are accessible to the user
446 Json::Value query;
447 query["Query"] = Json::objectValue;
448 query["Query"]["PatientID"] = "*";
449 query["Labels"] = Json::arrayValue;
450 query["Labels"].append("b");
451 query["LabelsConstraint"] = "All";
452
453 AdjustToolsFindQueryLabels(query, profile);
454
455 ASSERT_EQ(1u, query["Labels"].size());
456 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
457 ASSERT_EQ("All", query["LabelsConstraint"].asString());
458 }
459
460 { // 'All' label constraint becomes invalid if it contains a label that is not accessible to the user
461 Json::Value query;
462 query["Query"] = Json::objectValue;
463 query["Query"]["PatientID"] = "*";
464 query["Labels"] = Json::arrayValue;
465 query["Labels"].append("a");
466 query["Labels"].append("b");
467 query["LabelsConstraint"] = "All";
468
469 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
470 }
471
472 { // 'Any' label constraint is not modified if it contains the labels that are accessible to the user
473 Json::Value query;
474 query["Query"] = Json::objectValue;
475 query["Query"]["PatientID"] = "*";
476 query["Labels"] = Json::arrayValue;
477 query["Labels"].append("b");
478 query["Labels"].append("c");
479 query["LabelsConstraint"] = "Any";
480
481 AdjustToolsFindQueryLabels(query, profile);
482
483 ASSERT_EQ(2u, query["Labels"].size());
484 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
485 ASSERT_TRUE(IsInJsonArray("c", query["Labels"]));
486 ASSERT_EQ("Any", query["LabelsConstraint"].asString());
487 }
488
489 { // 'Any' label constraint is not modified if it contains a subset of the labels that are accessible to the user
490 Json::Value query;
491 query["Query"] = Json::objectValue;
492 query["Query"]["PatientID"] = "*";
493 query["Labels"] = Json::arrayValue;
494 query["Labels"].append("b");
495 query["LabelsConstraint"] = "Any";
496
497 AdjustToolsFindQueryLabels(query, profile);
498
499 ASSERT_EQ(1u, query["Labels"].size());
500 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
501 ASSERT_EQ("Any", query["LabelsConstraint"].asString());
502 }
503
504 { // 'Any' label constraint only contains the intersection of the initial requested labels and the ones authorized to the user
505 Json::Value query;
506 query["Query"] = Json::objectValue;
507 query["Query"]["PatientID"] = "*";
508 query["Labels"] = Json::arrayValue;
509 query["Labels"].append("a");
510 query["Labels"].append("b");
511 query["LabelsConstraint"] = "Any";
512
513 AdjustToolsFindQueryLabels(query, profile);
514
515 ASSERT_EQ(1u, query["Labels"].size());
516 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
517 ASSERT_EQ("Any", query["LabelsConstraint"].asString());
518 }
519
520 { // 'Any' label constraint can not be modified if the initial requested labels have nothing in common with the authorized labels
521 Json::Value query;
522 query["Query"] = Json::objectValue;
523 query["Query"]["PatientID"] = "*";
524 query["Labels"] = Json::arrayValue;
525 query["Labels"].append("d");
526 query["Labels"].append("e");
527 query["LabelsConstraint"] = "Any";
528
529 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
530 }
531
532 { // 'None' label constraint can not be modified since the user has only 'authorized_labels' -> throw
533 Json::Value query;
534 query["Query"] = Json::objectValue;
535 query["Query"]["PatientID"] = "*";
536 query["Labels"] = Json::arrayValue;
537 query["Labels"].append("b");
538 query["Labels"].append("c");
539 query["LabelsConstraint"] = "None";
540
541 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
542 }
543 }
544
545 TEST(ToolsFindLabels, AdjustQueryForUserWithForbiddenLabelsRestrictions)
546 {
547 // user who has forbidden access to "b" and "c"
548 OrthancPlugins::IAuthorizationService::UserProfile profile;
549 profile.forbiddenLabels.insert("b");
550 profile.forbiddenLabels.insert("c");
551
552 { // no labels before transformation -> "b", "c" label after (with a 'None' constraint)
553 Json::Value query;
554 query["Query"] = Json::objectValue;
555 query["Query"]["PatientID"] = "*";
556
557 AdjustToolsFindQueryLabels(query, profile);
558
559 ASSERT_EQ(2u, query["Labels"].size());
560 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
561 ASSERT_TRUE(IsInJsonArray("c", query["Labels"]));
562 ASSERT_EQ("None", query["LabelsConstraint"].asString());
563 }
564
565 { // missing LabelsConstraint -> throw
566 Json::Value query;
567 query["Query"] = Json::objectValue;
568 query["Query"]["PatientID"] = "*";
569 query["Labels"] = Json::arrayValue;
570 query["Labels"].append("a");
571
572 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
573 }
574
575 { // 'All' label constraint can not be modified for user with forbidden labels
576 Json::Value query;
577 query["Query"] = Json::objectValue;
578 query["Query"]["PatientID"] = "*";
579 query["Labels"] = Json::arrayValue;
580 query["Labels"].append("b");
581 query["Labels"].append("c");
582 query["LabelsConstraint"] = "All";
583
584 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
585 }
586
587 { // 'Any' label constraint can not be modified for user with forbidden labels
588 Json::Value query;
589 query["Query"] = Json::objectValue;
590 query["Query"]["PatientID"] = "*";
591 query["Labels"] = Json::arrayValue;
592 query["Labels"].append("b");
593 query["Labels"].append("c");
594 query["LabelsConstraint"] = "Any";
595
596 ASSERT_THROW(AdjustToolsFindQueryLabels(query, profile), Orthanc::OrthancException);
597 }
598
599 { // 'None' label constraint are modified to always contain at least all forbidden_labels of the user
600 Json::Value query;
601 query["Query"] = Json::objectValue;
602 query["Query"]["PatientID"] = "*";
603 query["Labels"] = Json::arrayValue;
604 query["Labels"].append("b");
605 query["LabelsConstraint"] = "None";
606
607 AdjustToolsFindQueryLabels(query, profile);
608 ASSERT_EQ(2u, query["Labels"].size());
609 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
610 ASSERT_TRUE(IsInJsonArray("c", query["Labels"]));
611 ASSERT_EQ("None", query["LabelsConstraint"].asString());
612 }
613
614 { // 'None' label constraint are modified to always contain at least all forbidden_labels of the user
615 Json::Value query;
616 query["Query"] = Json::objectValue;
617 query["Query"]["PatientID"] = "*";
618 query["Labels"] = Json::arrayValue;
619 query["Labels"].append("d");
620 query["LabelsConstraint"] = "None";
621
622 AdjustToolsFindQueryLabels(query, profile);
623 ASSERT_EQ(3u, query["Labels"].size());
624 ASSERT_TRUE(IsInJsonArray("b", query["Labels"]));
625 ASSERT_TRUE(IsInJsonArray("c", query["Labels"]));
626 ASSERT_TRUE(IsInJsonArray("d", query["Labels"]));
627 ASSERT_EQ("None", query["LabelsConstraint"].asString());
628 }
629 }
630
301 } 631 }
302 632
303 int main(int argc, char **argv) 633 int main(int argc, char **argv)
304 { 634 {
305 ::testing::InitGoogleTest(&argc, argv); 635 ::testing::InitGoogleTest(&argc, argv);