Mercurial > hg > orthanc-authorization
comparison Plugin/AuthorizationWebService.cpp @ 71:30fb3ce960d9
configurable user permissions
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 22 Feb 2023 13:13:38 +0100 |
| parents | 786b202ef24e |
| children | e381ba725669 |
comparison
equal
deleted
inserted
replaced
| 70:786b202ef24e | 71:30fb3ce960d9 |
|---|---|
| 21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" | 21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" |
| 22 | 22 |
| 23 #include <Logging.h> | 23 #include <Logging.h> |
| 24 #include <Toolbox.h> | 24 #include <Toolbox.h> |
| 25 #include <HttpClient.h> | 25 #include <HttpClient.h> |
| 26 #include <algorithm> | |
| 26 | 27 |
| 27 namespace OrthancPlugins | 28 namespace OrthancPlugins |
| 28 { | 29 { |
| 30 static const char* GRANTED = "granted"; | |
| 31 static const char* VALIDITY = "validity"; | |
| 32 static const char* PERMISSIONS = "permissions"; | |
| 33 | |
| 34 | |
| 29 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, | 35 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
| 30 OrthancPluginHttpMethod method, | 36 OrthancPluginHttpMethod method, |
| 31 const AccessedResource& access, | 37 const AccessedResource& access, |
| 32 const Token* token, | 38 const Token* token, |
| 33 const std::string& tokenValue) | 39 const std::string& tokenValue) |
| 116 } | 122 } |
| 117 | 123 |
| 118 Json::Value answer; | 124 Json::Value answer; |
| 119 authClient.ApplyAndThrowException(answer); | 125 authClient.ApplyAndThrowException(answer); |
| 120 | 126 |
| 121 static const char* GRANTED = "granted"; | |
| 122 static const char* VALIDITY = "validity"; | |
| 123 | |
| 124 if (answer.type() != Json::objectValue || | 127 if (answer.type() != Json::objectValue || |
| 125 !answer.isMember(GRANTED) || | 128 !answer.isMember(GRANTED) || |
| 126 answer[GRANTED].type() != Json::booleanValue || | 129 answer[GRANTED].type() != Json::booleanValue || |
| 127 (answer.isMember(VALIDITY) && | 130 (answer.isMember(VALIDITY) && |
| 128 answer[VALIDITY].type() != Json::intValue)) | 131 answer[VALIDITY].type() != Json::intValue)) |
| 163 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) | 166 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) |
| 164 { | 167 { |
| 165 identifier_ = webServiceIdentifier; | 168 identifier_ = webServiceIdentifier; |
| 166 } | 169 } |
| 167 | 170 |
| 168 bool AuthorizationWebService::GetUserProfile(Json::Value& profile /* out */, | 171 bool AuthorizationWebService::GetUserProfileInternal(unsigned int& validity, |
| 169 const Token& token, | 172 Json::Value& profile /* out */, |
| 170 const std::string& tokenValue) | 173 const Token* token, |
| 174 const std::string& tokenValue) | |
| 171 { | 175 { |
| 172 if (userProfileUrl_.empty()) | 176 if (userProfileUrl_.empty()) |
| 173 { | 177 { |
| 174 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); | 178 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); |
| 175 } | 179 } |
| 182 authWebservice.SetCredentials(username_, password_); | 186 authWebservice.SetCredentials(username_, password_); |
| 183 } | 187 } |
| 184 | 188 |
| 185 Json::Value body; | 189 Json::Value body; |
| 186 | 190 |
| 187 body["token-key"] = token.GetKey(); | 191 if (token != NULL) |
| 188 body["token-value"] = tokenValue; | 192 { |
| 193 body["token-key"] = token->GetKey(); | |
| 194 body["token-value"] = tokenValue; | |
| 195 } | |
| 189 | 196 |
| 190 if (!identifier_.empty()) | 197 if (!identifier_.empty()) |
| 191 { | 198 { |
| 192 body["identifier"] = identifier_; | 199 body["identifier"] = identifier_; |
| 193 } | 200 } |
| 207 authClient.AddHeader("Content-Type", "application/json"); | 214 authClient.AddHeader("Content-Type", "application/json"); |
| 208 authClient.AddHeader("Expect", ""); | 215 authClient.AddHeader("Expect", ""); |
| 209 authClient.SetTimeout(10); | 216 authClient.SetTimeout(10); |
| 210 | 217 |
| 211 authClient.ApplyAndThrowException(profile); | 218 authClient.ApplyAndThrowException(profile); |
| 219 | |
| 220 if (profile.isMember("validity")) | |
| 221 { | |
| 222 validity = profile["validity"].asInt(); | |
| 223 } | |
| 224 else | |
| 225 { | |
| 226 validity = 0; | |
| 227 } | |
| 228 | |
| 212 return true; | 229 return true; |
| 213 } | 230 } |
| 214 catch (Orthanc::OrthancException& ex) | 231 catch (Orthanc::OrthancException& ex) |
| 215 { | 232 { |
| 216 return false; | 233 return false; |
| 217 } | 234 } |
| 218 } | 235 } |
| 219 | 236 |
| 237 bool AuthorizationWebService::HasUserPermissionInternal(unsigned int& validity, | |
| 238 const std::string& permission, | |
| 239 const Token* token, | |
| 240 const std::string& tokenValue) | |
| 241 { | |
| 242 Json::Value profile; | |
| 243 | |
| 244 | |
| 245 if (GetUserProfileInternal(validity, profile, token, tokenValue)) | |
| 246 { | |
| 247 if (profile.type() != Json::objectValue || | |
| 248 !profile.isMember(PERMISSIONS) || | |
| 249 !profile.isMember(VALIDITY) || | |
| 250 profile[PERMISSIONS].type() != Json::arrayValue || | |
| 251 profile[VALIDITY].type() != Json::intValue) | |
| 252 { | |
| 253 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, | |
| 254 "Syntax error in the result of the Web service"); | |
| 255 } | |
| 256 | |
| 257 validity = profile[VALIDITY].asUInt(); | |
| 258 | |
| 259 Json::Value& permissions = profile[PERMISSIONS]; | |
| 260 for (Json::ArrayIndex i = 0; i < permissions.size(); ++i) | |
| 261 { | |
| 262 if (permission == permissions[i].asString()) | |
| 263 { | |
| 264 return true; | |
| 265 } | |
| 266 } | |
| 267 } | |
| 268 | |
| 269 return false; | |
| 270 } | |
| 271 | |
| 220 } | 272 } |