Mercurial > hg > orthanc-authorization
comparison Plugin/AuthorizationWebService.cpp @ 71:30fb3ce960d9
configurable user permissions
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 22 Feb 2023 13:13:38 +0100 |
parents | 786b202ef24e |
children | e381ba725669 |
comparison
equal
deleted
inserted
replaced
70:786b202ef24e | 71:30fb3ce960d9 |
---|---|
21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" | 21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" |
22 | 22 |
23 #include <Logging.h> | 23 #include <Logging.h> |
24 #include <Toolbox.h> | 24 #include <Toolbox.h> |
25 #include <HttpClient.h> | 25 #include <HttpClient.h> |
26 #include <algorithm> | |
26 | 27 |
27 namespace OrthancPlugins | 28 namespace OrthancPlugins |
28 { | 29 { |
30 static const char* GRANTED = "granted"; | |
31 static const char* VALIDITY = "validity"; | |
32 static const char* PERMISSIONS = "permissions"; | |
33 | |
34 | |
29 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, | 35 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
30 OrthancPluginHttpMethod method, | 36 OrthancPluginHttpMethod method, |
31 const AccessedResource& access, | 37 const AccessedResource& access, |
32 const Token* token, | 38 const Token* token, |
33 const std::string& tokenValue) | 39 const std::string& tokenValue) |
116 } | 122 } |
117 | 123 |
118 Json::Value answer; | 124 Json::Value answer; |
119 authClient.ApplyAndThrowException(answer); | 125 authClient.ApplyAndThrowException(answer); |
120 | 126 |
121 static const char* GRANTED = "granted"; | |
122 static const char* VALIDITY = "validity"; | |
123 | |
124 if (answer.type() != Json::objectValue || | 127 if (answer.type() != Json::objectValue || |
125 !answer.isMember(GRANTED) || | 128 !answer.isMember(GRANTED) || |
126 answer[GRANTED].type() != Json::booleanValue || | 129 answer[GRANTED].type() != Json::booleanValue || |
127 (answer.isMember(VALIDITY) && | 130 (answer.isMember(VALIDITY) && |
128 answer[VALIDITY].type() != Json::intValue)) | 131 answer[VALIDITY].type() != Json::intValue)) |
163 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) | 166 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) |
164 { | 167 { |
165 identifier_ = webServiceIdentifier; | 168 identifier_ = webServiceIdentifier; |
166 } | 169 } |
167 | 170 |
168 bool AuthorizationWebService::GetUserProfile(Json::Value& profile /* out */, | 171 bool AuthorizationWebService::GetUserProfileInternal(unsigned int& validity, |
169 const Token& token, | 172 Json::Value& profile /* out */, |
170 const std::string& tokenValue) | 173 const Token* token, |
174 const std::string& tokenValue) | |
171 { | 175 { |
172 if (userProfileUrl_.empty()) | 176 if (userProfileUrl_.empty()) |
173 { | 177 { |
174 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); | 178 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); |
175 } | 179 } |
182 authWebservice.SetCredentials(username_, password_); | 186 authWebservice.SetCredentials(username_, password_); |
183 } | 187 } |
184 | 188 |
185 Json::Value body; | 189 Json::Value body; |
186 | 190 |
187 body["token-key"] = token.GetKey(); | 191 if (token != NULL) |
188 body["token-value"] = tokenValue; | 192 { |
193 body["token-key"] = token->GetKey(); | |
194 body["token-value"] = tokenValue; | |
195 } | |
189 | 196 |
190 if (!identifier_.empty()) | 197 if (!identifier_.empty()) |
191 { | 198 { |
192 body["identifier"] = identifier_; | 199 body["identifier"] = identifier_; |
193 } | 200 } |
207 authClient.AddHeader("Content-Type", "application/json"); | 214 authClient.AddHeader("Content-Type", "application/json"); |
208 authClient.AddHeader("Expect", ""); | 215 authClient.AddHeader("Expect", ""); |
209 authClient.SetTimeout(10); | 216 authClient.SetTimeout(10); |
210 | 217 |
211 authClient.ApplyAndThrowException(profile); | 218 authClient.ApplyAndThrowException(profile); |
219 | |
220 if (profile.isMember("validity")) | |
221 { | |
222 validity = profile["validity"].asInt(); | |
223 } | |
224 else | |
225 { | |
226 validity = 0; | |
227 } | |
228 | |
212 return true; | 229 return true; |
213 } | 230 } |
214 catch (Orthanc::OrthancException& ex) | 231 catch (Orthanc::OrthancException& ex) |
215 { | 232 { |
216 return false; | 233 return false; |
217 } | 234 } |
218 } | 235 } |
219 | 236 |
237 bool AuthorizationWebService::HasUserPermissionInternal(unsigned int& validity, | |
238 const std::string& permission, | |
239 const Token* token, | |
240 const std::string& tokenValue) | |
241 { | |
242 Json::Value profile; | |
243 | |
244 | |
245 if (GetUserProfileInternal(validity, profile, token, tokenValue)) | |
246 { | |
247 if (profile.type() != Json::objectValue || | |
248 !profile.isMember(PERMISSIONS) || | |
249 !profile.isMember(VALIDITY) || | |
250 profile[PERMISSIONS].type() != Json::arrayValue || | |
251 profile[VALIDITY].type() != Json::intValue) | |
252 { | |
253 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, | |
254 "Syntax error in the result of the Web service"); | |
255 } | |
256 | |
257 validity = profile[VALIDITY].asUInt(); | |
258 | |
259 Json::Value& permissions = profile[PERMISSIONS]; | |
260 for (Json::ArrayIndex i = 0; i < permissions.size(); ++i) | |
261 { | |
262 if (permission == permissions[i].asString()) | |
263 { | |
264 return true; | |
265 } | |
266 } | |
267 } | |
268 | |
269 return false; | |
270 } | |
271 | |
220 } | 272 } |