Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 114:546aea509427
fix + Forbidden error code
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 06 Sep 2023 17:02:41 +0200 |
| parents | 43154740ea2e |
| children | 0eed78c1e177 |
comparison
equal
deleted
inserted
replaced
| 113:43154740ea2e | 114:546aea509427 |
|---|---|
| 483 Orthanc::SerializationToolbox::ReadSetOfStrings(labelsToFind, query, "Labels"); | 483 Orthanc::SerializationToolbox::ReadSetOfStrings(labelsToFind, query, "Labels"); |
| 484 labelsConstraint = Orthanc::SerializationToolbox::ReadString(query, "LabelsConstraint"); | 484 labelsConstraint = Orthanc::SerializationToolbox::ReadString(query, "LabelsConstraint"); |
| 485 } | 485 } |
| 486 else if (query.isMember("Labels") || query.isMember("LabelsConstraint")) | 486 else if (query.isMember("Labels") || query.isMember("LabelsConstraint")) |
| 487 { | 487 { |
| 488 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query, both 'Labels' and 'LabelsConstraint' must be defined together if one of them is defined."); | 488 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query, both 'Labels' and 'LabelsConstraint' must be defined together if one of them is defined."); |
| 489 } | 489 } |
| 490 | 490 |
| 491 if (!HasAccessToSomeLabels(profile)) | 491 if (!HasAccessToSomeLabels(profile)) |
| 492 { | 492 { |
| 493 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to call tools/find when the user does not have access to any labels."); | 493 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels."); |
| 494 } | 494 } |
| 495 else if (profile.authorizedLabels.size() > 0) | 495 else if (profile.authorizedLabels.size() > 0) |
| 496 { | 496 { |
| 497 // if the user has access to all labels: no need to transform the tools/find body, we keep it as is | 497 // if the user has access to all labels: no need to transform the tools/find body, we keep it as is |
| 498 if (!HasAccessToAllLabels(profile)) | 498 if (!HasAccessToAllLabels(profile)) |
| 500 | 500 |
| 501 if (labelsToFind.size() == 0) | 501 if (labelsToFind.size() == 0) |
| 502 { | 502 { |
| 503 if (profile.authorizedLabels.size() > 0) | 503 if (profile.authorizedLabels.size() > 0) |
| 504 { | 504 { |
| 505 query.removeMember("Labels"); | |
| 505 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.authorizedLabels, "Labels"); | 506 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.authorizedLabels, "Labels"); |
| 506 query["LabelsConstraint"] = "Any"; | 507 query["LabelsConstraint"] = "Any"; |
| 507 } | 508 } |
| 508 } | 509 } |
| 509 else if (labelsConstraint == "All") | 510 else if (labelsConstraint == "All") |
| 510 { | 511 { |
| 511 if (profile.authorizedLabels.size() > 0) | 512 if (profile.authorizedLabels.size() > 0) |
| 512 { | 513 { |
| 513 if (!Orthanc::Toolbox::IsSetInSet(labelsToFind, profile.authorizedLabels)) | 514 if (!Orthanc::Toolbox::IsSetInSet(labelsToFind, profile.authorizedLabels)) |
| 514 { | 515 { |
| 515 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user does not have access to all listed labels."); | 516 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user does not have access to all listed labels."); |
| 516 } | 517 } |
| 517 } | 518 } |
| 518 } | 519 } |
| 519 else if (labelsConstraint == "Any") | 520 else if (labelsConstraint == "Any") |
| 520 { | 521 { |
| 523 std::set<std::string> newLabelsToFind; | 524 std::set<std::string> newLabelsToFind; |
| 524 Orthanc::Toolbox::GetIntersection(newLabelsToFind, labelsToFind, profile.authorizedLabels); | 525 Orthanc::Toolbox::GetIntersection(newLabelsToFind, labelsToFind, profile.authorizedLabels); |
| 525 | 526 |
| 526 if (newLabelsToFind.size() == 0) | 527 if (newLabelsToFind.size() == 0) |
| 527 { | 528 { |
| 528 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when none of the labels to find is authorized for the user."); | 529 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when none of the labels to find is authorized for the user."); |
| 529 } | 530 } |
| 530 | 531 |
| 531 query.removeMember("Labels"); | 532 query.removeMember("Labels"); |
| 532 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels"); | 533 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels"); |
| 533 } | 534 } |
| 534 } | 535 } |
| 535 else if (labelsConstraint == "None") | 536 else if (labelsConstraint == "None") |
| 536 { | 537 { |
| 537 if (profile.authorizedLabels.size() > 0) | 538 if (profile.authorizedLabels.size() > 0) |
| 538 { | 539 { |
| 539 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query with 'None' labels constraint when the user only has authorized_labels."); | 540 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'None' labels constraint when the user only has authorized_labels."); |
| 540 } | 541 } |
| 541 } | 542 } |
| 542 } | 543 } |
| 543 } | 544 } |
| 544 } | 545 } |
| 576 } | 577 } |
| 577 | 578 |
| 578 } | 579 } |
| 579 else | 580 else |
| 580 { | 581 { |
| 581 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: no user profile found, access to tools/find is forbidden."); | 582 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: no user profile found, access to tools/find is forbidden."); |
| 582 } | 583 } |
| 583 } | 584 } |
| 584 } | 585 } |
| 585 | 586 |
| 586 void ToolsLabels(OrthancPluginRestOutput* output, | 587 void ToolsLabels(OrthancPluginRestOutput* output, |
| 625 } | 626 } |
| 626 | 627 |
| 627 } | 628 } |
| 628 else | 629 else |
| 629 { | 630 { |
| 630 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: no user profile found, access to tools/labels is forbidden."); | 631 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: no user profile found, access to tools/labels is forbidden."); |
| 631 } | 632 } |
| 632 } | 633 } |
| 633 } | 634 } |
| 634 | 635 |
| 635 | 636 |