Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 114:546aea509427
fix + Forbidden error code
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 06 Sep 2023 17:02:41 +0200 |
parents | 43154740ea2e |
children | 0eed78c1e177 |
comparison
equal
deleted
inserted
replaced
113:43154740ea2e | 114:546aea509427 |
---|---|
483 Orthanc::SerializationToolbox::ReadSetOfStrings(labelsToFind, query, "Labels"); | 483 Orthanc::SerializationToolbox::ReadSetOfStrings(labelsToFind, query, "Labels"); |
484 labelsConstraint = Orthanc::SerializationToolbox::ReadString(query, "LabelsConstraint"); | 484 labelsConstraint = Orthanc::SerializationToolbox::ReadString(query, "LabelsConstraint"); |
485 } | 485 } |
486 else if (query.isMember("Labels") || query.isMember("LabelsConstraint")) | 486 else if (query.isMember("Labels") || query.isMember("LabelsConstraint")) |
487 { | 487 { |
488 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query, both 'Labels' and 'LabelsConstraint' must be defined together if one of them is defined."); | 488 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query, both 'Labels' and 'LabelsConstraint' must be defined together if one of them is defined."); |
489 } | 489 } |
490 | 490 |
491 if (!HasAccessToSomeLabels(profile)) | 491 if (!HasAccessToSomeLabels(profile)) |
492 { | 492 { |
493 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to call tools/find when the user does not have access to any labels."); | 493 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels."); |
494 } | 494 } |
495 else if (profile.authorizedLabels.size() > 0) | 495 else if (profile.authorizedLabels.size() > 0) |
496 { | 496 { |
497 // if the user has access to all labels: no need to transform the tools/find body, we keep it as is | 497 // if the user has access to all labels: no need to transform the tools/find body, we keep it as is |
498 if (!HasAccessToAllLabels(profile)) | 498 if (!HasAccessToAllLabels(profile)) |
500 | 500 |
501 if (labelsToFind.size() == 0) | 501 if (labelsToFind.size() == 0) |
502 { | 502 { |
503 if (profile.authorizedLabels.size() > 0) | 503 if (profile.authorizedLabels.size() > 0) |
504 { | 504 { |
505 query.removeMember("Labels"); | |
505 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.authorizedLabels, "Labels"); | 506 Orthanc::SerializationToolbox::WriteSetOfStrings(query, profile.authorizedLabels, "Labels"); |
506 query["LabelsConstraint"] = "Any"; | 507 query["LabelsConstraint"] = "Any"; |
507 } | 508 } |
508 } | 509 } |
509 else if (labelsConstraint == "All") | 510 else if (labelsConstraint == "All") |
510 { | 511 { |
511 if (profile.authorizedLabels.size() > 0) | 512 if (profile.authorizedLabels.size() > 0) |
512 { | 513 { |
513 if (!Orthanc::Toolbox::IsSetInSet(labelsToFind, profile.authorizedLabels)) | 514 if (!Orthanc::Toolbox::IsSetInSet(labelsToFind, profile.authorizedLabels)) |
514 { | 515 { |
515 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user does not have access to all listed labels."); | 516 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when the user does not have access to all listed labels."); |
516 } | 517 } |
517 } | 518 } |
518 } | 519 } |
519 else if (labelsConstraint == "Any") | 520 else if (labelsConstraint == "Any") |
520 { | 521 { |
523 std::set<std::string> newLabelsToFind; | 524 std::set<std::string> newLabelsToFind; |
524 Orthanc::Toolbox::GetIntersection(newLabelsToFind, labelsToFind, profile.authorizedLabels); | 525 Orthanc::Toolbox::GetIntersection(newLabelsToFind, labelsToFind, profile.authorizedLabels); |
525 | 526 |
526 if (newLabelsToFind.size() == 0) | 527 if (newLabelsToFind.size() == 0) |
527 { | 528 { |
528 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when none of the labels to find is authorized for the user."); | 529 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'All' labels constraint when none of the labels to find is authorized for the user."); |
529 } | 530 } |
530 | 531 |
531 query.removeMember("Labels"); | 532 query.removeMember("Labels"); |
532 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels"); | 533 Orthanc::SerializationToolbox::WriteSetOfStrings(query, newLabelsToFind, "Labels"); |
533 } | 534 } |
534 } | 535 } |
535 else if (labelsConstraint == "None") | 536 else if (labelsConstraint == "None") |
536 { | 537 { |
537 if (profile.authorizedLabels.size() > 0) | 538 if (profile.authorizedLabels.size() > 0) |
538 { | 539 { |
539 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: unable to transform tools/find query with 'None' labels constraint when the user only has authorized_labels."); | 540 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to transform tools/find query with 'None' labels constraint when the user only has authorized_labels."); |
540 } | 541 } |
541 } | 542 } |
542 } | 543 } |
543 } | 544 } |
544 } | 545 } |
576 } | 577 } |
577 | 578 |
578 } | 579 } |
579 else | 580 else |
580 { | 581 { |
581 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: no user profile found, access to tools/find is forbidden."); | 582 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: no user profile found, access to tools/find is forbidden."); |
582 } | 583 } |
583 } | 584 } |
584 } | 585 } |
585 | 586 |
586 void ToolsLabels(OrthancPluginRestOutput* output, | 587 void ToolsLabels(OrthancPluginRestOutput* output, |
625 } | 626 } |
626 | 627 |
627 } | 628 } |
628 else | 629 else |
629 { | 630 { |
630 throw Orthanc::OrthancException(Orthanc::ErrorCode_Unauthorized, "Auth plugin: no user profile found, access to tools/labels is forbidden."); | 631 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: no user profile found, access to tools/labels is forbidden."); |
631 } | 632 } |
632 } | 633 } |
633 } | 634 } |
634 | 635 |
635 | 636 |