Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 196:55760c465c3a
Fix wrong access to POST /instances that was considered as a resource list
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Mon, 24 Jun 2024 18:28:16 +0200 |
parents | 2f1e872e8eaa |
children | 21abcb97ff3c |
comparison
equal
deleted
inserted
replaced
195:2f1e872e8eaa | 196:55760c465c3a |
---|---|
147 } | 147 } |
148 | 148 |
149 | 149 |
150 static bool CheckAuthorizedLabelsForResource(bool& granted, | 150 static bool CheckAuthorizedLabelsForResource(bool& granted, |
151 const std::string& uri, | 151 const std::string& uri, |
152 OrthancPluginHttpMethod method, | |
152 const OrthancPlugins::AssociativeArray& getArguments, | 153 const OrthancPlugins::AssociativeArray& getArguments, |
153 const OrthancPlugins::IAuthorizationService::UserProfile& profile) | 154 const OrthancPlugins::IAuthorizationService::UserProfile& profile) |
154 { | 155 { |
155 granted = false; | 156 granted = false; |
156 | 157 |
169 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap())) | 170 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap())) |
170 { | 171 { |
171 return false; // Unable to parse this URI, we could not check labels | 172 return false; // Unable to parse this URI, we could not check labels |
172 } | 173 } |
173 | 174 |
174 if (authorizationParser_->IsListOfResources(uri)) | 175 if (authorizationParser_->IsListOfResources(uri) && method == OrthancPluginHttpMethod_Get) |
175 { | 176 { |
176 granted = false; // if a user does not have access to all labels, he can not have access to a list of resources | 177 granted = false; // if a user does not have access to all labels, he can not have access to a list of resources |
177 return true; // we could check labels | 178 return true; // we could check labels |
178 } | 179 } |
179 | 180 |
358 | 359 |
359 // check labels permissions | 360 // check labels permissions |
360 msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; | 361 msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; |
361 | 362 |
362 bool hasAuthorizedLabelsForResource = false; | 363 bool hasAuthorizedLabelsForResource = false; |
363 if (CheckAuthorizedLabelsForResource(hasAuthorizedLabelsForResource, uri, getArguments, profile)) | 364 if (CheckAuthorizedLabelsForResource(hasAuthorizedLabelsForResource, uri, method, getArguments, profile)) |
364 { | 365 { |
365 if (hasAuthorizedLabelsForResource) | 366 if (hasAuthorizedLabelsForResource) |
366 { | 367 { |
367 LOG(INFO) << msg << " -> granted"; | 368 LOG(INFO) << msg << " -> granted"; |
368 } | 369 } |