Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 196:55760c465c3a
Fix wrong access to POST /instances that was considered as a resource list
| author | Alain Mazy <am@orthanc.team> |
|---|---|
| date | Mon, 24 Jun 2024 18:28:16 +0200 |
| parents | 2f1e872e8eaa |
| children | 21abcb97ff3c |
comparison
equal
deleted
inserted
replaced
| 195:2f1e872e8eaa | 196:55760c465c3a |
|---|---|
| 147 } | 147 } |
| 148 | 148 |
| 149 | 149 |
| 150 static bool CheckAuthorizedLabelsForResource(bool& granted, | 150 static bool CheckAuthorizedLabelsForResource(bool& granted, |
| 151 const std::string& uri, | 151 const std::string& uri, |
| 152 OrthancPluginHttpMethod method, | |
| 152 const OrthancPlugins::AssociativeArray& getArguments, | 153 const OrthancPlugins::AssociativeArray& getArguments, |
| 153 const OrthancPlugins::IAuthorizationService::UserProfile& profile) | 154 const OrthancPlugins::IAuthorizationService::UserProfile& profile) |
| 154 { | 155 { |
| 155 granted = false; | 156 granted = false; |
| 156 | 157 |
| 169 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap())) | 170 if (!authorizationParser_->Parse(accesses, uri, getArguments.GetMap())) |
| 170 { | 171 { |
| 171 return false; // Unable to parse this URI, we could not check labels | 172 return false; // Unable to parse this URI, we could not check labels |
| 172 } | 173 } |
| 173 | 174 |
| 174 if (authorizationParser_->IsListOfResources(uri)) | 175 if (authorizationParser_->IsListOfResources(uri) && method == OrthancPluginHttpMethod_Get) |
| 175 { | 176 { |
| 176 granted = false; // if a user does not have access to all labels, he can not have access to a list of resources | 177 granted = false; // if a user does not have access to all labels, he can not have access to a list of resources |
| 177 return true; // we could check labels | 178 return true; // we could check labels |
| 178 } | 179 } |
| 179 | 180 |
| 358 | 359 |
| 359 // check labels permissions | 360 // check labels permissions |
| 360 msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; | 361 msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; |
| 361 | 362 |
| 362 bool hasAuthorizedLabelsForResource = false; | 363 bool hasAuthorizedLabelsForResource = false; |
| 363 if (CheckAuthorizedLabelsForResource(hasAuthorizedLabelsForResource, uri, getArguments, profile)) | 364 if (CheckAuthorizedLabelsForResource(hasAuthorizedLabelsForResource, uri, method, getArguments, profile)) |
| 364 { | 365 { |
| 365 if (hasAuthorizedLabelsForResource) | 366 if (hasAuthorizedLabelsForResource) |
| 366 { | 367 { |
| 367 LOG(INFO) << msg << " -> granted"; | 368 LOG(INFO) << msg << " -> granted"; |
| 368 } | 369 } |