Mercurial > hg > orthanc-authorization
comparison Plugin/AuthorizationWebService.cpp @ 112:572955904411
added tools/labels + removed forbidden_labels
author | Alain Mazy <am@osimis.io> |
---|---|
date | Thu, 31 Aug 2023 16:51:15 +0200 |
parents | 7381a7674b36 |
children | 43154740ea2e |
comparison
equal
deleted
inserted
replaced
111:2b1a95c7d263 | 112:572955904411 |
---|---|
30 { | 30 { |
31 static const char* GRANTED = "granted"; | 31 static const char* GRANTED = "granted"; |
32 static const char* VALIDITY = "validity"; | 32 static const char* VALIDITY = "validity"; |
33 static const char* PERMISSIONS = "permissions"; | 33 static const char* PERMISSIONS = "permissions"; |
34 static const char* AUTHORIZED_LABELS = "authorized-labels"; | 34 static const char* AUTHORIZED_LABELS = "authorized-labels"; |
35 static const char* FORBIDDEN_LABELS = "forbidden-labels"; | |
36 static const char* USER_NAME = "name"; | 35 static const char* USER_NAME = "name"; |
37 | 36 |
38 | 37 |
39 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, | 38 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
40 OrthancPluginHttpMethod method, | 39 OrthancPluginHttpMethod method, |
375 | 374 |
376 if (jsonProfile.type() != Json::objectValue || | 375 if (jsonProfile.type() != Json::objectValue || |
377 !jsonProfile.isMember(PERMISSIONS) || | 376 !jsonProfile.isMember(PERMISSIONS) || |
378 !jsonProfile.isMember(VALIDITY) || | 377 !jsonProfile.isMember(VALIDITY) || |
379 !jsonProfile.isMember(AUTHORIZED_LABELS) || | 378 !jsonProfile.isMember(AUTHORIZED_LABELS) || |
380 !jsonProfile.isMember(FORBIDDEN_LABELS) || | |
381 !jsonProfile.isMember(USER_NAME) || | 379 !jsonProfile.isMember(USER_NAME) || |
382 jsonProfile[PERMISSIONS].type() != Json::arrayValue || | 380 jsonProfile[PERMISSIONS].type() != Json::arrayValue || |
383 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || | 381 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || |
384 jsonProfile[FORBIDDEN_LABELS].type() != Json::arrayValue || | |
385 jsonProfile[VALIDITY].type() != Json::intValue || | 382 jsonProfile[VALIDITY].type() != Json::intValue || |
386 jsonProfile[USER_NAME].type() != Json::stringValue) | 383 jsonProfile[USER_NAME].type() != Json::stringValue) |
387 { | 384 { |
388 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, | 385 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
389 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); | 386 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); |
399 } | 396 } |
400 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) | 397 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) |
401 { | 398 { |
402 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); | 399 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); |
403 } | 400 } |
404 for (Json::ArrayIndex i = 0; i < jsonProfile[FORBIDDEN_LABELS].size(); ++i) | 401 |
405 { | 402 if (profile.authorizedLabels.size() == 0) |
406 profile.forbiddenLabels.insert(jsonProfile[FORBIDDEN_LABELS][i].asString()); | 403 { |
407 } | 404 LOG(WARNING) << "The UserProfile does not contain any authorized labels, you should add, e.g, \"authorized_labels\": [\"*\"] to grant him access to all labels !"; |
408 | |
409 if (profile.authorizedLabels.size() > 0 && profile.forbiddenLabels.size() > 0) | |
410 { | |
411 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, | |
412 "Syntax error in the result of the Auth Web service, the UserProfile can not contain both authorized and forbidden labels"); | |
413 } | |
414 | |
415 if (profile.authorizedLabels.size() == 0 && profile.forbiddenLabels.size() == 0) | |
416 { | |
417 LOG(WARNING) << "The UserProfile does not contain any authorized or forbidden labels, assuming the user has access to all data (equivalent to \"authorized_labels\": [\"*\"]) !"; | |
418 profile.authorizedLabels.insert("*"); | |
419 } | 405 } |
420 | 406 |
421 return true; | 407 return true; |
422 } | 408 } |
423 catch (Orthanc::OrthancException& ex) | 409 catch (Orthanc::OrthancException& ex) |