Mercurial > hg > orthanc-authorization

comparison Plugin/AuthorizationWebService.cpp @ 112:572955904411

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added tools/labels + removed forbidden_labels
author Alain Mazy <am@osimis.io>
date Thu, 31 Aug 2023 16:51:15 +0200
parents 7381a7674b36
children 43154740ea2e
comparison
equal deleted inserted replaced
111:2b1a95c7d263 112:572955904411
30 { 30 {
31 static const char* GRANTED = "granted"; 31 static const char* GRANTED = "granted";
32 static const char* VALIDITY = "validity"; 32 static const char* VALIDITY = "validity";
33 static const char* PERMISSIONS = "permissions"; 33 static const char* PERMISSIONS = "permissions";
34 static const char* AUTHORIZED_LABELS = "authorized-labels"; 34 static const char* AUTHORIZED_LABELS = "authorized-labels";
35 static const char* FORBIDDEN_LABELS = "forbidden-labels";
36 static const char* USER_NAME = "name"; 35 static const char* USER_NAME = "name";
37 36
38 37
39 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, 38 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity,
40 OrthancPluginHttpMethod method, 39 OrthancPluginHttpMethod method,
375 374
376 if (jsonProfile.type() != Json::objectValue || 375 if (jsonProfile.type() != Json::objectValue ||
377 !jsonProfile.isMember(PERMISSIONS) || 376 !jsonProfile.isMember(PERMISSIONS) ||
378 !jsonProfile.isMember(VALIDITY) || 377 !jsonProfile.isMember(VALIDITY) ||
379 !jsonProfile.isMember(AUTHORIZED_LABELS) || 378 !jsonProfile.isMember(AUTHORIZED_LABELS) ||
380 !jsonProfile.isMember(FORBIDDEN_LABELS) ||
381 !jsonProfile.isMember(USER_NAME) || 379 !jsonProfile.isMember(USER_NAME) ||
382 jsonProfile[PERMISSIONS].type() != Json::arrayValue || 380 jsonProfile[PERMISSIONS].type() != Json::arrayValue ||
383 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || 381 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue ||
384 jsonProfile[FORBIDDEN_LABELS].type() != Json::arrayValue ||
385 jsonProfile[VALIDITY].type() != Json::intValue || 382 jsonProfile[VALIDITY].type() != Json::intValue ||
386 jsonProfile[USER_NAME].type() != Json::stringValue) 383 jsonProfile[USER_NAME].type() != Json::stringValue)
387 { 384 {
388 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, 385 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol,
389 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); 386 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid");
399 } 396 }
400 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) 397 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i)
401 { 398 {
402 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); 399 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString());
403 } 400 }
404 for (Json::ArrayIndex i = 0; i < jsonProfile[FORBIDDEN_LABELS].size(); ++i) 401
405 { 402 if (profile.authorizedLabels.size() == 0)
406 profile.forbiddenLabels.insert(jsonProfile[FORBIDDEN_LABELS][i].asString()); 403 {
407 } 404 LOG(WARNING) << "The UserProfile does not contain any authorized labels, you should add, e.g, \"authorized_labels\": [\"*\"] to grant him access to all labels !";
408
409 if (profile.authorizedLabels.size() > 0 && profile.forbiddenLabels.size() > 0)
410 {
411 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol,
412 "Syntax error in the result of the Auth Web service, the UserProfile can not contain both authorized and forbidden labels");
413 }
414
415 if (profile.authorizedLabels.size() == 0 && profile.forbiddenLabels.size() == 0)
416 {
417 LOG(WARNING) << "The UserProfile does not contain any authorized or forbidden labels, assuming the user has access to all data (equivalent to \"authorized_labels\": [\"*\"]) !";
418 profile.authorizedLabels.insert("*");
419 } 405 }
420 406
421 return true; 407 return true;
422 } 408 }
423 catch (Orthanc::OrthancException& ex) 409 catch (Orthanc::OrthancException& ex)