Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 118:6fa53f624e1c
fix studyInstanceUid parsing
author | Alain Mazy <am@osimis.io> |
---|---|
date | Tue, 12 Sep 2023 12:24:52 +0200 |
parents | 968042b7df4c |
children | 66b2b938c43e |
comparison
equal
deleted
inserted
replaced
117:968042b7df4c | 118:6fa53f624e1c |
---|---|
586 } | 586 } |
587 } | 587 } |
588 } | 588 } |
589 } | 589 } |
590 | 590 |
591 bool GetStudyInstanceUIDFromQuery(std::string& studyInstanceUID, const Json::Value& body) | |
592 { | |
593 | |
594 if (!body.isMember("Query")) | |
595 { | |
596 return false; | |
597 } | |
598 | |
599 if (body["Query"].isMember("StudyInstanceUID")) | |
600 { | |
601 studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); | |
602 } | |
603 else if (body["Query"].isMember("0020,000d")) | |
604 { | |
605 studyInstanceUID = body["Query"]["0020,000d"].asString(); | |
606 } | |
607 else if (body["Query"].isMember("0020,000D")) | |
608 { | |
609 studyInstanceUID = body["Query"]["0020,000D"].asString(); | |
610 } | |
611 else if (body["Query"].isMember("0020000D")) | |
612 { | |
613 studyInstanceUID = body["Query"]["0020000D"].asString(); | |
614 } | |
615 else | |
616 { | |
617 return false; | |
618 } | |
619 | |
620 return true; | |
621 } | |
622 | |
591 void ToolsFind(OrthancPluginRestOutput* output, | 623 void ToolsFind(OrthancPluginRestOutput* output, |
592 const char* /*url*/, | 624 const char* /*url*/, |
593 const OrthancPluginHttpRequest* request) | 625 const OrthancPluginHttpRequest* request) |
594 { | 626 { |
595 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext(); | 627 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext(); |
612 OrthancPlugins::IAuthorizationService::UserProfile profile; | 644 OrthancPlugins::IAuthorizationService::UserProfile profile; |
613 if (GetUserProfileInternal(profile, request)) | 645 if (GetUserProfileInternal(profile, request)) |
614 { | 646 { |
615 if (!HasAccessToSomeLabels(profile)) | 647 if (!HasAccessToSomeLabels(profile)) |
616 { | 648 { |
649 std::string studyInstanceUID; | |
650 | |
617 // If anonymous user profile, it might be a resource token e.g accessing /dicom-web/studies/.../metadata | 651 // If anonymous user profile, it might be a resource token e.g accessing /dicom-web/studies/.../metadata |
618 // -> extract the StudyInstanceUID from the query and send the token for validation to the auth-service | 652 // -> extract the StudyInstanceUID from the query and send the token for validation to the auth-service |
619 // If there is no StudyInstanceUID, then, return a 403 because we don't know what resource it relates to | 653 // If there is no StudyInstanceUID, then, return a 403 because we don't know what resource it relates to |
620 if (!body.isMember("Query") || !(body["Query"].isMember("StudyInstanceUID") || body["Query"].isMember("0020,000d") || body["Query"].isMember("0020,000D"))) | 654 if (!GetStudyInstanceUIDFromQuery(studyInstanceUID, body)) |
621 { | 655 { |
622 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); | 656 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); |
657 } | |
658 | |
659 Json::Value studyOrhtancIds; | |
660 if (!OrthancPlugins::RestApiPost(studyOrhtancIds, "/tools/lookup", studyInstanceUID, false) || studyOrhtancIds.size() != 1) | |
661 { | |
662 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, unable to get the orthanc ID of StudyInstanceUID specified in the query."); | |
623 } | 663 } |
624 | 664 |
625 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request | 665 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request |
626 GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); | 666 GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); |
627 | |
628 | |
629 std::string studyInstanceUID; | |
630 if (body["Query"].isMember("StudyInstanceUID")) | |
631 { | |
632 studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); | |
633 } | |
634 else if (body["Query"].isMember("0020,000d")) | |
635 { | |
636 studyInstanceUID = body["Query"]["0020,000d"].asString(); | |
637 } | |
638 else if (body["Query"].isMember("0020,000D")) | |
639 { | |
640 studyInstanceUID = body["Query"]["0020,000D"].asString(); | |
641 } | |
642 | |
643 Json::Value studyOrhtancIds; | |
644 if (!OrthancPlugins::RestApiPost(studyOrhtancIds, "/tools/lookup", studyInstanceUID, false) || studyOrhtancIds.size() != 1) | |
645 { | |
646 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, unable to get the orthanc ID of StudyInstanceUID specified in the query."); | |
647 } | |
648 | 667 |
649 std::set<std::string> labels; | 668 std::set<std::string> labels; |
650 OrthancPlugins::AccessedResource accessedResource(Orthanc::ResourceType_Study, studyOrhtancIds[0]["ID"].asString(), studyInstanceUID, labels); | 669 OrthancPlugins::AccessedResource accessedResource(Orthanc::ResourceType_Study, studyOrhtancIds[0]["ID"].asString(), studyInstanceUID, labels); |
651 if (!IsResourceAccessGranted(authTokens, request->method, accessedResource)) | 670 if (!IsResourceAccessGranted(authTokens, request->method, accessedResource)) |
652 { | 671 { |