Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 118:6fa53f624e1c
fix studyInstanceUid parsing
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Tue, 12 Sep 2023 12:24:52 +0200 |
| parents | 968042b7df4c |
| children | 66b2b938c43e |
comparison
equal
deleted
inserted
replaced
| 117:968042b7df4c | 118:6fa53f624e1c |
|---|---|
| 586 } | 586 } |
| 587 } | 587 } |
| 588 } | 588 } |
| 589 } | 589 } |
| 590 | 590 |
| 591 bool GetStudyInstanceUIDFromQuery(std::string& studyInstanceUID, const Json::Value& body) | |
| 592 { | |
| 593 | |
| 594 if (!body.isMember("Query")) | |
| 595 { | |
| 596 return false; | |
| 597 } | |
| 598 | |
| 599 if (body["Query"].isMember("StudyInstanceUID")) | |
| 600 { | |
| 601 studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); | |
| 602 } | |
| 603 else if (body["Query"].isMember("0020,000d")) | |
| 604 { | |
| 605 studyInstanceUID = body["Query"]["0020,000d"].asString(); | |
| 606 } | |
| 607 else if (body["Query"].isMember("0020,000D")) | |
| 608 { | |
| 609 studyInstanceUID = body["Query"]["0020,000D"].asString(); | |
| 610 } | |
| 611 else if (body["Query"].isMember("0020000D")) | |
| 612 { | |
| 613 studyInstanceUID = body["Query"]["0020000D"].asString(); | |
| 614 } | |
| 615 else | |
| 616 { | |
| 617 return false; | |
| 618 } | |
| 619 | |
| 620 return true; | |
| 621 } | |
| 622 | |
| 591 void ToolsFind(OrthancPluginRestOutput* output, | 623 void ToolsFind(OrthancPluginRestOutput* output, |
| 592 const char* /*url*/, | 624 const char* /*url*/, |
| 593 const OrthancPluginHttpRequest* request) | 625 const OrthancPluginHttpRequest* request) |
| 594 { | 626 { |
| 595 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext(); | 627 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext(); |
| 612 OrthancPlugins::IAuthorizationService::UserProfile profile; | 644 OrthancPlugins::IAuthorizationService::UserProfile profile; |
| 613 if (GetUserProfileInternal(profile, request)) | 645 if (GetUserProfileInternal(profile, request)) |
| 614 { | 646 { |
| 615 if (!HasAccessToSomeLabels(profile)) | 647 if (!HasAccessToSomeLabels(profile)) |
| 616 { | 648 { |
| 649 std::string studyInstanceUID; | |
| 650 | |
| 617 // If anonymous user profile, it might be a resource token e.g accessing /dicom-web/studies/.../metadata | 651 // If anonymous user profile, it might be a resource token e.g accessing /dicom-web/studies/.../metadata |
| 618 // -> extract the StudyInstanceUID from the query and send the token for validation to the auth-service | 652 // -> extract the StudyInstanceUID from the query and send the token for validation to the auth-service |
| 619 // If there is no StudyInstanceUID, then, return a 403 because we don't know what resource it relates to | 653 // If there is no StudyInstanceUID, then, return a 403 because we don't know what resource it relates to |
| 620 if (!body.isMember("Query") || !(body["Query"].isMember("StudyInstanceUID") || body["Query"].isMember("0020,000d") || body["Query"].isMember("0020,000D"))) | 654 if (!GetStudyInstanceUIDFromQuery(studyInstanceUID, body)) |
| 621 { | 655 { |
| 622 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); | 656 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); |
| 657 } | |
| 658 | |
| 659 Json::Value studyOrhtancIds; | |
| 660 if (!OrthancPlugins::RestApiPost(studyOrhtancIds, "/tools/lookup", studyInstanceUID, false) || studyOrhtancIds.size() != 1) | |
| 661 { | |
| 662 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, unable to get the orthanc ID of StudyInstanceUID specified in the query."); | |
| 623 } | 663 } |
| 624 | 664 |
| 625 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request | 665 std::vector<TokenAndValue> authTokens; // the tokens that are set in this request |
| 626 GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); | 666 GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); |
| 627 | |
| 628 | |
| 629 std::string studyInstanceUID; | |
| 630 if (body["Query"].isMember("StudyInstanceUID")) | |
| 631 { | |
| 632 studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); | |
| 633 } | |
| 634 else if (body["Query"].isMember("0020,000d")) | |
| 635 { | |
| 636 studyInstanceUID = body["Query"]["0020,000d"].asString(); | |
| 637 } | |
| 638 else if (body["Query"].isMember("0020,000D")) | |
| 639 { | |
| 640 studyInstanceUID = body["Query"]["0020,000D"].asString(); | |
| 641 } | |
| 642 | |
| 643 Json::Value studyOrhtancIds; | |
| 644 if (!OrthancPlugins::RestApiPost(studyOrhtancIds, "/tools/lookup", studyInstanceUID, false) || studyOrhtancIds.size() != 1) | |
| 645 { | |
| 646 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, unable to get the orthanc ID of StudyInstanceUID specified in the query."); | |
| 647 } | |
| 648 | 667 |
| 649 std::set<std::string> labels; | 668 std::set<std::string> labels; |
| 650 OrthancPlugins::AccessedResource accessedResource(Orthanc::ResourceType_Study, studyOrhtancIds[0]["ID"].asString(), studyInstanceUID, labels); | 669 OrthancPlugins::AccessedResource accessedResource(Orthanc::ResourceType_Study, studyOrhtancIds[0]["ID"].asString(), studyInstanceUID, labels); |
| 651 if (!IsResourceAccessGranted(authTokens, request->method, accessedResource)) | 670 if (!IsResourceAccessGranted(authTokens, request->method, accessedResource)) |
| 652 { | 671 { |