Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 194:85859ec3aa7e
added support for roles/permissions edition
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Fri, 14 Jun 2024 16:26:53 +0200 |
parents | c4b908970ae4 |
children | 2f1e872e8eaa |
comparison
equal
deleted
inserted
replaced
188:c4b908970ae4 | 194:85859ec3aa7e |
---|---|
1052 OrthancPlugins::AnswerJson(jsonProfile, output); | 1052 OrthancPlugins::AnswerJson(jsonProfile, output); |
1053 } | 1053 } |
1054 } | 1054 } |
1055 } | 1055 } |
1056 | 1056 |
1057 | |
1058 void AuthSettingsRoles(OrthancPluginRestOutput* output, | |
1059 const char* /*url*/, | |
1060 const OrthancPluginHttpRequest* request) | |
1061 { | |
1062 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext(); | |
1063 | |
1064 if (authorizationService_.get() == NULL) // this is not suppposed to happen | |
1065 { | |
1066 OrthancPlugins::AnswerHttpError(404, output); | |
1067 return; | |
1068 } | |
1069 | |
1070 if (request->method == OrthancPluginHttpMethod_Get) | |
1071 { | |
1072 Json::Value roles; | |
1073 | |
1074 if (!authorizationService_->GetSettingsRoles(roles)) | |
1075 { | |
1076 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError, "Could not retrieve roles from the auth-service", true); | |
1077 } | |
1078 | |
1079 OrthancPlugins::AnswerJson(roles, output); | |
1080 } | |
1081 else if (request->method == OrthancPluginHttpMethod_Put) | |
1082 { | |
1083 Json::Value roles; | |
1084 Json::Value response; | |
1085 | |
1086 if (!OrthancPlugins::ReadJson(roles, request->body, request->bodySize)) | |
1087 { | |
1088 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected"); | |
1089 } | |
1090 | |
1091 if (!authorizationService_->UpdateSettingsRoles(response, roles)) | |
1092 { | |
1093 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError, "Could not update roles in the auth-service", true); | |
1094 } | |
1095 OrthancPlugins::AnswerJson(response, output); | |
1096 } | |
1097 else | |
1098 { | |
1099 OrthancPluginSendMethodNotAllowed(context, output, "GET,PUT"); | |
1100 } | |
1101 } | |
1102 | |
1103 | |
1104 void GetPermissionList(OrthancPluginRestOutput* output, | |
1105 const char* /*url*/, | |
1106 const OrthancPluginHttpRequest* request) | |
1107 { | |
1108 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext(); | |
1109 | |
1110 if (request->method != OrthancPluginHttpMethod_Get) | |
1111 { | |
1112 OrthancPluginSendMethodNotAllowed(context, output, "GET"); | |
1113 } | |
1114 else | |
1115 { | |
1116 std::set<std::string> permissionsList = permissionParser_->GetPermissionsList(); | |
1117 | |
1118 Json::Value response = Json::arrayValue; | |
1119 Orthanc::SerializationToolbox::WriteSetOfStrings(response, permissionsList); | |
1120 | |
1121 OrthancPlugins::AnswerJson(response, output); | |
1122 } | |
1123 } | |
1124 | |
1125 | |
1057 void MergeJson(Json::Value &a, const Json::Value &b) { | 1126 void MergeJson(Json::Value &a, const Json::Value &b) { |
1058 | 1127 |
1059 if (!a.isObject() || !b.isObject()) | 1128 if (!a.isObject() || !b.isObject()) |
1060 { | 1129 { |
1061 return; | 1130 return; |
1185 | 1254 |
1186 std::string urlTokenDecoder; | 1255 std::string urlTokenDecoder; |
1187 std::string urlTokenValidation; | 1256 std::string urlTokenValidation; |
1188 std::string urlTokenCreationBase; | 1257 std::string urlTokenCreationBase; |
1189 std::string urlUserProfile; | 1258 std::string urlUserProfile; |
1259 std::string urlSettingsRole; | |
1190 std::string urlRoot; | 1260 std::string urlRoot; |
1191 | 1261 |
1192 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl"; | 1262 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl"; |
1193 static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; | 1263 static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; |
1194 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; | 1264 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; |
1195 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; | 1265 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; |
1196 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; | 1266 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; |
1267 static const char* WEB_SERVICE_SETTINGS_ROLES = "WebServiceSettingsRolesUrl"; | |
1197 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; | 1268 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; |
1198 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT)) | 1269 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT)) |
1199 { | 1270 { |
1200 urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode"); | 1271 urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode"); |
1201 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate"); | 1272 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate"); |
1202 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/"); | 1273 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/"); |
1203 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile"); | 1274 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile"); |
1275 urlSettingsRole = Orthanc::Toolbox::JoinUri(urlRoot, "/settings/roles"); | |
1204 } | 1276 } |
1205 else | 1277 else |
1206 { | 1278 { |
1207 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION); | 1279 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION); |
1208 pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER); | 1280 pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER); |
1211 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY); | 1283 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY); |
1212 } | 1284 } |
1213 | 1285 |
1214 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE); | 1286 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE); |
1215 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE); | 1287 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE); |
1288 pluginConfiguration.LookupStringValue(urlSettingsRole, WEB_SERVICE_SETTINGS_ROLES); | |
1216 } | 1289 } |
1217 | 1290 |
1218 authorizationParser_.reset(new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot)); | 1291 authorizationParser_.reset(new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot)); |
1219 | 1292 |
1220 if (!urlTokenValidation.empty()) | 1293 if (!urlTokenValidation.empty()) |
1255 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase; | 1328 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase; |
1256 } | 1329 } |
1257 else | 1330 else |
1258 { | 1331 { |
1259 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation"; | 1332 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation"; |
1333 } | |
1334 | |
1335 if (!urlSettingsRole.empty()) | |
1336 { | |
1337 LOG(WARNING) << "Authorization plugin: settings-roles url defined : " << urlSettingsRole; | |
1338 } | |
1339 else | |
1340 { | |
1341 LOG(WARNING) << "Authorization plugin: no settings-roles url defined"; | |
1260 } | 1342 } |
1261 | 1343 |
1262 if (!resourceTokensEnabled_ && permissionParser_.get() == NULL) | 1344 if (!resourceTokensEnabled_ && permissionParser_.get() == NULL) |
1263 { | 1345 { |
1264 if (hasBasicAuthEnabled) | 1346 if (hasBasicAuthEnabled) |
1365 } | 1447 } |
1366 | 1448 |
1367 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation, | 1449 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation, |
1368 urlTokenCreationBase, | 1450 urlTokenCreationBase, |
1369 urlUserProfile, | 1451 urlUserProfile, |
1370 urlTokenDecoder)); | 1452 urlTokenDecoder, |
1453 urlSettingsRole)); | |
1371 | 1454 |
1372 std::string webServiceIdentifier; | 1455 std::string webServiceIdentifier; |
1373 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier")) | 1456 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier")) |
1374 { | 1457 { |
1375 webService->SetIdentifier(webServiceIdentifier); | 1458 webService->SetIdentifier(webServiceIdentifier); |
1399 if (!urlUserProfile.empty()) | 1482 if (!urlUserProfile.empty()) |
1400 { | 1483 { |
1401 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true); | 1484 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true); |
1402 OrthancPlugins::RegisterRestCallback<ToolsFind>("/tools/find", true); | 1485 OrthancPlugins::RegisterRestCallback<ToolsFind>("/tools/find", true); |
1403 OrthancPlugins::RegisterRestCallback<ToolsLabels>("/tools/labels", true); | 1486 OrthancPlugins::RegisterRestCallback<ToolsLabels>("/tools/labels", true); |
1487 OrthancPlugins::RegisterRestCallback<AuthSettingsRoles>("/auth/settings/roles", true); | |
1488 OrthancPlugins::RegisterRestCallback<GetPermissionList>("/auth/settings/permissions", true); | |
1404 } | 1489 } |
1405 | 1490 |
1406 if (!urlTokenCreationBase.empty()) | 1491 if (!urlTokenCreationBase.empty()) |
1407 { | 1492 { |
1408 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true); | 1493 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true); |