Mercurial > hg > orthanc-authorization

comparison Plugin/Plugin.cpp @ 194:85859ec3aa7e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added support for roles/permissions edition
author Alain Mazy <am@orthanc.team>
date Fri, 14 Jun 2024 16:26:53 +0200
parents c4b908970ae4
children 2f1e872e8eaa
comparison
equal deleted inserted replaced
188:c4b908970ae4 194:85859ec3aa7e
1052 OrthancPlugins::AnswerJson(jsonProfile, output); 1052 OrthancPlugins::AnswerJson(jsonProfile, output);
1053 } 1053 }
1054 } 1054 }
1055 } 1055 }
1056 1056
1057
1058 void AuthSettingsRoles(OrthancPluginRestOutput* output,
1059 const char* /*url*/,
1060 const OrthancPluginHttpRequest* request)
1061 {
1062 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
1063
1064 if (authorizationService_.get() == NULL) // this is not suppposed to happen
1065 {
1066 OrthancPlugins::AnswerHttpError(404, output);
1067 return;
1068 }
1069
1070 if (request->method == OrthancPluginHttpMethod_Get)
1071 {
1072 Json::Value roles;
1073
1074 if (!authorizationService_->GetSettingsRoles(roles))
1075 {
1076 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError, "Could not retrieve roles from the auth-service", true);
1077 }
1078
1079 OrthancPlugins::AnswerJson(roles, output);
1080 }
1081 else if (request->method == OrthancPluginHttpMethod_Put)
1082 {
1083 Json::Value roles;
1084 Json::Value response;
1085
1086 if (!OrthancPlugins::ReadJson(roles, request->body, request->bodySize))
1087 {
1088 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
1089 }
1090
1091 if (!authorizationService_->UpdateSettingsRoles(response, roles))
1092 {
1093 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError, "Could not update roles in the auth-service", true);
1094 }
1095 OrthancPlugins::AnswerJson(response, output);
1096 }
1097 else
1098 {
1099 OrthancPluginSendMethodNotAllowed(context, output, "GET,PUT");
1100 }
1101 }
1102
1103
1104 void GetPermissionList(OrthancPluginRestOutput* output,
1105 const char* /*url*/,
1106 const OrthancPluginHttpRequest* request)
1107 {
1108 OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
1109
1110 if (request->method != OrthancPluginHttpMethod_Get)
1111 {
1112 OrthancPluginSendMethodNotAllowed(context, output, "GET");
1113 }
1114 else
1115 {
1116 std::set<std::string> permissionsList = permissionParser_->GetPermissionsList();
1117
1118 Json::Value response = Json::arrayValue;
1119 Orthanc::SerializationToolbox::WriteSetOfStrings(response, permissionsList);
1120
1121 OrthancPlugins::AnswerJson(response, output);
1122 }
1123 }
1124
1125
1057 void MergeJson(Json::Value &a, const Json::Value &b) { 1126 void MergeJson(Json::Value &a, const Json::Value &b) {
1058 1127
1059 if (!a.isObject() || !b.isObject()) 1128 if (!a.isObject() || !b.isObject())
1060 { 1129 {
1061 return; 1130 return;
1185 1254
1186 std::string urlTokenDecoder; 1255 std::string urlTokenDecoder;
1187 std::string urlTokenValidation; 1256 std::string urlTokenValidation;
1188 std::string urlTokenCreationBase; 1257 std::string urlTokenCreationBase;
1189 std::string urlUserProfile; 1258 std::string urlUserProfile;
1259 std::string urlSettingsRole;
1190 std::string urlRoot; 1260 std::string urlRoot;
1191 1261
1192 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl"; 1262 static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl";
1193 static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; 1263 static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl";
1194 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; 1264 static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl";
1195 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; 1265 static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl";
1196 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; 1266 static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl";
1267 static const char* WEB_SERVICE_SETTINGS_ROLES = "WebServiceSettingsRolesUrl";
1197 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; 1268 static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService";
1198 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT)) 1269 if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT))
1199 { 1270 {
1200 urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode"); 1271 urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode");
1201 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate"); 1272 urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate");
1202 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/"); 1273 urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/");
1203 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile"); 1274 urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile");
1275 urlSettingsRole = Orthanc::Toolbox::JoinUri(urlRoot, "/settings/roles");
1204 } 1276 }
1205 else 1277 else
1206 { 1278 {
1207 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION); 1279 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION);
1208 pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER); 1280 pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER);
1211 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY); 1283 pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY);
1212 } 1284 }
1213 1285
1214 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE); 1286 pluginConfiguration.LookupStringValue(urlTokenCreationBase, WEB_SERVICE_TOKEN_CREATION_BASE);
1215 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE); 1287 pluginConfiguration.LookupStringValue(urlUserProfile, WEB_SERVICE_USER_PROFILE);
1288 pluginConfiguration.LookupStringValue(urlSettingsRole, WEB_SERVICE_SETTINGS_ROLES);
1216 } 1289 }
1217 1290
1218 authorizationParser_.reset(new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot)); 1291 authorizationParser_.reset(new OrthancPlugins::DefaultAuthorizationParser(factory, dicomWebRoot));
1219 1292
1220 if (!urlTokenValidation.empty()) 1293 if (!urlTokenValidation.empty())
1255 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase; 1328 LOG(WARNING) << "Authorization plugin: base url defined for Token Creation : " << urlTokenCreationBase;
1256 } 1329 }
1257 else 1330 else
1258 { 1331 {
1259 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation"; 1332 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation";
1333 }
1334
1335 if (!urlSettingsRole.empty())
1336 {
1337 LOG(WARNING) << "Authorization plugin: settings-roles url defined : " << urlSettingsRole;
1338 }
1339 else
1340 {
1341 LOG(WARNING) << "Authorization plugin: no settings-roles url defined";
1260 } 1342 }
1261 1343
1262 if (!resourceTokensEnabled_ && permissionParser_.get() == NULL) 1344 if (!resourceTokensEnabled_ && permissionParser_.get() == NULL)
1263 { 1345 {
1264 if (hasBasicAuthEnabled) 1346 if (hasBasicAuthEnabled)
1365 } 1447 }
1366 1448
1367 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation, 1449 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation,
1368 urlTokenCreationBase, 1450 urlTokenCreationBase,
1369 urlUserProfile, 1451 urlUserProfile,
1370 urlTokenDecoder)); 1452 urlTokenDecoder,
1453 urlSettingsRole));
1371 1454
1372 std::string webServiceIdentifier; 1455 std::string webServiceIdentifier;
1373 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier")) 1456 if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier"))
1374 { 1457 {
1375 webService->SetIdentifier(webServiceIdentifier); 1458 webService->SetIdentifier(webServiceIdentifier);
1399 if (!urlUserProfile.empty()) 1482 if (!urlUserProfile.empty())
1400 { 1483 {
1401 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true); 1484 OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true);
1402 OrthancPlugins::RegisterRestCallback<ToolsFind>("/tools/find", true); 1485 OrthancPlugins::RegisterRestCallback<ToolsFind>("/tools/find", true);
1403 OrthancPlugins::RegisterRestCallback<ToolsLabels>("/tools/labels", true); 1486 OrthancPlugins::RegisterRestCallback<ToolsLabels>("/tools/labels", true);
1487 OrthancPlugins::RegisterRestCallback<AuthSettingsRoles>("/auth/settings/roles", true);
1488 OrthancPlugins::RegisterRestCallback<GetPermissionList>("/auth/settings/permissions", true);
1404 } 1489 }
1405 1490
1406 if (!urlTokenCreationBase.empty()) 1491 if (!urlTokenCreationBase.empty())
1407 { 1492 {
1408 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true); 1493 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true);