Mercurial > hg > orthanc-authorization

comparison Plugin/Plugin.cpp @ 165:99bdc05012c0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix wrong forbidden access to dicom-web resources for users with access to all labels
author Alain Mazy <am@orthanc.team>
date Mon, 29 Apr 2024 12:50:24 +0200
parents 4f5c7acb626f
children 3c99bb6fd309
comparison
equal deleted inserted replaced
163:4f5c7acb626f 165:99bdc05012c0
705 } 705 }
706 else if (queryLevel == Orthanc::ResourceType_Series || queryLevel == Orthanc::ResourceType_Instance) 706 else if (queryLevel == Orthanc::ResourceType_Series || queryLevel == Orthanc::ResourceType_Instance)
707 { 707 {
708 std::string studyInstanceUID; 708 std::string studyInstanceUID;
709 709
710 if (!HasAccessToAllLabels(profile) && !GetStudyInstanceUIDFromQuery(studyInstanceUID, query)) 710 if (!HasAccessToAllLabels(profile)) // no need to adjust anything if the user has access to all labels
711 { 711 {
712 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find at Series or Instance level when the user does not have access to ALL labels or when there is no StudyInstanceUID in the query."); 712 if (!GetStudyInstanceUIDFromQuery(studyInstanceUID, query))
713 } 713 {
714 else 714 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find at Series or Instance level when the user does not have access to ALL labels or when there is no StudyInstanceUID in the query.");
715 { 715 }
716
716 // since this is a series/instance find, make sure the user has access to the parent study 717 // since this is a series/instance find, make sure the user has access to the parent study
717 Json::Value studyOrthancIds; 718 Json::Value studyOrthancIds;
718 if (!OrthancPlugins::RestApiPost(studyOrthancIds, "/tools/lookup", studyInstanceUID, false)) 719 if (!OrthancPlugins::RestApiPost(studyOrthancIds, "/tools/lookup", studyInstanceUID, false))
719 { 720 {
720 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find at Series or Instance level, unable to get the orthanc ID of StudyInstanceUID specified in the query."); 721 throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find at Series or Instance level, unable to get the orthanc ID of StudyInstanceUID specified in the query.");