Mercurial > hg > orthanc-authorization
diff Plugin/BaseAuthorizationService.h @ 71:30fb3ce960d9
configurable user permissions
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 22 Feb 2023 13:13:38 +0100 |
parents | |
children | aa73b10c2db9 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Plugin/BaseAuthorizationService.h Wed Feb 22 13:13:38 2023 +0100 @@ -0,0 +1,111 @@ +/** + * Advanced authorization plugin for Orthanc + * Copyright (C) 2017-2023 Osimis S.A., Belgium + * + * This program is free software: you can redistribute it and/or + * modify it under the terms of the GNU Affero General Public License + * as published by the Free Software Foundation, either version 3 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + **/ + +#pragma once + +#include "IAuthorizationService.h" + + +namespace OrthancPlugins +{ + class CachedAuthorizationService; + + class BaseAuthorizationService : public IAuthorizationService + { + friend CachedAuthorizationService; + protected: + virtual bool IsGrantedInternal(unsigned int& validity, + OrthancPluginHttpMethod method, + const AccessedResource& access, + const Token* token, + const std::string& tokenValue) = 0; + + virtual bool GetUserProfileInternal(unsigned int& validity, + Json::Value& profile /* out */, + const Token* token, + const std::string& tokenValue) = 0; + + virtual bool HasUserPermissionInternal(unsigned int& validity, + const std::string& permission, + const Token* token, + const std::string& tokenValue) = 0; + + public: + virtual ~BaseAuthorizationService() + { + } + + virtual bool IsGranted(unsigned int& validity, + OrthancPluginHttpMethod method, + const AccessedResource& access, + const Token& token, + const std::string& tokenValue) + { + return IsGrantedInternal(validity, method, access, &token, tokenValue); + } + + virtual bool IsGrantedToAnonymousUser(unsigned int& validity, + OrthancPluginHttpMethod method, + const AccessedResource& access) + { + return IsGrantedInternal(validity, method, access, NULL, ""); + } + + virtual bool GetUserProfile(unsigned int& validity, + Json::Value& profile /* out */, + const Token& token, + const std::string& tokenValue) + { + return GetUserProfileInternal(validity, profile, &token, tokenValue); + } + + virtual bool GetAnonymousUserProfile(unsigned int& validity /* out */, + Json::Value& profile /* out */) + { + return GetUserProfileInternal(validity, profile, NULL, ""); + } + + virtual bool HasUserPermission(unsigned int& validity /* out */, + const std::set<std::string>& anyOfPermissions, + const Token& token, + const std::string& tokenValue) + { + for (std::set<std::string>::const_iterator it = anyOfPermissions.begin(); it != anyOfPermissions.end(); ++it) + { + if (HasUserPermissionInternal(validity, *it, &token, tokenValue)) + { + return true; + } + } + return false; + } + + virtual bool HasAnonymousUserPermission(unsigned int& validity /* out */, + const std::set<std::string>& anyOfPermissions) + { + for (std::set<std::string>::const_iterator it = anyOfPermissions.begin(); it != anyOfPermissions.end(); ++it) + { + if (HasUserPermissionInternal(validity, *it, NULL, "")) + { + return true; + } + } + return false; + } + }; +}