Mercurial > hg > orthanc-authorization
diff Plugin/Plugin.cpp @ 109:7381a7674b36
wip: adding labels
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 18 Aug 2023 12:08:49 +0200 |
parents | fcc4542a0c38 |
children | 2b1a95c7d263 |
line wrap: on
line diff
--- a/Plugin/Plugin.cpp Mon Aug 14 10:25:40 2023 +0200 +++ b/Plugin/Plugin.cpp Fri Aug 18 12:08:49 2023 +0200 @@ -22,7 +22,6 @@ #include "AuthorizationWebService.h" #include "PermissionParser.h" #include "MemoryCache.h" - #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" #include <Compatibility.h> // For std::unique_ptr<> @@ -88,9 +87,11 @@ { unsigned int validity; // ignored + // Allow GET accesses to unchecked resources/folders (usually static resources) + //////////////////////////////////////////////////////////////// + if (method == OrthancPluginHttpMethod_Get) { - // Allow GET accesses to static resources if (uncheckedResources_.find(uri) != uncheckedResources_.end()) { return 1; @@ -106,6 +107,9 @@ } } + // Extract auth tokens from headers and url get arguments + //////////////////////////////////////////////////////////////// + OrthancPlugins::AssociativeArray headers(headersCount, headersKeys, headersValues, false); OrthancPlugins::AssociativeArray getArguments(getArgumentsCount, getArgumentsKeys, getArgumentsValues, true); @@ -136,10 +140,11 @@ } } - // check if the user permissions grants him access + // Based on the tokens, check if the user has access based on its permissions and the mapping between urls and permissions + //////////////////////////////////////////////////////////////// + if (permissionParser_.get() != NULL && authorizationService_.get() != NULL) - // && uncheckedLevels_.find(OrthancPlugins::AccessLevel_UserPermissions) == uncheckedLevels_.end()) { std::set<std::string> requiredPermissions; std::string matchedPattern; @@ -168,6 +173,7 @@ LOG(INFO) << msg; if (authorizationService_->HasUserPermission(validity, requiredPermissions, authTokens[i].GetToken(), authTokens[i].GetValue())) { + // TODO: check labels permissions LOG(INFO) << msg << " -> granted"; return 1; } @@ -179,6 +185,10 @@ } } } + + + // + if (authorizationParser_.get() != NULL && authorizationService_.get() != NULL) { @@ -508,7 +518,7 @@ for (std::set<OrthancPlugins::Token>::const_iterator token = tokens_.begin(); token != tokens_.end(); ++token) { - Json::Value profile; + OrthancPlugins::IAuthorizationService::UserProfile profile; std::string value; @@ -532,7 +542,23 @@ unsigned int validity; // not used if (authorizationService_->GetUserProfile(validity, profile, *token, value)) { - OrthancPlugins::AnswerJson(profile, output); + Json::Value jsonProfile; + jsonProfile["name"] = profile.name; + jsonProfile["permissions"] = Json::arrayValue; + for (std::set<std::string>::const_iterator it = profile.permissions.begin(); it != profile.permissions.end(); ++it) + { + jsonProfile["permissions"].append(*it); + } + for (std::set<std::string>::const_iterator it = profile.authorizedLabels.begin(); it != profile.authorizedLabels.end(); ++it) + { + jsonProfile["authorized-labels"].append(*it); + } + for (std::set<std::string>::const_iterator it = profile.forbiddenLabels.begin(); it != profile.forbiddenLabels.end(); ++it) + { + jsonProfile["forbidden-labels"].append(*it); + } + + OrthancPlugins::AnswerJson(jsonProfile, output); return; } }