view Plugin/DefaultConfiguration.json @ 75:57e98fc07ab2

default permissions
author Alain Mazy <am@osimis.io>
date Mon, 06 Mar 2023 11:34:18 +0100
parents 512247750f0a
children 94a9484d7f8f
line wrap: on
line source

{
    "Authorization" : {
        // The Base URL of the auth webservice.  This is an alias for all 3 next configurations:
        // // "WebServiceUserProfileUrl" : " ROOT /user/get-profile",
        // // "WebServiceTokenValidationUrl" : " ROOT /tokens/validate",
        // // "WebServiceTokenCreationBaseUrl" : " ROOT /tokens/",
        // You should define it only if your auth webservice implements all 3 routes !
        // "WebServiceRootUrl" : "http://change-me:8000/",

        // The URL of the auth webservice route implementing user profile (optional)
        // (this configuration was previously named "WebService" and its old name is still accepted
        //  for backward compatibility)
        // "WebServiceUserProfileUrl" : "http://change-me:8000/user/profile",

        // The URL of the auth webservice route implementing resource level authorization (optional)
        // "WebServiceTokenValidationUrl" : "http://change-me:8000/tokens/validate",

        // The Base URL of the auth webservice route to create tokens (optional)
        // "WebServiceTokenCreationBaseUrl" : "http://change-me:8000/tokens/",

        // The username and password to connect to the webservice (optional)
        //"WebServiceUsername": "change-me",
        //"WebServicePassword": "change-me",
        
        // An identifier added to the payload of each request to the auth webservice (optional)
        //"WebServiceIdentifier": "change-me"

        // The name of the HTTP headers that may contain auth tokens
        //"TokenHttpHeaders" : [],
        
        // the name of the GET arguments that may contain auth tokens
        //"TokenGetArguments" : [],

        // A list of predefined configurations for well-known plugins
        // "StandardConfigurations": [               // new in v 0.4.0
        //     "osimis-web-viewer",
        //     "stone-webviewer",
        //     "orthanc-explorer-2"
        // ],

        //"UncheckedResources" : [],
        //"UncheckedFolders" : [],
        //"CheckedLevel" : "studies",
        //"UncheckedLevels" : [],

        // Definition of required "user-permissions".  This can be fully customized.
        // You may define other permissions yourself as long as they match the permissions
        // provided in the user-profile route implemented by the auth-service.
        // You may test your regex in https://regex101.com/ by selecting .NET (C#) and removing the leading ^ and trailing $
        // The default configuration is suitable for Orthanc-Explorer-2 (see TBD sample)
        "Permissions" : [
            ["post", "^/auth/tokens/decode$", ""],

            // elemental browsing in OE2
            ["post", "^/tools/find$", "all|view"],
            ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)$", "all|view"],
            ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)/(studies|study|series|instances)$", "all|view"],
            ["get" , "^/instances/([a-f0-9-]+)/(tags|header)$", "all|view"],
            ["get" , "^/statistics$", "all|view"],

            // create links to open viewer or download resources
            ["put", "^/auth/tokens/(viewer-instant-link|meddream-instant-link)$", "all|view"],
            ["put", "^/auth/tokens/(download-instant-link)$", "all|download"],

            // share a link to open a study
            ["put", "^/auth/tokens/(stone-viewer-publication|meddream-viewer-publication|osimis-viewer-publication)$", "all|share"],

            // uploads
            ["post", "^/instances$", "all|upload"],

            // monitor jobs you have created
            ["get" , "^/jobs/([a-f0-9-]+)$", "all|send|modify|anonymize|q-r-remote-modalities"],

            // interacting with peers/modalities/dicomweb
            ["post", "^/(peers|modalities)/(.*)/store$", "all|send"],
            ["get" , "^/(peers|modalities)$", "all|send|q-r-remote-modalities"],
            ["post", "^/modalities/(.*)/echo$", "all|send|q-r-remote-modalities"],
            ["post", "^/modalities/(.*)/query$", "all|q-r-remote-modalities"],
            ["get", "^/queries/([a-f0-9-]+)/answers$", "all|q-r-remote-modalities"],
            ["post", "^/modalities/(.*)/move$", "all|q-r-remote-modalities"],
            ["get" , "^/DICOM_WEB_ROOT/servers$", "all|send|q-r-remote-modalities"],
            ["get" , "^/DICOM_WEB_ROOT/(servers)/(.*)/stow$", "all|send"],

            // modifications/anonymization
            ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/modify(.*)$", "all|modify"],
            ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/anonymize(.*)$", "all|anonymize"]
        ]
    }
}