Mercurial > hg > orthanc-authorization
view Plugin/DefaultConfiguration.json @ 76:d301047ee3c4
fix unchecked resource
author | Alain Mazy <am@osimis.io> |
---|---|
date | Thu, 09 Mar 2023 14:37:52 +0100 |
parents | 57e98fc07ab2 |
children | 94a9484d7f8f |
line wrap: on
line source
{ "Authorization" : { // The Base URL of the auth webservice. This is an alias for all 3 next configurations: // // "WebServiceUserProfileUrl" : " ROOT /user/get-profile", // // "WebServiceTokenValidationUrl" : " ROOT /tokens/validate", // // "WebServiceTokenCreationBaseUrl" : " ROOT /tokens/", // You should define it only if your auth webservice implements all 3 routes ! // "WebServiceRootUrl" : "http://change-me:8000/", // The URL of the auth webservice route implementing user profile (optional) // (this configuration was previously named "WebService" and its old name is still accepted // for backward compatibility) // "WebServiceUserProfileUrl" : "http://change-me:8000/user/profile", // The URL of the auth webservice route implementing resource level authorization (optional) // "WebServiceTokenValidationUrl" : "http://change-me:8000/tokens/validate", // The Base URL of the auth webservice route to create tokens (optional) // "WebServiceTokenCreationBaseUrl" : "http://change-me:8000/tokens/", // The username and password to connect to the webservice (optional) //"WebServiceUsername": "change-me", //"WebServicePassword": "change-me", // An identifier added to the payload of each request to the auth webservice (optional) //"WebServiceIdentifier": "change-me" // The name of the HTTP headers that may contain auth tokens //"TokenHttpHeaders" : [], // the name of the GET arguments that may contain auth tokens //"TokenGetArguments" : [], // A list of predefined configurations for well-known plugins // "StandardConfigurations": [ // new in v 0.4.0 // "osimis-web-viewer", // "stone-webviewer", // "orthanc-explorer-2" // ], //"UncheckedResources" : [], //"UncheckedFolders" : [], //"CheckedLevel" : "studies", //"UncheckedLevels" : [], // Definition of required "user-permissions". This can be fully customized. // You may define other permissions yourself as long as they match the permissions // provided in the user-profile route implemented by the auth-service. // You may test your regex in https://regex101.com/ by selecting .NET (C#) and removing the leading ^ and trailing $ // The default configuration is suitable for Orthanc-Explorer-2 (see TBD sample) "Permissions" : [ ["post", "^/auth/tokens/decode$", ""], // elemental browsing in OE2 ["post", "^/tools/find$", "all|view"], ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)$", "all|view"], ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)/(studies|study|series|instances)$", "all|view"], ["get" , "^/instances/([a-f0-9-]+)/(tags|header)$", "all|view"], ["get" , "^/statistics$", "all|view"], // create links to open viewer or download resources ["put", "^/auth/tokens/(viewer-instant-link|meddream-instant-link)$", "all|view"], ["put", "^/auth/tokens/(download-instant-link)$", "all|download"], // share a link to open a study ["put", "^/auth/tokens/(stone-viewer-publication|meddream-viewer-publication|osimis-viewer-publication)$", "all|share"], // uploads ["post", "^/instances$", "all|upload"], // monitor jobs you have created ["get" , "^/jobs/([a-f0-9-]+)$", "all|send|modify|anonymize|q-r-remote-modalities"], // interacting with peers/modalities/dicomweb ["post", "^/(peers|modalities)/(.*)/store$", "all|send"], ["get" , "^/(peers|modalities)$", "all|send|q-r-remote-modalities"], ["post", "^/modalities/(.*)/echo$", "all|send|q-r-remote-modalities"], ["post", "^/modalities/(.*)/query$", "all|q-r-remote-modalities"], ["get", "^/queries/([a-f0-9-]+)/answers$", "all|q-r-remote-modalities"], ["post", "^/modalities/(.*)/move$", "all|q-r-remote-modalities"], ["get" , "^/DICOM_WEB_ROOT/servers$", "all|send|q-r-remote-modalities"], ["get" , "^/DICOM_WEB_ROOT/(servers)/(.*)/stow$", "all|send"], // modifications/anonymization ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/modify(.*)$", "all|modify"], ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/anonymize(.*)$", "all|anonymize"] ] } }