Mercurial > hg > orthanc-authorization

view NEWS @ 219:e8feeebcf643 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix
author Alain Mazy <am@orthanc.team>
date Thu, 27 Feb 2025 15:27:25 +0100
parents 24199565c7e6
children
line wrap: on
line source

Pending changes in the mainline
===============================

* The plugin is now using the HttpClient from the Orthanc core instead of its
  own HttpClient which should enable support for https since the plugin
  is not built with SSL support.


2025-02-27 - v 0.9.0
====================

* The plugin now filters out all unauthorized labels from the "Labels" fields
  in the responses of these API routes:
  - /tools/find
  - /studies/{id} & similar routes
  - /studies/{id}/series & similar routes
  - /series/{id}/study & similar routes
  - /series/{id}/labels & similar routes
  In the past, this was only done in /tools/labels
* Allow using the auth-plugin together with "AuthenticationEnabled": true.
  https://discourse.orthanc-server.org/t/user-based-access-control-with-label-based-resource-access/5454
* Added a default permission for /auth/tokens/volview-viewer-publication
* New standard configuration "volview"


2025-01-22 - v 0.8.2
====================

* Fix forbidden access when the PatientID and StudyInstanceUID are identical.
* Fix an error when WebServiceSettingsRolesUrl is not defined.
* Now handling /tools/count-resources API route.
* New standard configuration "volview" although Volview is not yet ready to support
  the token: https://github.com/Kitware/VolView/issues/689


2024-07-03 - v 0.8.1
====================

* Fix internal error when the auth-service was not configured to implement the role/permission API


2024-06-27 - v 0.8.0
====================

* Added support for roles/permissions edition:
  - new configuration "WebServiceSettingsRolesUrl"
  - new API routes:
    - /auth/settings/roles (GET/PUT)
    - /auth/settings/permissions (GET)
* Fix wrong access to POST /instances that was considered as a resource list.


2024-05-16 - v 0.7.2
====================

* Fix wrong forbidden access to /dicom-web/studies/../series for users who 
  had "authorized_labels"=="*"
* Added new default permissions for /tools/create-dicom, 
  /stl/encode-rtstruct, /stl/encode-nifti

2024-03-25 - v 0.7.1
====================

* Added missing parsing of /dicom-web/studies/.../instances
* Clarification: the "authorized_labels" field of the user profile
  is actually a list of studies authorized labels !  
* The tools/find has been updated to take this into account and will 
  possibly refuse to perform tools/find at instance or series level if there
  is no StudyInstanceUID in the query.
  This fixes forbidden access to e.g. /dicom-web/studies/../series/../instances/..
  on studies that have at least one authorized_labels.
* The GET argument tokens are now also added as HTTP headers in the query to the
  auth-service (this was already done only for Header tokens).
* The default permissions have been updated to handle /system & /plugins/...


2024-02-16 - v 0.7.0
====================

* Added new default permissions "SINGLE_RESOURCE_PATTERNS" and 
  reorganized the permissions accordingly.  
  This notably facilitate accessing a single resource with a user token.  
  The plugins first check that the user has the right permissions to access the route 
  and then, the plugins check if the study has one of the authorized_labels
  of the user.  This notably improves user token handling outside of OE2
  e.g when using api-key.


2023-12-19 - v 0.6.2
====================

* Now handling new GET /tools/create-archive and sibling routes.


2023-11-13 - v 0.6.1
====================

* Updated default "Permissions" configuration to take the "/merge" routes 
  into account.
* Now overriding /tools/find and /tools/labels only if the auth-service
  is providing user profiles ("WebServiceUserProfileUrl" has been configured).


2023-09-18 - v 0.6.0
====================

* Now handling permissions based on labels from a user profile:
  - filter the results from tools/find to grant access only to the 
    authorized_labels from the user profile
  - grants access to resources (studies) based on their labels and
    the authorized_labels from the user profile.
  - check the https://github.com/orthanc-team/orthanc-auth-service
    sample project for more details
* Added integration tests in the https://orthanc.uclouvain.be/hg/orthanc-tests/
  repository.


2023-06-21 - v 0.5.3
====================

* New standard configuration "ohif"
* new default permissions for labels
* Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes


2023-05-15 - v 0.5.2
====================

* Fix standard configuration "orthanc-explorer-2": consider the "token"
  Get arguments


2023-04-15 - v 0.5.1
====================

* Added a default permission for /toolk/bulk-delete
* Added a default permission for /changes
* Added a default permission for /auth/tokens/ohif-viewer-publication
* QIDO-RS now supports named tags in get arguments


2023-03-17 - v 0.5.0
====================

* BREAKING-CHANGE: the API between the authorization plugin and the 
  WebService has slightly changed.  Check the samples in the README (TODO).
  - "identifier" has been renamed into "server-id"
* new user-permission based authorization model.  This is enabled if you
  define the new "WebServiceUserProfileUrl" configuration.
* new "orthanc-explorer-2" StandardConfigurations
* new GET "auth/user/profile" Rest API route to retrieve user permissions
* new PUT "auth/tokens/{token-type}" Rest API route to create tokens
* new POST "auth/tokens/decode" Rest API route to decode tokens
* these 3 new routes required an updated auth-web-service.
* SECURITY FIX: in prior versions, it was possible to browse remote
  dicom-web servers without being authenticated.  (The API routes
  /dicom-web/servers/.../studies were unprotected).  The local
  dicom-web server was correctly protected.


2022-11-16 - v 0.4.1
====================

* fix: get argument values were transformed to lower case
* the "osimis-web-viewer" StandardConfigurations now take into account
  the token get argument used when downloading a study from the UI

2022-11-10 - v 0.4.0
====================

* new configuration option "CheckedLevel" that is clearer than "UncheckedLevels".
  "UncheckedLevels" remains for backward compatibility.
  Allowed values: "patients", "studies", "series", "instances"
* new configuration option "StandardConfigurations" to replace multiple configurations.
  Allowed values: "osimis-web-viewer", "stone-webviewer"
* added support for QIDO-RS query arguments (e.g: /dicom-web/studies?0020000D=1.2.3&...)
* possible BREAKING_CHANGE: if "TokenHttpHeaders" is set to "Authorization" and if
  "WebServiceUsername" is defined, the "Authorization" header of the HTTP request
  sent to the auth-service will contain the basic auth info from WebServiceUsername and 
  WebServicePassword.  You should get the "Authorization" value from the token-value field
  of the payload sent to the auth-service.

2022-09-26 - v 0.3.0
====================

* Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier.
* The WebServiceIdentifier is now included in the payload sent to the WebService as the 
  "identifier" field.


2022-05-13 - v 0.2.5
====================

* Fix osimis-viewer route


2020-12-10 - v 0.2.4
====================

* Added support for Osimis Web Viewer new route (osimis-viewer/custom-command/)
* Support of dynamic linking against the system-wide Orthanc framework library


2018-08-13 - v 0.2.3
====================

* Compatibility with Linux Standard Base
* Now using the Orthanc framework


2018-07-19 - v 0.2.2
====================

* Added automated build


2018-03-09 - v 0.2.1
====================

* Upgraded sdk to 1.3.1


2018-03-08 - v 0.2.0
====================

* Added support for Osimis Web Viewer


2017-03-22
==========

* Initial release