# HG changeset patch # User Alain Mazy # Date 1763634378 -3600 # Node ID 11d3838f3a269c41b5d5cc8dabfde362af1ae3e7 # Parent 464d81772f98e3aac7b5dd40edd60b09df1c1b84 fix worklists permissions diff -r 464d81772f98 -r 11d3838f3a26 NEWS --- a/NEWS Thu Oct 23 13:47:48 2025 +0200 +++ b/NEWS Thu Nov 20 11:26:18 2025 +0100 @@ -3,6 +3,7 @@ * New default permissions for worklists * New default permissions for tools/metrics-prometheus +* New default permissions for tools/generate-uid 2025-10-10 - v 0.10.2 diff -r 464d81772f98 -r 11d3838f3a26 Plugin/DefaultConfiguration.json --- a/Plugin/DefaultConfiguration.json Thu Oct 23 13:47:48 2025 +0200 +++ b/Plugin/DefaultConfiguration.json Thu Nov 20 11:26:18 2025 +0100 @@ -60,7 +60,8 @@ // The default configuration is suitable for Orthanc-Explorer-2 (see https://github.com/orthanc-team/orthanc-auth-service) "Permissions" : [ ["post", "^/auth/tokens/decode$", ""], - ["post", "^/tools/lookup$", ""], // currently used to authorize downloads in Stone (to map the StudyInstanceUID into an OrthancID. Not ideal -> we should define a new API that has the resource ID in the path to be able to check it at resource level) but, on another hand, you do not get any Patient information from this route + ["post", "^/tools/lookup$", ""], // currently used to authorize downloads in Stone (to map the StudyInstanceUID into an OrthancID. Not ideal -> we should define a new API that has the resource ID in the path to be able to check it at resource level) but, on another hand, you do not get any Patient information from this route + ["get", "^/tools/generate-uid(.*)$", ""], // used in OE2 when generating worklists but there are no sensitive data to retrieve -> allow all // elemental browsing in OE2 ["post", "^/tools/find$", "all|view"], @@ -142,8 +143,9 @@ ["put", "^/modalities/(.*)$", "admin-permissions"], ["delete", "^/modalities/(.*)$", "admin-permissions"], - // create-delete worklists + // create-edit-delete worklists ["post" , "^/worklists/create$", "all|worklists"], + ["put", "^/worklists/(.*)$", "all|worklists"], ["delete" , "^/worklists/(.*)$", "all|worklists"] ]