# HG changeset patch # User Alain Mazy # Date 1763634398 -3600 # Node ID 3efbbb2f20a73017d88b10e69e4001fa7a964919 # Parent 11d3838f3a269c41b5d5cc8dabfde362af1ae3e7# Parent 79af518c92194d6578df1e641dc192d147fddec7 merge diff -r 11d3838f3a26 -r 3efbbb2f20a7 NEWS --- a/NEWS Thu Nov 20 11:26:18 2025 +0100 +++ b/NEWS Thu Nov 20 11:26:38 2025 +0100 @@ -9,7 +9,7 @@ 2025-10-10 - v 0.10.2 ===================== -* New default permissions to add/delete modalities through the Rest API +* New default permissions to add/delete modalities through the REST API https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137 * New standard configuration "stl" @@ -252,9 +252,9 @@ * new user-permission based authorization model. This is enabled if you define the new "WebServiceUserProfileUrl" configuration. * new "orthanc-explorer-2" StandardConfigurations -* new GET "auth/user/profile" Rest API route to retrieve user permissions -* new PUT "auth/tokens/{token-type}" Rest API route to create tokens -* new POST "auth/tokens/decode" Rest API route to decode tokens +* new GET "auth/user/profile" REST API route to retrieve user permissions +* new PUT "auth/tokens/{token-type}" REST API route to create tokens +* new POST "auth/tokens/decode" REST API route to decode tokens * these 3 new routes required an updated auth-web-service. * SECURITY FIX: in prior versions, it was possible to browse remote dicom-web servers without being authenticated. (The API routes diff -r 11d3838f3a26 -r 3efbbb2f20a7 Plugin/DefaultAuthorizationParser.cpp --- a/Plugin/DefaultAuthorizationParser.cpp Thu Nov 20 11:26:18 2025 +0100 +++ b/Plugin/DefaultAuthorizationParser.cpp Thu Nov 20 11:26:38 2025 +0100 @@ -45,7 +45,7 @@ tmp = tmp.substr(0, tmp.size() - 1); } - // note: if you add new DICOMWeb routes here, add them in the DefaultConfiguration.json too + // note: if you add new DICOMweb routes here, add them in the DefaultConfiguration.json too dicomWebStudies_ = boost::regex( "^" + tmp + "/studies/([.0-9]+)(|/series|/metadata|/instances|/rendered|/thumbnail)(|/)$"); diff -r 11d3838f3a26 -r 3efbbb2f20a7 Plugin/DefaultConfiguration.json --- a/Plugin/DefaultConfiguration.json Thu Nov 20 11:26:18 2025 +0100 +++ b/Plugin/DefaultConfiguration.json Thu Nov 20 11:26:38 2025 +0100 @@ -111,7 +111,7 @@ ["get" , "^/DICOM_WEB_ROOT/servers$", "all|send|q-r-remote-modalities"], ["post" , "^/DICOM_WEB_ROOT/(servers)/(.*)/stow$", "all|send"], - // DICOMWeb QIDO-RS + // DICOMweb QIDO-RS ["get" , "^/DICOM_WEB_ROOT/(studies|series|instances)(|/)$", "all|view"], // modifications/anonymization @@ -139,7 +139,7 @@ // audit-logs ["get", "^/auth/audit-logs$", "admin-permissions|audit-logs"], - // add-delete modalities through the Rest API + // add-delete modalities through the REST API ["put", "^/modalities/(.*)$", "admin-permissions"], ["delete", "^/modalities/(.*)$", "admin-permissions"], @@ -155,4 +155,4 @@ // ["post", "^/my-plugin/do-something$", "all|upload"] // ] } -} \ No newline at end of file +}