# HG changeset patch # User Alain Mazy # Date 1694512013 -7200 # Node ID 968042b7df4c2b6bcea9cda59c23ca10ee73c6c9 # Parent 89eddd4b2f6a9b007124e9918723779331196f0c fix dicomWeb auth diff -r 89eddd4b2f6a -r 968042b7df4c Plugin/Plugin.cpp --- a/Plugin/Plugin.cpp Sat Sep 09 13:17:38 2023 +0200 +++ b/Plugin/Plugin.cpp Tue Sep 12 11:46:53 2023 +0200 @@ -617,7 +617,7 @@ // If anonymous user profile, it might be a resource token e.g accessing /dicom-web/studies/.../metadata // -> extract the StudyInstanceUID from the query and send the token for validation to the auth-service // If there is no StudyInstanceUID, then, return a 403 because we don't know what resource it relates to - if (!body.isMember("Query") || !body["Query"].isMember("StudyInstanceUID")) + if (!body.isMember("Query") || !(body["Query"].isMember("StudyInstanceUID") || body["Query"].isMember("0020,000d") || body["Query"].isMember("0020,000D"))) { throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); } @@ -626,7 +626,20 @@ GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); - std::string studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); + std::string studyInstanceUID; + if (body["Query"].isMember("StudyInstanceUID")) + { + studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); + } + else if (body["Query"].isMember("0020,000d")) + { + studyInstanceUID = body["Query"]["0020,000d"].asString(); + } + else if (body["Query"].isMember("0020,000D")) + { + studyInstanceUID = body["Query"]["0020,000D"].asString(); + } + Json::Value studyOrhtancIds; if (!OrthancPlugins::RestApiPost(studyOrhtancIds, "/tools/lookup", studyInstanceUID, false) || studyOrhtancIds.size() != 1) {