Mercurial > hg > orthanc-authorization
changeset 244:940944c43bd7 inbox
fix: get user profile before anonymous profiles
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Wed, 18 Jun 2025 12:29:19 +0200 (3 weeks ago) |
parents | 3a6194f51293 |
children | a56513c56d0d |
files | Plugin/Plugin.cpp |
diffstat | 1 files changed, 30 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/Plugin/Plugin.cpp Thu Jun 12 16:12:29 2025 +0200 +++ b/Plugin/Plugin.cpp Wed Jun 18 12:29:19 2025 +0200 @@ -285,7 +285,7 @@ unsigned int validity; // ignored if (authorizationService_->HasUserPermission(validity, requiredPermissions, profile)) { - LOG(INFO) << msg << " -> granted"; + LOG(INFO) << msg << " -> granted to user '" << profile.name << "'"; hasUserRequiredPermissions = true; // check labels permissions @@ -544,17 +544,11 @@ } } - -bool GetUserProfileInternal(OrthancPlugins::IAuthorizationService::UserProfile& profile, const OrthancPluginHttpRequest* request) +bool GetUserProfileInternal_(OrthancPlugins::IAuthorizationService::UserProfile& profile, + const OrthancPlugins::AssociativeArray& headers, + const OrthancPlugins::AssociativeArray& getArguments, + bool ignoreEmptyValues) { - OrthancPlugins::AssociativeArray headers - (request->headersCount, request->headersKeys, request->headersValues, false); - - OrthancPlugins::AssociativeArray getArguments - (request->getCount, request->getKeys, request->getValues, true); - - // Loop over all the authorization tokens stored in the HTTP - // headers, until finding one that is granted for (std::set<OrthancPlugins::Token>::const_iterator token = tokens_.begin(); token != tokens_.end(); ++token) { @@ -575,6 +569,11 @@ throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange); } + if (ignoreEmptyValues && value.empty()) + { + continue; + } + unsigned int validity; // not used if (authorizationService_->GetUserProfile(validity, tryProfile, *token, value)) { @@ -586,6 +585,26 @@ return false; } + +bool GetUserProfileInternal(OrthancPlugins::IAuthorizationService::UserProfile& profile, const OrthancPluginHttpRequest* request) +{ + OrthancPlugins::AssociativeArray headers + (request->headersCount, request->headersKeys, request->headersValues, false); + + OrthancPlugins::AssociativeArray getArguments + (request->getCount, request->getKeys, request->getValues, true); + + // Loop over all the authorization tokens stored in the HTTP + // headers, until finding one that is granted. + // But, first process only the tokens with a value to avoid getting identified as anonymous too fast ! + if (GetUserProfileInternal_(profile, headers, getArguments, true)) + { + return true; + } + + return GetUserProfileInternal_(profile, headers, getArguments, false); +} + void AdjustToolsFindQueryLabels(Json::Value& query, const OrthancPlugins::IAuthorizationService::UserProfile& profile) { std::set<std::string> labelsToFind;