Mercurial > hg > orthanc-authorization
changeset 117:968042b7df4c
fix dicomWeb auth
author | Alain Mazy <am@osimis.io> |
---|---|
date | Tue, 12 Sep 2023 11:46:53 +0200 |
parents | 89eddd4b2f6a |
children | 6fa53f624e1c |
files | Plugin/Plugin.cpp |
diffstat | 1 files changed, 15 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/Plugin/Plugin.cpp Sat Sep 09 13:17:38 2023 +0200 +++ b/Plugin/Plugin.cpp Tue Sep 12 11:46:53 2023 +0200 @@ -617,7 +617,7 @@ // If anonymous user profile, it might be a resource token e.g accessing /dicom-web/studies/.../metadata // -> extract the StudyInstanceUID from the query and send the token for validation to the auth-service // If there is no StudyInstanceUID, then, return a 403 because we don't know what resource it relates to - if (!body.isMember("Query") || !body["Query"].isMember("StudyInstanceUID")) + if (!body.isMember("Query") || !(body["Query"].isMember("StudyInstanceUID") || body["Query"].isMember("0020,000d") || body["Query"].isMember("0020,000D"))) { throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); } @@ -626,7 +626,20 @@ GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); - std::string studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); + std::string studyInstanceUID; + if (body["Query"].isMember("StudyInstanceUID")) + { + studyInstanceUID = body["Query"]["StudyInstanceUID"].asString(); + } + else if (body["Query"].isMember("0020,000d")) + { + studyInstanceUID = body["Query"]["0020,000d"].asString(); + } + else if (body["Query"].isMember("0020,000D")) + { + studyInstanceUID = body["Query"]["0020,000D"].asString(); + } + Json::Value studyOrhtancIds; if (!OrthancPlugins::RestApiPost(studyOrhtancIds, "/tools/lookup", studyInstanceUID, false) || studyOrhtancIds.size() != 1) {