Mercurial > hg > orthanc-authorization

changeset 145:9a9be09b9a30

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge
author Sebastien Jodogne <s.jodogne@gmail.com>
date Wed, 20 Dec 2023 21:53:45 +0100
parents 64199dfdc86a (current diff) 8c86b459b3a5 (diff)
children ad189440edcf
files CMakeLists.txt
diffstat 7 files changed, 83 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/CMakeLists.txt	Wed Dec 20 21:53:25 2023 +0100
+++ b/CMakeLists.txt	Wed Dec 20 21:53:45 2023 +0100
@@ -25,9 +25,8 @@
   set(ORTHANC_FRAMEWORK_VERSION "mainline")
   set(ORTHANC_FRAMEWORK_DEFAULT_SOURCE "hg")
 else()
-  # TODO: switch to 1.12.2 once available
-  set(ORTHANC_FRAMEWORK_VERSION "mainline")
-  set(ORTHANC_FRAMEWORK_DEFAULT_SOURCE "hg")
+  set(ORTHANC_FRAMEWORK_VERSION "1.12.2")
+  set(ORTHANC_FRAMEWORK_DEFAULT_SOURCE "web")
 endif()
 
 # Parameters of the build
--- a/NEWS	Wed Dec 20 21:53:25 2023 +0100
+++ b/NEWS	Wed Dec 20 21:53:45 2023 +0100
@@ -1,13 +1,20 @@
-23-09-18 - v 0.6.0
-==================
+2023-12-19 - v 0.6.2
+====================
+
+* Now handling new GET /tools/create-archive and sibling routes.
+
 
-* updated default "Permissions" configuration to take the "/merge" routes 
+2023-11-13 - v 0.6.1
+====================
+
+* Updated default "Permissions" configuration to take the "/merge" routes 
   into account.
-* now overriding /tools/find and /tools/labels only if the auth-service
+* Now overriding /tools/find and /tools/labels only if the auth-service
   is providing user profiles ("WebServiceUserProfileUrl" has been configured).
 
-23-09-18 - v 0.6.0
-==================
+
+2023-09-18 - v 0.6.0
+====================
 
 * Now handling permissions based on labels from a user profile:
   - filter the results from tools/find to grant access only to the 
@@ -19,6 +26,7 @@
 * Added integration tests in the https://orthanc.uclouvain.be/hg/orthanc-tests/
   repository.
 
+
 2023-06-21 - v 0.5.3
 ====================
 
@@ -26,12 +34,14 @@
 * new default permissions for labels
 * Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes
 
+
 2023-05-15 - v 0.5.2
 ====================
 
 * Fix standard configuration "orthanc-explorer-2": consider the "token"
   Get arguments
 
+
 2023-04-15 - v 0.5.1
 ====================
 
--- a/Plugin/AuthorizationParserBase.cpp	Wed Dec 20 21:53:25 2023 +0100
+++ b/Plugin/AuthorizationParserBase.cpp	Wed Dec 20 21:53:45 2023 +0100
@@ -36,6 +36,38 @@
   }
     
 
+  Orthanc::ResourceType AuthorizationParserBase::AddOrthancUnknownResource(AccessedResources& target,
+                                                                           const std::string& orthancId)
+  {
+    std::string dicomId;
+    if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Study, orthancId))
+    {
+      AddOrthancStudy(target, orthancId);
+      return Orthanc::ResourceType_Study;
+    }
+
+    if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Patient, orthancId))
+    {
+      AddOrthancPatient(target, orthancId);
+      return Orthanc::ResourceType_Patient;
+    }
+
+    if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Series, orthancId))
+    {
+      AddOrthancSeries(target, orthancId);
+      return Orthanc::ResourceType_Series;
+    }
+
+    if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Instance, orthancId))
+    {
+      AddOrthancInstance(target, orthancId);
+      return Orthanc::ResourceType_Instance;
+    }
+
+    throw Orthanc::OrthancException(Orthanc::ErrorCode_UnknownResource);
+  }
+
+
   void AuthorizationParserBase::AddOrthancInstance(AccessedResources& target,
                                                    const std::string& orthancId)
   {
--- a/Plugin/AuthorizationParserBase.h	Wed Dec 20 21:53:25 2023 +0100
+++ b/Plugin/AuthorizationParserBase.h	Wed Dec 20 21:53:45 2023 +0100
@@ -53,6 +53,9 @@
     void AddOrthancPatient(AccessedResources& target,
                            const std::string& orthancId);
 
+    Orthanc::ResourceType AddOrthancUnknownResource(AccessedResources& target,
+                                                    const std::string& orthancId);
+
     void AddDicomPatient(AccessedResources& target,
                          const std::string& patientId);
 
--- a/Plugin/DefaultAuthorizationParser.cpp	Wed Dec 20 21:53:25 2023 +0100
+++ b/Plugin/DefaultAuthorizationParser.cpp	Wed Dec 20 21:53:45 2023 +0100
@@ -33,7 +33,8 @@
     osimisViewerSeries_("^/osimis-viewer/series/([a-f0-9-]+)(|/.*)$"),
     osimisViewerImages_("^/osimis-viewer/(images|custom-command)/([a-f0-9-]+)(|/.*)$"),
     osimisViewerStudies_("^/osimis-viewer/studies/([a-f0-9-]+)(|/.*)$"),
-    listOfResourcesPattern_("^/(patients|studies|series|instances)(|/)$")
+    listOfResourcesPattern_("^/(patients|studies|series|instances)(|/)$"),
+    createBulkPattern_("^/tools/(create-archive|create-media|create-media-extended)(|/)$")
   {
     std::string tmp = dicomWebRoot;
     while (!tmp.empty() &&
@@ -145,6 +146,19 @@
       AddOrthancInstance(target, what[2]);
       return true;
     }
+    else if (boost::regex_match(uri, what, createBulkPattern_))
+    {
+      std::string resourcesIdsString = Orthanc::HttpToolbox::GetArgument(getArguments, "resources", "");
+      std::set<std::string> resourcesIds;
+      Orthanc::Toolbox::SplitString(resourcesIds, resourcesIdsString, ',');
+
+      for (std::set<std::string>::const_iterator it = resourcesIds.begin(); it != resourcesIds.end(); ++it)
+      {
+        AddOrthancUnknownResource(target, *it);
+      }
+      
+      return true;
+    }
     else if (boost::regex_match(uri, what, dicomWebQidoRsFind_))
     {
       std::string studyInstanceUid, seriesInstanceUid, sopInstanceUid, patientId;
--- a/Plugin/DefaultAuthorizationParser.h	Wed Dec 20 21:53:25 2023 +0100
+++ b/Plugin/DefaultAuthorizationParser.h	Wed Dec 20 21:53:45 2023 +0100
@@ -42,6 +42,7 @@
     boost::regex osimisViewerStudies_;
 
     boost::regex listOfResourcesPattern_;
+    boost::regex createBulkPattern_;
 
   public:
     DefaultAuthorizationParser(ICacheFactory& factory,
--- a/Plugin/Plugin.cpp	Wed Dec 20 21:53:25 2023 +0100
+++ b/Plugin/Plugin.cpp	Wed Dec 20 21:53:45 2023 +0100
@@ -378,14 +378,26 @@
 
       // Loop over all the accessed resources to ensure access is
       // granted to each of them
+      int checkedResources = 0;
+      int grantedResources = 0;
+
       for (OrthancPlugins::IAuthorizationParser::AccessedResources::const_iterator
              access = accesses.begin(); access != accesses.end(); ++access)
       {
-        if (IsResourceAccessGranted(authTokens, method, *access))
+        if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end())
         {
-          return 1;
+          checkedResources++;
+          if (IsResourceAccessGranted(authTokens, method, *access))
+          {
+            grantedResources++;
+          }  
         }
       }
+
+      if (checkedResources > 0 && grantedResources == checkedResources)
+      {
+        return 1;
+      }
     }
       
     // By default, forbid access to all the resources