Mercurial > hg > orthanc-authorization
changeset 58:ad279c70c22d
added a new configuration 'StandardConfigurations'
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 09 Nov 2022 18:17:03 +0100 |
| parents | 55539d564f4f |
| children | a5f2976fe8a0 |
| files | NEWS Plugin/Plugin.cpp Plugin/Token.h |
| diffstat | 3 files changed, 87 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Wed Nov 09 15:40:35 2022 +0100 +++ b/NEWS Wed Nov 09 18:17:03 2022 +0100 @@ -1,8 +1,14 @@ Pending changes in the mainline =============================== +* new configuration option "CheckedLevel" that is clearer than "UncheckedLevels". + "UncheckedLevels" remains for backward compatibility. + Allowed values: "patients", "studies", "series", "instances" +* new configuration option "StandardConfigurations" to replace multiple configurations. + Allowed values: "osimis-web-viewer", "stone-webviewer" * added support for QIDO-RS query arguments (e.g: /dicom-web/studies?0020000D=1.2.3&...) + 2022-09-26 - v 0.3.0 ==================== @@ -16,6 +22,7 @@ * Fix osimis-viewer route + 2020-12-10 - v 0.2.4 ====================
--- a/Plugin/Plugin.cpp Wed Nov 09 15:40:35 2022 +0100 +++ b/Plugin/Plugin.cpp Wed Nov 09 18:17:03 2022 +0100 @@ -34,7 +34,7 @@ static std::unique_ptr<OrthancPlugins::IAuthorizationService> authorizationService_; static std::set<std::string> uncheckedResources_; static std::list<std::string> uncheckedFolders_; -static std::list<OrthancPlugins::Token> tokens_; +static std::set<OrthancPlugins::Token> tokens_; static std::set<OrthancPlugins::AccessLevel> uncheckedLevels_; @@ -107,7 +107,7 @@ // Loop over all the authorization tokens stored in the HTTP // headers, until finding one that is granted - for (std::list<OrthancPlugins::Token>::const_iterator + for (std::set<OrthancPlugins::Token>::const_iterator token = tokens_.begin(); token != tokens_.end(); ++token) { std::string value; @@ -303,7 +303,7 @@ for (std::list<std::string>::const_iterator it = tmp.begin(); it != tmp.end(); ++it) { - tokens_.push_back(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it)); + tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it)); } configuration.LookupListOfStrings(tmp, "TokenGetArguments", true); @@ -312,7 +312,7 @@ for (std::list<std::string>::const_iterator it = tmp.begin(); it != tmp.end(); ++it) { - tokens_.push_back(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it)); + tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it)); } #else if (!tmp.empty()) @@ -338,12 +338,72 @@ "\" for the authorization plugin"); } + std::set<std::string> standardConfigurations; + if (configuration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false)) + { + if (standardConfigurations.find("osimis-web-viewer") != standardConfigurations.end()) + { + uncheckedFolders_.push_back("/osimis-viewer/app/"); + uncheckedFolders_.push_back("/osimis-viewer/languages/"); + uncheckedResources_.insert("/osimis-viewer/config.js"); + + tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token")); + } + + if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end()) + { + uncheckedFolders_.push_back("/stone-webviewer/"); + uncheckedResources_.insert("/system"); + + tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); + } + + } + + std::string checkedLevelString; + if (configuration.LookupStringValue(checkedLevelString, "CheckedLevel")) + { + OrthancPlugins::AccessLevel checkedLevel = OrthancPlugins::StringToAccessLevel(checkedLevelString); + if (checkedLevel == OrthancPlugins::AccessLevel_Instance) + { + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series); + } + else if (checkedLevel == OrthancPlugins::AccessLevel_Series) + { + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance); + } + else if (checkedLevel == OrthancPlugins::AccessLevel_Study) + { + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance); + } + else if (checkedLevel == OrthancPlugins::AccessLevel_Patient) + { + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series); + uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance); + } + } + if (configuration.LookupListOfStrings(tmp, "UncheckedLevels", false)) { - for (std::list<std::string>::const_iterator - it = tmp.begin(); it != tmp.end(); ++it) + if (uncheckedLevels_.size() == 0) { - uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it)); + for (std::list<std::string>::const_iterator + it = tmp.begin(); it != tmp.end(); ++it) + { + uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it)); + } + } + else + { + LOG(ERROR) << "Authorization plugin: you may only provide one of 'CheckedLevel' or 'UncheckedLevels' configurations"; + return -1; } }
--- a/Plugin/Token.h Wed Nov 09 15:40:35 2022 +0100 +++ b/Plugin/Token.h Wed Nov 09 18:17:03 2022 +0100 @@ -41,5 +41,18 @@ { return key_; } + + // required to use this class in std::set + bool operator< (const Token &right) const + { + if (type_ != right.type_) + { + return type_ < right.type_; + } + else + { + return key_ < right.key_ ; + } + } }; }