Mercurial > hg > orthanc-authorization
changeset 138:f448e8626f1a
Now handling new GET /tools/create-archive and sibling routes
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Sat, 25 Nov 2023 12:18:14 +0100 |
| parents | 0fa3a38eb72f |
| children | 7e53735eeacb |
| files | NEWS Plugin/AuthorizationParserBase.cpp Plugin/AuthorizationParserBase.h Plugin/DefaultAuthorizationParser.cpp Plugin/DefaultAuthorizationParser.h Plugin/Plugin.cpp |
| diffstat | 6 files changed, 77 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Fri Nov 24 15:37:52 2023 +0100 +++ b/NEWS Sat Nov 25 12:18:14 2023 +0100 @@ -1,11 +1,18 @@ +Pending changes in the mainline +=============================== + +* Now handling new GET /tools/create-archive and sibling routes. + + 23-11-13 - v 0.6.1 ================== -* updated default "Permissions" configuration to take the "/merge" routes +* Updated default "Permissions" configuration to take the "/merge" routes into account. -* now overriding /tools/find and /tools/labels only if the auth-service +* Now overriding /tools/find and /tools/labels only if the auth-service is providing user profiles ("WebServiceUserProfileUrl" has been configured). + 23-09-18 - v 0.6.0 ================== @@ -19,6 +26,7 @@ * Added integration tests in the https://orthanc.uclouvain.be/hg/orthanc-tests/ repository. + 2023-06-21 - v 0.5.3 ==================== @@ -26,12 +34,14 @@ * new default permissions for labels * Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes + 2023-05-15 - v 0.5.2 ==================== * Fix standard configuration "orthanc-explorer-2": consider the "token" Get arguments + 2023-04-15 - v 0.5.1 ====================
--- a/Plugin/AuthorizationParserBase.cpp Fri Nov 24 15:37:52 2023 +0100 +++ b/Plugin/AuthorizationParserBase.cpp Sat Nov 25 12:18:14 2023 +0100 @@ -36,6 +36,38 @@ } + Orthanc::ResourceType AuthorizationParserBase::AddOrthancUnknownResource(AccessedResources& target, + const std::string& orthancId) + { + std::string dicomId; + if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Study, orthancId)) + { + AddOrthancStudy(target, orthancId); + return Orthanc::ResourceType_Study; + } + + if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Patient, orthancId)) + { + AddOrthancPatient(target, orthancId); + return Orthanc::ResourceType_Patient; + } + + if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Series, orthancId)) + { + AddOrthancSeries(target, orthancId); + return Orthanc::ResourceType_Series; + } + + if (resourceHierarchy_->LookupDicomUid(dicomId, Orthanc::ResourceType_Instance, orthancId)) + { + AddOrthancInstance(target, orthancId); + return Orthanc::ResourceType_Instance; + } + + throw Orthanc::OrthancException(Orthanc::ErrorCode_UnknownResource); + } + + void AuthorizationParserBase::AddOrthancInstance(AccessedResources& target, const std::string& orthancId) {
--- a/Plugin/AuthorizationParserBase.h Fri Nov 24 15:37:52 2023 +0100 +++ b/Plugin/AuthorizationParserBase.h Sat Nov 25 12:18:14 2023 +0100 @@ -53,6 +53,9 @@ void AddOrthancPatient(AccessedResources& target, const std::string& orthancId); + Orthanc::ResourceType AddOrthancUnknownResource(AccessedResources& target, + const std::string& orthancId); + void AddDicomPatient(AccessedResources& target, const std::string& patientId);
--- a/Plugin/DefaultAuthorizationParser.cpp Fri Nov 24 15:37:52 2023 +0100 +++ b/Plugin/DefaultAuthorizationParser.cpp Sat Nov 25 12:18:14 2023 +0100 @@ -33,7 +33,8 @@ osimisViewerSeries_("^/osimis-viewer/series/([a-f0-9-]+)(|/.*)$"), osimisViewerImages_("^/osimis-viewer/(images|custom-command)/([a-f0-9-]+)(|/.*)$"), osimisViewerStudies_("^/osimis-viewer/studies/([a-f0-9-]+)(|/.*)$"), - listOfResourcesPattern_("^/(patients|studies|series|instances)(|/)$") + listOfResourcesPattern_("^/(patients|studies|series|instances)(|/)$"), + createBulkPattern_("^/tools/(create-archive|create-media|create-media-extended)(|/)$") { std::string tmp = dicomWebRoot; while (!tmp.empty() && @@ -145,6 +146,19 @@ AddOrthancInstance(target, what[2]); return true; } + else if (boost::regex_match(uri, what, createBulkPattern_)) + { + std::string resourcesIdsString = Orthanc::HttpToolbox::GetArgument(getArguments, "resources", ""); + std::set<std::string> resourcesIds; + Orthanc::Toolbox::SplitString(resourcesIds, resourcesIdsString, ','); + + for (std::set<std::string>::const_iterator it = resourcesIds.begin(); it != resourcesIds.end(); ++it) + { + AddOrthancUnknownResource(target, *it); + } + + return true; + } else if (boost::regex_match(uri, what, dicomWebQidoRsFind_)) { std::string studyInstanceUid, seriesInstanceUid, sopInstanceUid, patientId;
--- a/Plugin/DefaultAuthorizationParser.h Fri Nov 24 15:37:52 2023 +0100 +++ b/Plugin/DefaultAuthorizationParser.h Sat Nov 25 12:18:14 2023 +0100 @@ -42,6 +42,7 @@ boost::regex osimisViewerStudies_; boost::regex listOfResourcesPattern_; + boost::regex createBulkPattern_; public: DefaultAuthorizationParser(ICacheFactory& factory,
--- a/Plugin/Plugin.cpp Fri Nov 24 15:37:52 2023 +0100 +++ b/Plugin/Plugin.cpp Sat Nov 25 12:18:14 2023 +0100 @@ -378,14 +378,26 @@ // Loop over all the accessed resources to ensure access is // granted to each of them + int checkedResources = 0; + int grantedResources = 0; + for (OrthancPlugins::IAuthorizationParser::AccessedResources::const_iterator access = accesses.begin(); access != accesses.end(); ++access) { - if (IsResourceAccessGranted(authTokens, method, *access)) + if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end()) { - return 1; + checkedResources++; + if (IsResourceAccessGranted(authTokens, method, *access)) + { + grantedResources++; + } } } + + if (checkedResources > 0 && grantedResources == checkedResources) + { + return 1; + } } // By default, forbid access to all the resources