Mercurial > hg > orthanc-authorization
changeset 202:3c56c3f0059a default tip
Fix forbidden access when the PatientID and StudyInstanceUID are identical
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Mon, 23 Sep 2024 12:43:33 +0200 |
parents | 8c79c3b026ce |
children | |
files | NEWS Plugin/Plugin.cpp |
diffstat | 2 files changed, 31 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Wed Jul 03 09:00:01 2024 +0200 +++ b/NEWS Mon Sep 23 12:43:33 2024 +0200 @@ -1,3 +1,9 @@ +Pending changes in the mainline +=============================== + +* Fix forbidden access when the PatientID and StudyInstanceUID are identical. + + 2024-07-03 - v 0.8.1 ====================
--- a/Plugin/Plugin.cpp Wed Jul 03 09:00:01 2024 +0200 +++ b/Plugin/Plugin.cpp Mon Sep 23 12:43:33 2024 +0200 @@ -671,6 +671,22 @@ return true; } +void GetStudyOrthancIdFromStudyInstanceUID(std::vector<std::string>& studyOrthancIds, const std::string& studyInstanceUID) +{ + studyOrthancIds.clear(); + Json::Value response; + if (OrthancPlugins::RestApiPost(response, "/tools/lookup", studyInstanceUID, false)) + { + for (Json::ArrayIndex i = 0; i < response.size(); ++i) + { + if (response[i]["Type"] == "Study") + { + studyOrthancIds.push_back(response[i]["ID"].asString()); + } + } + } +} + void ToolsFind(OrthancPluginRestOutput* output, const char* /*url*/, const OrthancPluginHttpRequest* request) @@ -719,12 +735,10 @@ } // since this is a series/instance find, make sure the user has access to the parent study - Json::Value studyOrthancIds; - if (!OrthancPlugins::RestApiPost(studyOrthancIds, "/tools/lookup", studyInstanceUID, false)) - { - throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find at Series or Instance level, unable to get the orthanc ID of StudyInstanceUID specified in the query."); - } - else if (studyOrthancIds.size() != 1) + std::vector<std::string> studyOrthancIds; + GetStudyOrthancIdFromStudyInstanceUID(studyOrthancIds, studyInstanceUID); + + if (studyOrthancIds.size() != 1) { throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find at Series or Instance level, unable to get the orthanc ID of StudyInstanceUID specified in the query. Found " + boost::lexical_cast<std::string>(studyOrthancIds.size()) + " orthanc studies with this StudyInstanceUID"); } @@ -757,12 +771,10 @@ throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: unable to call tools/find when the user does not have access to any labels and if there is no StudyInstanceUID in the query."); } - Json::Value studyOrthancIds; - if (!OrthancPlugins::RestApiPost(studyOrthancIds, "/tools/lookup", studyInstanceUID, false)) - { - throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, unable to get the orthanc ID of StudyInstanceUID specified in the query."); - } - else if (studyOrthancIds.size() != 1) + std::vector<std::string> studyOrthancIds; + GetStudyOrthancIdFromStudyInstanceUID(studyOrthancIds, studyInstanceUID); + + if (studyOrthancIds.size() != 1) { throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, unable to get the orthanc ID of StudyInstanceUID specified in the query. Found " + boost::lexical_cast<std::string>(studyOrthancIds.size()) + " orthanc studies with this StudyInstanceUID"); } @@ -771,7 +783,7 @@ GetAuthTokens(authTokens, request->headersCount, request->headersKeys, request->headersValues, request->getCount, request->getKeys, request->getValues); std::set<std::string> labels; - OrthancPlugins::AccessedResource accessedResource(Orthanc::ResourceType_Study, studyOrthancIds[0]["ID"].asString(), studyInstanceUID, labels); + OrthancPlugins::AccessedResource accessedResource(Orthanc::ResourceType_Study, studyOrthancIds[0], studyInstanceUID, labels); if (!IsResourceAccessGranted(authTokens, request->method, accessedResource)) { throw Orthanc::OrthancException(Orthanc::ErrorCode_ForbiddenAccess, "Auth plugin: when using tools/find with a resource token, the resource must grant access to the StudyInstanceUID specified in the query.");