Mercurial > hg > orthanc-tests
annotate NewTests/Authorization/test_authorization.py @ 577:0649a19df194
new tests for auth-service
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 08 Sep 2023 12:03:50 +0200 |
parents | 80ba6f1d521c |
children | c474f0f815b6 |
rev | line source |
---|---|
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
1 import unittest |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
2 import time |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
3 import pprint |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
4 import subprocess |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
5 from helpers import OrthancTestCase, Helpers |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
6 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
7 from orthanc_api_client import OrthancApiClient, generate_test_dicom_file |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
8 from orthanc_api_client import exceptions as orthanc_exceptions |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
9 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
10 import logging |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
11 import pathlib |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
12 here = pathlib.Path(__file__).parent.resolve() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
13 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
14 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
15 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
16 class TestAuthorization(OrthancTestCase): |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
17 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
18 label_a_study_id = None |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
19 label_b_study_id = None |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
20 no_label_study_id = None |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
21 auth_service_process = None |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
22 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
23 @classmethod |
577 | 24 def terminate(cls): |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
25 cls.auth_service_process.terminate() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
26 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
27 @classmethod |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
28 def prepare(cls): |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
29 test_name = "Authorization" |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
30 storage_name = "authorization" |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
31 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
32 print(f'-------------- preparing {test_name} tests') |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
33 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
34 cls.clear_storage(storage_name=storage_name) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
35 |
577 | 36 auth_service_hostname = "localhost" |
37 if Helpers.is_docker(): | |
38 auth_service_hostname = "auth-service" | |
39 cls.create_docker_network("auth-test-network") | |
40 | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
41 config = { |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
42 "AuthenticationEnabled": False, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
43 "Authorization": { |
577 | 44 "WebServiceRootUrl": f"http://{auth_service_hostname}:8020/", |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
45 "StandardConfigurations": [ |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
46 "orthanc-explorer-2", |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
47 "stone-webviewer" |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
48 ], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
49 "CheckedLevel": "studies", |
577 | 50 "TokenHttpHeaders": ["user-token-key", "resource-token-key"], |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
51 "TokenGetArguments": ["resource-token-key"] |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
52 } |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
53 } |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
54 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
55 config_path = cls.generate_configuration( |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
56 config_name=f"{test_name}", |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
57 storage_name=storage_name, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
58 config=config, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
59 plugins=Helpers.plugins |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
60 ) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
61 |
577 | 62 if Helpers.is_exe(): |
63 # Start the auth-service application as a subprocess and wait for it to start | |
64 cls.auth_service_process = subprocess.Popen(["uvicorn", "auth_service:app", "--host", "0.0.0.0", "--port", "8020"], cwd=here) | |
65 time.sleep(2) | |
66 else: | |
67 # first build the docker image for the auth-service | |
68 subprocess.run(["docker", "build", "-t", "auth-service", "."], cwd=here) | |
69 cls.auth_service_process = subprocess.Popen(["docker", "run", "-p", "8020:8020", "--network", "auth-test-network", "--name", "auth-service", "auth-service"]) | |
70 pass | |
71 | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
72 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
73 if Helpers.break_before_preparation: |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
74 print(f"++++ It is now time to start your Orthanc under tests with configuration file '{config_path}' +++++") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
75 input("Press Enter to continue") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
76 else: |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
77 cls.launch_orthanc_under_tests( |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
78 config_name=f"{test_name}", |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
79 storage_name=storage_name, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
80 config=config, |
577 | 81 plugins=Helpers.plugins, |
82 docker_network="auth-test-network" | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
83 ) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
84 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
85 uploader = OrthancApiClient(cls.o._root_url, headers={"user-token-key": "token-uploader"}) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
86 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
87 uploader.delete_all_content() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
88 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
89 # upload a few studies and add labels |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
90 instances_ids = uploader.upload_file(here / "../../Database/Knix/Loc/IM-0001-0001.dcm") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
91 cls.label_a_study_id = uploader.instances.get_parent_study_id(instances_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
92 uploader.studies.add_label(cls.label_a_study_id, "label_a") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
93 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
94 instances_ids = uploader.upload_file(here / "../../Database/Brainix/Epi/IM-0001-0001.dcm") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
95 cls.label_b_study_id = uploader.instances.get_parent_study_id(instances_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
96 uploader.studies.add_label(cls.label_b_study_id, "label_b") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
97 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
98 instances_ids = uploader.upload_file(here / "../../Database/Comunix/Pet/IM-0001-0001.dcm") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
99 cls.no_label_study_id = uploader.instances.get_parent_study_id(instances_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
100 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
101 |
577 | 102 def assert_is_forbidden(self, api_call): |
103 with self.assertRaises(orthanc_exceptions.HttpError) as ctx: | |
104 api_call() | |
105 self.assertEqual(403, ctx.exception.http_status_code) | |
106 | |
107 | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
108 def test_admin_user(self): |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
109 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
110 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-admin"}) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
111 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
112 # make sure we can access all these urls (they would throw if not) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
113 system = o.get_system() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
114 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
115 # make sure we can access all studies |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
116 o.studies.get_tags(self.no_label_study_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
117 o.studies.get_tags(self.label_a_study_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
118 o.studies.get_tags(self.label_b_study_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
119 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
120 # make sure we can access series and instances of these studies |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
121 series_ids = o.studies.get_series_ids(self.label_a_study_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
122 instances_ids = o.series.get_instances_ids(series_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
123 o.instances.get_tags(instances_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
124 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
125 # make sure labels filtering still works |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
126 self.assertEqual(3, len(o.studies.find(query={}, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
127 labels=[], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
128 labels_constraint='Any'))) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
129 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
130 self.assertEqual(2, len(o.studies.find(query={}, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
131 labels=['label_a', 'label_b'], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
132 labels_constraint='Any'))) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
133 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
134 self.assertEqual(2, len(o.studies.find(query={}, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
135 labels=['label_a'], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
136 labels_constraint='None'))) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
137 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
138 all_labels = o.get_all_labels() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
139 self.assertEqual(2, len(all_labels)) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
140 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
141 def test_user_a(self): |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
142 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
143 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-user-a"}) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
144 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
145 # # make sure we can access all these urls (they would throw if not) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
146 # system = o.get_system() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
147 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
148 all_labels = o.get_all_labels() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
149 self.assertEqual(1, len(all_labels)) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
150 self.assertEqual("label_a", all_labels[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
151 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
152 # make sure we can access only the label_a studies |
577 | 153 self.assert_is_forbidden(lambda: o.studies.get_tags(self.label_b_study_id)) |
154 self.assert_is_forbidden(lambda: o.studies.get_tags(self.no_label_study_id)) | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
155 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
156 # should not raise |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
157 o.studies.get_tags(self.label_a_study_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
158 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
159 # make sure we can access series and instances of the label_a studies |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
160 series_ids = o.studies.get_series_ids(self.label_a_study_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
161 instances_ids = o.series.get_instances_ids(series_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
162 o.instances.get_tags(instances_ids[0]) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
163 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
164 # make sure we can not access series and instances of the label_b studies |
577 | 165 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id)) |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
166 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
167 # make sure tools/find only returns the label_a studies |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
168 studies = o.studies.find(query={}, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
169 labels=[], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
170 labels_constraint='Any') |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
171 self.assertEqual(1, len(studies)) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
172 self.assertEqual(self.label_a_study_id, studies[0].orthanc_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
173 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
174 # if searching Any of label_a & label_b, return only label_a |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
175 studies = o.studies.find(query={}, |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
176 labels=['label_a', 'label_b'], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
177 labels_constraint='Any') |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
178 self.assertEqual(1, len(studies)) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
179 self.assertEqual(self.label_a_study_id, studies[0].orthanc_id) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
180 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
181 # if searching Any of label_b, expect a Forbidden access |
577 | 182 self.assert_is_forbidden(lambda: o.studies.find(query={}, |
183 labels=['label_b'], | |
184 labels_constraint='Any')) | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
185 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
186 # if searching None of label_b, expect a Forbidden access because we are not able to compute this filter |
577 | 187 self.assert_is_forbidden(lambda: o.studies.find(query={}, |
188 labels=['label_b'], | |
189 labels_constraint='None')) | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
190 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
191 # if searching All of label_b, expect a Forbidden access because we are not able to compute this filter |
577 | 192 self.assert_is_forbidden(lambda: o.studies.find(query={}, |
193 labels=['label_b'], | |
194 labels_constraint='All')) | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
195 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
196 studies = o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
197 labels=[], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
198 labels_constraint='Any') |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
199 self.assertEqual(1, len(studies)) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
200 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
201 studies = o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
202 labels=['label_a'], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
203 labels_constraint='Any') |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
204 self.assertEqual(1, len(studies)) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
205 |
577 | 206 self.assert_is_forbidden(lambda: o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a |
207 labels=['label_b'], | |
208 labels_constraint='Any')) | |
209 | |
210 # make sure some generic routes are not accessible | |
211 self.assert_is_forbidden(lambda: o.get_json('patients?expand')) | |
212 self.assert_is_forbidden(lambda: o.get_json('studies?expand')) | |
213 self.assert_is_forbidden(lambda: o.get_json('series?expand')) | |
214 self.assert_is_forbidden(lambda: o.get_json('instances?expand')) | |
215 self.assert_is_forbidden(lambda: o.get_json('studies')) | |
216 self.assert_is_forbidden(lambda: o.get_json('studies/')) | |
217 | |
218 | |
219 | |
220 def test_resource_token(self): | |
221 | |
222 o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-knix-study"}) | |
223 | |
224 # with a resource token, we can access only the given resource, not generic resources or resources from other studies | |
225 | |
226 # generic resources are forbidden | |
227 self.assert_is_forbidden(lambda: o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a | |
228 labels=['label_b'], | |
229 labels_constraint='Any')) | |
230 self.assert_is_forbidden(lambda: o.get_all_labels()) | |
231 self.assert_is_forbidden(lambda: o.studies.get_all_ids()) | |
232 self.assert_is_forbidden(lambda: o.patients.get_all_ids()) | |
233 self.assert_is_forbidden(lambda: o.series.get_all_ids()) | |
234 self.assert_is_forbidden(lambda: o.instances.get_all_ids()) | |
235 self.assert_is_forbidden(lambda: o.get_json('patients?expand')) | |
236 self.assert_is_forbidden(lambda: o.get_json('studies?expand')) | |
237 self.assert_is_forbidden(lambda: o.get_json('series?expand')) | |
238 self.assert_is_forbidden(lambda: o.get_json('instances?expand')) | |
239 | |
240 # some resources are still accessible to the 'anonymous' user -> does not throw | |
241 o.get_system() | |
242 o.lookup("1.2.3") # this route is still explicitely authorized because it is used by Stone | |
243 | |
244 # other studies are forbidden | |
245 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id)) | |
246 | |
247 # the label_a study is allowed | |
248 o.studies.get_series_ids(self.label_a_study_id) | |
249 | |
250 # TODO: test with DicomWEB routes + sub-routes |