Mercurial > hg > orthanc-tests

annotate NewTests/Authorization/test_authorization.py @ 659:3ac37a99a093

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new tests for auth: uploader-a
author Alain Mazy <am@orthanc.team>
date Mon, 24 Jun 2024 18:28:43 +0200
parents aa11ab24ff3c
children 2f6686a3cd16
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
1 import unittest
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
2 import time
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
3 import pprint
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
4 import subprocess
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
5 from helpers import OrthancTestCase, Helpers
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
6
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
7 from orthanc_api_client import OrthancApiClient, generate_test_dicom_file
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
8 from orthanc_api_client import exceptions as orthanc_exceptions
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
9
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
10 import logging
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
11 import pathlib
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
12 here = pathlib.Path(__file__).parent.resolve()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
13
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
14
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
15
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
16 class TestAuthorization(OrthancTestCase):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
17
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
18 label_a_study_id = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
19 label_b_study_id = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
20 no_label_study_id = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
21 auth_service_process = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
22
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
23 @classmethod
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
24 def terminate(cls):
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
25
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
26 if Helpers.is_docker():
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
27 subprocess.run(["docker", "rm", "-f", "auth-service"])
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
28 else:
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
29 cls.auth_service_process.terminate()
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
30
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
31 @classmethod
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
32 def prepare(cls):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
33 test_name = "Authorization"
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
34 storage_name = "authorization"
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
35
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
36 print(f'-------------- preparing {test_name} tests')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
37
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
38 cls.clear_storage(storage_name=storage_name)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
39
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
40 auth_service_hostname = "localhost"
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
41 if Helpers.is_docker():
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
42 auth_service_hostname = "auth-service"
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
43 cls.create_docker_network("auth-test-network")
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
44
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
45 config = {
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
46 "AuthenticationEnabled": False,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
47 "Authorization": {
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
48 "WebServiceRootUrl": f"http://{auth_service_hostname}:8020/",
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
49 "StandardConfigurations": [
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
50 "orthanc-explorer-2",
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
51 "stone-webviewer"
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
52 ],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
53 "CheckedLevel": "studies",
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
54 "TokenHttpHeaders": ["user-token-key", "resource-token-key"],
634
Alain Mazy <am@osimis.io>
parents: 633
diff changeset
55 "TokenGetArguments": ["resource-token-key"],
Alain Mazy <am@osimis.io>
parents: 633
diff changeset
56 "UncheckedFolders": ["/plugins"] # to allow testing plugin version while it is not included by default in the auth-plugin
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
57 },
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
58 "DicomWeb": {
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
59 "Enable": True
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
60 }
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
61 }
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
62
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
63 config_path = cls.generate_configuration(
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
64 config_name=f"{test_name}",
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
65 storage_name=storage_name,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
66 config=config,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
67 plugins=Helpers.plugins
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
68 )
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
69
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
70 if Helpers.is_exe():
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
71 # Start the auth-service application as a subprocess and wait for it to start
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
72 cls.auth_service_process = subprocess.Popen(["uvicorn", "auth_service:app", "--host", "0.0.0.0", "--port", "8020"], cwd=here)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
73 time.sleep(2)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
74 else:
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
75 # first build the docker image for the auth-service
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
76 subprocess.run(["docker", "build", "-t", "auth-service", "."], cwd=here)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
77 cls.auth_service_process = subprocess.Popen(["docker", "run", "-p", "8020:8020", "--network", "auth-test-network", "--name", "auth-service", "auth-service"])
579
5d157c486568 fix auth test startup sequence
Alain Mazy <am@osimis.io>
parents: 578
diff changeset
78 time.sleep(5)
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
79
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
80
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
81 if Helpers.break_before_preparation:
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
82 print(f"++++ It is now time to start your Orthanc under tests with configuration file '{config_path}' +++++")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
83 input("Press Enter to continue")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
84 else:
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
85 cls.launch_orthanc_under_tests(
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
86 config_name=f"{test_name}",
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
87 storage_name=storage_name,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
88 config=config,
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
89 plugins=Helpers.plugins,
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
90 docker_network="auth-test-network"
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
91 )
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
92
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
93 o = OrthancApiClient(cls.o._root_url, headers={"user-token-key": "token-uploader"})
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
94
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
95 o.delete_all_content()
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
96
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
97 # upload a few studies and add labels
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
98 cls.label_a_instance_id = o.upload_file(here / "../../Database/Knix/Loc/IM-0001-0001.dcm")[0]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
99 cls.label_a_study_id = o.instances.get_parent_study_id(cls.label_a_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
100 cls.label_a_series_id = o.instances.get_parent_series_id(cls.label_a_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
101 cls.label_a_study_dicom_id = o.studies.get_tags(cls.label_a_study_id)["StudyInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
102 cls.label_a_series_dicom_id = o.series.get_tags(cls.label_a_series_id)["SeriesInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
103 cls.label_a_instance_dicom_id = o.instances.get_tags(cls.label_a_instance_id)["SOPInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
104 o.studies.add_label(cls.label_a_study_id, "label_a")
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
105
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
106 cls.label_b_instance_id = o.upload_file(here / "../../Database/Brainix/Epi/IM-0001-0001.dcm")[0]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
107 cls.label_b_study_id = o.instances.get_parent_study_id(cls.label_b_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
108 cls.label_b_series_id = o.instances.get_parent_series_id(cls.label_b_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
109 cls.label_b_study_dicom_id = o.studies.get_tags(cls.label_b_study_id)["StudyInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
110 cls.label_b_series_dicom_id = o.series.get_tags(cls.label_b_series_id)["SeriesInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
111 cls.label_b_instance_dicom_id = o.instances.get_tags(cls.label_b_instance_id)["SOPInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
112 o.studies.add_label(cls.label_b_study_id, "label_b")
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
113
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
114 instances_ids = o.upload_file(here / "../../Database/Comunix/Pet/IM-0001-0001.dcm")
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
115 cls.no_label_study_id = o.instances.get_parent_study_id(instances_ids[0])
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
116
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
117 cls.no_label_instance_id = o.upload_file(here / "../../Database/Comunix/Pet/IM-0001-0001.dcm")[0]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
118 cls.no_label_study_id = o.instances.get_parent_study_id(cls.no_label_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
119 cls.no_label_series_id = o.instances.get_parent_series_id(cls.no_label_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
120 cls.no_label_study_dicom_id = o.studies.get_tags(cls.no_label_study_id)["StudyInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
121 cls.no_label_series_dicom_id = o.series.get_tags(cls.no_label_series_id)["SeriesInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
122 cls.no_label_instance_dicom_id = o.instances.get_tags(cls.no_label_instance_id)["SOPInstanceUID"]
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
123
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
124
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
125 def assert_is_forbidden(self, api_call):
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
126 with self.assertRaises(orthanc_exceptions.HttpError) as ctx:
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
127 api_call()
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
128 self.assertEqual(403, ctx.exception.http_status_code)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
129
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
130
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
131 def test_admin_user(self):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
132
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
133 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-admin"})
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
134
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
135 # make sure we can access all these urls (they would throw if not)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
136 system = o.get_system()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
137
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
138 # make sure we can access all studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
139 o.studies.get_tags(self.no_label_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
140 o.studies.get_tags(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
141 o.studies.get_tags(self.label_b_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
142
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
143 # make sure we can access series and instances of these studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
144 series_ids = o.studies.get_series_ids(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
145 instances_ids = o.series.get_instances_ids(series_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
146 o.instances.get_tags(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
147
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
148 # make sure labels filtering still works
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
149 self.assertEqual(3, len(o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
150 labels=[],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
151 labels_constraint='Any')))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
152
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
153 self.assertEqual(2, len(o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
154 labels=['label_a', 'label_b'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
155 labels_constraint='Any')))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
156
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
157 self.assertEqual(2, len(o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
158 labels=['label_a'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
159 labels_constraint='None')))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
160
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
161 all_labels = o.get_all_labels()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
162 self.assertEqual(2, len(all_labels))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
163
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
164 def test_user_a(self):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
165
634
Alain Mazy <am@osimis.io>
parents: 633
diff changeset
166 o_admin = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-admin"})
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
167 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-user-a"})
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
168
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
169 # # make sure we can access all these urls (they would throw if not)
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
170 system = o.get_system()
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
171
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
172 all_labels = o.get_all_labels()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
173 self.assertEqual(1, len(all_labels))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
174 self.assertEqual("label_a", all_labels[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
175
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
176 # make sure we can access only the label_a studies
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
177 self.assert_is_forbidden(lambda: o.studies.get_tags(self.label_b_study_id))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
178 self.assert_is_forbidden(lambda: o.studies.get_tags(self.no_label_study_id))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
179
659
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
180 # user_a shall not be able to upload a study
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
181 self.assert_is_forbidden(lambda: o.upload_file(here / "../../Database/Beaufix/IM-0001-0001.dcm"))
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
182 self.assert_is_forbidden(lambda: o.upload_files_dicom_web(paths = [here / "../../Database/Beaufix/IM-0001-0001.dcm"]))
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
183
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
184 # should not raise
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
185 o.studies.get_tags(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
186
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
187 # make sure we can access series and instances of the label_a studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
188 series_ids = o.studies.get_series_ids(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
189 instances_ids = o.series.get_instances_ids(series_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
190 o.instances.get_tags(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
191
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
192 # make sure we can not access series and instances of the label_b studies
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
193 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
194
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
195 # make sure tools/find only returns the label_a studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
196 studies = o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
197 labels=[],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
198 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
199 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
200 self.assertEqual(self.label_a_study_id, studies[0].orthanc_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
201
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
202 # if searching Any of label_a & label_b, return only label_a
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
203 studies = o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
204 labels=['label_a', 'label_b'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
205 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
206 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
207 self.assertEqual(self.label_a_study_id, studies[0].orthanc_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
208
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
209 # if searching Any of label_b, expect a Forbidden access
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
210 self.assert_is_forbidden(lambda: o.studies.find(query={},
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
211 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
212 labels_constraint='Any'))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
213
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
214 # if searching None of label_b, expect a Forbidden access because we are not able to compute this filter
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
215 self.assert_is_forbidden(lambda: o.studies.find(query={},
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
216 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
217 labels_constraint='None'))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
218
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
219 # if searching All of label_b, expect a Forbidden access because we are not able to compute this filter
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
220 self.assert_is_forbidden(lambda: o.studies.find(query={},
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
221 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
222 labels_constraint='All'))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
223
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
224 studies = o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
225 labels=[],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
226 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
227 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
228
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
229 studies = o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
230 labels=['label_a'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
231 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
232 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
233
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
234 self.assert_is_forbidden(lambda: o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
235 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
236 labels_constraint='Any'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
237
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
238 # make sure some generic routes are not accessible
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
239 self.assert_is_forbidden(lambda: o.get_json('patients?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
240 self.assert_is_forbidden(lambda: o.get_json('studies?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
241 self.assert_is_forbidden(lambda: o.get_json('series?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
242 self.assert_is_forbidden(lambda: o.get_json('instances?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
243 self.assert_is_forbidden(lambda: o.get_json('studies'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
244 self.assert_is_forbidden(lambda: o.get_json('studies/'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
245
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
246 # make sure the label_a study is accessible (it does not throw)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
247 o.studies.get_tags(self.label_a_study_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
248 o.series.get_tags(self.label_a_series_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
249 o.instances.get_tags(self.label_a_instance_id)
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
250
625
78314ab6fc67 updated tests for auth plugin
Alain Mazy <am@osimis.io>
parents: 621
diff changeset
251 # make sure you can access a resource route with a user token (it does not throw)
632
2084e0640775 test WADO-RS of a single instance based on study label
Alain Mazy <am@osimis.io>
parents: 625
diff changeset
252 m = o.get_json(f"dicom-web/studies/{self.label_a_study_dicom_id}/metadata")
625
78314ab6fc67 updated tests for auth plugin
Alain Mazy <am@osimis.io>
parents: 621
diff changeset
253 self.assert_is_forbidden(lambda: o.get_json(f"dicom-web/studies/{self.label_b_study_dicom_id}/metadata"))
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
254
634
Alain Mazy <am@osimis.io>
parents: 633
diff changeset
255 if o_admin.is_plugin_version_at_least("authorization", 0, 7, 1):
633
7bb22f87fc5b fix auth test wrt plugin version
Alain Mazy <am@osimis.io>
parents: 632
diff changeset
256 i = o.get_json(f"dicom-web/studies/{self.label_a_study_dicom_id}/instances")
7bb22f87fc5b fix auth test wrt plugin version
Alain Mazy <am@osimis.io>
parents: 632
diff changeset
257 self.assert_is_forbidden(lambda: o.get_json(f"dicom-web/studies/{self.label_b_study_dicom_id}/instances"))
632
2084e0640775 test WADO-RS of a single instance based on study label
Alain Mazy <am@osimis.io>
parents: 625
diff changeset
258
633
7bb22f87fc5b fix auth test wrt plugin version
Alain Mazy <am@osimis.io>
parents: 632
diff changeset
259 i = o.get_binary(f"dicom-web/studies/{self.label_a_study_dicom_id}/series/{self.label_a_series_dicom_id}/instances/{self.label_a_instance_dicom_id}")
7bb22f87fc5b fix auth test wrt plugin version
Alain Mazy <am@osimis.io>
parents: 632
diff changeset
260 self.assert_is_forbidden(lambda: o.get_binary(f"dicom-web/studies/{self.label_b_study_dicom_id}/series/{self.label_b_series_dicom_id}/instances/{self.label_b_instance_dicom_id}"))
632
2084e0640775 test WADO-RS of a single instance based on study label
Alain Mazy <am@osimis.io>
parents: 625
diff changeset
261
643
aa11ab24ff3c auth tests
Alain Mazy <am@orthanc.team>
parents: 634
diff changeset
262 o.get_json(f"/system")
aa11ab24ff3c auth tests
Alain Mazy <am@orthanc.team>
parents: 634
diff changeset
263 o.get_json(f"/plugins")
aa11ab24ff3c auth tests
Alain Mazy <am@orthanc.team>
parents: 634
diff changeset
264 o.get_json(f"/plugins/dicom-web")
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
265
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
266
659
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
267 def test_uploader_a(self):
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
268
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
269 o_admin = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-admin"})
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
270 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-uploader-a"})
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
271
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
272 # # make sure we can access all these urls (they would throw if not)
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
273 system = o.get_system()
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
274 # time.sleep(10000)
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
275
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
276 all_labels = o.get_all_labels()
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
277 self.assertEqual(1, len(all_labels))
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
278 self.assertEqual("label_a", all_labels[0])
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
279
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
280 # make sure we can access only the label_a studies
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
281 self.assert_is_forbidden(lambda: o.studies.get_tags(self.label_b_study_id))
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
282 self.assert_is_forbidden(lambda: o.studies.get_tags(self.no_label_study_id))
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
283
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
284 # uploader-a shall be able to upload a study
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
285 instances_ids = o.upload_file(here / "../../Database/Beaufix/IM-0001-0001.dcm")
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
286 o_admin.instances.delete(orthanc_ids=instances_ids)
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
287
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
288 # uploader-a shall be able to upload a study through DICOMWeb too
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
289 o.upload_files_dicom_web(paths = [here / "../../Database/Beaufix/IM-0001-0001.dcm"])
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
290 o_admin.instances.delete(orthanc_ids=instances_ids)
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
291
3ac37a99a093 new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents: 643
diff changeset
292
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
293 def test_resource_token(self):
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
294
590
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
295 o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-a-study"})
634
Alain Mazy <am@osimis.io>
parents: 633
diff changeset
296
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
297 # with a resource token, we can access only the given resource, not generic resources or resources from other studies
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
298
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
299 # generic resources are forbidden
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
300 self.assert_is_forbidden(lambda: o.studies.find(query={"PatientName": "KNIX"}, # tools/find is forbidden with a resource token
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
301 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
302 labels_constraint='Any'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
303 self.assert_is_forbidden(lambda: o.get_all_labels())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
304 self.assert_is_forbidden(lambda: o.studies.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
305 self.assert_is_forbidden(lambda: o.patients.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
306 self.assert_is_forbidden(lambda: o.series.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
307 self.assert_is_forbidden(lambda: o.instances.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
308 self.assert_is_forbidden(lambda: o.get_json('patients?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
309 self.assert_is_forbidden(lambda: o.get_json('studies?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
310 self.assert_is_forbidden(lambda: o.get_json('series?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
311 self.assert_is_forbidden(lambda: o.get_json('instances?expand'))
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
312 self.assert_is_forbidden(lambda: o.get_json('studies'))
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
313 self.assert_is_forbidden(lambda: o.get_json('studies/'))
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
314
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
315 # some resources are still accessible to the 'anonymous' user -> does not throw
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
316 o.get_system()
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
317 o.lookup("1.2.3") # this route is still explicitely authorized because it is used by Stone
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
318
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
319 # other studies are forbidden
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
320 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id))
621
9f867dc595e2 fix concurrency tests
Alain Mazy <am@osimis.io>
parents: 590
diff changeset
321 if self.o.is_orthanc_version_at_least(1, 12, 2):
590
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
322 self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.label_b_study_id}"))
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
323 self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.label_b_series_id}"))
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
324 # if one of the studies is forbidden, the resource is forbidden
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
325 self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_study_id}"))
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
326
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
327 # the label_a study is allowed
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
328 o.studies.get_series_ids(self.label_a_study_id)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
329
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
330 # test with DicomWEB routes + sub-routes
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
331 o.get_binary(f"dicom-web/studies/{self.label_a_study_dicom_id}")
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
332 o.get_json(f"dicom-web/studies/{self.label_a_study_dicom_id}/metadata")
581
cbb9045e0ffa more auth tests
Alain Mazy <am@osimis.io>
parents: 579
diff changeset
333 o.get_json(f"dicom-web/studies/{self.label_a_study_dicom_id}/series")
578
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
334 o.get_binary(f"dicom-web/studies/{self.label_a_study_dicom_id}/series/{self.label_a_series_dicom_id}")
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
335 o.get_json(f"dicom-web/studies/{self.label_a_study_dicom_id}/series/{self.label_a_series_dicom_id}/metadata")
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
336 o.get_binary(f"dicom-web/studies/{self.label_a_study_dicom_id}/series/{self.label_a_series_dicom_id}/instances/{self.label_a_instance_dicom_id}")
c474f0f815b6 more authorization tests
Alain Mazy <am@osimis.io>
parents: 577
diff changeset
337 o.get_json(f"dicom-web/studies/{self.label_a_study_dicom_id}/series/{self.label_a_series_dicom_id}/instances/{self.label_a_instance_dicom_id}/metadata")
581
cbb9045e0ffa more auth tests
Alain Mazy <am@osimis.io>
parents: 579
diff changeset
338 o.get_json(f"dicom-web/studies?StudyInstanceUID={self.label_a_study_dicom_id}")
cbb9045e0ffa more auth tests
Alain Mazy <am@osimis.io>
parents: 579
diff changeset
339 o.get_json(f"dicom-web/studies?0020000D={self.label_a_study_dicom_id}")
cbb9045e0ffa more auth tests
Alain Mazy <am@osimis.io>
parents: 579
diff changeset
340 o.get_json(f"dicom-web/series?0020000D={self.label_a_study_dicom_id}")
cbb9045e0ffa more auth tests
Alain Mazy <am@osimis.io>
parents: 579
diff changeset
341 o.get_json(f"dicom-web/instances?0020000D={self.label_a_study_dicom_id}")
590
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
342
621
9f867dc595e2 fix concurrency tests
Alain Mazy <am@osimis.io>
parents: 590
diff changeset
343 if self.o.is_orthanc_version_at_least(1, 12, 2):
590
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
344 o.get_binary(f"tools/create-archive?resources={self.label_a_study_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
345 o.get_binary(f"tools/create-archive?resources={self.label_a_series_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
346
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
347
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
348 # now test with token-both
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
349 o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-both-studies"})
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
350
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
351 # other studies are forbidden
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
352 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.no_label_study_id))
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
353 self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.no_label_study_id}"))
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
354
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
355 # any of both or both studies together are allowed
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
356 o.get_binary(f"tools/create-archive?resources={self.label_a_study_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
357 o.get_binary(f"tools/create-archive?resources={self.label_b_series_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
358 o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_study_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
359 o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_series_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
360 o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_instance_id}")
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
361
c28bd957cb93 new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents: 581
diff changeset
362