# HG changeset patch
# User Alain Mazy <am@orthanc.team>
# Date 1742814241 -3600
# Node ID ba2b2ae608286dfc88d771ac5a883a3f77fc3e22
# Parent  fb7b30e74577e03d416fc77ca2cd9f8e203878e9
new tests for auth

diff -r fb7b30e74577 -r ba2b2ae60828 NewTests/Authorization/test_authorization.py
--- a/NewTests/Authorization/test_authorization.py	Fri Mar 21 18:14:36 2025 +0100
+++ b/NewTests/Authorization/test_authorization.py	Mon Mar 24 12:04:01 2025 +0100
@@ -341,6 +341,16 @@
             o.upload_files_dicom_web(paths = [here / "../../Database/Beaufix/IM-0001-0001.dcm"])
             o_admin.instances.delete(orthanc_ids=instances_ids)
 
+        if o_admin.is_plugin_version_at_least("authorization", 0, 9, 1):
+
+            # uploader-a shall not be able to upload a study through DICOMWeb using /dicom-web/studies/<StudyInstanceUID of label_b>
+            self.assert_is_forbidden(lambda: o.upload_files_dicom_web(paths = [here / "../../Database/Knix/Loc/IM-0001-0002.dcm"], endpoint=f"/dicom-web/studies/{self.label_b_study_dicom_id}"))
+
+            # uploader-a shall be able to upload a study through DICOMWeb using /dicom-web/studies/<StudyInstanceUID of label_a>
+            o.upload_files_dicom_web(paths = [here / "../../Database/Knix/Loc/IM-0001-0002.dcm"], endpoint=f"/dicom-web/studies/{self.label_a_study_dicom_id}")
+
+            # note that, uploader-a is allowed to upload to /dicom-web/studies without checking any labels :-()
+            o.upload_files_dicom_web(paths = [here / "../../Database/Knix/Loc/IM-0001-0002.dcm"], endpoint=f"/dicom-web/studies")
 
     def test_resource_token(self):
 
diff -r fb7b30e74577 -r ba2b2ae60828 NewTests/requirements.txt
--- a/NewTests/requirements.txt	Fri Mar 21 18:14:36 2025 +0100
+++ b/NewTests/requirements.txt	Mon Mar 24 12:04:01 2025 +0100
@@ -1,3 +1,3 @@
-orthanc-api-client>=0.18.4
+orthanc-api-client>=0.18.5
 orthanc-tools>=0.13.0
 uvicorn
\ No newline at end of file