# HG changeset patch # User Alain Mazy # Date 1700911425 -3600 # Node ID c28bd957cb939e4291b09af14f179df6e637bb1a # Parent 47b87c87213b1c73e119516dd035e2ad95308a18 new tests for auth wrt /tools/create-media diff -r 47b87c87213b -r c28bd957cb93 NewTests/Authorization/auth_service.py --- a/NewTests/Authorization/auth_service.py Fri Nov 24 18:15:10 2023 +0100 +++ b/NewTests/Authorization/auth_service.py Sat Nov 25 12:23:45 2023 +0100 @@ -57,8 +57,12 @@ logging.info("validating token: " + request.json()) granted = False - if request.token_value == "token-knix-study": + if request.token_value == "token-a-study": granted = request.orthanc_id == "b9c08539-26f93bde-c81ab0d7-bffaf2cb-a4d0bdd0" + if request.token_value == "token-b-study": + granted = request.orthanc_id == "27f7126f-4f66fb14-03f4081b-f9341db2-53925988" + if request.token_value == "token-both-studies": + granted = request.orthanc_id in ["b9c08539-26f93bde-c81ab0d7-bffaf2cb-a4d0bdd0", "27f7126f-4f66fb14-03f4081b-f9341db2-53925988"] response = TokenValidationResponse( granted=granted, diff -r 47b87c87213b -r c28bd957cb93 NewTests/Authorization/test_authorization.py --- a/NewTests/Authorization/test_authorization.py Fri Nov 24 18:15:10 2023 +0100 +++ b/NewTests/Authorization/test_authorization.py Sat Nov 25 12:23:45 2023 +0100 @@ -121,6 +121,8 @@ cls.no_label_instance_dicom_id = o.instances.get_tags(cls.no_label_instance_id)["SOPInstanceUID"] + def is_orthanc_version_at_least_1_12_2(self, orthanc_client: OrthancApiClient): + return orthanc_client.get_system()["ApiVersion"] >= 22 def assert_is_forbidden(self, api_call): with self.assertRaises(orthanc_exceptions.HttpError) as ctx: @@ -250,7 +252,7 @@ def test_resource_token(self): - o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-knix-study"}) + o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-a-study"}) # with a resource token, we can access only the given resource, not generic resources or resources from other studies @@ -276,6 +278,11 @@ # other studies are forbidden self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id)) + if self.is_orthanc_version_at_least_1_12_2(o): + self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.label_b_study_id}")) + self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.label_b_series_id}")) + # if one of the studies is forbidden, the resource is forbidden + self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_study_id}")) # the label_a study is allowed o.studies.get_series_ids(self.label_a_study_id) @@ -292,3 +299,24 @@ o.get_json(f"dicom-web/studies?0020000D={self.label_a_study_dicom_id}") o.get_json(f"dicom-web/series?0020000D={self.label_a_study_dicom_id}") o.get_json(f"dicom-web/instances?0020000D={self.label_a_study_dicom_id}") + + if self.is_orthanc_version_at_least_1_12_2(o): + o.get_binary(f"tools/create-archive?resources={self.label_a_study_id}") + o.get_binary(f"tools/create-archive?resources={self.label_a_series_id}") + + + # now test with token-both + o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-both-studies"}) + + # other studies are forbidden + self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.no_label_study_id)) + self.assert_is_forbidden(lambda: o.get_binary(f"tools/create-archive?resources={self.no_label_study_id}")) + + # any of both or both studies together are allowed + o.get_binary(f"tools/create-archive?resources={self.label_a_study_id}") + o.get_binary(f"tools/create-archive?resources={self.label_b_series_id}") + o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_study_id}") + o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_series_id}") + o.get_binary(f"tools/create-archive?resources={self.label_b_study_id},{self.label_a_instance_id}") + +