in python/website/research_pacs/website/permission.py [0:0]
def _validate_and_adapt_permissions_file(permissions):
"""
Validate the content of the permissions file:
Profiles: dict List of profiles
Profile1: dict Profile specifications
Description: str Profile description
DICOMQueryFilter: str [Optional] You can restrict access for this profile
to a subset of DICOM instances only, by specifying a
query similar to searching or exporting DICOM
instances.
OrthancPathPatterns: dict You can specify a list of Orthanc path patterns for
this profile that users can request directly. If you
specify a query filter in `DICOMQueryFilter`, this
parameter is ignored, because it is not possible to
restrict access to specific DICOM instances when
providing a direct access to Orthanc Explorer or APIs
Allow: str or list List of path patterns to allow in the form "VERB /path"
Deny: str or list List of path patterns to deny in the form "VERB /path"
Profile2: ...
Permissions:
- Users: str or list Users attached to the profiles in `Profiles`. There
must be at least Users or Groups defined.
Groups: str or list Groups attached to the profiles in `Profiles`. There
must be at least Users or Groups defined.
Profiles: str or list List of profiles attached to the users or groups
- ...
"""
# Profiles
rpacs_v.check_dict_attribute_exists_and_type(permissions, 'Profiles', dict, 'permissions')
for profile_name, profile in rpacs_v.enumerate_dict_and_check_item_type(permissions['Profiles'], dict, f'permissions["Profiles"]'):
profile_path = f'permissions["Profiles"]["{profile_name}"]'
rpacs_v.check_dict_attribute_exists_and_type(profile, 'Description', str, profile_path)
# Check that `DICOMQueryFilter` is valid, if it is specified and not empty. Translate and
# store the associated JSON Path query into `profile['JSONPathQuery']`
if 'DICOMQueryFilter' in profile and profile['DICOMQueryFilter'] != '':
assert not 'OrthancPathPatterns' in profile, f'{profile_path} cannot have both "DICOMQueryFilter" and "OrthancPathPatterns" specified'
try:
profile['JSONPathQuery'] = rpacs_dicom_json.translate_query_to_jsonpath(profile['DICOMQueryFilter'])
except:
raise Exception(f'{profile_path}["DICOMQueryFilter"] is not a valid query')
if rpacs_v.check_dict_attribute_exists_and_type(profile, 'OrthancPathPatterns', dict, profile_path, optional=True):
path_patterns = profile['OrthancPathPatterns']
for action in ('Allow', 'Deny'):
if action in path_patterns:
path_patterns[action]= rpacs_v.check_or_form_list_of_str(path_patterns[action], f'{profile_path}["OrthancPathPatterns"]["{action}"]')
for i_pattern, pattern in enumerate(path_patterns[action]):
assert len(pattern.split(' ')) == 2, f'{profile_path}["OrthancPathPatterns"]["{action}"][{i_pattern}] must be in the form "VERB /path"'
# Permissions
rpacs_v.check_dict_attribute_exists_and_type(permissions, 'Permissions', list, 'permissions')
for i_permission, permission in rpacs_v.enumerate_list_and_check_item_type(permissions['Permissions'], dict, f'permissions["Permissions"]'):
permissions_path = f'permissions["Permissions"][{i_permission}]'
assert 'Users' in permission or 'Groups' in permission, f'Missing "Users" or "Groups" in {permissions_path}'
assert 'Profiles' in permission, f'Missing "Profiles" in {permissions_path}]'
for key in ('Users', 'Groups', 'Profiles'):
if key in permission:
permission[key] = rpacs_v.check_or_form_list_of_str(permission[key], f'{profile_path}["{key}"]')
for profile_name in permission['Profiles']:
assert profile_name in permissions['Profiles'].keys(), f'"{profile_name}" in {permissions_path}["Profiles"] does not exist'
return permissions