def do_GET(self):
# List all the users
# Respond with their e-mail adresses and full names
if self.path == AuthorizationHandler.PATH_USER_ADMINISTRATION:
# TODO First query user priviledges
# Query the users in the database
users = sm.query(OrthancUser).all()
# Extract their mail and fullname and convert this into tuples
user_mails_fullnames = list(
map(lambda x: (x.e_mail, x.full_name), users))
# Pack to a dict and respond
response_dict = {'user-ids': dict(user_mails_fullnames)}
self.sendResponseDict(response_dict)
# List all patients registered in the service
elif self.path == AuthorizationHandler.PATH_PATIENT_ADMINISTRATION:
# Respond with a dict full of patient ids
patients = sm.query(Patient).all()
patient_ids = list(map(lambda x: (x.orthanc_pid), patients))
response_dict = {
AuthorizationHandler.TOKEN_ORTHANC_ID + 's': patient_ids
}
self.sendResponseDict(response_dict)
def addAccessPermission(self, json_dict):
if self.checkRights(json_dict[E_MAIL_MELLON]) is False:
return None
e_mail, patient_id = AuthorizationHandler.extractAccessPermissionParams(
json_dict)
# Patient must exist...
patient = sm.query(Patient).filter_by(orthanc_pid=patient_id).first()
user = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
patient.permitted_users.append(user)
sm.add(patient)
sm.commit()
pass
def removeAccessPermission(self, json_dict):
if self.checkRights(json_dict[E_MAIL_MELLON]) is False:
return None
e_mail, patient_id = AuthorizationHandler.extractAccessPermissionParams(
json_dict)
# Patient must exist...
patient = sm.query(Patient).filter_by(orthanc_pid=patient_id).first()
user = filter(lambda x: x.e_mail == e_mail, patient.permitted_users)
if len(user) == 0:
# @TODO log this
print "User %s has no priviledges to remove at patient %s" % (
e_mail, patient_id)
else:
user = user[0]
patient.permitted_users.remove(user)
sm.add(patient)
sm.commit()
# to_delete = sm.query(AccessPermission).filter_by(patient_id=patient_id, user_id=user_id).first()
# sm.delete(to_delete)
# sm.commit()
pass
def removeUser(self, json_dict):
e_mail, access_level, full_name = AuthorizationHandler.extractUserModification(
json_dict)
to_delete = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
# @TODO remove associated priviledges
if to_delete:
sm.delete(to_delete)
sm.commit()
def removePatient(self, json_dict):
patient_id = AuthorizationHandler.extractPatient(json_dict)
to_delete = sm.query(Patient).filter_by(orthanc_pid=patient_id).first()
# @TODO remove associated priviledges
if to_delete is not None:
sm.delete(to_delete)
sm.commit()
pass
def checkRights(self, e_mail):
user = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
# If user does not exist
if user is None:
return False
# Nurses or Students can't grant privileges
if user.access_level < ACCESS_LEVELS.PHYSISCIAN:
return False
return True
def addUser(self, json_dict):
uid = list(map(lambda x: x.uid, sm.query(OrthancUser)))
if len(uid) == 0:
uid = 0
else:
uid = max(uid)
uid = uid + 1
e_mail, access_level, full_name = AuthorizationHandler.extractUserModification(
json_dict)
user = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
if user is None:
new_user = OrthancUser(uid, full_name, e_mail, access_level)
sm.add(new_user)
sm.commit()
else:
# UPDATE
user.access_level = access_level
user.full_name = full_name
sm.commit()
pass
def addPatient(self, json_dict):
patient_id = AuthorizationHandler.extractPatient(json_dict)
if sm.query(Patient).filter_by(orthanc_pid=patient_id).first() is None:
# ADD PATIENT
patient = Patient(patient_id, ACCESS_LEVELS.NURSE)
sm.add(patient)
sm.commit()
pass
else:
# DO NOTHING
# @TODO Log this instead of printing
print "Patient %s already registered" % patient_id
pass
def updateUser(self, json_dict):
e_mail, access_level, full_name = extractUserModification(json_dict)
to_update = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
if to_update.full_name != full_name:
return
if to_update.access_level != access_level:
to_update.access_level = access_level
pass
# Update
sm.add(to_update)
sm.commit()
def do_POST(self):
# Get the json dict which is included in all post requests
content_len = int(self.headers.getheader('content-length', 0))
post_body = self.rfile.read(content_len)
json_dict = self.parse_json_dict(post_body)
# Call the methods which are for setting the corresponding object
# Adding Permissions / objects to the service
# Add user to the Server with specified attributes
if self.path == AuthorizationHandler.PATH_USER_ADMINISTRATION:
self.addUser(json_dict)
self.send_response(200)
# Add an access permission to a patient for a user
elif self.path == AuthorizationHandler.PATH_ACCESS_ADMINISTRATION:
self.addAccessPermission(json_dict)
self.send_response(200)
# Add patient to the service with the specified access level
elif self.path == AuthorizationHandler.PATH_PATIENT_ADMINISTRATION:
self.addPatient(json_dict)
self.send_response(200)
# Check if user may grant permissions
elif self.path == AuthorizationHandler.GRANT_PRIVILEGE_ACCESS:
e_mail = json_dict[E_MAIL_MELLON]
user = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
# Acess to priviledge adminstration granted?
# -> For adminstration of this service
response_dict = {
'access-level': user.access_level,
'grant-permissions':
user.access_level >= user.ACCESS_LVL_PHYSICIAN
}
content = json.dumps(response_dict, ensure_ascii=False)
self.send_response(200)
self.send_header("Content-Length", len(content))
self.send_header("Content-Type", "text/json")
self.end_headers()
self.wfile.write(content)
# For access to a ressource requests by Orthanc
# Access requests in the PACS
elif self.path == AuthorizationHandler.GRANT_ACCESS_PATH:
# Level defines the type of ressource
level = json_dict["level"]
# Extract the mail and name of accessing user
e_mail = json_dict[E_MAIL_MELLON]
name = json_dict[NAME_MELLON]
# Grant the access
response_dict = {"granted": False, "validity": 5}
# If the level is patient -> Check if the user may access the patient
if level == "patient":
# Orthanc id of the patient
orthanc_id = json_dict[TOKEN_ORTHANC_ID]
# Query patient and user
# @TODO Get patient
patient = sm.query(Patient).filter_by(
orthanc_pid=orthanc_id).first()
user = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
# Add patient to access managment if he / she is not registered
if patient is None:
dict_to_add = {
AuthorizationHandler.TOKEN_ORTHANC_ID: orthanc_id
}
self.addPatient(dict_to_add)
# Query the stored patient for further proceeding
patient = sm.query(Patient).filter_by(
orthanc_pid=orthanc_id).first()
# Add the user if he / she is not registered
if user is None:
# Add the user with default access level
dict_to_add = {
MOD_E_MAIL_MELLON: e_mail,
MOD_NAME_MELLON: name,
TOKEN_ACCESS_LEVEL: ACCESS_LEVELS.GET_DEFAULT()
}
self.addUser(dict_to_add)
# Query for further proceeding
user = sm.query(Patient).filter_by(
orthanc_pid=orthanc_id).first()
# If the patient may be accessed because of the general privileges
if user.access_level >= patient.access_lvl:
response_dict["granted"] = True
# If the patient may be accessed by specific privileges
elif user in patient.permitted_users:
response_dict["granted"] = True
# Access -> System in general
elif level == "system":
# Extract the uri
uri = json_dict["uri"]
# Get the user to assess the privileges
user = sm.query(OrthancUser).filter_by(e_mail=e_mail).first()
# TODO Access for user administration and user query
uris_admin = ["priviledgeAdministration"]
if uri in uris_admin:
if user.access_level >= ACCESS_LEVELS.PHYSISCIAN:
response_dict["granted"] = True
# Generally grant access to Orthanc browser to everyone in the System
elif uri is "/":
response_dict["granted"] = True
pass
else:
response_dict["granted"] = True
# Write the json into a string and send it as response
content = json.dumps(response_dict, ensure_ascii=False)
self.send_response(200)
self.send_header("Content-Length", len(content))
self.send_header("Content-Type", "text/json")
self.end_headers()
self.wfile.write(content)
pass
