Implement modality permission checks so that "read-only" and "write-only" permissions can be enforced, preventing PACS modalities from querying data if they have not been authorized
The permissions and security for managing DICOM modalities is different that used for accessing resources via the REST interface (see #3 (closed)). The configuration for the DICOM modalities is described in the Orthanc book (see https://book.orthanc-server.com/faq/security.html#securing-the-dicom-server).
Development tasks:
-
The AllowEcho
,AllowFind
,AllowMove
,AllowGet
, andAllowStore
properties should be exposed as boolean fields on the DICOM modality model in Sonador (along with descriptons of what the properties control). -
Add the properties to the set of JSON that is sent to Orthanc when the "save" method is triggered. -
Add the properties to the JSON that is included in the REST API (in both standard and Orthanc specific flavors) so that the plugin will be able to accurately update DICOM modalities.
Requirements:
- Clearly document the permissions needed to implement "read-only" and "write-only" access to the server
- Read-only would allow for a user to retrieve studies, but not send them. A point we need clarification on is whether the "read-only" would require a user to know the UID of a instance in order to request it.
- Write-only would allow for a user to send data to the instance but not query or retrieve it. Required by Smith and Nephew in order to implement "write-only" image dropbox functionality.