Skip to content

Implement support for Orthanc resource authorization grants API

Add client models and test cases for resource authorization API. Refer to oak-tree/medical-imaging/sonador#53, sonador#35, and orthanc-sonador#32 (closed).

Access to the resource auth system is needed from both the internal and DICOM-web API:

  • Internal endpoints
    • /patients/{ patient-id }/{user,group}/acl: list existing policies for a patient and create new ones
    • /patients/{ patient-id }/acl/{user,group}/{ policy-id }: retrieve details, update, and remove
    • /studies/{ study-id }/{user,group}/acl: list existing policies for a study and create new ones
    • /studies/{ study-id }/acl/{user,group}/{ policy-id }: retrieve details, update, and remove
    • /series/{ series-id }/acl/{user,group}: list existing policies for a series and create new ones
    • /series/{ series-id }/acl/{user,group}/{ policy-id }: retrieve details, update, and remove
  • DICOMweb endpoints: endpoints mirror the structure of the internal endpoints

Methods and behavior of ACL endpoints:

  • /{patients,studies,series}/{ resource-id }/{user,group}acl
    • GET: retrieve policies for the resource
    • POST: create new policy instance
  • /{patients,studies,series}/{ resource-id }/acl/{user,group}{ policy-id }
    • GET: retrieve details for the policy instance
    • PUT and PATCH: update the policy instance
    • DELETE: remove the policy instance
Edited by Rob Oakes