Sonador/Orthanc: access control (ACL) functional tests for global resource permissions (!3) · Merge requests · Oak-Tree / Medical Imaging / Sonador Functional Test Suite · GitLab

Brandon Harper requested to merge bharp/nsync-hpop-tests into roakes/nsync-hpop Mar 28, 2024

Test 1: upload data to Sonador and grant access to a second user
- Admin creates a policy to authorize upload to Sonador
- Image is uploaded to the server
- Admin user grants access to the test user via a global policy to access the image
- User successfully downloads the image
- Admin revokes the policy by setting view permission to false
- Test user attempts to download the image and receives a 403 error, triggering a ClientOperationError
Test 2: query server permission. Check that a test user receives a 403 error if they do not have a query permission.
- Admin creates a policy with query permissions
- Known data is uploaded by the admin
- Test user executes a query to search the uploaded data
- Policy is revoked
- Test user receives a 403 when attempting to utilize the query endpoint (rapid_lookup=True)

Mediating access to resources using global policies:

Test 1: series access permission (view)
Test 2: study access permission (view)
Test 3: patient access permissions (view)

Refer to %Sonador Security Extensions: Access Control (SN MS1) and oak-tree/medical-imaging/sonador#53 for requirements and background. Refer to sonador-examples!13 for engineering/implementation notes`.

Edited Apr 29, 2024 by Rob Oakes