Draft: Sonador/Orthanc: access control (ACL) global/local, IdP token validation, and sharing API functional test cases

• Test 1: upload data to Sonador and grant access to a second user
  • Admin creates a policy to authorize upload to Sonador
  • Image is uploaded to the server
  • Admin user grants access to the test user via a global policy to access the image
  • User successfully downloads the image
  • Admin revokes the policy by setting view permission to false
  • Test user attempts to download the image and receives a 403 error, triggering a ClientOperationError
• Test 2: query server permission. Check that a test user receives a 403 error if they do not have a query permission.
  • Admin creates a policy with query permissions
  • Known data is uploaded by the admin
  • Test user executes a query to search the uploaded data
  • Policy is revoked
  • Test user receives a 403 when attempting to utilize the query endpoint (rapid_lookup=True)

Mediating access to resources using global policies:

• Test 1: series access permission (view)
• Test 2: study access permission (view)
• Test 3: patient access permissions (view)

Refer to %Sonador Security Extensions: Access Control (SN MS1) and oak-tree/medical-imaging/sonador#53 for requirements and background. Refer to sonador-examples!13 (merged) for engineering/implementation notes`.