pool/orthanc-authorization
SHA256
17
0
Fork 0
Code Issues Pull Requests Activity
Files
factory
orthanc-authorization/orthanc-authorization.changes
Axel Braun 8eb3913840 - version 0.10.2 
* New default permissions to add/delete modalities through the Rest API
    https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137
  * New standard configuration "stl"

OBS-URL: https://build.opensuse.org/package/show/graphics/orthanc-authorization?expand=0&rev=15
2025-10-12 17:56:15 +00:00

104 lines
5.1 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Sun Oct 12 14:19:00 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- version 0.10.2
* New default permissions to add/delete modalities through the Rest API
https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137
* New standard configuration "stl"
-------------------------------------------------------------------
Wed Sep 10 09:21:10 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- remove libboost_system-devel for TW (removed in boost 1.89)-
-------------------------------------------------------------------
Mon Aug 18 13:53:03 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- version 0.10.1
* Fix audit-logs export in CSV format.
* New configuration "ExtraPermissions" to ADD new permissions to
the default "Permissions" entries.
* Improved handling of "Anonymous" user profiles (when no auth-tokens
are provided): The plugin will now request the auth-service to
get an anonymous user profile even if there are no auth-tokens in the
HTTP request.
* The User profile can now contain a "groups" field if the auth-service
provides it.
* The User profile can now contain an "id" field if the auth-service
provides it.
* New experimental feature: audit-logs
- Enabled by the "EnableAuditLogs" configuration.
- Audit-logs are currently handled by the PostgreSQL plugin and can be
browsed through the route /auth/audit-logs.
- New default permission "audit-logs" to grant access to the
"/auth/audit-logs" route.
* Fix: The "server-id" field is now included in all requests sent to the
auth-service.
-------------------------------------------------------------------
Mon Jul 14 12:56:31 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- version 0.9.4
* Fixed a security issue: the entries in the cache token->permissions were kept too long in the cache
allowing users to have access to generic routes even with an expired token.
These entries are now stored maximum for 10 seconds.
Note that the validity duration of the token->user-profile entries is determined by the auth-service;
typically 60 seconds.
* New default permissions to Q&R remote modalities
* The /tokens/decode route now returns 2 additionnal fields:
"ResourcesDicomIds" and "ResourcesOrthancIds".
This will only work if the authorization service returns a "resources" field to the /tokens/decode route.
* Maintenance: Use Orthanc SDK 1.12.4 by default to benefit from more detailed logging.
* Fix default permission for /dicom-web/servers/../stow
* When calling /dicom-web/studies with a resource token when no StudyInstanceUID
is specified in the query args, the plugin now adds a filter on StudyInstanceUID=X|Y where
X & Y are the StudyInstanceUIDs of the resource token.
This will only work if the authorization service returns a "resources" field to the /tokens/decode route.
This notably prevents OHIF to display errors when requesting
prior studies while still preserving the security since only the authorized resources are returned.
-------------------------------------------------------------------
Mon May 5 19:26:55 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- Version 0.9.2
* When calling /dicom-web/studies with a resource token when no StudyInstanceUID
is specified in the query args, the plugin now returns an empty list of resources
instead of returning a 403. This notably prevents OHIF to display errors when requesting
prior studies while still preserving the security since no resources are returned.
* Added support for /dicom-web/studies/../thumbnail.
* static_build.patch removed (upstream)
-------------------------------------------------------------------
Thu Apr 10 17:08:28 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- version 0.9.1
* static_build.patch added
* The plugin is now using the HttpClient from the Orthanc core instead of its
own HttpClient which should enable support for https since the plugin
is not built with SSL support.
* New default permission to upload to ^/DICOM_WEB_ROOT/studies/([.0-9]+)
(https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=244)
-------------------------------------------------------------------
Thu Feb 27 18:14:19 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- version 0.9.0
* The plugin now filters out all unauthorized labels from the "Labels" fields
in the responses of these API routes:
- /tools/find
- /studies/{id} & similar routes
- /studies/{id}/series & similar routes
- /series/{id}/study & similar routes
- /series/{id}/labels & similar routes
In the past, this was only done in /tools/labels
* Allow using the auth-plugin together with "AuthenticationEnabled": true.
https://discourse.orthanc-server.org/t/user-based-access-control-with-label-based-resource-access/5454
* Added a default permission for /auth/tokens/volview-viewer-publication
* New standard configuration "volview"
-------------------------------------------------------------------
Fri Jan 24 11:54:53 UTC 2025 - Axel Braun <axel.braun@gmx.de>
- version 0.8.2
* initial OBS build
Reference in New Issue View Git Blame Copy Permalink