Merge branch 'labels-perm' into main

minimal-setup/basic-auth/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:23.6.1
+    image: orthancteam/orthanc-nginx:23.9.0
     depends_on: [orthanc, orthanc-auth-service, orthanc-for-shares]
     restart: unless-stopped
     ports: ["80:80"]
@@ -22,7 +22,7 @@ services:
       ENABLE_HTTPS: "false"
 
   orthanc:
-    image: osimis/orthanc:current
+    image: osimis/orthanc:23.9.0
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -60,7 +60,7 @@ services:
         }
 
   orthanc-for-shares:
-    image: osimis/orthanc:current
+    image: osimis/orthanc:23.9.0
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -102,7 +102,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:labels-perm
+    image: orthancteam/orthanc-auth-service:23.9.0
     restart: unless-stopped
     environment:
       SECRET_KEY: "change-me-I-am-a-secret-key"

minimal-setup/keycloak-meddream-full/README.md

@@ -38,7 +38,7 @@ To start the setup, type: `docker compose up`.  Some containers will restart mul
 
 ## As an admin user
 
-- Open the Orthanc UI at [http://localhost/orthanc/ui/app/](http://localhost/orthanc/ui/app/) (login/pwd: `orthanc`/`change-me`)
+- Open the Orthanc UI at [http://localhost/orthanc/ui/app/](http://localhost/orthanc/ui/app/) (login/pwd: `admin`/`change-me`)
 - upload a dicom file in Orthanc
 - you may click `view the study in MedDream`
 - On the uploaded file, click on the `Share` button and then on `Share` in the dialog box and then on `Copy and close`

minimal-setup/keycloak-meddream-full/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:23.6.1
+    image: orthancteam/orthanc-nginx:23.9.0
     depends_on: [orthanc, orthanc-auth-service, orthanc-for-api, meddream-viewer, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -24,7 +24,7 @@ services:
       ENABLE_ORTHANC_FOR_API: "true"
 
   orthanc:
-    image: osimis/orthanc:23.6.1
+    image: osimis/orthanc:23.9.0
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -75,8 +75,11 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:23.6.1
+    image: orthancteam/orthanc-auth-service:23.9.0
     depends_on: [keycloak, meddream-token-service]
+    # permissions can be customized in the permissions.json file
+    volumes:
+      - ./permissions.jsonc:/orthanc_auth_service/permissions.json
     restart: unless-stopped
     environment:
       SECRET_KEY: "change-me-I-am-a-secret-key"
@@ -98,7 +101,7 @@ services:
       POSTGRES_HOST_AUTH_METHOD: "trust"
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:23.6.1
+    image: orthancteam/orthanc-keycloak:23.9.0
     depends_on: [keycloak-db]
     restart: unless-stopped
     environment:
@@ -121,11 +124,11 @@ services:
       POSTGRES_DB: "keycloak"
 
   meddream-token-service:
-    image: orthancteam/meddream-token-service:23.6.1
+    image: orthancteam/meddream-token-service:23.9.0
     restart: unless-stopped
 
   meddream-viewer:
-    image: orthancteam/meddream-viewer:23.6.1
+    image: orthancteam/meddream-viewer:23.9.0
     restart: unless-stopped
     depends_on:
       - orthanc-for-api
@@ -142,7 +145,7 @@ services:
 
   # An orthanc dedicated for API accesses and also used by MedDream
   orthanc-for-api:
-    image: osimis/orthanc:23.6.1
+    image: osimis/orthanc:23.9.0
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
       - ./meddream-plugin.py:/scripts/meddream-plugin.py

minimal-setup/keycloak-meddream-full/permissions.jsonc

@@ -0,0 +1,18 @@
+// "SPDX-FileCopyrightText: 2022 - 2023 Orthanc Team SRL <[email protected]>"
+// SPDX-License-Identifier: CC0-1.0
+{
+  "roles" : {
+    "admin-role": {
+      "permissions": ["all"],
+      "authorized_labels": ["*"]
+    },
+    "doctor-role": {
+      "permissions":["view", "download", "share", "send"],
+      "authorized_labels": ["*"]
+    },
+    "external-role": {
+      "permissions":["view", "download"],
+      "authorized_labels": ["external"]
+    }
+  }
+}

minimal-setup/keycloak/README.md

@@ -35,9 +35,10 @@ To start the setup, type: `docker compose up`.  Some containers will restart mul
 
 ## As an admin user
 
-- Open the Orthanc UI at [http://localhost/orthanc/ui/app/](http://localhost/orthanc/ui/app/) (login/pwd: `orthanc`/`change-me`)
-- upload a dicom file in Orthanc
-- On the uploaded file, click on the `Share` button and then on `Share` in the dialog box and then on `Copy and close`
+- Open the Orthanc UI at [http://localhost/orthanc/ui/app/](http://localhost/orthanc/ui/app/) (login/pwd: `admin`/`change-me`)
+- upload a few dicom studies in Orthanc
+- Add the `external` label to a few of the studies
+- On one of the uploaded studies, click on the `Share` button and then on `Share` in the dialog box and then on `Copy and close`
 - Keep the link in your clipboard.  You may share this link with an external user.
 - Go to `Profile` -> `Logout`
 
@@ -52,11 +53,15 @@ To start the setup, type: `docker compose up`.  Some containers will restart mul
 - Open the Orthanc UI at [http://localhost/orthanc/ui/app/](http://localhost/orthanc/ui/app/) (login/pwd: `doctor`/`change-me`)
 - The doctor user is a restricted user who can browse the whole set of studies but who can not upload/modify/delete them.
 
+## As an external user
+
+- Open the Orthanc UI at [http://localhost/orthanc/ui/app/](http://localhost/orthanc/ui/app/) (login/pwd: `external`/`change-me`)
+- This user can only see the studies that have been tagged with the `external` tag.
 
 # Accessing this demo from a remote client
 
-If you wish to access this demo from a remote computer, you must tell the setup on which domain it is accessible (in this sample: `mydomain.com`).
-Then, you should update these settings:
+If you wish to access this demo from a remote computer, you must configure the domain on which this setup is accessible (in this sample: `mydomain.com`).
+Update these settings:
 - orthanc: ORTHANC_JSON -> OrthancExplorer2 -> Keycloak -> "Url": "http://mydomain.com/keycloak/"
 - keycloak: KC_HOSTNAME_URL: "http://mydomain.com/keycloak"
 - keycloak: KC_HOSTNAME_ADMIN_URL: "http://mydomain.com/keycloak"

minimal-setup/keycloak/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:23.6.1
+    image: orthancteam/orthanc-nginx:23.9.0
     depends_on: [orthanc, orthanc-auth-service, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -23,7 +23,7 @@ services:
       ENABLE_OHIF: "true"
 
   orthanc:
-    image: osimis/orthanc:current
+    image: osimis/orthanc:23.9.0
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -76,7 +76,10 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:current
+    image: orthancteam/orthanc-auth-service:23.9.0
+    # permissions can be customized in the permissions.json file
+    volumes:
+      - ./permissions.jsonc:/orthanc_auth_service/permissions.json
     depends_on: [keycloak]
     restart: unless-stopped
     environment:
@@ -98,17 +101,19 @@ services:
       POSTGRES_HOST_AUTH_METHOD: "trust"
 
   ohif:
-    image: orthancteam/ohif-v3:23.6.1
+    image: orthancteam/ohif-v3:23.9.0
 #  uncomment if you want to customize ohif configuration
 #    volumes:
 #      - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js
     restart: unless-stopped
 
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:labels-perm
+    image: orthancteam/orthanc-keycloak:23.9.0
     depends_on: [keycloak-db]
     restart: unless-stopped
+#    healthcheck:
+#      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
     environment:
       KEYCLOAK_ADMIN: "admin"
       KEYCLOAK_ADMIN_PASSWORD: "change-me"

minimal-setup/keycloak/permissions.jsonc

@@ -0,0 +1,18 @@
+// "SPDX-FileCopyrightText: 2022 - 2023 Orthanc Team SRL <[email protected]>"
+// SPDX-License-Identifier: CC0-1.0
+{
+  "roles" : {
+    "admin-role": {
+      "permissions": ["all"],
+      "authorized_labels": ["*"]
+    },
+    "doctor-role": {
+      "permissions":["view", "download", "share", "send"],
+      "authorized_labels": ["*"]
+    },
+    "external-role": {
+      "permissions":["view", "download"],
+      "authorized_labels": ["external"]
+    }
+  }
+}

release-notes.md

@@ -4,11 +4,16 @@ SPDX-FileCopyrightText: 2022 - 2023 Orthanc Team SRL <[email protected]>
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
-v x.x.x
+v 23.9.0
 ========
 BREAKING CHANGES:
 - the format of the permissions.json file has changed to include `permissions` and `authorized_labels`.
 
+- added support of labels permissions (via `authorized_labels` in user roles and user profiles)
+
+BREAKING CHANGES:
+- the format of the permissions.json file has changed to include `permissions` and `authorized_labels`.
+
 - nginx: added proxy parameters to handle large headers
 - added `OHIF_DATA_SOURCE` env var defaulting to `dicom-web`
 

sources/orthanc_auth_service/permissions.json

@@ -1,5 +1,6 @@
 {
   "roles" : {
+<<<<<<< HEAD
     "admin": {
       "permissions": ["all"],
       "authorized_labels": ["*"]
@@ -11,6 +12,19 @@
     "students": {
       "permissions":["view", "download"],
       "authorized_labels": ["students"]
+=======
+    "admin-role": {
+      "permissions": ["all"],
+      "authorized_labels": ["*"]
+    },
+    "doctor-role": {
+      "permissions":["view", "download", "share", "send"],
+      "authorized_labels": ["*"]
+    },
+    "external-role": {
+      "permissions":["view", "download"],
+      "authorized_labels": ["external"]
+>>>>>>> labels-perm
     }
   }
 }