edit study_iuids & accNum in patient jwt to array
This commit is contained in:
@@ -63,7 +63,7 @@ func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) {
|
||||
case "patient":
|
||||
// For patients requesting study list, filter to only show their studies
|
||||
if strings.HasPrefix(urlPath, "/studies") && !strings.Contains(urlPath, "/") {
|
||||
// Check if multiple studies are available in the claim
|
||||
// Check if studies are available in the claim
|
||||
if len(claims.StudyIUIDs) > 0 {
|
||||
// Remove existing StudyInstanceUID param if it exists
|
||||
queryParams.Del("StudyInstanceUID")
|
||||
@@ -71,12 +71,9 @@ func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) {
|
||||
// For DICOMweb, we can use comma-separated UIDs
|
||||
queryParams.Set("StudyInstanceUID", strings.Join(claims.StudyIUIDs, ","))
|
||||
|
||||
h.logger.Debug("Filtering by multiple studies",
|
||||
h.logger.Debug("Filtering by studies",
|
||||
zap.Strings("studies", claims.StudyIUIDs),
|
||||
)
|
||||
} else if claims.StudyIUID != "" {
|
||||
// Fallback for backward compatibility - ensure only the patient's study is shown
|
||||
queryParams.Set("StudyInstanceUID", claims.StudyIUID)
|
||||
}
|
||||
} else if strings.HasPrefix(urlPath, "/studies/") {
|
||||
// This is a request for a specific study - check if the patient is authorized
|
||||
@@ -90,21 +87,14 @@ func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) {
|
||||
// Check if this study is in the patient's authorized studies
|
||||
authorized := false
|
||||
|
||||
// First check StudyIUIDs array
|
||||
if len(claims.StudyIUIDs) > 0 {
|
||||
for _, id := range claims.StudyIUIDs {
|
||||
if id == studyID {
|
||||
authorized = true
|
||||
break
|
||||
}
|
||||
// Check StudyIUIDs array
|
||||
for _, id := range claims.StudyIUIDs {
|
||||
if id == studyID {
|
||||
authorized = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// Then check single StudyIUID for backward compatibility
|
||||
if !authorized && claims.StudyIUID == studyID {
|
||||
authorized = true
|
||||
}
|
||||
|
||||
// If not authorized, return 403 Forbidden
|
||||
if !authorized {
|
||||
h.logger.Warn("Unauthorized study access attempt",
|
||||
|
||||
Reference in New Issue
Block a user