edit study_iuids & accNum in patient jwt to array

This commit is contained in:
mario
2025-05-13 10:07:16 +07:00
parent 2d1f135fda
commit 0d4825d152
7 changed files with 34 additions and 89 deletions

View File

@@ -63,7 +63,7 @@ func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) {
case "patient":
// For patients requesting study list, filter to only show their studies
if strings.HasPrefix(urlPath, "/studies") && !strings.Contains(urlPath, "/") {
// Check if multiple studies are available in the claim
// Check if studies are available in the claim
if len(claims.StudyIUIDs) > 0 {
// Remove existing StudyInstanceUID param if it exists
queryParams.Del("StudyInstanceUID")
@@ -71,12 +71,9 @@ func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) {
// For DICOMweb, we can use comma-separated UIDs
queryParams.Set("StudyInstanceUID", strings.Join(claims.StudyIUIDs, ","))
h.logger.Debug("Filtering by multiple studies",
h.logger.Debug("Filtering by studies",
zap.Strings("studies", claims.StudyIUIDs),
)
} else if claims.StudyIUID != "" {
// Fallback for backward compatibility - ensure only the patient's study is shown
queryParams.Set("StudyInstanceUID", claims.StudyIUID)
}
} else if strings.HasPrefix(urlPath, "/studies/") {
// This is a request for a specific study - check if the patient is authorized
@@ -90,21 +87,14 @@ func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) {
// Check if this study is in the patient's authorized studies
authorized := false
// First check StudyIUIDs array
if len(claims.StudyIUIDs) > 0 {
for _, id := range claims.StudyIUIDs {
if id == studyID {
authorized = true
break
}
// Check StudyIUIDs array
for _, id := range claims.StudyIUIDs {
if id == studyID {
authorized = true
break
}
}
// Then check single StudyIUID for backward compatibility
if !authorized && claims.StudyIUID == studyID {
authorized = true
}
// If not authorized, return 403 Forbidden
if !authorized {
h.logger.Warn("Unauthorized study access attempt",