[ERROR] permissions.json authorized_labels filter

[MartinCartajena]

Hello,

I have tested your configuration, and I am experiencing issues with the permissions.json file. If I define a label for one of the users who can access Orthanc, and then log in to Orthanc with that user, it only shows the studies that contain that label. The problem arises when accessing OHIF with the same user. It should only show the studies with that label, but instead, sometimes the request to fetch the studies returns a 403 error, and other times it retrieves the studies correctly. However, when trying to make a request for the series of those studies, the request returns an empty array of series, even though there are series for that study.

This only happens when a value other than "*" is added to the authorized_labels parameter in the permissions.json file.

• permission.json and request with the error (with label):
  

• permission.json and request without the error:
  

I’m not sure if there might be any changes that need to be made to the OHIF requests to receive data filtered by labels. Any help is welcome.

[amazy]

Hi,

In our system, when you open OHIF, you open it with a resource token, not a user token; therefore, the call to look for prior studies is not authorized and this is something that we actually expect.

I'm quite surprised that this call sometimes succeeds since, with a resource token, it shall always be forbidden

Alain.