Orthanc in a multiuser environment

57 views
Skip to first unread message

Harkant Singh

unread,
Mar 25, 2020, 7:20:49 AM3/25/20
to Orthanc Users
I am running Orthanc to store and retrieve cardiac angiography and cardiac catheterisation studies over the department network. It is working very well for me. I wish to allow all the faculty (8 in no.) access to it, with following restrictions - 

1. Everybody can upload the data to the server - the source of data is usually CDs with the cath data. the origin of the CDs can be from various sources - i.e. not only from our hospital.
2. Only the person who uploads the data should be able to delete it - i.e. the series uploaded by a faculty should be deletable by him only.


as per https://book.orthanc-server.com/faq/improving-interface.html it appears it might not be possible to implement the above requirements, but I feel that with the Lua scripts and using the Orthanc REST API is might be. My thought process went as follows - 

 1 - each user has a separate userid and each user logs into Orthanc server using his/her userid and password.

 2 - while storing the 'patient' data (which is usually in the form of CDs) to the Orthanc database (Upload), the username of the user is stored in one of the tags of Orthanc database. (I chose the 'StationName' tag to be modified to the userid - https://groups.google.com/d/msg/orthanc-users/m1rJ1OYIlV8/tvJWbX2gBAAJ).

3 - when one clicks delete patient - a check is required e.g. by using a Lua script with  function IncomingHttpRequestFilter. In it if the method is 'DELETE" one needs to execute a 'curl' command (probably using os.execute() commandingly Lua) to read data pertaining to the patient being deleted.

I have been trying various ways to execute this - one of them if as under

        function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders, tags)
        local loc="~/Orthanc/creds/call_curl http://127.0.0.1:8042" .. uri
os.execute('curl --netrc-file ~Orthanc/creds/creds "{loc}" -o ~/Orthanc/creds/temp')
..

but so far have not got it right. If I use 
      os.execute('curl -u <userid>:<password> "http://127.0.0.1:8042/patients"' -o file_name)
the execution just hangs and I have to press ctrl-C multiple times to get out of the block.

If above succeeds, one needs to read the file where the output is stored (probably with file.read  in Lua) and somehow extract the study id. Using the study id another curl to ultimately find a series id. Using the series id, a curl command will store the details of the series in a file from which the 'StationName' can be extracted.

 4 - If the 'username' (passed to the IncomingHttpRequestFilter) and the StationName are same then DELETE method is allowed else it is not (i.e 'return true' if username and StationName are equal).

Problems - 
There is a Delete button for Patient, Study, Series and each instance. We need a check for these - It can be a check for presence of sequence 'patients' in the 'uri' passed to the function and returning false for everything but 'patients'. (as I am interested in deleting the whole patient).

I am struck at executing curl command. Hope I am not going on a wild goose chase.

I am a surgeon by profession, so might have done a lot of mistakes in the above text technically. Hope I was able to explain my thought properly and hope something can work out less of writing a new interface for Orthanc.

Alain Mazy

unread,
Mar 26, 2020, 5:20:14 AM3/26/20
to Harkant Singh, Orthanc Users
Well, this code is clearly problematic:

function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders, tags)
        local loc="~/Orthanc/creds/call_curl http://127.0.0.1:8042" .. uri
os.execute('curl --netrc-file ~Orthanc/creds/creds "{loc}" -o ~/Orthanc/creds/temp')

During the execution of this lua script, Orthanc is actually not able to receive any other REST requests so it will never respond to curl...

You should actually use the lua builtin methods to access the Orthanc Rest API directly "from inside Orthanc).

That would probably look like:

function IncomingHttpRequestFilter(methoduriipusernamehttpHeaders)

   if username == 'admin' then -- admin user can do anything
      return true
   elseif method == 'DELETE' and string.match(uri, '/patients/'then 
      local patientInfo = ParseJson(RestApiGet(uri))
      PrintRecursive(patientInfo)

      print('user ' .. username ..' is trying to delete PatientID: ' .. patientInfo["MainDicomTags"]["PatientID"])

      -- todo: return true/false according to your criteria ...

      return false
   elseif method == 'DELETE' then  -- forbid all other deletes
      return false
   else -- everything else is allowed
      return true
   end
end


--
You received this message because you are subscribed to the Google Groups "Orthanc Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orthanc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orthanc-users/7203fd3f-a73a-42bb-8970-892d466e14c8%40googlegroups.com.


--

Alain Mazy / Orthanc-Studio Manager & Software Developer
a...@osimis.io / +32 494 31 67 27

Osimis

OSIMIS S.A. 
Quai Banning 6BE-4000 Liège 
www.osimis.io

Twitter LinkedIn


Reply all
Reply to author
Forward
0 new messages