Tightened security of API

CHANGELOG

@@ -1,3 +1,10 @@
+1.1.1
+-- Tightened security of API for all possible account types.
+
+1.1.0
+-- Changed posting JSON to require EDIT.
+
+
 1.0.1
 Fixed:
 -- Fixed an issue loading the xmodal iframe in the new single plugin deployment when routing through a proxy using https.

README.md

@@ -1,4 +1,4 @@
-# XNAT OHIF Viewer Plugin 1.0.1 #
+# XNAT OHIF Viewer Plugin 1.1.1 #
 
 This plugin integrates the OHIF Cornerstone-based viewer into
 XNAT. It replaces previous support for the XimgViewer plugin.

build.gradle

@@ -26,7 +26,7 @@ buildscript {
 }
 
 group 'org.nrg.xnatx'
-version '1.0.1-SNAPSHOT'
+version '1.1.1-SNAPSHOT'
 
 apply plugin: 'io.spring.dependency-management'
 apply plugin: 'java'
@@ -71,7 +71,7 @@ repositories {
     maven {
         url 'https://jitpack.io'
     }
-    
+
     flatDir {
        dirs 'lib'
    }
@@ -109,7 +109,7 @@ dependencies {
      implementation ('stratum:stratum:1.0') {
         transitive = false
     }
-    
+
 
     implementation "org.springframework:spring-web"
     implementation "org.springframework:spring-webmvc"
@@ -120,15 +120,15 @@ dependencies {
     implementation "commons-io:commons-io"
     implementation "commons-codec:commons-codec"
     implementation "org.apache.commons:commons-lang3"
-    //implementation "io.projectreactor:reactor-core"
     compile group: 'io.projectreactor', name: 'reactor-core', version: '2.0.2.RELEASE'
     compile group: 'io.projectreactor', name: 'reactor-bus', version: '2.0.2.RELEASE'
     compile 'javax.inject:javax.inject:1'
-    
-   
+
+
     compile name: 'log4j-1.2.16'
     compile name: 'dcm4che-core-2.0.29'
-    compile name: 'EtherJ'
+    compile name: 'EtherJ-Core'
+    compile name: 'EtherJ-XNAT'
     compile name: 'ICR_XNAT'
 
     compile "com.google.code.gson:gson:2.8.2"

build/resources/main/META-INF/resources/templates/screens/xnat_imageSessionData/actionsBox/ViewInOHIFViewer.vm

@@ -12,6 +12,9 @@
 
     var jsonRequestUrl;
 
+    const projectId = XNAT.data.context.projectID;
+    const experimentId = XNAT.data.context.ID;
+
     function checkIfSessionJSON(e) {
       var rootUrl = XNAT.url.fullUrl('').replace(/\/+$/, "");
 
@@ -20,9 +23,12 @@
 
       e.preventDefault();
 
+      const projectId = XNAT.data.context.projectID;
+      const experimentId = XNAT.data.context.ID;
+
       // JPETTS: Define a request to XNAT to check if specified JSON data exists
       const oReq = new XMLHttpRequest();
-      const url = `${rootUrl}/xapi/viewer/exists/$om.id`;
+      const url = `${rootUrl}/xapi/viewer/projects/${projectId}/experiments/${experimentId}/exists`;
       console.log(`Opening GET XMLHttpRequest to: ${url}`);
 
       // Listeners
@@ -80,14 +86,15 @@
       };
 
 
-      jsonRequestUrl = `${rootUrlWithPort}/xapi/viewer/$om.id`;
+      jsonRequestUrl = `${rootUrlWithPort}/xapi/viewer/projects/${projectId}/experiments/${experimentId}`;
       console.log(`ViewInOHIFViewer.vm: jsonRequestUrl: ${jsonRequestUrl}`);
       xmodal.iframe(`${rootUrlWithPort}/VIEWER/`, opts);
+
     }
 
     function generateJSONthenOpenViewer(e, rootUrl) {
       const oReq = new XMLHttpRequest();
-      const url = `${rootUrl}/xapi/viewer/$om.id`;
+      const url = `${rootUrl}/xapi/viewer/projects/${projectId}/experiments/${experimentId}`;
       console.log(`Opening POST XMLHttpRequest to: ${url}`);
 
       // Listeners

src/main/java/org/nrg/xnatx/ohifviewer/event/listeners/OhifViewerEventListener.java

@@ -44,13 +44,12 @@
 import org.nrg.xdat.om.XnatExperimentdata;
 import org.nrg.xdat.om.XnatImagesessiondata;
 import org.nrg.xft.event.persist.PersistentWorkflowUtils;
-import org.nrg.xnatx.ohifviewer.inputcreator.RunnableCreateExperimentMetadata;
+import org.nrg.xnatx.ohifviewer.inputcreator.CreateExperimentMetadata;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 import static reactor.bus.selector.Selectors.R;
 
-
 /**
  *
  * @author jpetts
@@ -103,8 +102,7 @@ private void generateJsonForExperiment(String experimentId) {
       String xnatRootURL = XDAT.getSiteConfigPreferences().getSiteUrl();
       String xnatArchivePath = XDAT.getSiteConfigPreferences().getArchivePath();
       logger.debug("Rebuilding viewer JSON metadata for experiment " + experimentId);
-      RunnableCreateExperimentMetadata createExperimentMetadata = new RunnableCreateExperimentMetadata(xnatRootURL, xnatArchivePath, experimentId, null);
-      createExperimentMetadata.runOnCurrentThread();
+      CreateExperimentMetadata.createMetadata(experimentId);
     } catch (Exception e) {
      logger.error(e.getMessage());
     }

src/main/java/org/nrg/xnatx/ohifviewer/inputcreator/CreateExperimentMetadata.java

@@ -0,0 +1,205 @@
+/********************************************************************
+* Copyright (c) 2018, Institute of Cancer Research
+* All rights reserved.
+* 
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+* 
+* (1) Redistributions of source code must retain the above copyright
+*     notice, this list of conditions and the following disclaimer.
+* 
+* (2) Redistributions in binary form must reproduce the above
+*     copyright notice, this list of conditions and the following
+*     disclaimer in the documentation and/or other materials provided
+*     with the distribution.
+* 
+* (3) Neither the name of the Institute of Cancer Research nor the
+*     names of its contributors may be used to endorse or promote
+*     products derived from this software without specific prior
+*     written permission.
+* 
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+* OF THE POSSIBILITY OF SUCH DAMAGE.
+*********************************************************************/
+package org.nrg.xnatx.ohifviewer.inputcreator;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.Writer;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.List;
+import org.apache.commons.io.IOUtils;
+import org.nrg.xdat.XDAT;
+import org.nrg.xdat.model.XnatImagescandataI;
+import org.nrg.xdat.om.XnatExperimentdata;
+import org.nrg.xdat.om.XnatImagesessiondata;
+import org.nrg.xdat.om.XnatProjectdata;
+import org.nrg.xdat.om.XnatSubjectdata;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+
+/**
+ *
+ * @author jpetts
+ */
+public class CreateExperimentMetadata {
+  private static final Logger logger = LoggerFactory.getLogger(CreateExperimentMetadata.class);
+  private static final String SEP = File.separator;
+  private static final String xnatRootURL      = XDAT.getSiteConfigPreferences().getSiteUrl();
+  private static final String xnatArchivePath  = XDAT.getSiteConfigPreferences().getArchivePath();
+
+
+  public static HttpStatus createMetadata(String experimentId)
+  {
+    HashMap<String,String> experimentData = getDirectoryInfo(experimentId);
+    String proj     = experimentData.get("proj");
+    String expLabel = experimentData.get("expLabel");
+    String subj     = experimentData.get("subj");
+
+    HashMap<String,String> seriesUidToScanIdMap = getSeriesUidToScanIdMap(experimentId);
+
+    String xnatScanPath = xnatArchivePath + SEP + proj
+      + SEP + "arc001" + SEP + expLabel + SEP + "SCANS";
+
+    String xnatExperimentScanUrl = getXnatScanUrl(proj, subj, expLabel);
+
+    String jsonString = "";
+    try
+    {
+      CreateOhifViewerMetadata jsonCreator = new CreateOhifViewerMetadata(xnatScanPath, xnatExperimentScanUrl, seriesUidToScanIdMap);
+      jsonString = jsonCreator.jsonify(experimentId);
+    }
+    catch (Exception ex)
+    {
+      logger.error("Jsonifier exception:\n" + ex.getMessage());
+    }
+
+    String writeFilePath = getStudyPath(xnatArchivePath, proj, expLabel, experimentId);
+
+    // Create RESOURCES/metadata if it doesn't exist
+    createFilePath(writeFilePath);
+
+    // Write to file and send back response code
+    return writeJSON(jsonString, writeFilePath);
+  }
+
+
+  private static String getStudyPath(String xnatArchivePath, String proj, String expLabel, String _experimentId)
+  {
+    String filePath = xnatArchivePath + SEP + proj + SEP + "arc001"
+    + SEP + expLabel + SEP + "RESOURCES/metadata/" + _experimentId +".json";
+    return filePath;
+  }
+
+  private static String getXnatScanUrl(String project, String subject, String experimentId)
+  {
+    String xnatExperimentScanUrl  = xnatRootURL
+      + "/data/archive/projects/" + project
+      + "/subjects/" + subject
+      + "/experiments/" + experimentId
+      + "/scans/";
+    return xnatExperimentScanUrl;
+  }
+
+  private static HashMap<String, String> getDirectoryInfo(String _experimentId)
+  {
+    // Get Experiment data and Project data from the experimentId
+    XnatExperimentdata expData = XnatExperimentdata.getXnatExperimentdatasById(_experimentId, null, false);
+    XnatProjectdata projData = expData.getProjectData();
+
+    XnatImagesessiondata session=(XnatImagesessiondata)expData;      
+
+    // Get the subject data
+    XnatSubjectdata subjData = XnatSubjectdata.getXnatSubjectdatasById(session.getSubjectId(), null, false);
+
+    // Get the required info
+    String expLabel = expData.getArchiveDirectoryName();
+    String proj = projData.getId();
+    String subj = subjData.getLabel();
+
+    // Construct a HashMap to return data
+    HashMap<String, String> result = new HashMap<String, String>();
+    result.put("expLabel", expLabel);
+    result.put("proj", proj);
+    result.put("subj", subj);
+
+    return result;
+  }
+
+  protected static HashMap<String, String> getSeriesUidToScanIdMap(String _experimentId)
+  {
+    HashMap<String, String> seriesUidToScanIdMap = new HashMap<String, String>();
+    XnatExperimentdata expData = XnatExperimentdata.getXnatExperimentdatasById(_experimentId, null, false);
+
+    XnatImagesessiondata session = null;
+    try
+    {
+      session=(XnatImagesessiondata)expData;
+    }
+    catch (Exception ex)
+    {
+      logger.error(ex.getMessage());
+    }
+
+    List<XnatImagescandataI> scans = session.getScans_scan();
+
+    for (final XnatImagescandataI scan:scans)
+    {
+      String seriesInstanceUid = scan.getUid();
+      String scanId = scan.getId();
+      seriesUidToScanIdMap.put(seriesInstanceUid, scanId);
+    }
+
+    return seriesUidToScanIdMap;
+  }
+
+  protected static void createFilePath(String filePath)
+  { // Create RESOURCES/metadata if it doesn't exist
+    try
+    {
+      File file = new File(filePath);
+      if (!file.exists())
+      {
+        Files.createDirectories(Paths.get(file.getParent().toString()));
+      }
+    }
+    catch (Exception ex)
+    {
+      logger.error("Error creating directories: " + ex.getMessage());
+    }
+  }
+
+  protected static HttpStatus writeJSON(String jsonString, String writeFilePath)
+  {
+    try
+    {
+      // Write to file
+      final Writer writer = new FileWriter(writeFilePath);
+      IOUtils.write(jsonString, writer);
+      writer.close();
+      logger.debug("Wrote to: " + writeFilePath);
+      return HttpStatus.CREATED;
+    }
+    catch (IOException ioEx)
+    {
+      logger.error(ioEx.getMessage());
+      return HttpStatus.INTERNAL_SERVER_ERROR;
+    }
+  }
+
+}

src/main/java/org/nrg/xnatx/ohifviewer/inputcreator/CreateOhifViewerMetadata.java

@@ -37,14 +37,14 @@
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
-import etherj.PathScan;
-import etherj.dicom.DicomReceiver;
-import etherj.dicom.DicomToolkit;
-import etherj.dicom.Patient;
-import etherj.dicom.PatientRoot;
-import etherj.dicom.Series;
-import etherj.dicom.SopInstance;
-import etherj.dicom.Study;
+import icr.etherj.PathScan;
+import icr.etherj.dicom.DicomReceiver;
+import icr.etherj.dicom.DicomToolkit;
+import icr.etherj.dicom.Patient;
+import icr.etherj.dicom.PatientRoot;
+import icr.etherj.dicom.Series;
+import icr.etherj.dicom.SopInstance;
+import icr.etherj.dicom.Study;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
@@ -78,8 +78,6 @@ private static ArrayList<String> createMultiFrameSopClassUidList()
   private final String xnatScanPath;
   private final String xnatExperimentScanUrl;
   private final HashMap<String,String> seriesUidToScanIdMap;
-
-
 
   public CreateOhifViewerMetadata(final String xnatScanPath, final String xnatExperimentScanUrl, final HashMap<String,String> seriesUidToScanIdMap)
   {
@@ -88,8 +86,8 @@ public CreateOhifViewerMetadata(final String xnatScanPath, final String xnatExpe
     this.seriesUidToScanIdMap = seriesUidToScanIdMap;
   }    
 
-    public String jsonify(final String transactionId)
-    {
+  public String jsonify(final String transactionId)
+  {
     String serialisedOvi = "";
 
     // Use Etherj to do the heavy lifting of sifting through all the scan data.
@@ -102,9 +100,8 @@ public String jsonify(final String transactionId)
     Gson gson = new GsonBuilder().setPrettyPrinting().create();
     serialisedOvi = gson.toJson(ovi);
 
-
     return serialisedOvi;
-    }
+  }
 
 
   private PatientRoot scanPath(String path)