Users roles

Orthanc is good PACS server, but it no have authentification users by roles. Any user may delete any study . This is bad. Is any way solve this problem? I am using Ubuntu 20.04 LTS. Orthanc is 1.58 version.

Hello,

There is a FAQ entry about this topic:
https://book.orthanc-server.com/faq/improving-interface.html

Sébastien-

Hello
Correct me please.

Maybe problem will be solved if make change in explorer.js :

function GetAuthorizationTokensFromUrl()
{

var urlVariables = window.location.search.substring(1).split(‘&’);
var urlInput = window.location.search.substring(1).split(‘&’,2);
var username = urlInput [0];
var dict = {};
for (var i = 0; i < urlVariables.length; i++)
{
var split = urlVariables[i].split(‘=’);
if (split.length == 2 && (split[0] == “token” || split[0] == “auth-token” || split[0] == “authorization”))
{ dict[split[0]] = split[1]; }
};

if (username == ‘admin’ || username == ‘root’)
{
function OpenDeleteResourceDialog(path, title)
{
$(document).simpledialog2
({
// http://dev.jtsage.com/jQM-SimpleDialog/demos2/
// http://dev.jtsage.com/jQM-SimpleDialog/demos2/options.html
mode: ‘button’,
animate: false,
headerText: title,
headerClose: true,
width: ‘500px’,
buttons :
{
‘OK’: {click: function () {DeleteResource(path); }, icon: “delete”,theme: “c” },
‘Cancel’: {click: function () {} }
}
});
}
function OpenAnonymizeResourceDialog(path, title)
{
$(document).simpledialog2
({
mode: ‘button’, animate: false, headerText: title,headerClose: true, width: ‘500px’,
buttons : {
‘OK’:
{
click: function ()
{
$.ajax({ url: path + ‘/anonymize’, type: ‘POST’,
data: ‘{ “Keep” : [ “SeriesDescription”, “StudyDescription” ] }’,
dataType: ‘json’, async: false, cache: false,
success: function(s) {
// The following line does not work…
//$.mobile.changePage(‘explorer.html#patient?uuid=’ + s.PatientID);
window.location.assign(‘explorer.html#patient?uuid=’ + s.PatientID);
//window.location.reload();
}
});
},
icon: “delete”, theme: “c”
},
‘Cancel’: { click: function () { } }
}
});
}
};
return dict;
};

var authorizationTokens = GetAuthorizationTokensFromUrl();

четверг, 28 января 2021 г. в 18:33:26 UTC+6, s.jo...@gmail.com:

Hello,

I don’t know. Just give a try: That’s the power of free and open-source software.

Dear Sebastien
Can you write how to give username and password directly in url?
Best regards.

чт, 4 мар. 2021 г. в 17:27, Sébastien Jodogne <s.jodogne@gmail.com>:

Putting both username and password directly in an URL is bad security practice and should never be done.