Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 70:2b1e6df5e21a
added lgpl_v3 license information.
| author | casties |
|---|---|
| date | Thu, 06 Mar 2014 15:09:04 +0100 |
| parents | c0dd5314bada |
| children | 25eb2e1df106 |
| rev | line source |
|---|---|
| 3 | 1 /** |
| 2 * Implements the "annotations" uri of the Annotator API. see | |
| 3 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 4 */ | |
| 5 package de.mpiwg.itgroup.annotations.restlet; | |
| 6 | |
| 70 | 7 /* |
| 8 * #%L | |
| 9 * AnnotationManager | |
| 10 * %% | |
| 11 * Copyright (C) 2012 - 2014 MPIWG Berlin | |
| 12 * %% | |
| 13 * This program is free software: you can redistribute it and/or modify | |
| 14 * it under the terms of the GNU Lesser General Public License as | |
| 15 * published by the Free Software Foundation, either version 3 of the | |
| 16 * License, or (at your option) any later version. | |
| 17 * | |
| 18 * This program is distributed in the hope that it will be useful, | |
| 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 * GNU General Lesser Public License for more details. | |
| 22 * | |
| 23 * You should have received a copy of the GNU General Lesser Public | |
| 24 * License along with this program. If not, see | |
| 25 * <http://www.gnu.org/licenses/lgpl-3.0.html>. | |
| 26 * #L% | |
| 27 */ | |
| 28 | |
| 3 | 29 import java.io.IOException; |
| 65 | 30 import java.io.UnsupportedEncodingException; |
| 31 import java.net.URLDecoder; | |
| 31 | 32 import java.util.ArrayList; |
| 33 import java.util.List; | |
| 3 | 34 |
| 31 | 35 import org.json.JSONArray; |
| 3 | 36 import org.json.JSONException; |
| 37 import org.json.JSONObject; | |
| 31 | 38 import org.restlet.data.Form; |
| 3 | 39 import org.restlet.data.Status; |
| 40 import org.restlet.ext.json.JsonRepresentation; | |
| 41 import org.restlet.representation.Representation; | |
| 42 import org.restlet.resource.Delete; | |
| 43 import org.restlet.resource.Get; | |
| 44 import org.restlet.resource.Post; | |
| 45 import org.restlet.resource.Put; | |
| 46 | |
| 4 | 47 import de.mpiwg.itgroup.annotations.Annotation; |
| 15 | 48 import de.mpiwg.itgroup.annotations.Person; |
| 4 | 49 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
| 31 | 50 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
| 3 | 51 |
| 52 /** | |
| 4 | 53 * Implements the "annotations" uri of the Annotator API. see |
| 54 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 3 | 55 * |
| 56 * @author dwinter, casties | |
| 57 * | |
| 58 */ | |
| 59 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
| 60 | |
| 61 protected String getAllowedMethodsForHeader() { | |
| 62 return "OPTIONS,GET,POST,PUT,DELETE"; | |
| 63 } | |
| 64 | |
| 65 /** | |
| 66 * GET with JSON content-type. | |
| 67 * | |
| 68 * @param entity | |
| 69 * @return | |
| 70 */ | |
| 71 @Get("json") | |
| 72 public Representation doGetJSON(Representation entity) { | |
| 73 logger.debug("AnnotatorAnnotations doGetJSON!"); | |
| 74 setCorsHeaders(); | |
| 75 // id from URI /annotations/{id} | |
| 65 | 76 String id = null; |
| 3 | 77 String jsonId = (String) getRequest().getAttributes().get("id"); |
| 65 | 78 if (jsonId != null) { |
| 79 // URL decode | |
| 80 try { | |
| 81 jsonId = URLDecoder.decode(jsonId, "UTF-8"); | |
| 82 } catch (UnsupportedEncodingException e) { | |
| 83 // this shouldn't happen | |
| 84 } | |
| 85 id = decodeJsonId(jsonId); | |
| 86 logger.debug("annotation-id=" + id); | |
| 87 } | |
| 3 | 88 |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
89 // do authentication |
| 15 | 90 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
91 logger.debug("request authenticated=" + authUser); |
| 3 | 92 |
| 37 | 93 if (id == null) { |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
94 // no id -- send all annotations |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
95 Form form = getRequest().getResourceRef().getQueryAsForm(); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
96 int limit = getInt(form.getFirstValue("limit")); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
97 int offset = getInt(form.getFirstValue("offset")); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
98 String sortBy = form.getFirstValue("sortBy"); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
99 return getAllAnnotations(authUser, limit, offset, sortBy); |
| 37 | 100 } |
| 101 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
102 // send annotation with id |
| 16 | 103 AnnotationStore store = getAnnotationStore(); |
| 104 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
105 if (annot != null) { |
| 61 | 106 if (!annot.isActionAllowed("read", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
107 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
108 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
109 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
110 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
| 4 | 111 return new JsonRepresentation(result); |
| 112 } else { | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
113 // not found |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
114 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
115 return null; |
| 3 | 116 } |
| 117 } | |
| 118 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
119 private Representation getAllAnnotations(Person authUser, int limit, int offset, String sortBy) { |
| 31 | 120 AnnotationStore store = getAnnotationStore(); |
| 121 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); | |
| 65 | 122 |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
123 // read all annotations |
| 61 | 124 List<Annotation> annotations = store.getAnnotations(null, null); |
| 31 | 125 for (Annotation annotation : annotations) { |
| 61 | 126 // check permission |
| 65 | 127 if (!annotation.isActionAllowed("read", authUser, store)) |
| 128 continue; | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
129 // add annotation to list |
| 61 | 130 JSONObject jo = createAnnotatorJson(annotation, false); |
| 131 results.add(jo); | |
| 132 } | |
| 133 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
134 // sort if necessary |
| 61 | 135 if (sortBy != null) { |
| 136 JSONObjectComparator.sortAnnotations(results, sortBy); | |
| 137 } | |
| 65 | 138 |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
139 // put in JSON list |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
140 JSONArray rows = new JSONArray(); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
141 int cnt = 0; |
| 61 | 142 for (JSONObject result : results) { |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
143 cnt += 1; |
| 65 | 144 if (offset > 0 && cnt < offset) |
| 145 continue; | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
146 rows.put(result); |
| 65 | 147 if (limit > 0 && cnt >= limit) |
| 148 break; | |
| 61 | 149 } |
| 150 | |
| 31 | 151 // assemble result object |
| 152 JSONObject result = new JSONObject(); | |
| 153 try { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
154 result.put("rows", rows); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
155 result.put("total", rows.length()); |
| 31 | 156 } catch (JSONException e) { |
| 157 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | |
| 158 return null; | |
| 159 } | |
| 160 return new JsonRepresentation(result); | |
| 161 } | |
| 162 | |
| 61 | 163 /** |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
164 * POST with JSON content-type. Creates a new Annotation. |
| 3 | 165 * |
| 166 * @return | |
| 167 */ | |
| 168 @Post("json") | |
| 169 public Representation doPostJson(Representation entity) { | |
| 170 logger.debug("AnnotatorAnnotations doPostJSON!"); | |
| 171 // set headers | |
| 172 setCorsHeaders(); | |
| 61 | 173 |
| 174 // do authentication TODO: who's allowed to create? | |
| 15 | 175 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
176 logger.debug("request authenticated=" + authUser); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
177 if (authUser == null) { |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
178 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
179 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
180 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
181 |
| 3 | 182 Annotation annot = null; |
| 183 try { | |
| 184 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 185 JSONObject jo = jrep.getJsonObject(); | |
| 186 if (jo == null) { | |
| 187 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 188 return null; | |
| 189 } | |
| 190 // make sure id is not set for POST | |
| 191 jo.remove("id"); | |
| 192 // get Annotation object from posted JSON | |
| 193 annot = createAnnotation(jo, entity); | |
| 194 } catch (IOException e1) { | |
| 195 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 196 return null; | |
| 197 } catch (JSONException e) { | |
| 198 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 199 return null; | |
| 200 } | |
| 4 | 201 if (annot == null) { |
| 3 | 202 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 203 return null; | |
| 204 } | |
| 205 Annotation storedAnnot; | |
| 4 | 206 // store Annotation |
| 207 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
| 208 /* | |
| 209 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
| 210 * return 303: see other. For now we return the annotation. | |
| 3 | 211 */ |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
212 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 213 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 214 return retRep; | |
| 215 } | |
| 216 | |
| 217 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
218 * PUT with JSON content-type. Modifies an Annotation. |
| 3 | 219 * |
| 220 * @param entity | |
| 221 * @return | |
| 222 */ | |
| 223 @Put("json") | |
| 224 public Representation doPutJSON(Representation entity) { | |
| 225 logger.debug("AnnotatorAnnotations doPutJSON!"); | |
| 226 setCorsHeaders(); | |
| 227 // id from URI /annotations/{id} | |
| 228 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 229 String id = decodeJsonId(jsonId); | |
| 230 logger.debug("annotation-id=" + id); | |
| 231 | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
232 // do authentication |
| 15 | 233 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
234 logger.debug("request authenticated=" + authUser); |
| 3 | 235 |
| 236 Annotation annot = null; | |
| 4 | 237 AnnotationStore store = getAnnotationStore(); |
| 3 | 238 try { |
| 239 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 240 JSONObject jo = jrep.getJsonObject(); | |
| 241 if (jo == null) { | |
| 242 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 243 return null; | |
| 244 } | |
| 245 // get stored Annotation | |
| 4 | 246 Annotation storedAnnot = store.getAnnotationById(id); |
| 247 if (storedAnnot == null) { | |
| 3 | 248 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
| 249 return null; | |
| 250 } | |
| 61 | 251 if (!storedAnnot.isActionAllowed("update", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
252 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
253 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
254 } |
| 3 | 255 // update from posted JSON |
| 256 annot = updateAnnotation(storedAnnot, jo, entity); | |
| 257 // store Annotation | |
| 4 | 258 storedAnnot = store.storeAnnotation(annot); |
| 259 /* | |
| 260 * according to https://github.com/okfn/annotator/wiki/Storage we | |
| 261 * should return 303: see other. but the client doesn't like it | |
| 262 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
| 263 * this one Reference thisUrl = this.getReference(); | |
| 264 * this.getResponse().setLocationRef(thisUrl); | |
| 265 */ | |
| 3 | 266 // return new annotation |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
267 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 268 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 269 return retRep; | |
| 270 } catch (JSONException e) { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
271 logger.error("Error in doPutJSON", e); |
| 3 | 272 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 273 } catch (IOException e) { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
274 logger.error("Error in doPutJSON", e); |
| 3 | 275 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); |
| 276 } | |
| 277 return null; | |
| 278 } | |
| 279 | |
| 280 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
281 * DELETE with JSON content-type. Deletes an Annotation. |
| 3 | 282 * |
| 283 * @param entity | |
| 284 * @return | |
| 285 */ | |
| 286 @Delete("json") | |
| 287 public Representation doDeleteJSON(Representation entity) { | |
| 288 logger.debug("AnnotatorAnnotations doDeleteJSON!"); | |
| 289 setCorsHeaders(); | |
| 290 // id from URI /annotations/{id} | |
| 291 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 292 String id = decodeJsonId(jsonId); | |
| 293 logger.debug("annotation-id=" + id); | |
| 294 | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
295 // do authentication |
| 15 | 296 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
297 logger.debug("request authenticated=" + authUser); |
| 16 | 298 AnnotationStore store = getAnnotationStore(); |
| 299 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
300 if (annot != null) { |
| 61 | 301 if (!annot.isActionAllowed("delete", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
302 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
303 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
304 } |
| 3 | 305 } |
| 4 | 306 // delete annotation |
|
32
0731c4549065
UI for editing groups and persons works now. (still no authorisation!)
casties
parents:
22
diff
changeset
|
307 store.deleteAnnotationById(id); |
| 4 | 308 setStatus(Status.SUCCESS_NO_CONTENT); |
| 3 | 309 return null; |
| 310 } | |
| 311 | |
| 312 } |