Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 41:5d4260344db5
Merge with 21c5394ea0cbb6738016a3c7d03b5ce7943d6216
author | casties |
---|---|
date | Wed, 26 Sep 2012 14:59:00 +0200 |
parents | 03e0f7574224 34b9d044d0bf |
children | b8ef15c8c4a5 |
rev | line source |
---|---|
3 | 1 /** |
2 * Implements the "annotations" uri of the Annotator API. see | |
3 * <https://github.com/okfn/annotator/wiki/Storage> | |
4 */ | |
5 package de.mpiwg.itgroup.annotations.restlet; | |
6 | |
7 import java.io.IOException; | |
31 | 8 import java.util.ArrayList; |
9 import java.util.List; | |
3 | 10 |
31 | 11 import org.json.JSONArray; |
3 | 12 import org.json.JSONException; |
13 import org.json.JSONObject; | |
31 | 14 import org.restlet.data.Form; |
15 import org.restlet.data.Parameter; | |
3 | 16 import org.restlet.data.Status; |
17 import org.restlet.ext.json.JsonRepresentation; | |
18 import org.restlet.representation.Representation; | |
19 import org.restlet.resource.Delete; | |
20 import org.restlet.resource.Get; | |
21 import org.restlet.resource.Post; | |
22 import org.restlet.resource.Put; | |
23 | |
4 | 24 import de.mpiwg.itgroup.annotations.Annotation; |
15 | 25 import de.mpiwg.itgroup.annotations.Person; |
4 | 26 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
31 | 27 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
3 | 28 |
29 /** | |
4 | 30 * Implements the "annotations" uri of the Annotator API. see |
31 * <https://github.com/okfn/annotator/wiki/Storage> | |
3 | 32 * |
33 * @author dwinter, casties | |
34 * | |
35 */ | |
36 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
37 | |
38 protected String getAllowedMethodsForHeader() { | |
39 return "OPTIONS,GET,POST,PUT,DELETE"; | |
40 } | |
41 | |
42 /** | |
43 * GET with JSON content-type. | |
44 * | |
45 * @param entity | |
46 * @return | |
47 */ | |
48 @Get("json") | |
49 public Representation doGetJSON(Representation entity) { | |
50 logger.debug("AnnotatorAnnotations doGetJSON!"); | |
51 setCorsHeaders(); | |
52 // id from URI /annotations/{id} | |
53 String jsonId = (String) getRequest().getAttributes().get("id"); | |
54 String id = decodeJsonId(jsonId); | |
55 logger.debug("annotation-id=" + id); | |
56 | |
37 | 57 |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
58 // do authentication |
15 | 59 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
60 logger.debug("request authenticated=" + authUser); |
3 | 61 |
37 | 62 if (id == null) { |
63 | |
64 return getAllAnnotations(authUser); | |
65 } | |
66 | |
67 | |
16 | 68 AnnotationStore store = getAnnotationStore(); |
69 Annotation annot = store.getAnnotationById(id); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
70 if (annot != null) { |
16 | 71 if (! annot.isActionAllowed("read", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
72 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
73 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
74 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
75 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
4 | 76 logger.debug("sending:"); |
77 logger.debug(result); | |
78 return new JsonRepresentation(result); | |
79 } else { | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
80 // not found |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
81 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
82 return null; |
3 | 83 } |
84 } | |
85 | |
37 | 86 private Representation getAllAnnotations(Person authUser) { |
31 | 87 |
88 Form form = getRequest().getResourceRef().getQueryAsForm(); | |
89 String sortBy=null; | |
90 for (Parameter parameter : form) { | |
91 if (parameter.getName().equals("sortBy")){ | |
92 sortBy = parameter.getValue(); | |
93 } | |
94 } | |
95 | |
96 AnnotationStore store = getAnnotationStore(); | |
97 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); | |
98 | |
99 List<Annotation> annotations = store.getAnnotations(null, null); | |
100 for (Annotation annotation : annotations) { | |
37 | 101 //check permission |
102 if (!annotation.isActionAllowed("read", authUser, store)) continue; | |
103 | |
31 | 104 JSONObject jo = createAnnotatorJson(annotation,false); |
105 results.add(jo); | |
106 | |
107 } | |
108 | |
109 if (sortBy!=null){ | |
110 JSONObjectComparator.sortAnnotations(results,sortBy); | |
111 } | |
112 | |
113 JSONArray resultsJa = new JSONArray(); | |
114 for (JSONObject result:results){ | |
115 resultsJa.put(result); | |
116 } | |
117 | |
118 // assemble result object | |
119 JSONObject result = new JSONObject(); | |
120 try { | |
121 result.put("rows", resultsJa); | |
122 result.put("total", resultsJa.length()); | |
123 } catch (JSONException e) { | |
124 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | |
125 return null; | |
126 } | |
127 logger.debug("sending:"); | |
128 logger.debug(result); | |
129 return new JsonRepresentation(result); | |
130 } | |
131 | |
132 | |
133 | |
134 | |
135 | |
136 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
137 * POST with JSON content-type. Creates a new Annotation. |
3 | 138 * |
139 * @return | |
140 */ | |
141 @Post("json") | |
142 public Representation doPostJson(Representation entity) { | |
143 logger.debug("AnnotatorAnnotations doPostJSON!"); | |
144 // set headers | |
145 setCorsHeaders(); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
146 |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
147 // do authentication TODO: who's allowed to create? |
15 | 148 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
149 logger.debug("request authenticated=" + authUser); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
150 if (authUser == null) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
151 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
152 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
153 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
154 |
3 | 155 Annotation annot = null; |
156 try { | |
157 JsonRepresentation jrep = new JsonRepresentation(entity); | |
158 JSONObject jo = jrep.getJsonObject(); | |
159 if (jo == null) { | |
160 setStatus(Status.SERVER_ERROR_INTERNAL); | |
161 return null; | |
162 } | |
163 // make sure id is not set for POST | |
164 jo.remove("id"); | |
165 // get Annotation object from posted JSON | |
166 annot = createAnnotation(jo, entity); | |
167 } catch (IOException e1) { | |
168 setStatus(Status.SERVER_ERROR_INTERNAL); | |
169 return null; | |
170 } catch (JSONException e) { | |
171 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
172 return null; | |
173 } | |
4 | 174 if (annot == null) { |
3 | 175 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
176 return null; | |
177 } | |
178 Annotation storedAnnot; | |
4 | 179 // store Annotation |
180 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
181 /* | |
182 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
183 * return 303: see other. For now we return the annotation. | |
3 | 184 */ |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
185 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 186 JsonRepresentation retRep = new JsonRepresentation(jo); |
187 return retRep; | |
188 } | |
189 | |
190 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
191 * PUT with JSON content-type. Modifies an Annotation. |
3 | 192 * |
193 * @param entity | |
194 * @return | |
195 */ | |
196 @Put("json") | |
197 public Representation doPutJSON(Representation entity) { | |
198 logger.debug("AnnotatorAnnotations doPutJSON!"); | |
199 setCorsHeaders(); | |
200 // id from URI /annotations/{id} | |
201 String jsonId = (String) getRequest().getAttributes().get("id"); | |
202 String id = decodeJsonId(jsonId); | |
203 logger.debug("annotation-id=" + id); | |
204 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
205 // do authentication |
15 | 206 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
207 logger.debug("request authenticated=" + authUser); |
3 | 208 |
209 Annotation annot = null; | |
4 | 210 AnnotationStore store = getAnnotationStore(); |
3 | 211 try { |
212 JsonRepresentation jrep = new JsonRepresentation(entity); | |
213 JSONObject jo = jrep.getJsonObject(); | |
214 if (jo == null) { | |
215 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
216 return null; | |
217 } | |
218 // get stored Annotation | |
4 | 219 Annotation storedAnnot = store.getAnnotationById(id); |
220 if (storedAnnot == null) { | |
3 | 221 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
222 return null; | |
223 } | |
16 | 224 if (! storedAnnot.isActionAllowed("update", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
225 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
226 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
227 } |
3 | 228 // update from posted JSON |
229 annot = updateAnnotation(storedAnnot, jo, entity); | |
230 // store Annotation | |
4 | 231 storedAnnot = store.storeAnnotation(annot); |
232 /* | |
233 * according to https://github.com/okfn/annotator/wiki/Storage we | |
234 * should return 303: see other. but the client doesn't like it | |
235 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
236 * this one Reference thisUrl = this.getReference(); | |
237 * this.getResponse().setLocationRef(thisUrl); | |
238 */ | |
3 | 239 // return new annotation |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
240 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 241 JsonRepresentation retRep = new JsonRepresentation(jo); |
242 return retRep; | |
243 } catch (JSONException e) { | |
244 e.printStackTrace(); | |
245 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
246 } catch (IOException e) { | |
247 e.printStackTrace(); | |
248 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); | |
249 } | |
250 return null; | |
251 } | |
252 | |
253 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
254 * DELETE with JSON content-type. Deletes an Annotation. |
3 | 255 * |
256 * @param entity | |
257 * @return | |
258 */ | |
259 @Delete("json") | |
260 public Representation doDeleteJSON(Representation entity) { | |
261 logger.debug("AnnotatorAnnotations doDeleteJSON!"); | |
262 setCorsHeaders(); | |
263 // id from URI /annotations/{id} | |
264 String jsonId = (String) getRequest().getAttributes().get("id"); | |
265 String id = decodeJsonId(jsonId); | |
266 logger.debug("annotation-id=" + id); | |
267 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
268 // do authentication |
15 | 269 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
270 logger.debug("request authenticated=" + authUser); |
16 | 271 AnnotationStore store = getAnnotationStore(); |
272 Annotation annot = store.getAnnotationById(id); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
273 if (annot != null) { |
16 | 274 if (! annot.isActionAllowed("delete", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
275 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
276 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
277 } |
3 | 278 } |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
279 |
4 | 280 // delete annotation |
32
0731c4549065
UI for editing groups and persons works now. (still no authorisation!)
casties
parents:
22
diff
changeset
|
281 store.deleteAnnotationById(id); |
4 | 282 setStatus(Status.SUCCESS_NO_CONTENT); |
3 | 283 return null; |
284 } | |
285 | |
286 } |