Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 3599b29c393f |
children | 58357a4b86de |
rev | line source |
---|---|
3 | 1 /** |
2 * Implements the "annotations" uri of the Annotator API. see | |
3 * <https://github.com/okfn/annotator/wiki/Storage> | |
4 */ | |
5 package de.mpiwg.itgroup.annotations.restlet; | |
6 | |
7 import java.io.IOException; | |
8 | |
9 import org.json.JSONArray; | |
10 import org.json.JSONException; | |
11 import org.json.JSONObject; | |
12 import org.restlet.data.Status; | |
13 import org.restlet.ext.json.JsonRepresentation; | |
14 import org.restlet.representation.Representation; | |
15 import org.restlet.resource.Delete; | |
16 import org.restlet.resource.Get; | |
17 import org.restlet.resource.Post; | |
18 import org.restlet.resource.Put; | |
19 | |
4 | 20 import de.mpiwg.itgroup.annotations.Annotation; |
21 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; | |
3 | 22 |
23 /** | |
4 | 24 * Implements the "annotations" uri of the Annotator API. see |
25 * <https://github.com/okfn/annotator/wiki/Storage> | |
3 | 26 * |
27 * @author dwinter, casties | |
28 * | |
29 */ | |
30 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
31 | |
32 protected String getAllowedMethodsForHeader() { | |
33 return "OPTIONS,GET,POST,PUT,DELETE"; | |
34 } | |
35 | |
36 /** | |
37 * GET with JSON content-type. | |
38 * | |
39 * @param entity | |
40 * @return | |
41 */ | |
42 @Get("json") | |
43 public Representation doGetJSON(Representation entity) { | |
44 logger.debug("AnnotatorAnnotations doGetJSON!"); | |
45 setCorsHeaders(); | |
46 // id from URI /annotations/{id} | |
47 String jsonId = (String) getRequest().getAttributes().get("id"); | |
48 String id = decodeJsonId(jsonId); | |
49 logger.debug("annotation-id=" + id); | |
50 | |
51 // TODO: what to return without id - list of all annotations? | |
52 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
53 // do authentication |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
54 String authUser = this.checkAuthToken(entity); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
55 logger.debug("request authenticated=" + authUser); |
3 | 56 |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
57 Annotation annot = getAnnotationStore().getAnnotationById(id); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
58 if (annot != null) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
59 if (! annot.isActionAllowed("read", authUser)) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
60 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
61 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
62 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
63 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
4 | 64 logger.debug("sending:"); |
65 logger.debug(result); | |
66 return new JsonRepresentation(result); | |
67 } else { | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
68 // not found |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
69 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
70 return null; |
3 | 71 } |
72 } | |
73 | |
74 /** | |
75 * POST with JSON content-type. | |
76 * | |
77 * @return | |
78 */ | |
79 @Post("json") | |
80 public Representation doPostJson(Representation entity) { | |
81 logger.debug("AnnotatorAnnotations doPostJSON!"); | |
82 // set headers | |
83 setCorsHeaders(); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
84 |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
85 // do authentication TODO: who's allowed to create? |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
86 String authUser = this.checkAuthToken(entity); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
87 logger.debug("request authenticated=" + authUser); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
88 if (authUser == null) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
89 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
90 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
91 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
92 |
3 | 93 Annotation annot = null; |
94 try { | |
95 JsonRepresentation jrep = new JsonRepresentation(entity); | |
96 JSONObject jo = jrep.getJsonObject(); | |
97 if (jo == null) { | |
98 setStatus(Status.SERVER_ERROR_INTERNAL); | |
99 return null; | |
100 } | |
101 // make sure id is not set for POST | |
102 jo.remove("id"); | |
103 // get Annotation object from posted JSON | |
104 annot = createAnnotation(jo, entity); | |
105 } catch (IOException e1) { | |
106 setStatus(Status.SERVER_ERROR_INTERNAL); | |
107 return null; | |
108 } catch (JSONException e) { | |
109 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
110 return null; | |
111 } | |
4 | 112 if (annot == null) { |
3 | 113 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
114 return null; | |
115 } | |
116 Annotation storedAnnot; | |
4 | 117 // store Annotation |
118 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
119 /* | |
120 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
121 * return 303: see other. For now we return the annotation. | |
3 | 122 */ |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
123 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 124 JsonRepresentation retRep = new JsonRepresentation(jo); |
125 return retRep; | |
126 } | |
127 | |
128 /** | |
129 * PUT with JSON content-type. | |
130 * | |
131 * @param entity | |
132 * @return | |
133 */ | |
134 @Put("json") | |
135 public Representation doPutJSON(Representation entity) { | |
136 logger.debug("AnnotatorAnnotations doPutJSON!"); | |
137 setCorsHeaders(); | |
138 // id from URI /annotations/{id} | |
139 String jsonId = (String) getRequest().getAttributes().get("id"); | |
140 String id = decodeJsonId(jsonId); | |
141 logger.debug("annotation-id=" + id); | |
142 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
143 // do authentication |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
144 String authUser = this.checkAuthToken(entity); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
145 logger.debug("request authenticated=" + authUser); |
3 | 146 |
147 Annotation annot = null; | |
4 | 148 AnnotationStore store = getAnnotationStore(); |
3 | 149 try { |
150 JsonRepresentation jrep = new JsonRepresentation(entity); | |
151 JSONObject jo = jrep.getJsonObject(); | |
152 if (jo == null) { | |
153 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
154 return null; | |
155 } | |
156 // get stored Annotation | |
4 | 157 Annotation storedAnnot = store.getAnnotationById(id); |
158 if (storedAnnot == null) { | |
3 | 159 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
160 return null; | |
161 } | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
162 if (! storedAnnot.isActionAllowed("update", authUser)) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
163 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
164 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
165 } |
3 | 166 // update from posted JSON |
167 annot = updateAnnotation(storedAnnot, jo, entity); | |
168 // store Annotation | |
4 | 169 storedAnnot = store.storeAnnotation(annot); |
170 /* | |
171 * according to https://github.com/okfn/annotator/wiki/Storage we | |
172 * should return 303: see other. but the client doesn't like it | |
173 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
174 * this one Reference thisUrl = this.getReference(); | |
175 * this.getResponse().setLocationRef(thisUrl); | |
176 */ | |
3 | 177 // return new annotation |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
178 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 179 JsonRepresentation retRep = new JsonRepresentation(jo); |
180 return retRep; | |
181 } catch (JSONException e) { | |
182 e.printStackTrace(); | |
183 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
184 } catch (IOException e) { | |
185 e.printStackTrace(); | |
186 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); | |
187 } | |
188 return null; | |
189 } | |
190 | |
191 /** | |
192 * DELETE with JSON content-type. | |
193 * | |
194 * @param entity | |
195 * @return | |
196 */ | |
197 @Delete("json") | |
198 public Representation doDeleteJSON(Representation entity) { | |
199 logger.debug("AnnotatorAnnotations doDeleteJSON!"); | |
200 setCorsHeaders(); | |
201 // id from URI /annotations/{id} | |
202 String jsonId = (String) getRequest().getAttributes().get("id"); | |
203 String id = decodeJsonId(jsonId); | |
204 logger.debug("annotation-id=" + id); | |
205 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
206 // do authentication |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
207 String authUser = this.checkAuthToken(entity); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
208 logger.debug("request authenticated=" + authUser); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
209 Annotation annot = getAnnotationStore().getAnnotationById(id); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
210 if (annot != null) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
211 if (! annot.isActionAllowed("delete", authUser)) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
212 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
213 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
214 } |
3 | 215 } |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
216 |
4 | 217 // delete annotation |
218 getAnnotationStore().deleteById(id); | |
219 setStatus(Status.SUCCESS_NO_CONTENT); | |
3 | 220 return null; |
221 } | |
222 | |
223 } |