Mercurial > hg > AnnotationManagerN4J

annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 14:629e15b345aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
permissions mostly work. need more server-side checking.
author casties
date Fri, 13 Jul 2012 20:41:02 +0200
parents 3599b29c393f
children 58357a4b86de
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
1 /**
47b53ae385d1 merging old code
casties
parents:
diff changeset
2 * Implements the "annotations" uri of the Annotator API. see
47b53ae385d1 merging old code
casties
parents:
diff changeset
3 * <https://github.com/okfn/annotator/wiki/Storage>
47b53ae385d1 merging old code
casties
parents:
diff changeset
4 */
47b53ae385d1 merging old code
casties
parents:
diff changeset
5 package de.mpiwg.itgroup.annotations.restlet;
47b53ae385d1 merging old code
casties
parents:
diff changeset
6
47b53ae385d1 merging old code
casties
parents:
diff changeset
7 import java.io.IOException;
47b53ae385d1 merging old code
casties
parents:
diff changeset
8
47b53ae385d1 merging old code
casties
parents:
diff changeset
9 import org.json.JSONArray;
47b53ae385d1 merging old code
casties
parents:
diff changeset
10 import org.json.JSONException;
47b53ae385d1 merging old code
casties
parents:
diff changeset
11 import org.json.JSONObject;
47b53ae385d1 merging old code
casties
parents:
diff changeset
12 import org.restlet.data.Status;
47b53ae385d1 merging old code
casties
parents:
diff changeset
13 import org.restlet.ext.json.JsonRepresentation;
47b53ae385d1 merging old code
casties
parents:
diff changeset
14 import org.restlet.representation.Representation;
47b53ae385d1 merging old code
casties
parents:
diff changeset
15 import org.restlet.resource.Delete;
47b53ae385d1 merging old code
casties
parents:
diff changeset
16 import org.restlet.resource.Get;
47b53ae385d1 merging old code
casties
parents:
diff changeset
17 import org.restlet.resource.Post;
47b53ae385d1 merging old code
casties
parents:
diff changeset
18 import org.restlet.resource.Put;
47b53ae385d1 merging old code
casties
parents:
diff changeset
19
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
20 import de.mpiwg.itgroup.annotations.Annotation;
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
21 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
22
47b53ae385d1 merging old code
casties
parents:
diff changeset
23 /**
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
24 * Implements the "annotations" uri of the Annotator API. see
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
25 * <https://github.com/okfn/annotator/wiki/Storage>
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
26 *
47b53ae385d1 merging old code
casties
parents:
diff changeset
27 * @author dwinter, casties
47b53ae385d1 merging old code
casties
parents:
diff changeset
28 *
47b53ae385d1 merging old code
casties
parents:
diff changeset
29 */
47b53ae385d1 merging old code
casties
parents:
diff changeset
30 public class AnnotatorAnnotations extends AnnotatorResourceImpl {
47b53ae385d1 merging old code
casties
parents:
diff changeset
31
47b53ae385d1 merging old code
casties
parents:
diff changeset
32 protected String getAllowedMethodsForHeader() {
47b53ae385d1 merging old code
casties
parents:
diff changeset
33 return "OPTIONS,GET,POST,PUT,DELETE";
47b53ae385d1 merging old code
casties
parents:
diff changeset
34 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
35
47b53ae385d1 merging old code
casties
parents:
diff changeset
36 /**
47b53ae385d1 merging old code
casties
parents:
diff changeset
37 * GET with JSON content-type.
47b53ae385d1 merging old code
casties
parents:
diff changeset
38 *
47b53ae385d1 merging old code
casties
parents:
diff changeset
39 * @param entity
47b53ae385d1 merging old code
casties
parents:
diff changeset
40 * @return
47b53ae385d1 merging old code
casties
parents:
diff changeset
41 */
47b53ae385d1 merging old code
casties
parents:
diff changeset
42 @Get("json")
47b53ae385d1 merging old code
casties
parents:
diff changeset
43 public Representation doGetJSON(Representation entity) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
44 logger.debug("AnnotatorAnnotations doGetJSON!");
47b53ae385d1 merging old code
casties
parents:
diff changeset
45 setCorsHeaders();
47b53ae385d1 merging old code
casties
parents:
diff changeset
46 // id from URI /annotations/{id}
47b53ae385d1 merging old code
casties
parents:
diff changeset
47 String jsonId = (String) getRequest().getAttributes().get("id");
47b53ae385d1 merging old code
casties
parents:
diff changeset
48 String id = decodeJsonId(jsonId);
47b53ae385d1 merging old code
casties
parents:
diff changeset
49 logger.debug("annotation-id=" + id);
47b53ae385d1 merging old code
casties
parents:
diff changeset
50
47b53ae385d1 merging old code
casties
parents:
diff changeset
51 // TODO: what to return without id - list of all annotations?
47b53ae385d1 merging old code
casties
parents:
diff changeset
52
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
53 // do authentication
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
54 String authUser = this.checkAuthToken(entity);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
55 logger.debug("request authenticated=" + authUser);
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
56
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
57 Annotation annot = getAnnotationStore().getAnnotationById(id);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
58 if (annot != null) {
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
59 if (! annot.isActionAllowed("read", authUser)) {
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
60 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
61 return null;
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
62 }
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
63 JSONObject result = createAnnotatorJson(annot, (authUser == null));
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
64 logger.debug("sending:");
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
65 logger.debug(result);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
66 return new JsonRepresentation(result);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
67 } else {
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
68 // not found
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
69 setStatus(Status.CLIENT_ERROR_NOT_FOUND);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
70 return null;
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
71 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
72 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
73
47b53ae385d1 merging old code
casties
parents:
diff changeset
74 /**
47b53ae385d1 merging old code
casties
parents:
diff changeset
75 * POST with JSON content-type.
47b53ae385d1 merging old code
casties
parents:
diff changeset
76 *
47b53ae385d1 merging old code
casties
parents:
diff changeset
77 * @return
47b53ae385d1 merging old code
casties
parents:
diff changeset
78 */
47b53ae385d1 merging old code
casties
parents:
diff changeset
79 @Post("json")
47b53ae385d1 merging old code
casties
parents:
diff changeset
80 public Representation doPostJson(Representation entity) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
81 logger.debug("AnnotatorAnnotations doPostJSON!");
47b53ae385d1 merging old code
casties
parents:
diff changeset
82 // set headers
47b53ae385d1 merging old code
casties
parents:
diff changeset
83 setCorsHeaders();
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
84
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
85 // do authentication TODO: who's allowed to create?
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
86 String authUser = this.checkAuthToken(entity);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
87 logger.debug("request authenticated=" + authUser);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
88 if (authUser == null) {
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
89 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
90 return null;
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
91 }
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
92
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
93 Annotation annot = null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
94 try {
47b53ae385d1 merging old code
casties
parents:
diff changeset
95 JsonRepresentation jrep = new JsonRepresentation(entity);
47b53ae385d1 merging old code
casties
parents:
diff changeset
96 JSONObject jo = jrep.getJsonObject();
47b53ae385d1 merging old code
casties
parents:
diff changeset
97 if (jo == null) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
98 setStatus(Status.SERVER_ERROR_INTERNAL);
47b53ae385d1 merging old code
casties
parents:
diff changeset
99 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
100 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
101 // make sure id is not set for POST
47b53ae385d1 merging old code
casties
parents:
diff changeset
102 jo.remove("id");
47b53ae385d1 merging old code
casties
parents:
diff changeset
103 // get Annotation object from posted JSON
47b53ae385d1 merging old code
casties
parents:
diff changeset
104 annot = createAnnotation(jo, entity);
47b53ae385d1 merging old code
casties
parents:
diff changeset
105 } catch (IOException e1) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
106 setStatus(Status.SERVER_ERROR_INTERNAL);
47b53ae385d1 merging old code
casties
parents:
diff changeset
107 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
108 } catch (JSONException e) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
109 setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
47b53ae385d1 merging old code
casties
parents:
diff changeset
110 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
111 }
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
112 if (annot == null) {
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
113 setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
47b53ae385d1 merging old code
casties
parents:
diff changeset
114 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
115 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
116 Annotation storedAnnot;
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
117 // store Annotation
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
118 storedAnnot = getAnnotationStore().storeAnnotation(annot);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
119 /*
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
120 * according to https://github.com/okfn/annotator/wiki/Storage we should
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
121 * return 303: see other. For now we return the annotation.
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
122 */
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
123 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null));
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
124 JsonRepresentation retRep = new JsonRepresentation(jo);
47b53ae385d1 merging old code
casties
parents:
diff changeset
125 return retRep;
47b53ae385d1 merging old code
casties
parents:
diff changeset
126 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
127
47b53ae385d1 merging old code
casties
parents:
diff changeset
128 /**
47b53ae385d1 merging old code
casties
parents:
diff changeset
129 * PUT with JSON content-type.
47b53ae385d1 merging old code
casties
parents:
diff changeset
130 *
47b53ae385d1 merging old code
casties
parents:
diff changeset
131 * @param entity
47b53ae385d1 merging old code
casties
parents:
diff changeset
132 * @return
47b53ae385d1 merging old code
casties
parents:
diff changeset
133 */
47b53ae385d1 merging old code
casties
parents:
diff changeset
134 @Put("json")
47b53ae385d1 merging old code
casties
parents:
diff changeset
135 public Representation doPutJSON(Representation entity) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
136 logger.debug("AnnotatorAnnotations doPutJSON!");
47b53ae385d1 merging old code
casties
parents:
diff changeset
137 setCorsHeaders();
47b53ae385d1 merging old code
casties
parents:
diff changeset
138 // id from URI /annotations/{id}
47b53ae385d1 merging old code
casties
parents:
diff changeset
139 String jsonId = (String) getRequest().getAttributes().get("id");
47b53ae385d1 merging old code
casties
parents:
diff changeset
140 String id = decodeJsonId(jsonId);
47b53ae385d1 merging old code
casties
parents:
diff changeset
141 logger.debug("annotation-id=" + id);
47b53ae385d1 merging old code
casties
parents:
diff changeset
142
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
143 // do authentication
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
144 String authUser = this.checkAuthToken(entity);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
145 logger.debug("request authenticated=" + authUser);
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
146
47b53ae385d1 merging old code
casties
parents:
diff changeset
147 Annotation annot = null;
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
148 AnnotationStore store = getAnnotationStore();
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
149 try {
47b53ae385d1 merging old code
casties
parents:
diff changeset
150 JsonRepresentation jrep = new JsonRepresentation(entity);
47b53ae385d1 merging old code
casties
parents:
diff changeset
151 JSONObject jo = jrep.getJsonObject();
47b53ae385d1 merging old code
casties
parents:
diff changeset
152 if (jo == null) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
153 setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
47b53ae385d1 merging old code
casties
parents:
diff changeset
154 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
155 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
156 // get stored Annotation
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
157 Annotation storedAnnot = store.getAnnotationById(id);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
158 if (storedAnnot == null) {
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
159 setStatus(Status.CLIENT_ERROR_NOT_FOUND);
47b53ae385d1 merging old code
casties
parents:
diff changeset
160 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
161 }
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
162 if (! storedAnnot.isActionAllowed("update", authUser)) {
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
163 setStatus(Status.CLIENT_ERROR_FORBIDDEN);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
164 return null;
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
165 }
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
166 // update from posted JSON
47b53ae385d1 merging old code
casties
parents:
diff changeset
167 annot = updateAnnotation(storedAnnot, jo, entity);
47b53ae385d1 merging old code
casties
parents:
diff changeset
168 // store Annotation
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
169 storedAnnot = store.storeAnnotation(annot);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
170 /*
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
171 * according to https://github.com/okfn/annotator/wiki/Storage we
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
172 * should return 303: see other. but the client doesn't like it
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
173 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
174 * this one Reference thisUrl = this.getReference();
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
175 * this.getResponse().setLocationRef(thisUrl);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
176 */
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
177 // return new annotation
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
178 jo = createAnnotatorJson(storedAnnot, (authUser == null));
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
179 JsonRepresentation retRep = new JsonRepresentation(jo);
47b53ae385d1 merging old code
casties
parents:
diff changeset
180 return retRep;
47b53ae385d1 merging old code
casties
parents:
diff changeset
181 } catch (JSONException e) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
182 e.printStackTrace();
47b53ae385d1 merging old code
casties
parents:
diff changeset
183 setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
47b53ae385d1 merging old code
casties
parents:
diff changeset
184 } catch (IOException e) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
185 e.printStackTrace();
47b53ae385d1 merging old code
casties
parents:
diff changeset
186 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error");
47b53ae385d1 merging old code
casties
parents:
diff changeset
187 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
188 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
189 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
190
47b53ae385d1 merging old code
casties
parents:
diff changeset
191 /**
47b53ae385d1 merging old code
casties
parents:
diff changeset
192 * DELETE with JSON content-type.
47b53ae385d1 merging old code
casties
parents:
diff changeset
193 *
47b53ae385d1 merging old code
casties
parents:
diff changeset
194 * @param entity
47b53ae385d1 merging old code
casties
parents:
diff changeset
195 * @return
47b53ae385d1 merging old code
casties
parents:
diff changeset
196 */
47b53ae385d1 merging old code
casties
parents:
diff changeset
197 @Delete("json")
47b53ae385d1 merging old code
casties
parents:
diff changeset
198 public Representation doDeleteJSON(Representation entity) {
47b53ae385d1 merging old code
casties
parents:
diff changeset
199 logger.debug("AnnotatorAnnotations doDeleteJSON!");
47b53ae385d1 merging old code
casties
parents:
diff changeset
200 setCorsHeaders();
47b53ae385d1 merging old code
casties
parents:
diff changeset
201 // id from URI /annotations/{id}
47b53ae385d1 merging old code
casties
parents:
diff changeset
202 String jsonId = (String) getRequest().getAttributes().get("id");
47b53ae385d1 merging old code
casties
parents:
diff changeset
203 String id = decodeJsonId(jsonId);
47b53ae385d1 merging old code
casties
parents:
diff changeset
204 logger.debug("annotation-id=" + id);
47b53ae385d1 merging old code
casties
parents:
diff changeset
205
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
206 // do authentication
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
207 String authUser = this.checkAuthToken(entity);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
208 logger.debug("request authenticated=" + authUser);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
209 Annotation annot = getAnnotationStore().getAnnotationById(id);
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
210 if (annot != null) {
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
211 if (! annot.isActionAllowed("delete", authUser)) {
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
212 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
213 return null;
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
214 }
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
215 }
14
629e15b345aa permissions mostly work. need more server-side checking.
casties
parents: 4
diff changeset
216
4
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
217 // delete annotation
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
218 getAnnotationStore().deleteById(id);
3599b29c393f store seems to work now :-)
casties
parents: 3
diff changeset
219 setStatus(Status.SUCCESS_NO_CONTENT);
3
47b53ae385d1 merging old code
casties
parents:
diff changeset
220 return null;
47b53ae385d1 merging old code
casties
parents:
diff changeset
221 }
47b53ae385d1 merging old code
casties
parents:
diff changeset
222
47b53ae385d1 merging old code
casties
parents:
diff changeset
223 }