Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 31:9f653697437e
annotationbrowser
author | dwinter |
---|---|
date | Tue, 25 Sep 2012 21:47:58 +0200 |
parents | b1fb0d117877 |
children | 8427930c5f88 |
rev | line source |
---|---|
3 | 1 /** |
2 * Implements the "annotations" uri of the Annotator API. see | |
3 * <https://github.com/okfn/annotator/wiki/Storage> | |
4 */ | |
5 package de.mpiwg.itgroup.annotations.restlet; | |
6 | |
7 import java.io.IOException; | |
31 | 8 import java.util.ArrayList; |
9 import java.util.List; | |
3 | 10 |
31 | 11 import org.json.JSONArray; |
3 | 12 import org.json.JSONException; |
13 import org.json.JSONObject; | |
31 | 14 import org.restlet.data.Form; |
15 import org.restlet.data.Parameter; | |
3 | 16 import org.restlet.data.Status; |
17 import org.restlet.ext.json.JsonRepresentation; | |
18 import org.restlet.representation.Representation; | |
19 import org.restlet.resource.Delete; | |
20 import org.restlet.resource.Get; | |
21 import org.restlet.resource.Post; | |
22 import org.restlet.resource.Put; | |
23 | |
4 | 24 import de.mpiwg.itgroup.annotations.Annotation; |
15 | 25 import de.mpiwg.itgroup.annotations.Person; |
31 | 26 import de.mpiwg.itgroup.annotations.Tag; |
4 | 27 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
31 | 28 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
3 | 29 |
30 /** | |
4 | 31 * Implements the "annotations" uri of the Annotator API. see |
32 * <https://github.com/okfn/annotator/wiki/Storage> | |
3 | 33 * |
34 * @author dwinter, casties | |
35 * | |
36 */ | |
37 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
38 | |
39 protected String getAllowedMethodsForHeader() { | |
40 return "OPTIONS,GET,POST,PUT,DELETE"; | |
41 } | |
42 | |
43 /** | |
44 * GET with JSON content-type. | |
45 * | |
46 * @param entity | |
47 * @return | |
48 */ | |
49 @Get("json") | |
50 public Representation doGetJSON(Representation entity) { | |
51 logger.debug("AnnotatorAnnotations doGetJSON!"); | |
52 setCorsHeaders(); | |
53 // id from URI /annotations/{id} | |
54 String jsonId = (String) getRequest().getAttributes().get("id"); | |
55 String id = decodeJsonId(jsonId); | |
56 logger.debug("annotation-id=" + id); | |
57 | |
22 | 58 if (id == null) { |
31 | 59 |
60 return getAllAnnotations(); | |
22 | 61 } |
3 | 62 |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
63 // do authentication |
15 | 64 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
65 logger.debug("request authenticated=" + authUser); |
3 | 66 |
16 | 67 AnnotationStore store = getAnnotationStore(); |
68 Annotation annot = store.getAnnotationById(id); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
69 if (annot != null) { |
16 | 70 if (! annot.isActionAllowed("read", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
71 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
72 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
73 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
74 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
4 | 75 logger.debug("sending:"); |
76 logger.debug(result); | |
77 return new JsonRepresentation(result); | |
78 } else { | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
79 // not found |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
80 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
81 return null; |
3 | 82 } |
83 } | |
84 | |
31 | 85 private Representation getAllAnnotations() { |
86 | |
87 Form form = getRequest().getResourceRef().getQueryAsForm(); | |
88 String sortBy=null; | |
89 for (Parameter parameter : form) { | |
90 if (parameter.getName().equals("sortBy")){ | |
91 sortBy = parameter.getValue(); | |
92 } | |
93 } | |
94 | |
95 AnnotationStore store = getAnnotationStore(); | |
96 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); | |
97 | |
98 List<Annotation> annotations = store.getAnnotations(null, null); | |
99 for (Annotation annotation : annotations) { | |
100 | |
101 JSONObject jo = createAnnotatorJson(annotation,false); | |
102 results.add(jo); | |
103 | |
104 } | |
105 | |
106 if (sortBy!=null){ | |
107 JSONObjectComparator.sortAnnotations(results,sortBy); | |
108 } | |
109 | |
110 JSONArray resultsJa = new JSONArray(); | |
111 for (JSONObject result:results){ | |
112 resultsJa.put(result); | |
113 } | |
114 | |
115 // assemble result object | |
116 JSONObject result = new JSONObject(); | |
117 try { | |
118 result.put("rows", resultsJa); | |
119 result.put("total", resultsJa.length()); | |
120 } catch (JSONException e) { | |
121 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | |
122 return null; | |
123 } | |
124 logger.debug("sending:"); | |
125 logger.debug(result); | |
126 return new JsonRepresentation(result); | |
127 } | |
128 | |
129 | |
130 | |
131 | |
132 | |
133 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
134 * POST with JSON content-type. Creates a new Annotation. |
3 | 135 * |
136 * @return | |
137 */ | |
138 @Post("json") | |
139 public Representation doPostJson(Representation entity) { | |
140 logger.debug("AnnotatorAnnotations doPostJSON!"); | |
141 // set headers | |
142 setCorsHeaders(); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
143 |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
144 // do authentication TODO: who's allowed to create? |
15 | 145 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
146 logger.debug("request authenticated=" + authUser); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
147 if (authUser == null) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
148 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
149 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
150 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
151 |
3 | 152 Annotation annot = null; |
153 try { | |
154 JsonRepresentation jrep = new JsonRepresentation(entity); | |
155 JSONObject jo = jrep.getJsonObject(); | |
156 if (jo == null) { | |
157 setStatus(Status.SERVER_ERROR_INTERNAL); | |
158 return null; | |
159 } | |
160 // make sure id is not set for POST | |
161 jo.remove("id"); | |
162 // get Annotation object from posted JSON | |
163 annot = createAnnotation(jo, entity); | |
164 } catch (IOException e1) { | |
165 setStatus(Status.SERVER_ERROR_INTERNAL); | |
166 return null; | |
167 } catch (JSONException e) { | |
168 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
169 return null; | |
170 } | |
4 | 171 if (annot == null) { |
3 | 172 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
173 return null; | |
174 } | |
175 Annotation storedAnnot; | |
4 | 176 // store Annotation |
177 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
178 /* | |
179 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
180 * return 303: see other. For now we return the annotation. | |
3 | 181 */ |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
182 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 183 JsonRepresentation retRep = new JsonRepresentation(jo); |
184 return retRep; | |
185 } | |
186 | |
187 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
188 * PUT with JSON content-type. Modifies an Annotation. |
3 | 189 * |
190 * @param entity | |
191 * @return | |
192 */ | |
193 @Put("json") | |
194 public Representation doPutJSON(Representation entity) { | |
195 logger.debug("AnnotatorAnnotations doPutJSON!"); | |
196 setCorsHeaders(); | |
197 // id from URI /annotations/{id} | |
198 String jsonId = (String) getRequest().getAttributes().get("id"); | |
199 String id = decodeJsonId(jsonId); | |
200 logger.debug("annotation-id=" + id); | |
201 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
202 // do authentication |
15 | 203 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
204 logger.debug("request authenticated=" + authUser); |
3 | 205 |
206 Annotation annot = null; | |
4 | 207 AnnotationStore store = getAnnotationStore(); |
3 | 208 try { |
209 JsonRepresentation jrep = new JsonRepresentation(entity); | |
210 JSONObject jo = jrep.getJsonObject(); | |
211 if (jo == null) { | |
212 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
213 return null; | |
214 } | |
215 // get stored Annotation | |
4 | 216 Annotation storedAnnot = store.getAnnotationById(id); |
217 if (storedAnnot == null) { | |
3 | 218 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
219 return null; | |
220 } | |
16 | 221 if (! storedAnnot.isActionAllowed("update", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
222 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
223 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
224 } |
3 | 225 // update from posted JSON |
226 annot = updateAnnotation(storedAnnot, jo, entity); | |
227 // store Annotation | |
4 | 228 storedAnnot = store.storeAnnotation(annot); |
229 /* | |
230 * according to https://github.com/okfn/annotator/wiki/Storage we | |
231 * should return 303: see other. but the client doesn't like it | |
232 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
233 * this one Reference thisUrl = this.getReference(); | |
234 * this.getResponse().setLocationRef(thisUrl); | |
235 */ | |
3 | 236 // return new annotation |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
237 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 238 JsonRepresentation retRep = new JsonRepresentation(jo); |
239 return retRep; | |
240 } catch (JSONException e) { | |
241 e.printStackTrace(); | |
242 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
243 } catch (IOException e) { | |
244 e.printStackTrace(); | |
245 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); | |
246 } | |
247 return null; | |
248 } | |
249 | |
250 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
251 * DELETE with JSON content-type. Deletes an Annotation. |
3 | 252 * |
253 * @param entity | |
254 * @return | |
255 */ | |
256 @Delete("json") | |
257 public Representation doDeleteJSON(Representation entity) { | |
258 logger.debug("AnnotatorAnnotations doDeleteJSON!"); | |
259 setCorsHeaders(); | |
260 // id from URI /annotations/{id} | |
261 String jsonId = (String) getRequest().getAttributes().get("id"); | |
262 String id = decodeJsonId(jsonId); | |
263 logger.debug("annotation-id=" + id); | |
264 | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
265 // do authentication |
15 | 266 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
267 logger.debug("request authenticated=" + authUser); |
16 | 268 AnnotationStore store = getAnnotationStore(); |
269 Annotation annot = store.getAnnotationById(id); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
270 if (annot != null) { |
16 | 271 if (! annot.isActionAllowed("delete", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
272 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
273 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
274 } |
3 | 275 } |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
276 |
4 | 277 // delete annotation |
16 | 278 store.deleteById(id); |
4 | 279 setStatus(Status.SUCCESS_NO_CONTENT); |
3 | 280 return null; |
281 } | |
282 | |
283 } |