Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 22:b1fb0d117877
adding and listing groups via html works now.
no editing of group membership yet.
no authentication yet.
| author | casties |
|---|---|
| date | Thu, 20 Sep 2012 17:42:26 +0200 |
| parents | 715aa11d138b |
| children | 9f653697437e 0731c4549065 |
| rev | line source |
|---|---|
| 3 | 1 /** |
| 2 * Implements the "annotations" uri of the Annotator API. see | |
| 3 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 4 */ | |
| 5 package de.mpiwg.itgroup.annotations.restlet; | |
| 6 | |
| 7 import java.io.IOException; | |
| 8 | |
| 9 import org.json.JSONException; | |
| 10 import org.json.JSONObject; | |
| 11 import org.restlet.data.Status; | |
| 12 import org.restlet.ext.json.JsonRepresentation; | |
| 13 import org.restlet.representation.Representation; | |
| 14 import org.restlet.resource.Delete; | |
| 15 import org.restlet.resource.Get; | |
| 16 import org.restlet.resource.Post; | |
| 17 import org.restlet.resource.Put; | |
| 18 | |
| 4 | 19 import de.mpiwg.itgroup.annotations.Annotation; |
| 15 | 20 import de.mpiwg.itgroup.annotations.Person; |
| 4 | 21 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
| 3 | 22 |
| 23 /** | |
| 4 | 24 * Implements the "annotations" uri of the Annotator API. see |
| 25 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 3 | 26 * |
| 27 * @author dwinter, casties | |
| 28 * | |
| 29 */ | |
| 30 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
| 31 | |
| 32 protected String getAllowedMethodsForHeader() { | |
| 33 return "OPTIONS,GET,POST,PUT,DELETE"; | |
| 34 } | |
| 35 | |
| 36 /** | |
| 37 * GET with JSON content-type. | |
| 38 * | |
| 39 * @param entity | |
| 40 * @return | |
| 41 */ | |
| 42 @Get("json") | |
| 43 public Representation doGetJSON(Representation entity) { | |
| 44 logger.debug("AnnotatorAnnotations doGetJSON!"); | |
| 45 setCorsHeaders(); | |
| 46 // id from URI /annotations/{id} | |
| 47 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 48 String id = decodeJsonId(jsonId); | |
| 49 logger.debug("annotation-id=" + id); | |
| 50 | |
| 22 | 51 if (id == null) { |
| 52 // TODO: what to return without id - list all annotations? | |
| 53 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 54 return null; | |
| 55 } | |
| 3 | 56 |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
57 // do authentication |
| 15 | 58 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
59 logger.debug("request authenticated=" + authUser); |
| 3 | 60 |
| 16 | 61 AnnotationStore store = getAnnotationStore(); |
| 62 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
63 if (annot != null) { |
| 16 | 64 if (! annot.isActionAllowed("read", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
65 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
66 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
67 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
68 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
| 4 | 69 logger.debug("sending:"); |
| 70 logger.debug(result); | |
| 71 return new JsonRepresentation(result); | |
| 72 } else { | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
73 // not found |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
74 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
75 return null; |
| 3 | 76 } |
| 77 } | |
| 78 | |
| 79 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
80 * POST with JSON content-type. Creates a new Annotation. |
| 3 | 81 * |
| 82 * @return | |
| 83 */ | |
| 84 @Post("json") | |
| 85 public Representation doPostJson(Representation entity) { | |
| 86 logger.debug("AnnotatorAnnotations doPostJSON!"); | |
| 87 // set headers | |
| 88 setCorsHeaders(); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
89 |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
90 // do authentication TODO: who's allowed to create? |
| 15 | 91 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
92 logger.debug("request authenticated=" + authUser); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
93 if (authUser == null) { |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
94 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
95 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
96 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
97 |
| 3 | 98 Annotation annot = null; |
| 99 try { | |
| 100 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 101 JSONObject jo = jrep.getJsonObject(); | |
| 102 if (jo == null) { | |
| 103 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 104 return null; | |
| 105 } | |
| 106 // make sure id is not set for POST | |
| 107 jo.remove("id"); | |
| 108 // get Annotation object from posted JSON | |
| 109 annot = createAnnotation(jo, entity); | |
| 110 } catch (IOException e1) { | |
| 111 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 112 return null; | |
| 113 } catch (JSONException e) { | |
| 114 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 115 return null; | |
| 116 } | |
| 4 | 117 if (annot == null) { |
| 3 | 118 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 119 return null; | |
| 120 } | |
| 121 Annotation storedAnnot; | |
| 4 | 122 // store Annotation |
| 123 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
| 124 /* | |
| 125 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
| 126 * return 303: see other. For now we return the annotation. | |
| 3 | 127 */ |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
128 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 129 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 130 return retRep; | |
| 131 } | |
| 132 | |
| 133 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
134 * PUT with JSON content-type. Modifies an Annotation. |
| 3 | 135 * |
| 136 * @param entity | |
| 137 * @return | |
| 138 */ | |
| 139 @Put("json") | |
| 140 public Representation doPutJSON(Representation entity) { | |
| 141 logger.debug("AnnotatorAnnotations doPutJSON!"); | |
| 142 setCorsHeaders(); | |
| 143 // id from URI /annotations/{id} | |
| 144 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 145 String id = decodeJsonId(jsonId); | |
| 146 logger.debug("annotation-id=" + id); | |
| 147 | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
148 // do authentication |
| 15 | 149 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
150 logger.debug("request authenticated=" + authUser); |
| 3 | 151 |
| 152 Annotation annot = null; | |
| 4 | 153 AnnotationStore store = getAnnotationStore(); |
| 3 | 154 try { |
| 155 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 156 JSONObject jo = jrep.getJsonObject(); | |
| 157 if (jo == null) { | |
| 158 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 159 return null; | |
| 160 } | |
| 161 // get stored Annotation | |
| 4 | 162 Annotation storedAnnot = store.getAnnotationById(id); |
| 163 if (storedAnnot == null) { | |
| 3 | 164 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
| 165 return null; | |
| 166 } | |
| 16 | 167 if (! storedAnnot.isActionAllowed("update", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
168 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
169 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
170 } |
| 3 | 171 // update from posted JSON |
| 172 annot = updateAnnotation(storedAnnot, jo, entity); | |
| 173 // store Annotation | |
| 4 | 174 storedAnnot = store.storeAnnotation(annot); |
| 175 /* | |
| 176 * according to https://github.com/okfn/annotator/wiki/Storage we | |
| 177 * should return 303: see other. but the client doesn't like it | |
| 178 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
| 179 * this one Reference thisUrl = this.getReference(); | |
| 180 * this.getResponse().setLocationRef(thisUrl); | |
| 181 */ | |
| 3 | 182 // return new annotation |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
183 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 184 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 185 return retRep; | |
| 186 } catch (JSONException e) { | |
| 187 e.printStackTrace(); | |
| 188 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 189 } catch (IOException e) { | |
| 190 e.printStackTrace(); | |
| 191 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); | |
| 192 } | |
| 193 return null; | |
| 194 } | |
| 195 | |
| 196 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
197 * DELETE with JSON content-type. Deletes an Annotation. |
| 3 | 198 * |
| 199 * @param entity | |
| 200 * @return | |
| 201 */ | |
| 202 @Delete("json") | |
| 203 public Representation doDeleteJSON(Representation entity) { | |
| 204 logger.debug("AnnotatorAnnotations doDeleteJSON!"); | |
| 205 setCorsHeaders(); | |
| 206 // id from URI /annotations/{id} | |
| 207 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 208 String id = decodeJsonId(jsonId); | |
| 209 logger.debug("annotation-id=" + id); | |
| 210 | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
211 // do authentication |
| 15 | 212 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
213 logger.debug("request authenticated=" + authUser); |
| 16 | 214 AnnotationStore store = getAnnotationStore(); |
| 215 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
216 if (annot != null) { |
| 16 | 217 if (! annot.isActionAllowed("delete", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
218 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
219 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
220 } |
| 3 | 221 } |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
222 |
| 4 | 223 // delete annotation |
| 16 | 224 store.deleteById(id); |
| 4 | 225 setStatus(Status.SUCCESS_NO_CONTENT); |
| 3 | 226 return null; |
| 227 } | |
| 228 | |
| 229 } |