Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 88:b406507a953d
upped version to 0.5.
can use display name and groups from auth token.
author | casties |
---|---|
date | Tue, 03 Feb 2015 19:01:27 +0100 |
parents | 25eb2e1df106 |
children | cf44d9e1a4a7 |
rev | line source |
---|---|
3 | 1 package de.mpiwg.itgroup.annotations.restlet; |
2 | |
70 | 3 /* |
4 * #%L | |
5 * AnnotationManager | |
6 * %% | |
7 * Copyright (C) 2012 - 2014 MPIWG Berlin | |
8 * %% | |
9 * This program is free software: you can redistribute it and/or modify | |
10 * it under the terms of the GNU Lesser General Public License as | |
11 * published by the Free Software Foundation, either version 3 of the | |
12 * License, or (at your option) any later version. | |
13 * | |
14 * This program is distributed in the hope that it will be useful, | |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 * GNU General Lesser Public License for more details. | |
18 * | |
19 * You should have received a copy of the GNU General Lesser Public | |
20 * License along with this program. If not, see | |
21 * <http://www.gnu.org/licenses/lgpl-3.0.html>. | |
22 * #L% | |
23 */ | |
24 | |
3 | 25 import java.io.IOException; |
65 | 26 import java.io.UnsupportedEncodingException; |
27 import java.net.URLDecoder; | |
31 | 28 import java.util.ArrayList; |
29 import java.util.List; | |
3 | 30 |
31 | 31 import org.json.JSONArray; |
3 | 32 import org.json.JSONException; |
33 import org.json.JSONObject; | |
31 | 34 import org.restlet.data.Form; |
3 | 35 import org.restlet.data.Status; |
36 import org.restlet.ext.json.JsonRepresentation; | |
37 import org.restlet.representation.Representation; | |
38 import org.restlet.resource.Delete; | |
39 import org.restlet.resource.Get; | |
40 import org.restlet.resource.Post; | |
41 import org.restlet.resource.Put; | |
42 | |
4 | 43 import de.mpiwg.itgroup.annotations.Annotation; |
15 | 44 import de.mpiwg.itgroup.annotations.Person; |
4 | 45 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
31 | 46 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
3 | 47 |
48 /** | |
4 | 49 * Implements the "annotations" uri of the Annotator API. see |
50 * <https://github.com/okfn/annotator/wiki/Storage> | |
3 | 51 * |
52 * @author dwinter, casties | |
53 * | |
54 */ | |
55 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
56 | |
57 protected String getAllowedMethodsForHeader() { | |
58 return "OPTIONS,GET,POST,PUT,DELETE"; | |
59 } | |
60 | |
61 /** | |
62 * GET with JSON content-type. | |
63 * | |
64 * @param entity | |
65 * @return | |
66 */ | |
67 @Get("json") | |
68 public Representation doGetJSON(Representation entity) { | |
75 | 69 logger.fine("AnnotatorAnnotations doGetJSON!"); |
3 | 70 setCorsHeaders(); |
71 // id from URI /annotations/{id} | |
65 | 72 String id = null; |
3 | 73 String jsonId = (String) getRequest().getAttributes().get("id"); |
65 | 74 if (jsonId != null) { |
75 // URL decode | |
76 try { | |
77 jsonId = URLDecoder.decode(jsonId, "UTF-8"); | |
78 } catch (UnsupportedEncodingException e) { | |
79 // this shouldn't happen | |
80 } | |
81 id = decodeJsonId(jsonId); | |
75 | 82 logger.fine("annotation-id=" + id); |
65 | 83 } |
3 | 84 |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
85 // do authentication |
88 | 86 Person authUser = getUserFromAuthToken(entity); |
75 | 87 logger.fine("request authenticated=" + authUser); |
3 | 88 |
37 | 89 if (id == null) { |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
90 // no id -- send all annotations |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
91 Form form = getRequest().getResourceRef().getQueryAsForm(); |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
92 int limit = getInt(form.getFirstValue("limit")); |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
93 int offset = getInt(form.getFirstValue("offset")); |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
94 String sortBy = form.getFirstValue("sortBy"); |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
95 return getAllAnnotations(authUser, limit, offset, sortBy); |
37 | 96 } |
97 | |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
98 // send annotation with id |
16 | 99 AnnotationStore store = getAnnotationStore(); |
100 Annotation annot = store.getAnnotationById(id); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
101 if (annot != null) { |
61 | 102 if (!annot.isActionAllowed("read", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
103 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
104 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
105 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
106 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
4 | 107 return new JsonRepresentation(result); |
108 } else { | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
109 // not found |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
110 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
111 return null; |
3 | 112 } |
113 } | |
114 | |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
115 private Representation getAllAnnotations(Person authUser, int limit, int offset, String sortBy) { |
31 | 116 AnnotationStore store = getAnnotationStore(); |
117 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); | |
65 | 118 |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
119 // read all annotations |
61 | 120 List<Annotation> annotations = store.getAnnotations(null, null); |
31 | 121 for (Annotation annotation : annotations) { |
61 | 122 // check permission |
65 | 123 if (!annotation.isActionAllowed("read", authUser, store)) |
124 continue; | |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
125 // add annotation to list |
61 | 126 JSONObject jo = createAnnotatorJson(annotation, false); |
127 results.add(jo); | |
128 } | |
129 | |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
130 // sort if necessary |
61 | 131 if (sortBy != null) { |
132 JSONObjectComparator.sortAnnotations(results, sortBy); | |
133 } | |
65 | 134 |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
135 // put in JSON list |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
136 JSONArray rows = new JSONArray(); |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
137 int cnt = 0; |
61 | 138 for (JSONObject result : results) { |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
139 cnt += 1; |
65 | 140 if (offset > 0 && cnt < offset) |
141 continue; | |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
142 rows.put(result); |
65 | 143 if (limit > 0 && cnt >= limit) |
144 break; | |
61 | 145 } |
146 | |
31 | 147 // assemble result object |
148 JSONObject result = new JSONObject(); | |
149 try { | |
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
150 result.put("rows", rows); |
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
151 result.put("total", rows.length()); |
31 | 152 } catch (JSONException e) { |
153 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | |
154 return null; | |
155 } | |
156 return new JsonRepresentation(result); | |
157 } | |
158 | |
61 | 159 /** |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
160 * POST with JSON content-type. Creates a new Annotation. |
3 | 161 * |
162 * @return | |
163 */ | |
164 @Post("json") | |
165 public Representation doPostJson(Representation entity) { | |
75 | 166 logger.fine("AnnotatorAnnotations doPostJSON!"); |
3 | 167 // set headers |
168 setCorsHeaders(); | |
61 | 169 |
170 // do authentication TODO: who's allowed to create? | |
88 | 171 Person authUser = getUserFromAuthToken(entity); |
75 | 172 logger.fine("request authenticated=" + authUser); |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
173 if (authUser == null) { |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
174 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
175 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
176 } |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
177 |
3 | 178 Annotation annot = null; |
179 try { | |
180 JsonRepresentation jrep = new JsonRepresentation(entity); | |
181 JSONObject jo = jrep.getJsonObject(); | |
182 if (jo == null) { | |
183 setStatus(Status.SERVER_ERROR_INTERNAL); | |
184 return null; | |
185 } | |
186 // make sure id is not set for POST | |
187 jo.remove("id"); | |
88 | 188 // create Annotation object from posted JSON |
3 | 189 annot = createAnnotation(jo, entity); |
190 } catch (IOException e1) { | |
191 setStatus(Status.SERVER_ERROR_INTERNAL); | |
192 return null; | |
193 } catch (JSONException e) { | |
194 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
195 return null; | |
196 } | |
4 | 197 if (annot == null) { |
3 | 198 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
199 return null; | |
200 } | |
201 Annotation storedAnnot; | |
4 | 202 // store Annotation |
203 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
204 /* | |
205 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
206 * return 303: see other. For now we return the annotation. | |
3 | 207 */ |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
208 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 209 JsonRepresentation retRep = new JsonRepresentation(jo); |
210 return retRep; | |
211 } | |
212 | |
213 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
214 * PUT with JSON content-type. Modifies an Annotation. |
3 | 215 * |
216 * @param entity | |
217 * @return | |
218 */ | |
219 @Put("json") | |
220 public Representation doPutJSON(Representation entity) { | |
75 | 221 logger.fine("AnnotatorAnnotations doPutJSON!"); |
3 | 222 setCorsHeaders(); |
223 // id from URI /annotations/{id} | |
224 String jsonId = (String) getRequest().getAttributes().get("id"); | |
225 String id = decodeJsonId(jsonId); | |
75 | 226 logger.fine("annotation-id=" + id); |
3 | 227 |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
228 // do authentication |
88 | 229 Person authUser = getUserFromAuthToken(entity); |
75 | 230 logger.fine("request authenticated=" + authUser); |
3 | 231 |
232 Annotation annot = null; | |
4 | 233 AnnotationStore store = getAnnotationStore(); |
3 | 234 try { |
235 JsonRepresentation jrep = new JsonRepresentation(entity); | |
236 JSONObject jo = jrep.getJsonObject(); | |
237 if (jo == null) { | |
238 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
239 return null; | |
240 } | |
241 // get stored Annotation | |
4 | 242 Annotation storedAnnot = store.getAnnotationById(id); |
243 if (storedAnnot == null) { | |
3 | 244 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
245 return null; | |
246 } | |
61 | 247 if (!storedAnnot.isActionAllowed("update", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
248 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
249 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
250 } |
3 | 251 // update from posted JSON |
252 annot = updateAnnotation(storedAnnot, jo, entity); | |
253 // store Annotation | |
4 | 254 storedAnnot = store.storeAnnotation(annot); |
255 /* | |
256 * according to https://github.com/okfn/annotator/wiki/Storage we | |
257 * should return 303: see other. but the client doesn't like it | |
258 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
259 * this one Reference thisUrl = this.getReference(); | |
260 * this.getResponse().setLocationRef(thisUrl); | |
261 */ | |
3 | 262 // return new annotation |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
263 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
3 | 264 JsonRepresentation retRep = new JsonRepresentation(jo); |
265 return retRep; | |
266 } catch (JSONException e) { | |
75 | 267 logger.severe("Error in doPutJSON: "+e); |
3 | 268 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
269 } catch (IOException e) { | |
75 | 270 logger.severe("Error in doPutJSON: "+e); |
3 | 271 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); |
272 } | |
273 return null; | |
274 } | |
275 | |
276 /** | |
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
277 * DELETE with JSON content-type. Deletes an Annotation. |
3 | 278 * |
279 * @param entity | |
280 * @return | |
281 */ | |
282 @Delete("json") | |
283 public Representation doDeleteJSON(Representation entity) { | |
75 | 284 logger.fine("AnnotatorAnnotations doDeleteJSON!"); |
3 | 285 setCorsHeaders(); |
286 // id from URI /annotations/{id} | |
287 String jsonId = (String) getRequest().getAttributes().get("id"); | |
288 String id = decodeJsonId(jsonId); | |
75 | 289 logger.fine("annotation-id=" + id); |
3 | 290 |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
291 // do authentication |
88 | 292 Person authUser = getUserFromAuthToken(entity); |
75 | 293 logger.fine("request authenticated=" + authUser); |
16 | 294 AnnotationStore store = getAnnotationStore(); |
295 Annotation annot = store.getAnnotationById(id); | |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
296 if (annot != null) { |
61 | 297 if (!annot.isActionAllowed("delete", authUser, store)) { |
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
298 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
299 return null; |
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
300 } |
3 | 301 } |
4 | 302 // delete annotation |
32
0731c4549065
UI for editing groups and persons works now. (still no authorisation!)
casties
parents:
22
diff
changeset
|
303 store.deleteAnnotationById(id); |
4 | 304 setStatus(Status.SUCCESS_NO_CONTENT); |
3 | 305 return null; |
306 } | |
307 | |
308 } |