Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 65:c0dd5314bada
deal with special characters in urls.
| author | casties |
|---|---|
| date | Wed, 05 Dec 2012 15:36:43 +0100 |
| parents | 9f8c9611848a |
| children | 2b1e6df5e21a |
| rev | line source |
|---|---|
| 3 | 1 /** |
| 2 * Implements the "annotations" uri of the Annotator API. see | |
| 3 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 4 */ | |
| 5 package de.mpiwg.itgroup.annotations.restlet; | |
| 6 | |
| 7 import java.io.IOException; | |
| 65 | 8 import java.io.UnsupportedEncodingException; |
| 9 import java.net.URLDecoder; | |
| 31 | 10 import java.util.ArrayList; |
| 11 import java.util.List; | |
| 3 | 12 |
| 31 | 13 import org.json.JSONArray; |
| 3 | 14 import org.json.JSONException; |
| 15 import org.json.JSONObject; | |
| 31 | 16 import org.restlet.data.Form; |
| 3 | 17 import org.restlet.data.Status; |
| 18 import org.restlet.ext.json.JsonRepresentation; | |
| 19 import org.restlet.representation.Representation; | |
| 20 import org.restlet.resource.Delete; | |
| 21 import org.restlet.resource.Get; | |
| 22 import org.restlet.resource.Post; | |
| 23 import org.restlet.resource.Put; | |
| 24 | |
| 4 | 25 import de.mpiwg.itgroup.annotations.Annotation; |
| 15 | 26 import de.mpiwg.itgroup.annotations.Person; |
| 4 | 27 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
| 31 | 28 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
| 3 | 29 |
| 30 /** | |
| 4 | 31 * Implements the "annotations" uri of the Annotator API. see |
| 32 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 3 | 33 * |
| 34 * @author dwinter, casties | |
| 35 * | |
| 36 */ | |
| 37 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
| 38 | |
| 39 protected String getAllowedMethodsForHeader() { | |
| 40 return "OPTIONS,GET,POST,PUT,DELETE"; | |
| 41 } | |
| 42 | |
| 43 /** | |
| 44 * GET with JSON content-type. | |
| 45 * | |
| 46 * @param entity | |
| 47 * @return | |
| 48 */ | |
| 49 @Get("json") | |
| 50 public Representation doGetJSON(Representation entity) { | |
| 51 logger.debug("AnnotatorAnnotations doGetJSON!"); | |
| 52 setCorsHeaders(); | |
| 53 // id from URI /annotations/{id} | |
| 65 | 54 String id = null; |
| 3 | 55 String jsonId = (String) getRequest().getAttributes().get("id"); |
| 65 | 56 if (jsonId != null) { |
| 57 // URL decode | |
| 58 try { | |
| 59 jsonId = URLDecoder.decode(jsonId, "UTF-8"); | |
| 60 } catch (UnsupportedEncodingException e) { | |
| 61 // this shouldn't happen | |
| 62 } | |
| 63 id = decodeJsonId(jsonId); | |
| 64 logger.debug("annotation-id=" + id); | |
| 65 } | |
| 3 | 66 |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
67 // do authentication |
| 15 | 68 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
69 logger.debug("request authenticated=" + authUser); |
| 3 | 70 |
| 37 | 71 if (id == null) { |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
72 // no id -- send all annotations |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
73 Form form = getRequest().getResourceRef().getQueryAsForm(); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
74 int limit = getInt(form.getFirstValue("limit")); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
75 int offset = getInt(form.getFirstValue("offset")); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
76 String sortBy = form.getFirstValue("sortBy"); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
77 return getAllAnnotations(authUser, limit, offset, sortBy); |
| 37 | 78 } |
| 79 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
80 // send annotation with id |
| 16 | 81 AnnotationStore store = getAnnotationStore(); |
| 82 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
83 if (annot != null) { |
| 61 | 84 if (!annot.isActionAllowed("read", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
85 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
86 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
87 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
88 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
| 4 | 89 return new JsonRepresentation(result); |
| 90 } else { | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
91 // not found |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
92 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
93 return null; |
| 3 | 94 } |
| 95 } | |
| 96 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
97 private Representation getAllAnnotations(Person authUser, int limit, int offset, String sortBy) { |
| 31 | 98 AnnotationStore store = getAnnotationStore(); |
| 99 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); | |
| 65 | 100 |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
101 // read all annotations |
| 61 | 102 List<Annotation> annotations = store.getAnnotations(null, null); |
| 31 | 103 for (Annotation annotation : annotations) { |
| 61 | 104 // check permission |
| 65 | 105 if (!annotation.isActionAllowed("read", authUser, store)) |
| 106 continue; | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
107 // add annotation to list |
| 61 | 108 JSONObject jo = createAnnotatorJson(annotation, false); |
| 109 results.add(jo); | |
| 110 } | |
| 111 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
112 // sort if necessary |
| 61 | 113 if (sortBy != null) { |
| 114 JSONObjectComparator.sortAnnotations(results, sortBy); | |
| 115 } | |
| 65 | 116 |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
117 // put in JSON list |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
118 JSONArray rows = new JSONArray(); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
119 int cnt = 0; |
| 61 | 120 for (JSONObject result : results) { |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
121 cnt += 1; |
| 65 | 122 if (offset > 0 && cnt < offset) |
| 123 continue; | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
124 rows.put(result); |
| 65 | 125 if (limit > 0 && cnt >= limit) |
| 126 break; | |
| 61 | 127 } |
| 128 | |
| 31 | 129 // assemble result object |
| 130 JSONObject result = new JSONObject(); | |
| 131 try { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
132 result.put("rows", rows); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
133 result.put("total", rows.length()); |
| 31 | 134 } catch (JSONException e) { |
| 135 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | |
| 136 return null; | |
| 137 } | |
| 138 return new JsonRepresentation(result); | |
| 139 } | |
| 140 | |
| 61 | 141 /** |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
142 * POST with JSON content-type. Creates a new Annotation. |
| 3 | 143 * |
| 144 * @return | |
| 145 */ | |
| 146 @Post("json") | |
| 147 public Representation doPostJson(Representation entity) { | |
| 148 logger.debug("AnnotatorAnnotations doPostJSON!"); | |
| 149 // set headers | |
| 150 setCorsHeaders(); | |
| 61 | 151 |
| 152 // do authentication TODO: who's allowed to create? | |
| 15 | 153 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
154 logger.debug("request authenticated=" + authUser); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
155 if (authUser == null) { |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
156 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
157 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
158 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
159 |
| 3 | 160 Annotation annot = null; |
| 161 try { | |
| 162 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 163 JSONObject jo = jrep.getJsonObject(); | |
| 164 if (jo == null) { | |
| 165 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 166 return null; | |
| 167 } | |
| 168 // make sure id is not set for POST | |
| 169 jo.remove("id"); | |
| 170 // get Annotation object from posted JSON | |
| 171 annot = createAnnotation(jo, entity); | |
| 172 } catch (IOException e1) { | |
| 173 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 174 return null; | |
| 175 } catch (JSONException e) { | |
| 176 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 177 return null; | |
| 178 } | |
| 4 | 179 if (annot == null) { |
| 3 | 180 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 181 return null; | |
| 182 } | |
| 183 Annotation storedAnnot; | |
| 4 | 184 // store Annotation |
| 185 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
| 186 /* | |
| 187 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
| 188 * return 303: see other. For now we return the annotation. | |
| 3 | 189 */ |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
190 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 191 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 192 return retRep; | |
| 193 } | |
| 194 | |
| 195 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
196 * PUT with JSON content-type. Modifies an Annotation. |
| 3 | 197 * |
| 198 * @param entity | |
| 199 * @return | |
| 200 */ | |
| 201 @Put("json") | |
| 202 public Representation doPutJSON(Representation entity) { | |
| 203 logger.debug("AnnotatorAnnotations doPutJSON!"); | |
| 204 setCorsHeaders(); | |
| 205 // id from URI /annotations/{id} | |
| 206 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 207 String id = decodeJsonId(jsonId); | |
| 208 logger.debug("annotation-id=" + id); | |
| 209 | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
210 // do authentication |
| 15 | 211 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
212 logger.debug("request authenticated=" + authUser); |
| 3 | 213 |
| 214 Annotation annot = null; | |
| 4 | 215 AnnotationStore store = getAnnotationStore(); |
| 3 | 216 try { |
| 217 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 218 JSONObject jo = jrep.getJsonObject(); | |
| 219 if (jo == null) { | |
| 220 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 221 return null; | |
| 222 } | |
| 223 // get stored Annotation | |
| 4 | 224 Annotation storedAnnot = store.getAnnotationById(id); |
| 225 if (storedAnnot == null) { | |
| 3 | 226 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
| 227 return null; | |
| 228 } | |
| 61 | 229 if (!storedAnnot.isActionAllowed("update", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
230 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
231 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
232 } |
| 3 | 233 // update from posted JSON |
| 234 annot = updateAnnotation(storedAnnot, jo, entity); | |
| 235 // store Annotation | |
| 4 | 236 storedAnnot = store.storeAnnotation(annot); |
| 237 /* | |
| 238 * according to https://github.com/okfn/annotator/wiki/Storage we | |
| 239 * should return 303: see other. but the client doesn't like it | |
| 240 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
| 241 * this one Reference thisUrl = this.getReference(); | |
| 242 * this.getResponse().setLocationRef(thisUrl); | |
| 243 */ | |
| 3 | 244 // return new annotation |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
245 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 246 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 247 return retRep; | |
| 248 } catch (JSONException e) { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
249 logger.error("Error in doPutJSON", e); |
| 3 | 250 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 251 } catch (IOException e) { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
252 logger.error("Error in doPutJSON", e); |
| 3 | 253 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); |
| 254 } | |
| 255 return null; | |
| 256 } | |
| 257 | |
| 258 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
259 * DELETE with JSON content-type. Deletes an Annotation. |
| 3 | 260 * |
| 261 * @param entity | |
| 262 * @return | |
| 263 */ | |
| 264 @Delete("json") | |
| 265 public Representation doDeleteJSON(Representation entity) { | |
| 266 logger.debug("AnnotatorAnnotations doDeleteJSON!"); | |
| 267 setCorsHeaders(); | |
| 268 // id from URI /annotations/{id} | |
| 269 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 270 String id = decodeJsonId(jsonId); | |
| 271 logger.debug("annotation-id=" + id); | |
| 272 | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
273 // do authentication |
| 15 | 274 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
275 logger.debug("request authenticated=" + authUser); |
| 16 | 276 AnnotationStore store = getAnnotationStore(); |
| 277 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
278 if (annot != null) { |
| 61 | 279 if (!annot.isActionAllowed("delete", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
280 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
281 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
282 } |
| 3 | 283 } |
| 4 | 284 // delete annotation |
|
32
0731c4549065
UI for editing groups and persons works now. (still no authorisation!)
casties
parents:
22
diff
changeset
|
285 store.deleteAnnotationById(id); |
| 4 | 286 setStatus(Status.SUCCESS_NO_CONTENT); |
| 3 | 287 return null; |
| 288 } | |
| 289 | |
| 290 } |