Mercurial > hg > AnnotationManagerN4J
annotate src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 100:f9ee715ee9e9
make relative URLs in static file end in / to prevent redirection.
| author | casties |
|---|---|
| date | Wed, 11 Feb 2015 20:02:56 +0100 |
| parents | cf44d9e1a4a7 |
| children | 7268c3ca025b |
| rev | line source |
|---|---|
| 3 | 1 package de.mpiwg.itgroup.annotations.restlet; |
| 2 | |
| 70 | 3 /* |
| 4 * #%L | |
| 5 * AnnotationManager | |
| 6 * %% | |
| 7 * Copyright (C) 2012 - 2014 MPIWG Berlin | |
| 8 * %% | |
| 9 * This program is free software: you can redistribute it and/or modify | |
| 10 * it under the terms of the GNU Lesser General Public License as | |
| 11 * published by the Free Software Foundation, either version 3 of the | |
| 12 * License, or (at your option) any later version. | |
| 13 * | |
| 14 * This program is distributed in the hope that it will be useful, | |
| 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 17 * GNU General Lesser Public License for more details. | |
| 18 * | |
| 19 * You should have received a copy of the GNU General Lesser Public | |
| 20 * License along with this program. If not, see | |
| 21 * <http://www.gnu.org/licenses/lgpl-3.0.html>. | |
| 22 * #L% | |
| 23 */ | |
| 24 | |
| 3 | 25 import java.io.IOException; |
| 65 | 26 import java.io.UnsupportedEncodingException; |
| 27 import java.net.URLDecoder; | |
| 31 | 28 import java.util.ArrayList; |
| 29 import java.util.List; | |
| 3 | 30 |
| 31 | 31 import org.json.JSONArray; |
| 3 | 32 import org.json.JSONException; |
| 33 import org.json.JSONObject; | |
| 31 | 34 import org.restlet.data.Form; |
| 3 | 35 import org.restlet.data.Status; |
| 36 import org.restlet.ext.json.JsonRepresentation; | |
| 37 import org.restlet.representation.Representation; | |
| 38 import org.restlet.resource.Delete; | |
| 39 import org.restlet.resource.Get; | |
| 40 import org.restlet.resource.Post; | |
| 41 import org.restlet.resource.Put; | |
| 42 | |
| 4 | 43 import de.mpiwg.itgroup.annotations.Annotation; |
| 15 | 44 import de.mpiwg.itgroup.annotations.Person; |
| 4 | 45 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
| 31 | 46 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
| 3 | 47 |
| 48 /** | |
| 4 | 49 * Implements the "annotations" uri of the Annotator API. see |
| 50 * <https://github.com/okfn/annotator/wiki/Storage> | |
| 3 | 51 * |
| 52 * @author dwinter, casties | |
| 53 * | |
| 54 */ | |
| 55 public class AnnotatorAnnotations extends AnnotatorResourceImpl { | |
| 56 | |
| 57 /** | |
| 58 * GET with JSON content-type. | |
| 59 * | |
| 60 * @param entity | |
| 61 * @return | |
| 62 */ | |
| 63 @Get("json") | |
| 64 public Representation doGetJSON(Representation entity) { | |
| 75 | 65 logger.fine("AnnotatorAnnotations doGetJSON!"); |
| 3 | 66 // id from URI /annotations/{id} |
| 65 | 67 String id = null; |
| 3 | 68 String jsonId = (String) getRequest().getAttributes().get("id"); |
| 65 | 69 if (jsonId != null) { |
| 70 // URL decode | |
| 71 try { | |
| 72 jsonId = URLDecoder.decode(jsonId, "UTF-8"); | |
| 73 } catch (UnsupportedEncodingException e) { | |
| 74 // this shouldn't happen | |
| 75 } | |
| 76 id = decodeJsonId(jsonId); | |
| 75 | 77 logger.fine("annotation-id=" + id); |
| 65 | 78 } |
| 3 | 79 |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
80 // do authentication |
| 88 | 81 Person authUser = getUserFromAuthToken(entity); |
| 75 | 82 logger.fine("request authenticated=" + authUser); |
| 3 | 83 |
| 37 | 84 if (id == null) { |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
85 // no id -- send all annotations |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
86 Form form = getRequest().getResourceRef().getQueryAsForm(); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
87 int limit = getInt(form.getFirstValue("limit")); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
88 int offset = getInt(form.getFirstValue("offset")); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
89 String sortBy = form.getFirstValue("sortBy"); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
90 return getAllAnnotations(authUser, limit, offset, sortBy); |
| 37 | 91 } |
| 92 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
93 // send annotation with id |
| 16 | 94 AnnotationStore store = getAnnotationStore(); |
| 95 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
96 if (annot != null) { |
| 61 | 97 if (!annot.isActionAllowed("read", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
98 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
99 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
100 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
101 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
| 4 | 102 return new JsonRepresentation(result); |
| 103 } else { | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
104 // not found |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
105 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
106 return null; |
| 3 | 107 } |
| 108 } | |
| 109 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
110 private Representation getAllAnnotations(Person authUser, int limit, int offset, String sortBy) { |
| 31 | 111 AnnotationStore store = getAnnotationStore(); |
| 112 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); | |
| 65 | 113 |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
114 // read all annotations |
| 61 | 115 List<Annotation> annotations = store.getAnnotations(null, null); |
| 31 | 116 for (Annotation annotation : annotations) { |
| 61 | 117 // check permission |
| 65 | 118 if (!annotation.isActionAllowed("read", authUser, store)) |
| 119 continue; | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
120 // add annotation to list |
| 61 | 121 JSONObject jo = createAnnotatorJson(annotation, false); |
| 122 results.add(jo); | |
| 123 } | |
| 124 | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
125 // sort if necessary |
| 61 | 126 if (sortBy != null) { |
| 127 JSONObjectComparator.sortAnnotations(results, sortBy); | |
| 128 } | |
| 65 | 129 |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
130 // put in JSON list |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
131 JSONArray rows = new JSONArray(); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
132 int cnt = 0; |
| 61 | 133 for (JSONObject result : results) { |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
134 cnt += 1; |
| 65 | 135 if (offset > 0 && cnt < offset) |
| 136 continue; | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
137 rows.put(result); |
| 65 | 138 if (limit > 0 && cnt >= limit) |
| 139 break; | |
| 61 | 140 } |
| 141 | |
| 31 | 142 // assemble result object |
| 143 JSONObject result = new JSONObject(); | |
| 144 try { | |
|
63
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
145 result.put("rows", rows); |
|
9f8c9611848a
fixed bug with new rectangle shapes. added limit, offset and sortBy parameters to annotator/ and annotator/search.
casties
parents:
61
diff
changeset
|
146 result.put("total", rows.length()); |
| 31 | 147 } catch (JSONException e) { |
| 148 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | |
| 149 return null; | |
| 150 } | |
| 151 return new JsonRepresentation(result); | |
| 152 } | |
| 153 | |
| 61 | 154 /** |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
155 * POST with JSON content-type. Creates a new Annotation. |
| 3 | 156 * |
| 157 * @return | |
| 158 */ | |
| 159 @Post("json") | |
| 160 public Representation doPostJson(Representation entity) { | |
| 75 | 161 logger.fine("AnnotatorAnnotations doPostJSON!"); |
| 61 | 162 |
| 163 // do authentication TODO: who's allowed to create? | |
| 88 | 164 Person authUser = getUserFromAuthToken(entity); |
| 75 | 165 logger.fine("request authenticated=" + authUser); |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
166 if (authUser == null) { |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
167 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
168 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
169 } |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
170 |
| 3 | 171 Annotation annot = null; |
| 172 try { | |
| 173 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 174 JSONObject jo = jrep.getJsonObject(); | |
| 175 if (jo == null) { | |
| 176 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 177 return null; | |
| 178 } | |
| 179 // make sure id is not set for POST | |
| 180 jo.remove("id"); | |
| 88 | 181 // create Annotation object from posted JSON |
| 3 | 182 annot = createAnnotation(jo, entity); |
| 183 } catch (IOException e1) { | |
| 184 setStatus(Status.SERVER_ERROR_INTERNAL); | |
| 185 return null; | |
| 186 } catch (JSONException e) { | |
| 187 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 188 return null; | |
| 189 } | |
| 4 | 190 if (annot == null) { |
| 3 | 191 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 192 return null; | |
| 193 } | |
| 194 Annotation storedAnnot; | |
| 4 | 195 // store Annotation |
| 196 storedAnnot = getAnnotationStore().storeAnnotation(annot); | |
| 197 /* | |
| 198 * according to https://github.com/okfn/annotator/wiki/Storage we should | |
| 199 * return 303: see other. For now we return the annotation. | |
| 3 | 200 */ |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
201 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 202 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 203 return retRep; | |
| 204 } | |
| 205 | |
| 206 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
207 * PUT with JSON content-type. Modifies an Annotation. |
| 3 | 208 * |
| 209 * @param entity | |
| 210 * @return | |
| 211 */ | |
| 212 @Put("json") | |
| 213 public Representation doPutJSON(Representation entity) { | |
| 75 | 214 logger.fine("AnnotatorAnnotations doPutJSON!"); |
| 3 | 215 // id from URI /annotations/{id} |
| 216 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 217 String id = decodeJsonId(jsonId); | |
| 75 | 218 logger.fine("annotation-id=" + id); |
| 3 | 219 |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
220 // do authentication |
| 88 | 221 Person authUser = getUserFromAuthToken(entity); |
| 75 | 222 logger.fine("request authenticated=" + authUser); |
| 3 | 223 |
| 224 Annotation annot = null; | |
| 4 | 225 AnnotationStore store = getAnnotationStore(); |
| 3 | 226 try { |
| 227 JsonRepresentation jrep = new JsonRepresentation(entity); | |
| 228 JSONObject jo = jrep.getJsonObject(); | |
| 229 if (jo == null) { | |
| 230 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | |
| 231 return null; | |
| 232 } | |
| 233 // get stored Annotation | |
| 4 | 234 Annotation storedAnnot = store.getAnnotationById(id); |
| 235 if (storedAnnot == null) { | |
| 3 | 236 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
| 237 return null; | |
| 238 } | |
| 61 | 239 if (!storedAnnot.isActionAllowed("update", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
240 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
241 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
242 } |
| 3 | 243 // update from posted JSON |
| 244 annot = updateAnnotation(storedAnnot, jo, entity); | |
| 245 // store Annotation | |
| 4 | 246 storedAnnot = store.storeAnnotation(annot); |
| 247 /* | |
| 248 * according to https://github.com/okfn/annotator/wiki/Storage we | |
| 249 * should return 303: see other. but the client doesn't like it | |
| 250 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | |
| 251 * this one Reference thisUrl = this.getReference(); | |
| 252 * this.getResponse().setLocationRef(thisUrl); | |
| 253 */ | |
| 3 | 254 // return new annotation |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
255 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
| 3 | 256 JsonRepresentation retRep = new JsonRepresentation(jo); |
| 257 return retRep; | |
| 258 } catch (JSONException e) { | |
| 75 | 259 logger.severe("Error in doPutJSON: "+e); |
| 3 | 260 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
| 261 } catch (IOException e) { | |
| 75 | 262 logger.severe("Error in doPutJSON: "+e); |
| 3 | 263 setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error"); |
| 264 } | |
| 265 return null; | |
| 266 } | |
| 267 | |
| 268 /** | |
|
20
715aa11d138b
fixes in permission handling: admin and delete default to creator.
casties
parents:
16
diff
changeset
|
269 * DELETE with JSON content-type. Deletes an Annotation. |
| 3 | 270 * |
| 271 * @param entity | |
| 272 * @return | |
| 273 */ | |
| 274 @Delete("json") | |
| 275 public Representation doDeleteJSON(Representation entity) { | |
| 75 | 276 logger.fine("AnnotatorAnnotations doDeleteJSON!"); |
| 3 | 277 // id from URI /annotations/{id} |
| 278 String jsonId = (String) getRequest().getAttributes().get("id"); | |
| 279 String id = decodeJsonId(jsonId); | |
| 75 | 280 logger.fine("annotation-id=" + id); |
| 3 | 281 |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
282 // do authentication |
| 88 | 283 Person authUser = getUserFromAuthToken(entity); |
| 75 | 284 logger.fine("request authenticated=" + authUser); |
| 16 | 285 AnnotationStore store = getAnnotationStore(); |
| 286 Annotation annot = store.getAnnotationById(id); | |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
287 if (annot != null) { |
| 61 | 288 if (!annot.isActionAllowed("delete", authUser, store)) { |
|
14
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
289 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
290 return null; |
|
629e15b345aa
permissions mostly work. need more server-side checking.
casties
parents:
4
diff
changeset
|
291 } |
| 3 | 292 } |
| 4 | 293 // delete annotation |
|
32
0731c4549065
UI for editing groups and persons works now. (still no authorisation!)
casties
parents:
22
diff
changeset
|
294 store.deleteAnnotationById(id); |
| 4 | 295 setStatus(Status.SUCCESS_NO_CONTENT); |
| 3 | 296 return null; |
| 297 } | |
| 298 | |
| 299 } |