Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 3599b29c393f |
children | 58357a4b86de |
comparison
equal
deleted
inserted
replaced
13:abe25edf2178 | 14:629e15b345aa |
---|---|
48 String id = decodeJsonId(jsonId); | 48 String id = decodeJsonId(jsonId); |
49 logger.debug("annotation-id=" + id); | 49 logger.debug("annotation-id=" + id); |
50 | 50 |
51 // TODO: what to return without id - list of all annotations? | 51 // TODO: what to return without id - list of all annotations? |
52 | 52 |
53 // TODO: what to do with authentication? | 53 // do authentication |
54 boolean authenticated = isAuthenticated(entity); | 54 String authUser = this.checkAuthToken(entity); |
55 logger.debug("request authenticated=" + authenticated); | 55 logger.debug("request authenticated=" + authUser); |
56 | 56 |
57 Annotation annots = getAnnotationStore().getAnnotationById(id); | 57 Annotation annot = getAnnotationStore().getAnnotationById(id); |
58 if (annots != null) { | 58 if (annot != null) { |
59 // there should be only one | 59 if (! annot.isActionAllowed("read", authUser)) { |
60 JSONObject result = createAnnotatorJson(annots); | 60 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
61 return null; | |
62 } | |
63 JSONObject result = createAnnotatorJson(annot, (authUser == null)); | |
61 logger.debug("sending:"); | 64 logger.debug("sending:"); |
62 logger.debug(result); | 65 logger.debug(result); |
63 return new JsonRepresentation(result); | 66 return new JsonRepresentation(result); |
64 } else { | 67 } else { |
65 JSONArray results = new JSONArray(); | 68 // not found |
66 // annotator read request returns a list of annotation objects | 69 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
67 logger.debug("sending:"); | 70 return null; |
68 logger.debug(results); | |
69 return new JsonRepresentation(results); | |
70 } | 71 } |
71 } | 72 } |
72 | 73 |
73 /** | 74 /** |
74 * POST with JSON content-type. | 75 * POST with JSON content-type. |
75 * | |
76 * json hash: username: name des users xpointer: xpointer auf den Ausschnitt | |
77 * (incl. der URL des Dokumentes) text: text der annotation annoturl: url | |
78 * auf eine Annotation falls extern | |
79 * | 76 * |
80 * @return | 77 * @return |
81 */ | 78 */ |
82 @Post("json") | 79 @Post("json") |
83 public Representation doPostJson(Representation entity) { | 80 public Representation doPostJson(Representation entity) { |
84 logger.debug("AnnotatorAnnotations doPostJSON!"); | 81 logger.debug("AnnotatorAnnotations doPostJSON!"); |
85 // set headers | 82 // set headers |
86 setCorsHeaders(); | 83 setCorsHeaders(); |
84 | |
85 // do authentication TODO: who's allowed to create? | |
86 String authUser = this.checkAuthToken(entity); | |
87 logger.debug("request authenticated=" + authUser); | |
88 if (authUser == null) { | |
89 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | |
90 return null; | |
91 } | |
92 | |
87 Annotation annot = null; | 93 Annotation annot = null; |
88 try { | 94 try { |
89 JsonRepresentation jrep = new JsonRepresentation(entity); | 95 JsonRepresentation jrep = new JsonRepresentation(entity); |
90 JSONObject jo = jrep.getJsonObject(); | 96 JSONObject jo = jrep.getJsonObject(); |
91 if (jo == null) { | 97 if (jo == null) { |
112 storedAnnot = getAnnotationStore().storeAnnotation(annot); | 118 storedAnnot = getAnnotationStore().storeAnnotation(annot); |
113 /* | 119 /* |
114 * according to https://github.com/okfn/annotator/wiki/Storage we should | 120 * according to https://github.com/okfn/annotator/wiki/Storage we should |
115 * return 303: see other. For now we return the annotation. | 121 * return 303: see other. For now we return the annotation. |
116 */ | 122 */ |
117 JSONObject jo = createAnnotatorJson(storedAnnot); | 123 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
118 JsonRepresentation retRep = new JsonRepresentation(jo); | 124 JsonRepresentation retRep = new JsonRepresentation(jo); |
119 return retRep; | 125 return retRep; |
120 } | 126 } |
121 | 127 |
122 /** | 128 /** |
132 // id from URI /annotations/{id} | 138 // id from URI /annotations/{id} |
133 String jsonId = (String) getRequest().getAttributes().get("id"); | 139 String jsonId = (String) getRequest().getAttributes().get("id"); |
134 String id = decodeJsonId(jsonId); | 140 String id = decodeJsonId(jsonId); |
135 logger.debug("annotation-id=" + id); | 141 logger.debug("annotation-id=" + id); |
136 | 142 |
137 // TODO: what to do with authentication? we should check the owner | 143 // do authentication |
138 boolean authenticated = isAuthenticated(entity); | 144 String authUser = this.checkAuthToken(entity); |
139 logger.debug("request authenticated=" + authenticated); | 145 logger.debug("request authenticated=" + authUser); |
140 if (!authenticated) { | |
141 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | |
142 return null; | |
143 } | |
144 | 146 |
145 Annotation annot = null; | 147 Annotation annot = null; |
146 AnnotationStore store = getAnnotationStore(); | 148 AnnotationStore store = getAnnotationStore(); |
147 try { | 149 try { |
148 JsonRepresentation jrep = new JsonRepresentation(entity); | 150 JsonRepresentation jrep = new JsonRepresentation(entity); |
153 } | 155 } |
154 // get stored Annotation | 156 // get stored Annotation |
155 Annotation storedAnnot = store.getAnnotationById(id); | 157 Annotation storedAnnot = store.getAnnotationById(id); |
156 if (storedAnnot == null) { | 158 if (storedAnnot == null) { |
157 setStatus(Status.CLIENT_ERROR_NOT_FOUND); | 159 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
160 return null; | |
161 } | |
162 if (! storedAnnot.isActionAllowed("update", authUser)) { | |
163 setStatus(Status.CLIENT_ERROR_FORBIDDEN); | |
158 return null; | 164 return null; |
159 } | 165 } |
160 // update from posted JSON | 166 // update from posted JSON |
161 annot = updateAnnotation(storedAnnot, jo, entity); | 167 annot = updateAnnotation(storedAnnot, jo, entity); |
162 // store Annotation | 168 // store Annotation |
167 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as | 173 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as |
168 * this one Reference thisUrl = this.getReference(); | 174 * this one Reference thisUrl = this.getReference(); |
169 * this.getResponse().setLocationRef(thisUrl); | 175 * this.getResponse().setLocationRef(thisUrl); |
170 */ | 176 */ |
171 // return new annotation | 177 // return new annotation |
172 jo = createAnnotatorJson(storedAnnot); | 178 jo = createAnnotatorJson(storedAnnot, (authUser == null)); |
173 JsonRepresentation retRep = new JsonRepresentation(jo); | 179 JsonRepresentation retRep = new JsonRepresentation(jo); |
174 return retRep; | 180 return retRep; |
175 } catch (JSONException e) { | 181 } catch (JSONException e) { |
176 e.printStackTrace(); | 182 e.printStackTrace(); |
177 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); | 183 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); |
195 // id from URI /annotations/{id} | 201 // id from URI /annotations/{id} |
196 String jsonId = (String) getRequest().getAttributes().get("id"); | 202 String jsonId = (String) getRequest().getAttributes().get("id"); |
197 String id = decodeJsonId(jsonId); | 203 String id = decodeJsonId(jsonId); |
198 logger.debug("annotation-id=" + id); | 204 logger.debug("annotation-id=" + id); |
199 | 205 |
200 // TODO: what to do with authentication? we should check the owner | 206 // do authentication |
201 boolean authenticated = isAuthenticated(entity); | 207 String authUser = this.checkAuthToken(entity); |
202 logger.debug("request authenticated=" + authenticated); | 208 logger.debug("request authenticated=" + authUser); |
203 if (!authenticated) { | 209 Annotation annot = getAnnotationStore().getAnnotationById(id); |
204 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | 210 if (annot != null) { |
205 return null; | 211 if (! annot.isActionAllowed("delete", authUser)) { |
206 } | 212 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
207 | 213 return null; |
214 } | |
215 } | |
216 | |
208 // delete annotation | 217 // delete annotation |
209 getAnnotationStore().deleteById(id); | 218 getAnnotationStore().deleteById(id); |
210 setStatus(Status.SUCCESS_NO_CONTENT); | 219 setStatus(Status.SUCCESS_NO_CONTENT); |
211 return null; | 220 return null; |
212 } | 221 } |