Mercurial > hg > AnnotationManagerN4J

comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 14:629e15b345aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
permissions mostly work. need more server-side checking.
author casties
date Fri, 13 Jul 2012 20:41:02 +0200
parents 3599b29c393f
children 58357a4b86de
comparison
equal deleted inserted replaced
13:abe25edf2178 14:629e15b345aa
48 String id = decodeJsonId(jsonId); 48 String id = decodeJsonId(jsonId);
49 logger.debug("annotation-id=" + id); 49 logger.debug("annotation-id=" + id);
50 50
51 // TODO: what to return without id - list of all annotations? 51 // TODO: what to return without id - list of all annotations?
52 52
53 // TODO: what to do with authentication? 53 // do authentication
54 boolean authenticated = isAuthenticated(entity); 54 String authUser = this.checkAuthToken(entity);
55 logger.debug("request authenticated=" + authenticated); 55 logger.debug("request authenticated=" + authUser);
56 56
57 Annotation annots = getAnnotationStore().getAnnotationById(id); 57 Annotation annot = getAnnotationStore().getAnnotationById(id);
58 if (annots != null) { 58 if (annot != null) {
59 // there should be only one 59 if (! annot.isActionAllowed("read", authUser)) {
60 JSONObject result = createAnnotatorJson(annots); 60 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
61 return null;
62 }
63 JSONObject result = createAnnotatorJson(annot, (authUser == null));
61 logger.debug("sending:"); 64 logger.debug("sending:");
62 logger.debug(result); 65 logger.debug(result);
63 return new JsonRepresentation(result); 66 return new JsonRepresentation(result);
64 } else { 67 } else {
65 JSONArray results = new JSONArray(); 68 // not found
66 // annotator read request returns a list of annotation objects 69 setStatus(Status.CLIENT_ERROR_NOT_FOUND);
67 logger.debug("sending:"); 70 return null;
68 logger.debug(results);
69 return new JsonRepresentation(results);
70 } 71 }
71 } 72 }
72 73
73 /** 74 /**
74 * POST with JSON content-type. 75 * POST with JSON content-type.
75 *
76 * json hash: username: name des users xpointer: xpointer auf den Ausschnitt
77 * (incl. der URL des Dokumentes) text: text der annotation annoturl: url
78 * auf eine Annotation falls extern
79 * 76 *
80 * @return 77 * @return
81 */ 78 */
82 @Post("json") 79 @Post("json")
83 public Representation doPostJson(Representation entity) { 80 public Representation doPostJson(Representation entity) {
84 logger.debug("AnnotatorAnnotations doPostJSON!"); 81 logger.debug("AnnotatorAnnotations doPostJSON!");
85 // set headers 82 // set headers
86 setCorsHeaders(); 83 setCorsHeaders();
84
85 // do authentication TODO: who's allowed to create?
86 String authUser = this.checkAuthToken(entity);
87 logger.debug("request authenticated=" + authUser);
88 if (authUser == null) {
89 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
90 return null;
91 }
92
87 Annotation annot = null; 93 Annotation annot = null;
88 try { 94 try {
89 JsonRepresentation jrep = new JsonRepresentation(entity); 95 JsonRepresentation jrep = new JsonRepresentation(entity);
90 JSONObject jo = jrep.getJsonObject(); 96 JSONObject jo = jrep.getJsonObject();
91 if (jo == null) { 97 if (jo == null) {
112 storedAnnot = getAnnotationStore().storeAnnotation(annot); 118 storedAnnot = getAnnotationStore().storeAnnotation(annot);
113 /* 119 /*
114 * according to https://github.com/okfn/annotator/wiki/Storage we should 120 * according to https://github.com/okfn/annotator/wiki/Storage we should
115 * return 303: see other. For now we return the annotation. 121 * return 303: see other. For now we return the annotation.
116 */ 122 */
117 JSONObject jo = createAnnotatorJson(storedAnnot); 123 JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null));
118 JsonRepresentation retRep = new JsonRepresentation(jo); 124 JsonRepresentation retRep = new JsonRepresentation(jo);
119 return retRep; 125 return retRep;
120 } 126 }
121 127
122 /** 128 /**
132 // id from URI /annotations/{id} 138 // id from URI /annotations/{id}
133 String jsonId = (String) getRequest().getAttributes().get("id"); 139 String jsonId = (String) getRequest().getAttributes().get("id");
134 String id = decodeJsonId(jsonId); 140 String id = decodeJsonId(jsonId);
135 logger.debug("annotation-id=" + id); 141 logger.debug("annotation-id=" + id);
136 142
137 // TODO: what to do with authentication? we should check the owner 143 // do authentication
138 boolean authenticated = isAuthenticated(entity); 144 String authUser = this.checkAuthToken(entity);
139 logger.debug("request authenticated=" + authenticated); 145 logger.debug("request authenticated=" + authUser);
140 if (!authenticated) {
141 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
142 return null;
143 }
144 146
145 Annotation annot = null; 147 Annotation annot = null;
146 AnnotationStore store = getAnnotationStore(); 148 AnnotationStore store = getAnnotationStore();
147 try { 149 try {
148 JsonRepresentation jrep = new JsonRepresentation(entity); 150 JsonRepresentation jrep = new JsonRepresentation(entity);
153 } 155 }
154 // get stored Annotation 156 // get stored Annotation
155 Annotation storedAnnot = store.getAnnotationById(id); 157 Annotation storedAnnot = store.getAnnotationById(id);
156 if (storedAnnot == null) { 158 if (storedAnnot == null) {
157 setStatus(Status.CLIENT_ERROR_NOT_FOUND); 159 setStatus(Status.CLIENT_ERROR_NOT_FOUND);
160 return null;
161 }
162 if (! storedAnnot.isActionAllowed("update", authUser)) {
163 setStatus(Status.CLIENT_ERROR_FORBIDDEN);
158 return null; 164 return null;
159 } 165 }
160 // update from posted JSON 166 // update from posted JSON
161 annot = updateAnnotation(storedAnnot, jo, entity); 167 annot = updateAnnotation(storedAnnot, jo, entity);
162 // store Annotation 168 // store Annotation
167 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as 173 * setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as
168 * this one Reference thisUrl = this.getReference(); 174 * this one Reference thisUrl = this.getReference();
169 * this.getResponse().setLocationRef(thisUrl); 175 * this.getResponse().setLocationRef(thisUrl);
170 */ 176 */
171 // return new annotation 177 // return new annotation
172 jo = createAnnotatorJson(storedAnnot); 178 jo = createAnnotatorJson(storedAnnot, (authUser == null));
173 JsonRepresentation retRep = new JsonRepresentation(jo); 179 JsonRepresentation retRep = new JsonRepresentation(jo);
174 return retRep; 180 return retRep;
175 } catch (JSONException e) { 181 } catch (JSONException e) {
176 e.printStackTrace(); 182 e.printStackTrace();
177 setStatus(Status.CLIENT_ERROR_BAD_REQUEST); 183 setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
195 // id from URI /annotations/{id} 201 // id from URI /annotations/{id}
196 String jsonId = (String) getRequest().getAttributes().get("id"); 202 String jsonId = (String) getRequest().getAttributes().get("id");
197 String id = decodeJsonId(jsonId); 203 String id = decodeJsonId(jsonId);
198 logger.debug("annotation-id=" + id); 204 logger.debug("annotation-id=" + id);
199 205
200 // TODO: what to do with authentication? we should check the owner 206 // do authentication
201 boolean authenticated = isAuthenticated(entity); 207 String authUser = this.checkAuthToken(entity);
202 logger.debug("request authenticated=" + authenticated); 208 logger.debug("request authenticated=" + authUser);
203 if (!authenticated) { 209 Annotation annot = getAnnotationStore().getAnnotationById(id);
204 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); 210 if (annot != null) {
205 return null; 211 if (! annot.isActionAllowed("delete", authUser)) {
206 } 212 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
207 213 return null;
214 }
215 }
216
208 // delete annotation 217 // delete annotation
209 getAnnotationStore().deleteById(id); 218 getAnnotationStore().deleteById(id);
210 setStatus(Status.SUCCESS_NO_CONTENT); 219 setStatus(Status.SUCCESS_NO_CONTENT);
211 return null; 220 return null;
212 } 221 }