Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
| author | casties |
|---|---|
| date | Fri, 13 Jul 2012 20:41:02 +0200 |
| parents | 90911b2da322 |
| children | 58357a4b86de |
comparison
equal
deleted
inserted
replaced
| 13:abe25edf2178 | 14:629e15b345aa |
|---|---|
| 138 * @return | 138 * @return |
| 139 */ | 139 */ |
| 140 public String checkAuthToken(Representation entity) { | 140 public String checkAuthToken(Representation entity) { |
| 141 Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers"); | 141 Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers"); |
| 142 String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true); | 142 String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true); |
| 143 if (authToken == null) return null; | |
| 143 // decode token first to get consumer key | 144 // decode token first to get consumer key |
| 144 JsonToken token = new JsonTokenParser(null, null).deserialize(authToken); | 145 JsonToken token = new JsonTokenParser(null, null).deserialize(authToken); |
| 145 String userId = token.getParamAsPrimitive("userId").getAsString(); | 146 String userId = token.getParamAsPrimitive("userId").getAsString(); |
| 146 String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString(); | 147 String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString(); |
| 147 // get stored consumer secret for key | 148 // get stored consumer secret for key |
| 175 | 176 |
| 176 /** | 177 /** |
| 177 * creates Annotator-JSON from an Annotation object. | 178 * creates Annotator-JSON from an Annotation object. |
| 178 * | 179 * |
| 179 * @param annot | 180 * @param annot |
| 181 * @param forAnonymous TODO | |
| 180 * @return | 182 * @return |
| 181 */ | 183 */ |
| 182 public JSONObject createAnnotatorJson(Annotation annot) { | 184 public JSONObject createAnnotatorJson(Annotation annot, boolean forAnonymous) { |
| 183 // return user as a JSON object (otherwise just as string) | 185 // return user as a JSON object (otherwise just as string) |
| 184 boolean makeUserObject = true; | 186 boolean makeUserObject = true; |
| 185 JSONObject jo = new JSONObject(); | 187 JSONObject jo = new JSONObject(); |
| 186 try { | 188 try { |
| 187 jo.put("text", annot.getBodyText()); | 189 jo.put("text", annot.getBodyText()); |
| 230 JSONArray adminPerms = new JSONArray(); | 232 JSONArray adminPerms = new JSONArray(); |
| 231 perms.put("admin", adminPerms); | 233 perms.put("admin", adminPerms); |
| 232 Actor adminPerm = annot.getAdminPermission(); | 234 Actor adminPerm = annot.getAdminPermission(); |
| 233 if (adminPerm != null) { | 235 if (adminPerm != null) { |
| 234 adminPerms.put(adminPerm.getIdString()); | 236 adminPerms.put(adminPerm.getIdString()); |
| 237 } else if (forAnonymous) { | |
| 238 // set something because its not allowed for anonymous | |
| 239 adminPerms.put("not-you"); | |
| 235 } | 240 } |
| 236 // delete | 241 // delete |
| 237 JSONArray deletePerms = new JSONArray(); | 242 JSONArray deletePerms = new JSONArray(); |
| 238 perms.put("delete", deletePerms); | 243 perms.put("delete", deletePerms); |
| 239 Actor deletePerm = annot.getDeletePermission(); | 244 Actor deletePerm = annot.getDeletePermission(); |
| 240 if (deletePerm != null) { | 245 if (deletePerm != null) { |
| 241 deletePerms.put(deletePerm.getIdString()); | 246 deletePerms.put(deletePerm.getIdString()); |
| 247 } else if (forAnonymous) { | |
| 248 // set something because its not allowed for anonymous | |
| 249 deletePerms.put("not-you"); | |
| 242 } | 250 } |
| 243 // update | 251 // update |
| 244 JSONArray updatePerms = new JSONArray(); | 252 JSONArray updatePerms = new JSONArray(); |
| 245 perms.put("update", updatePerms); | 253 perms.put("update", updatePerms); |
| 246 Actor updatePerm = annot.getUpdatePermission(); | 254 Actor updatePerm = annot.getUpdatePermission(); |
| 247 if (updatePerm != null) { | 255 if (updatePerm != null) { |
| 248 updatePerms.put(updatePerm.getIdString()); | 256 updatePerms.put(updatePerm.getIdString()); |
| 257 } else if (forAnonymous) { | |
| 258 // set something because its not allowed for anonymous | |
| 259 updatePerms.put("not-you"); | |
| 249 } | 260 } |
| 250 // read | 261 // read |
| 251 JSONArray readPerms = new JSONArray(); | 262 JSONArray readPerms = new JSONArray(); |
| 252 perms.put("read", readPerms); | 263 perms.put("read", readPerms); |
| 253 Actor readPerm = annot.getReadPermission(); | 264 Actor readPerm = annot.getReadPermission(); |