Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 90911b2da322 |
children | 58357a4b86de |
comparison
equal
deleted
inserted
replaced
13:abe25edf2178 | 14:629e15b345aa |
---|---|
138 * @return | 138 * @return |
139 */ | 139 */ |
140 public String checkAuthToken(Representation entity) { | 140 public String checkAuthToken(Representation entity) { |
141 Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers"); | 141 Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers"); |
142 String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true); | 142 String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true); |
143 if (authToken == null) return null; | |
143 // decode token first to get consumer key | 144 // decode token first to get consumer key |
144 JsonToken token = new JsonTokenParser(null, null).deserialize(authToken); | 145 JsonToken token = new JsonTokenParser(null, null).deserialize(authToken); |
145 String userId = token.getParamAsPrimitive("userId").getAsString(); | 146 String userId = token.getParamAsPrimitive("userId").getAsString(); |
146 String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString(); | 147 String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString(); |
147 // get stored consumer secret for key | 148 // get stored consumer secret for key |
175 | 176 |
176 /** | 177 /** |
177 * creates Annotator-JSON from an Annotation object. | 178 * creates Annotator-JSON from an Annotation object. |
178 * | 179 * |
179 * @param annot | 180 * @param annot |
181 * @param forAnonymous TODO | |
180 * @return | 182 * @return |
181 */ | 183 */ |
182 public JSONObject createAnnotatorJson(Annotation annot) { | 184 public JSONObject createAnnotatorJson(Annotation annot, boolean forAnonymous) { |
183 // return user as a JSON object (otherwise just as string) | 185 // return user as a JSON object (otherwise just as string) |
184 boolean makeUserObject = true; | 186 boolean makeUserObject = true; |
185 JSONObject jo = new JSONObject(); | 187 JSONObject jo = new JSONObject(); |
186 try { | 188 try { |
187 jo.put("text", annot.getBodyText()); | 189 jo.put("text", annot.getBodyText()); |
230 JSONArray adminPerms = new JSONArray(); | 232 JSONArray adminPerms = new JSONArray(); |
231 perms.put("admin", adminPerms); | 233 perms.put("admin", adminPerms); |
232 Actor adminPerm = annot.getAdminPermission(); | 234 Actor adminPerm = annot.getAdminPermission(); |
233 if (adminPerm != null) { | 235 if (adminPerm != null) { |
234 adminPerms.put(adminPerm.getIdString()); | 236 adminPerms.put(adminPerm.getIdString()); |
237 } else if (forAnonymous) { | |
238 // set something because its not allowed for anonymous | |
239 adminPerms.put("not-you"); | |
235 } | 240 } |
236 // delete | 241 // delete |
237 JSONArray deletePerms = new JSONArray(); | 242 JSONArray deletePerms = new JSONArray(); |
238 perms.put("delete", deletePerms); | 243 perms.put("delete", deletePerms); |
239 Actor deletePerm = annot.getDeletePermission(); | 244 Actor deletePerm = annot.getDeletePermission(); |
240 if (deletePerm != null) { | 245 if (deletePerm != null) { |
241 deletePerms.put(deletePerm.getIdString()); | 246 deletePerms.put(deletePerm.getIdString()); |
247 } else if (forAnonymous) { | |
248 // set something because its not allowed for anonymous | |
249 deletePerms.put("not-you"); | |
242 } | 250 } |
243 // update | 251 // update |
244 JSONArray updatePerms = new JSONArray(); | 252 JSONArray updatePerms = new JSONArray(); |
245 perms.put("update", updatePerms); | 253 perms.put("update", updatePerms); |
246 Actor updatePerm = annot.getUpdatePermission(); | 254 Actor updatePerm = annot.getUpdatePermission(); |
247 if (updatePerm != null) { | 255 if (updatePerm != null) { |
248 updatePerms.put(updatePerm.getIdString()); | 256 updatePerms.put(updatePerm.getIdString()); |
257 } else if (forAnonymous) { | |
258 // set something because its not allowed for anonymous | |
259 updatePerms.put("not-you"); | |
249 } | 260 } |
250 // read | 261 // read |
251 JSONArray readPerms = new JSONArray(); | 262 JSONArray readPerms = new JSONArray(); |
252 perms.put("read", readPerms); | 263 perms.put("read", readPerms); |
253 Actor readPerm = annot.getReadPermission(); | 264 Actor readPerm = annot.getReadPermission(); |