AnnotationManagerN4J: src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java comparison

comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java @ 14:629e15b345aa

permissions mostly work. need more server-side checking.

author	casties
date	Fri, 13 Jul 2012 20:41:02 +0200
parents	3599b29c393f
children	58357a4b86de

comparison

equal deleted inserted replaced

-:abe25edf2178
+:629e15b345aa
 import org.restlet.ext.json.JsonRepresentation;
 import org.restlet.representation.Representation;
 import org.restlet.resource.Get;
 import de.mpiwg.itgroup.annotations.Annotation;
-import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
 /**
 * Implements the "search" uri of the Annotator API. see
 * <https://github.com/okfn/annotator/wiki/Storage>
 *
 protected String getAllowedMethodsForHeader() {
 return "OPTIONS,GET";
 }
 /**
-* result for JSON content-type. optional search parameters: uri user limit
+* result for JSON content-type. optional search parameters: uri, user, limit,
-* offset
+* offset.
 *
 * @param entity
 * @return
 */
 @Get("json")
 public Representation doGetJSON(Representation entity) {
 logger.debug("AnnotatorSearch doGetJSON!");
 setCorsHeaders();
-// TODO: what to do with authentication?
+// do authentication
-boolean authenticated = isAuthenticated(entity);
+String authUser = this.checkAuthToken(entity);
-logger.debug("request authenticated=" + authenticated);
+logger.debug("request authenticated=" + authUser);
 Form form = getRequest().getResourceRef().getQueryAsForm();
 String uri = form.getFirstValue("uri");
 String user = form.getFirstValue("user");
 String limit = form.getFirstValue("limit");
 String offset = form.getFirstValue("offset");
-AnnotationStore searcher = getAnnotationStore();
+JSONArray results = new JSONArray();
+// do search
-JSONArray ja;
+logger.debug(String.format("searching for uri=%s user=%s", uri, user));
+List<Annotation> annots = getAnnotationStore().searchByUriUser(uri, user, limit, offset);
-List<Annotation> annots = searcher.searchByUriUser(uri, user, limit, offset);
-ja = new JSONArray();
 for (Annotation annot : annots) {
-JSONObject jo = createAnnotatorJson(annot);
+// check permission
+if (!annot.isActionAllowed("read", authUser)) continue;
+JSONObject jo = createAnnotatorJson(annot, (authUser == null));
 if (jo != null) {
-ja.put(createAnnotatorJson(annot));
+results.put(jo);
 } else {
 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error");
 return null;
 }
 }
+// assemble result object
 JSONObject result = new JSONObject();
 try {
-result.put("rows", ja);
+result.put("rows", results);
-result.put("total", ja.length());
+result.put("total", results.length());
 } catch (JSONException e) {
-e.printStackTrace();
 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error");
 return null;
 }
 logger.debug("sending:");

Mercurial > hg > AnnotationManagerN4J

comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java @ 14:629e15b345aa