Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 3599b29c393f |
children | 58357a4b86de |
comparison
equal
deleted
inserted
replaced
13:abe25edf2178 | 14:629e15b345aa |
---|---|
13 import org.restlet.ext.json.JsonRepresentation; | 13 import org.restlet.ext.json.JsonRepresentation; |
14 import org.restlet.representation.Representation; | 14 import org.restlet.representation.Representation; |
15 import org.restlet.resource.Get; | 15 import org.restlet.resource.Get; |
16 | 16 |
17 import de.mpiwg.itgroup.annotations.Annotation; | 17 import de.mpiwg.itgroup.annotations.Annotation; |
18 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; | |
19 | 18 |
20 /** | 19 /** |
21 * Implements the "search" uri of the Annotator API. see | 20 * Implements the "search" uri of the Annotator API. see |
22 * <https://github.com/okfn/annotator/wiki/Storage> | 21 * <https://github.com/okfn/annotator/wiki/Storage> |
23 * | 22 * |
29 protected String getAllowedMethodsForHeader() { | 28 protected String getAllowedMethodsForHeader() { |
30 return "OPTIONS,GET"; | 29 return "OPTIONS,GET"; |
31 } | 30 } |
32 | 31 |
33 /** | 32 /** |
34 * result for JSON content-type. optional search parameters: uri user limit | 33 * result for JSON content-type. optional search parameters: uri, user, limit, |
35 * offset | 34 * offset. |
36 * | 35 * |
37 * @param entity | 36 * @param entity |
38 * @return | 37 * @return |
39 */ | 38 */ |
40 @Get("json") | 39 @Get("json") |
41 public Representation doGetJSON(Representation entity) { | 40 public Representation doGetJSON(Representation entity) { |
42 logger.debug("AnnotatorSearch doGetJSON!"); | 41 logger.debug("AnnotatorSearch doGetJSON!"); |
43 setCorsHeaders(); | 42 setCorsHeaders(); |
44 // TODO: what to do with authentication? | 43 // do authentication |
45 boolean authenticated = isAuthenticated(entity); | 44 String authUser = this.checkAuthToken(entity); |
46 logger.debug("request authenticated=" + authenticated); | 45 logger.debug("request authenticated=" + authUser); |
47 | 46 |
48 Form form = getRequest().getResourceRef().getQueryAsForm(); | 47 Form form = getRequest().getResourceRef().getQueryAsForm(); |
49 String uri = form.getFirstValue("uri"); | 48 String uri = form.getFirstValue("uri"); |
50 String user = form.getFirstValue("user"); | 49 String user = form.getFirstValue("user"); |
51 | |
52 String limit = form.getFirstValue("limit"); | 50 String limit = form.getFirstValue("limit"); |
53 String offset = form.getFirstValue("offset"); | 51 String offset = form.getFirstValue("offset"); |
54 | 52 |
55 AnnotationStore searcher = getAnnotationStore(); | 53 JSONArray results = new JSONArray(); |
56 | 54 // do search |
57 JSONArray ja; | 55 logger.debug(String.format("searching for uri=%s user=%s", uri, user)); |
58 | 56 List<Annotation> annots = getAnnotationStore().searchByUriUser(uri, user, limit, offset); |
59 List<Annotation> annots = searcher.searchByUriUser(uri, user, limit, offset); | |
60 | |
61 ja = new JSONArray(); | |
62 for (Annotation annot : annots) { | 57 for (Annotation annot : annots) { |
63 JSONObject jo = createAnnotatorJson(annot); | 58 // check permission |
59 if (!annot.isActionAllowed("read", authUser)) continue; | |
60 JSONObject jo = createAnnotatorJson(annot, (authUser == null)); | |
64 if (jo != null) { | 61 if (jo != null) { |
65 ja.put(createAnnotatorJson(annot)); | 62 results.put(jo); |
66 } else { | 63 } else { |
67 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | 64 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); |
68 return null; | 65 return null; |
69 } | 66 } |
70 } | 67 } |
71 | 68 // assemble result object |
72 JSONObject result = new JSONObject(); | 69 JSONObject result = new JSONObject(); |
73 try { | 70 try { |
74 result.put("rows", ja); | 71 result.put("rows", results); |
75 result.put("total", ja.length()); | 72 result.put("total", results.length()); |
76 } catch (JSONException e) { | 73 } catch (JSONException e) { |
77 e.printStackTrace(); | |
78 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); | 74 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); |
79 return null; | 75 return null; |
80 } | 76 } |
81 | 77 |
82 logger.debug("sending:"); | 78 logger.debug("sending:"); |