Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 105:7417f5915181 default tip
check admin permission before changing permissions.
Enum for typesafe actions.
author | casties |
---|---|
date | Fri, 10 Feb 2017 15:45:35 +0100 |
parents | 9140017e8962 |
children |
comparison
equal
deleted
inserted
replaced
104:e953327d66bb | 105:7417f5915181 |
---|---|
39 import org.restlet.resource.Get; | 39 import org.restlet.resource.Get; |
40 import org.restlet.resource.Post; | 40 import org.restlet.resource.Post; |
41 import org.restlet.resource.Put; | 41 import org.restlet.resource.Put; |
42 | 42 |
43 import de.mpiwg.itgroup.annotations.Annotation; | 43 import de.mpiwg.itgroup.annotations.Annotation; |
44 import de.mpiwg.itgroup.annotations.Annotation.Action; | |
44 import de.mpiwg.itgroup.annotations.Person; | 45 import de.mpiwg.itgroup.annotations.Person; |
45 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; | 46 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
46 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; | 47 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
47 | 48 |
48 /** | 49 /** |
92 | 93 |
93 // send annotation with id | 94 // send annotation with id |
94 AnnotationStore store = getAnnotationStore(); | 95 AnnotationStore store = getAnnotationStore(); |
95 Annotation annot = store.getAnnotationById(id); | 96 Annotation annot = store.getAnnotationById(id); |
96 if (annot != null) { | 97 if (annot != null) { |
97 if (!annot.isActionAllowed("read", authUser, store)) { | 98 if (!annot.isActionAllowed(Action.read, authUser, store)) { |
98 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | 99 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
99 return null; | 100 return null; |
100 } | 101 } |
101 JSONObject result = createAnnotatorJson(annot, (authUser == null)); | 102 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
102 return new JsonRepresentation(result); | 103 return new JsonRepresentation(result); |
113 | 114 |
114 // read all annotations | 115 // read all annotations |
115 List<Annotation> annotations = store.getAnnotations(null, null, 0, 0); | 116 List<Annotation> annotations = store.getAnnotations(null, null, 0, 0); |
116 for (Annotation annotation : annotations) { | 117 for (Annotation annotation : annotations) { |
117 // check permission | 118 // check permission |
118 if (!annotation.isActionAllowed("read", authUser, store)) | 119 if (!annotation.isActionAllowed(Action.read, authUser, store)) |
119 continue; | 120 continue; |
120 // add annotation to list | 121 // add annotation to list |
121 JSONObject jo = createAnnotatorJson(annotation, false); | 122 JSONObject jo = createAnnotatorJson(annotation, false); |
122 results.add(jo); | 123 results.add(jo); |
123 } | 124 } |
235 Annotation storedAnnot = store.getAnnotationById(id); | 236 Annotation storedAnnot = store.getAnnotationById(id); |
236 if (storedAnnot == null) { | 237 if (storedAnnot == null) { |
237 setStatus(Status.CLIENT_ERROR_NOT_FOUND); | 238 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
238 return null; | 239 return null; |
239 } | 240 } |
240 if (!storedAnnot.isActionAllowed("update", authUser, store)) { | 241 if (!storedAnnot.isActionAllowed(Action.update, authUser, store)) { |
241 setStatus(Status.CLIENT_ERROR_FORBIDDEN); | 242 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
242 return null; | 243 return null; |
243 } | 244 } |
244 // update from posted JSON | 245 // update from posted JSON |
245 annot = updateAnnotation(storedAnnot, jo, entity); | 246 annot = updateAnnotation(storedAnnot, jo, entity); |
284 Person authUser = getUserFromAuthToken(entity); | 285 Person authUser = getUserFromAuthToken(entity); |
285 logger.fine("request authenticated=" + authUser); | 286 logger.fine("request authenticated=" + authUser); |
286 AnnotationStore store = getAnnotationStore(); | 287 AnnotationStore store = getAnnotationStore(); |
287 Annotation annot = store.getAnnotationById(id); | 288 Annotation annot = store.getAnnotationById(id); |
288 if (annot != null) { | 289 if (annot != null) { |
289 if (!annot.isActionAllowed("delete", authUser, store)) { | 290 if (!annot.isActionAllowed(Action.delete, authUser, store)) { |
290 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | 291 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
291 return null; | 292 return null; |
292 } | 293 } |
293 } | 294 } |
294 // delete annotation | 295 // delete annotation |