Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 105:7417f5915181 default tip
check admin permission before changing permissions.
Enum for typesafe actions.
| author | casties |
|---|---|
| date | Fri, 10 Feb 2017 15:45:35 +0100 |
| parents | 9140017e8962 |
| children |
comparison
equal
deleted
inserted
replaced
| 104:e953327d66bb | 105:7417f5915181 |
|---|---|
| 39 import org.restlet.resource.Get; | 39 import org.restlet.resource.Get; |
| 40 import org.restlet.resource.Post; | 40 import org.restlet.resource.Post; |
| 41 import org.restlet.resource.Put; | 41 import org.restlet.resource.Put; |
| 42 | 42 |
| 43 import de.mpiwg.itgroup.annotations.Annotation; | 43 import de.mpiwg.itgroup.annotations.Annotation; |
| 44 import de.mpiwg.itgroup.annotations.Annotation.Action; | |
| 44 import de.mpiwg.itgroup.annotations.Person; | 45 import de.mpiwg.itgroup.annotations.Person; |
| 45 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; | 46 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; |
| 46 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; | 47 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; |
| 47 | 48 |
| 48 /** | 49 /** |
| 92 | 93 |
| 93 // send annotation with id | 94 // send annotation with id |
| 94 AnnotationStore store = getAnnotationStore(); | 95 AnnotationStore store = getAnnotationStore(); |
| 95 Annotation annot = store.getAnnotationById(id); | 96 Annotation annot = store.getAnnotationById(id); |
| 96 if (annot != null) { | 97 if (annot != null) { |
| 97 if (!annot.isActionAllowed("read", authUser, store)) { | 98 if (!annot.isActionAllowed(Action.read, authUser, store)) { |
| 98 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | 99 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
| 99 return null; | 100 return null; |
| 100 } | 101 } |
| 101 JSONObject result = createAnnotatorJson(annot, (authUser == null)); | 102 JSONObject result = createAnnotatorJson(annot, (authUser == null)); |
| 102 return new JsonRepresentation(result); | 103 return new JsonRepresentation(result); |
| 113 | 114 |
| 114 // read all annotations | 115 // read all annotations |
| 115 List<Annotation> annotations = store.getAnnotations(null, null, 0, 0); | 116 List<Annotation> annotations = store.getAnnotations(null, null, 0, 0); |
| 116 for (Annotation annotation : annotations) { | 117 for (Annotation annotation : annotations) { |
| 117 // check permission | 118 // check permission |
| 118 if (!annotation.isActionAllowed("read", authUser, store)) | 119 if (!annotation.isActionAllowed(Action.read, authUser, store)) |
| 119 continue; | 120 continue; |
| 120 // add annotation to list | 121 // add annotation to list |
| 121 JSONObject jo = createAnnotatorJson(annotation, false); | 122 JSONObject jo = createAnnotatorJson(annotation, false); |
| 122 results.add(jo); | 123 results.add(jo); |
| 123 } | 124 } |
| 235 Annotation storedAnnot = store.getAnnotationById(id); | 236 Annotation storedAnnot = store.getAnnotationById(id); |
| 236 if (storedAnnot == null) { | 237 if (storedAnnot == null) { |
| 237 setStatus(Status.CLIENT_ERROR_NOT_FOUND); | 238 setStatus(Status.CLIENT_ERROR_NOT_FOUND); |
| 238 return null; | 239 return null; |
| 239 } | 240 } |
| 240 if (!storedAnnot.isActionAllowed("update", authUser, store)) { | 241 if (!storedAnnot.isActionAllowed(Action.update, authUser, store)) { |
| 241 setStatus(Status.CLIENT_ERROR_FORBIDDEN); | 242 setStatus(Status.CLIENT_ERROR_FORBIDDEN); |
| 242 return null; | 243 return null; |
| 243 } | 244 } |
| 244 // update from posted JSON | 245 // update from posted JSON |
| 245 annot = updateAnnotation(storedAnnot, jo, entity); | 246 annot = updateAnnotation(storedAnnot, jo, entity); |
| 284 Person authUser = getUserFromAuthToken(entity); | 285 Person authUser = getUserFromAuthToken(entity); |
| 285 logger.fine("request authenticated=" + authUser); | 286 logger.fine("request authenticated=" + authUser); |
| 286 AnnotationStore store = getAnnotationStore(); | 287 AnnotationStore store = getAnnotationStore(); |
| 287 Annotation annot = store.getAnnotationById(id); | 288 Annotation annot = store.getAnnotationById(id); |
| 288 if (annot != null) { | 289 if (annot != null) { |
| 289 if (!annot.isActionAllowed("delete", authUser, store)) { | 290 if (!annot.isActionAllowed(Action.delete, authUser, store)) { |
| 290 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); | 291 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); |
| 291 return null; | 292 return null; |
| 292 } | 293 } |
| 293 } | 294 } |
| 294 // delete annotation | 295 // delete annotation |