Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 41:5d4260344db5
Merge with 21c5394ea0cbb6738016a3c7d03b5ce7943d6216
author | casties |
---|---|
date | Wed, 26 Sep 2012 14:59:00 +0200 |
parents | 03e0f7574224 34b9d044d0bf |
children | b8ef15c8c4a5 |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Wed Sep 26 14:56:42 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Wed Sep 26 14:59:00 2012 +0200 @@ -54,15 +54,17 @@ String id = decodeJsonId(jsonId); logger.debug("annotation-id=" + id); - if (id == null) { - - return getAllAnnotations(); - } - + // do authentication Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); + if (id == null) { + + return getAllAnnotations(authUser); + } + + AnnotationStore store = getAnnotationStore(); Annotation annot = store.getAnnotationById(id); if (annot != null) { @@ -81,7 +83,7 @@ } } - private Representation getAllAnnotations() { + private Representation getAllAnnotations(Person authUser) { Form form = getRequest().getResourceRef().getQueryAsForm(); String sortBy=null; @@ -96,7 +98,9 @@ List<Annotation> annotations = store.getAnnotations(null, null); for (Annotation annotation : annotations) { - + //check permission + if (!annotation.isActionAllowed("read", authUser, store)) continue; + JSONObject jo = createAnnotatorJson(annotation,false); results.add(jo);