Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 90911b2da322 |
children | 58357a4b86de |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java Fri Jul 13 17:22:05 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java Fri Jul 13 20:41:02 2012 +0200 @@ -140,6 +140,7 @@ public String checkAuthToken(Representation entity) { Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers"); String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true); + if (authToken == null) return null; // decode token first to get consumer key JsonToken token = new JsonTokenParser(null, null).deserialize(authToken); String userId = token.getParamAsPrimitive("userId").getAsString(); @@ -177,9 +178,10 @@ * creates Annotator-JSON from an Annotation object. * * @param annot + * @param forAnonymous TODO * @return */ - public JSONObject createAnnotatorJson(Annotation annot) { + public JSONObject createAnnotatorJson(Annotation annot, boolean forAnonymous) { // return user as a JSON object (otherwise just as string) boolean makeUserObject = true; JSONObject jo = new JSONObject(); @@ -232,6 +234,9 @@ Actor adminPerm = annot.getAdminPermission(); if (adminPerm != null) { adminPerms.put(adminPerm.getIdString()); + } else if (forAnonymous) { + // set something because its not allowed for anonymous + adminPerms.put("not-you"); } // delete JSONArray deletePerms = new JSONArray(); @@ -239,6 +244,9 @@ Actor deletePerm = annot.getDeletePermission(); if (deletePerm != null) { deletePerms.put(deletePerm.getIdString()); + } else if (forAnonymous) { + // set something because its not allowed for anonymous + deletePerms.put("not-you"); } // update JSONArray updatePerms = new JSONArray(); @@ -246,6 +254,9 @@ Actor updatePerm = annot.getUpdatePermission(); if (updatePerm != null) { updatePerms.put(updatePerm.getIdString()); + } else if (forAnonymous) { + // set something because its not allowed for anonymous + updatePerms.put("not-you"); } // read JSONArray readPerms = new JSONArray();