Mercurial > hg > AnnotationManagerN4J

diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 14:629e15b345aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
permissions mostly work. need more server-side checking.
author casties
date Fri, 13 Jul 2012 20:41:02 +0200
parents 90911b2da322
children 58357a4b86de
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java	Fri Jul 13 17:22:05 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java	Fri Jul 13 20:41:02 2012 +0200
@@ -140,6 +140,7 @@
     public String checkAuthToken(Representation entity) {
         Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers");
         String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true);
+        if (authToken == null) return null;
         // decode token first to get consumer key
         JsonToken token = new JsonTokenParser(null, null).deserialize(authToken);
         String userId = token.getParamAsPrimitive("userId").getAsString();
@@ -177,9 +178,10 @@
      * creates Annotator-JSON from an Annotation object.
      * 
      * @param annot
+     * @param forAnonymous TODO
      * @return
      */
-    public JSONObject createAnnotatorJson(Annotation annot) {
+    public JSONObject createAnnotatorJson(Annotation annot, boolean forAnonymous) {
         // return user as a JSON object (otherwise just as string)
         boolean makeUserObject = true;
         JSONObject jo = new JSONObject();
@@ -232,6 +234,9 @@
             Actor adminPerm = annot.getAdminPermission();
             if (adminPerm != null) {
                 adminPerms.put(adminPerm.getIdString());
+            } else if (forAnonymous) {
+                // set something because its not allowed for anonymous
+                adminPerms.put("not-you");
             }
             // delete
             JSONArray deletePerms = new JSONArray();
@@ -239,6 +244,9 @@
             Actor deletePerm = annot.getDeletePermission();
             if (deletePerm != null) {
                 deletePerms.put(deletePerm.getIdString());
+            } else if (forAnonymous) {
+                // set something because its not allowed for anonymous
+                deletePerms.put("not-you");
             }
             // update
             JSONArray updatePerms = new JSONArray();
@@ -246,6 +254,9 @@
             Actor updatePerm = annot.getUpdatePermission();
             if (updatePerm != null) {
                 updatePerms.put(updatePerm.getIdString());
+            } else if (forAnonymous) {
+                // set something because its not allowed for anonymous
+                updatePerms.put("not-you");
             }
             // read
             JSONArray readPerms = new JSONArray();