Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 3599b29c393f |
children | 58357a4b86de |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java Fri Jul 13 17:22:05 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java Fri Jul 13 20:41:02 2012 +0200 @@ -15,7 +15,6 @@ import org.restlet.resource.Get; import de.mpiwg.itgroup.annotations.Annotation; -import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; /** * Implements the "search" uri of the Annotator API. see @@ -31,8 +30,8 @@ } /** - * result for JSON content-type. optional search parameters: uri user limit - * offset + * result for JSON content-type. optional search parameters: uri, user, limit, + * offset. * * @param entity * @return @@ -41,40 +40,37 @@ public Representation doGetJSON(Representation entity) { logger.debug("AnnotatorSearch doGetJSON!"); setCorsHeaders(); - // TODO: what to do with authentication? - boolean authenticated = isAuthenticated(entity); - logger.debug("request authenticated=" + authenticated); + // do authentication + String authUser = this.checkAuthToken(entity); + logger.debug("request authenticated=" + authUser); Form form = getRequest().getResourceRef().getQueryAsForm(); String uri = form.getFirstValue("uri"); String user = form.getFirstValue("user"); - String limit = form.getFirstValue("limit"); String offset = form.getFirstValue("offset"); - AnnotationStore searcher = getAnnotationStore(); - - JSONArray ja; - - List<Annotation> annots = searcher.searchByUriUser(uri, user, limit, offset); - - ja = new JSONArray(); + JSONArray results = new JSONArray(); + // do search + logger.debug(String.format("searching for uri=%s user=%s", uri, user)); + List<Annotation> annots = getAnnotationStore().searchByUriUser(uri, user, limit, offset); for (Annotation annot : annots) { - JSONObject jo = createAnnotatorJson(annot); + // check permission + if (!annot.isActionAllowed("read", authUser)) continue; + JSONObject jo = createAnnotatorJson(annot, (authUser == null)); if (jo != null) { - ja.put(createAnnotatorJson(annot)); + results.put(jo); } else { setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); return null; } } - + // assemble result object JSONObject result = new JSONObject(); try { - result.put("rows", ja); - result.put("total", ja.length()); + result.put("rows", results); + result.put("total", results.length()); } catch (JSONException e) { - e.printStackTrace(); setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error"); return null; }