Mercurial > hg > AnnotationManagerN4J

diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java @ 14:629e15b345aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
permissions mostly work. need more server-side checking.
author casties
date Fri, 13 Jul 2012 20:41:02 +0200
parents 3599b29c393f
children 58357a4b86de
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java	Fri Jul 13 17:22:05 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java	Fri Jul 13 20:41:02 2012 +0200
@@ -15,7 +15,6 @@
 import org.restlet.resource.Get;
 
 import de.mpiwg.itgroup.annotations.Annotation;
-import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
 
 /**
  * Implements the "search" uri of the Annotator API. see
@@ -31,8 +30,8 @@
     }
 
     /**
-     * result for JSON content-type. optional search parameters: uri user limit
-     * offset
+     * result for JSON content-type. optional search parameters: uri, user, limit,
+     * offset.
      * 
      * @param entity
      * @return
@@ -41,40 +40,37 @@
     public Representation doGetJSON(Representation entity) {
         logger.debug("AnnotatorSearch doGetJSON!");
         setCorsHeaders();
-        // TODO: what to do with authentication?
-        boolean authenticated = isAuthenticated(entity);
-        logger.debug("request authenticated=" + authenticated);
+        // do authentication
+        String authUser = this.checkAuthToken(entity);
+        logger.debug("request authenticated=" + authUser);
 
         Form form = getRequest().getResourceRef().getQueryAsForm();
         String uri = form.getFirstValue("uri");
         String user = form.getFirstValue("user");
-
         String limit = form.getFirstValue("limit");
         String offset = form.getFirstValue("offset");
 
-        AnnotationStore searcher = getAnnotationStore();
-
-        JSONArray ja;
-
-        List<Annotation> annots = searcher.searchByUriUser(uri, user, limit, offset);
-
-        ja = new JSONArray();
+        JSONArray results = new JSONArray();
+        // do search
+        logger.debug(String.format("searching for uri=%s user=%s", uri, user));
+        List<Annotation> annots = getAnnotationStore().searchByUriUser(uri, user, limit, offset);
         for (Annotation annot : annots) {
-            JSONObject jo = createAnnotatorJson(annot);
+            // check permission
+            if (!annot.isActionAllowed("read", authUser)) continue;
+            JSONObject jo = createAnnotatorJson(annot, (authUser == null));
             if (jo != null) {
-                ja.put(createAnnotatorJson(annot));
+                results.put(jo);
             } else {
                 setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error");
                 return null;
             }
         }
-
+        // assemble result object
         JSONObject result = new JSONObject();
         try {
-            result.put("rows", ja);
-            result.put("total", ja.length());
+            result.put("rows", results);
+            result.put("total", results.length());
         } catch (JSONException e) {
-            e.printStackTrace();
             setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error");
             return null;
         }