Context Navigation

source: AnnotationManagerN4J/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 20:715aa11d138b

Last change on this file since 20:715aa11d138b was 20:715aa11d138b, checked in by casties, 12 years ago
fixes in permission handling: admin and delete default to creator.
File size: 7.8 KB

Line
1	/**
2	* Implements the "annotations" uri of the Annotator API. see
3	* <https://github.com/okfn/annotator/wiki/Storage>
4	*/
5	package de.mpiwg.itgroup.annotations.restlet;
6
7	import java.io.IOException;
8
9	import org.json.JSONException;
10	import org.json.JSONObject;
11	import org.restlet.data.Status;
12	import org.restlet.ext.json.JsonRepresentation;
13	import org.restlet.representation.Representation;
14	import org.restlet.resource.Delete;
15	import org.restlet.resource.Get;
16	import org.restlet.resource.Post;
17	import org.restlet.resource.Put;
18
19	import de.mpiwg.itgroup.annotations.Annotation;
20	import de.mpiwg.itgroup.annotations.Person;
21	import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
22
23	/**
24	* Implements the "annotations" uri of the Annotator API. see
25	* <https://github.com/okfn/annotator/wiki/Storage>
26	*
27	* @author dwinter, casties
28	*
29	*/
30	public class AnnotatorAnnotations extends AnnotatorResourceImpl {
31
32	protected String getAllowedMethodsForHeader() {
33	return "OPTIONS,GET,POST,PUT,DELETE";
34	}
35
36	/**
37	* GET with JSON content-type.
38	*
39	* @param entity
40	* @return
41	*/
42	@Get("json")
43	public Representation doGetJSON(Representation entity) {
44	logger.debug("AnnotatorAnnotations doGetJSON!");
45	setCorsHeaders();
46	// id from URI /annotations/{id}
47	String jsonId = (String) getRequest().getAttributes().get("id");
48	String id = decodeJsonId(jsonId);
49	logger.debug("annotation-id=" + id);
50
51	// TODO: what to return without id - list of all annotations?
52
53	// do authentication
54	Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
55	logger.debug("request authenticated=" + authUser);
56
57	AnnotationStore store = getAnnotationStore();
58	Annotation annot = store.getAnnotationById(id);
59	if (annot != null) {
60	if (! annot.isActionAllowed("read", authUser, store)) {
61	setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
62	return null;
63	}
64	JSONObject result = createAnnotatorJson(annot, (authUser == null));
65	logger.debug("sending:");
66	logger.debug(result);
67	return new JsonRepresentation(result);
68	} else {
69	// not found
70	setStatus(Status.CLIENT_ERROR_NOT_FOUND);
71	return null;
72	}
73	}
74
75	/**
76	* POST with JSON content-type. Creates a new Annotation.
77	*
78	* @return
79	*/
80	@Post("json")
81	public Representation doPostJson(Representation entity) {
82	logger.debug("AnnotatorAnnotations doPostJSON!");
83	// set headers
84	setCorsHeaders();
85
86	// do authentication TODO: who's allowed to create?
87	Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
88	logger.debug("request authenticated=" + authUser);
89	if (authUser == null) {
90	setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
91	return null;
92	}
93
94	Annotation annot = null;
95	try {
96	JsonRepresentation jrep = new JsonRepresentation(entity);
97	JSONObject jo = jrep.getJsonObject();
98	if (jo == null) {
99	setStatus(Status.SERVER_ERROR_INTERNAL);
100	return null;
101	}
102	// make sure id is not set for POST
103	jo.remove("id");
104	// get Annotation object from posted JSON
105	annot = createAnnotation(jo, entity);
106	} catch (IOException e1) {
107	setStatus(Status.SERVER_ERROR_INTERNAL);
108	return null;
109	} catch (JSONException e) {
110	setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
111	return null;
112	}
113	if (annot == null) {
114	setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
115	return null;
116	}
117	Annotation storedAnnot;
118	// store Annotation
119	storedAnnot = getAnnotationStore().storeAnnotation(annot);
120	/*
121	* according to https://github.com/okfn/annotator/wiki/Storage we should
122	* return 303: see other. For now we return the annotation.
123	*/
124	JSONObject jo = createAnnotatorJson(storedAnnot, (authUser == null));
125	JsonRepresentation retRep = new JsonRepresentation(jo);
126	return retRep;
127	}
128
129	/**
130	* PUT with JSON content-type. Modifies an Annotation.
131	*
132	* @param entity
133	* @return
134	*/
135	@Put("json")
136	public Representation doPutJSON(Representation entity) {
137	logger.debug("AnnotatorAnnotations doPutJSON!");
138	setCorsHeaders();
139	// id from URI /annotations/{id}
140	String jsonId = (String) getRequest().getAttributes().get("id");
141	String id = decodeJsonId(jsonId);
142	logger.debug("annotation-id=" + id);
143
144	// do authentication
145	Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
146	logger.debug("request authenticated=" + authUser);
147
148	Annotation annot = null;
149	AnnotationStore store = getAnnotationStore();
150	try {
151	JsonRepresentation jrep = new JsonRepresentation(entity);
152	JSONObject jo = jrep.getJsonObject();
153	if (jo == null) {
154	setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
155	return null;
156	}
157	// get stored Annotation
158	Annotation storedAnnot = store.getAnnotationById(id);
159	if (storedAnnot == null) {
160	setStatus(Status.CLIENT_ERROR_NOT_FOUND);
161	return null;
162	}
163	if (! storedAnnot.isActionAllowed("update", authUser, store)) {
164	setStatus(Status.CLIENT_ERROR_FORBIDDEN);
165	return null;
166	}
167	// update from posted JSON
168	annot = updateAnnotation(storedAnnot, jo, entity);
169	// store Annotation
170	storedAnnot = store.storeAnnotation(annot);
171	/*
172	* according to https://github.com/okfn/annotator/wiki/Storage we
173	* should return 303: see other. but the client doesn't like it
174	* setStatus(Status.REDIRECTION_SEE_OTHER); // go to same URL as
175	* this one Reference thisUrl = this.getReference();
176	* this.getResponse().setLocationRef(thisUrl);
177	*/
178	// return new annotation
179	jo = createAnnotatorJson(storedAnnot, (authUser == null));
180	JsonRepresentation retRep = new JsonRepresentation(jo);
181	return retRep;
182	} catch (JSONException e) {
183	e.printStackTrace();
184	setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
185	} catch (IOException e) {
186	e.printStackTrace();
187	setStatus(Status.SERVER_ERROR_INTERNAL, "Other Error");
188	}
189	return null;
190	}
191
192	/**
193	* DELETE with JSON content-type. Deletes an Annotation.
194	*
195	* @param entity
196	* @return
197	*/
198	@Delete("json")
199	public Representation doDeleteJSON(Representation entity) {
200	logger.debug("AnnotatorAnnotations doDeleteJSON!");
201	setCorsHeaders();
202	// id from URI /annotations/{id}
203	String jsonId = (String) getRequest().getAttributes().get("id");
204	String id = decodeJsonId(jsonId);
205	logger.debug("annotation-id=" + id);
206
207	// do authentication
208	Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
209	logger.debug("request authenticated=" + authUser);
210	AnnotationStore store = getAnnotationStore();
211	Annotation annot = store.getAnnotationById(id);
212	if (annot != null) {
213	if (! annot.isActionAllowed("delete", authUser, store)) {
214	setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
215	return null;
216	}
217	}
218
219	// delete annotation
220	store.deleteById(id);
221	setStatus(Status.SUCCESS_NO_CONTENT);
222	return null;
223	}
224
225	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: