Ignore:
Timestamp:
Jul 13, 2012, 6:41:02 PM (12 years ago)
Author:
casties
Branch:
default
Message:

permissions mostly work. need more server-side checking.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java

    r4 r14  
    1616
    1717import de.mpiwg.itgroup.annotations.Annotation;
    18 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
    1918
    2019/**
     
    3231
    3332    /**
    34      * result for JSON content-type. optional search parameters: uri user limit
    35      * offset
     33     * result for JSON content-type. optional search parameters: uri, user, limit,
     34     * offset.
    3635     *
    3736     * @param entity
     
    4241        logger.debug("AnnotatorSearch doGetJSON!");
    4342        setCorsHeaders();
    44         // TODO: what to do with authentication?
    45         boolean authenticated = isAuthenticated(entity);
    46         logger.debug("request authenticated=" + authenticated);
     43        // do authentication
     44        String authUser = this.checkAuthToken(entity);
     45        logger.debug("request authenticated=" + authUser);
    4746
    4847        Form form = getRequest().getResourceRef().getQueryAsForm();
    4948        String uri = form.getFirstValue("uri");
    5049        String user = form.getFirstValue("user");
    51 
    5250        String limit = form.getFirstValue("limit");
    5351        String offset = form.getFirstValue("offset");
    5452
    55         AnnotationStore searcher = getAnnotationStore();
    56 
    57         JSONArray ja;
    58 
    59         List<Annotation> annots = searcher.searchByUriUser(uri, user, limit, offset);
    60 
    61         ja = new JSONArray();
     53        JSONArray results = new JSONArray();
     54        // do search
     55        logger.debug(String.format("searching for uri=%s user=%s", uri, user));
     56        List<Annotation> annots = getAnnotationStore().searchByUriUser(uri, user, limit, offset);
    6257        for (Annotation annot : annots) {
    63             JSONObject jo = createAnnotatorJson(annot);
     58            // check permission
     59            if (!annot.isActionAllowed("read", authUser)) continue;
     60            JSONObject jo = createAnnotatorJson(annot, (authUser == null));
    6461            if (jo != null) {
    65                 ja.put(createAnnotatorJson(annot));
     62                results.put(jo);
    6663            } else {
    6764                setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error");
     
    6966            }
    7067        }
    71 
     68        // assemble result object
    7269        JSONObject result = new JSONObject();
    7370        try {
    74             result.put("rows", ja);
    75             result.put("total", ja.length());
     71            result.put("rows", results);
     72            result.put("total", results.length());
    7673        } catch (JSONException e) {
    77             e.printStackTrace();
    7874            setStatus(Status.SERVER_ERROR_INTERNAL, "JSON Error");
    7975            return null;
Note: See TracChangeset for help on using the changeset viewer.