Changeset 61:b8ef15c8c4a5 in AnnotationManagerN4J for src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java
Legend:
- Unmodified
- Added
- Removed
-
src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java
r41 r61 55 55 logger.debug("annotation-id=" + id); 56 56 57 58 57 // do authentication 59 58 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); … … 61 60 62 61 if (id == null) { 63 64 62 return getAllAnnotations(authUser); 65 63 } 66 64 67 68 65 AnnotationStore store = getAnnotationStore(); 69 66 Annotation annot = store.getAnnotationById(id); 70 67 if (annot != null) { 71 if (! 68 if (!annot.isActionAllowed("read", authUser, store)) { 72 69 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); 73 70 return null; … … 85 82 86 83 private Representation getAllAnnotations(Person authUser) { 87 88 89 String sortBy=null;90 91 if (parameter.getName().equals("sortBy")){92 sortBy =parameter.getValue();93 94 95 84 85 Form form = getRequest().getResourceRef().getQueryAsForm(); 86 String sortBy = null; 87 for (Parameter parameter : form) { 88 if (parameter.getName().equals("sortBy")) { 89 sortBy = parameter.getValue(); 90 } 91 } 92 96 93 AnnotationStore store = getAnnotationStore(); 97 94 ArrayList<JSONObject> results = new ArrayList<JSONObject>(); 98 99 95 96 List<Annotation> annotations = store.getAnnotations(null, null); 100 97 for (Annotation annotation : annotations) { 101 //check permission 102 if (!annotation.isActionAllowed("read", authUser, store)) continue; 103 104 JSONObject jo = createAnnotatorJson(annotation,false); 105 results.add(jo); 106 107 } 108 109 if (sortBy!=null){ 110 JSONObjectComparator.sortAnnotations(results,sortBy); 111 } 112 113 JSONArray resultsJa = new JSONArray(); 114 for (JSONObject result:results){ 115 resultsJa.put(result); 116 } 117 98 // check permission 99 if (!annotation.isActionAllowed("read", authUser, store)) continue; 100 101 JSONObject jo = createAnnotatorJson(annotation, false); 102 results.add(jo); 103 } 104 105 if (sortBy != null) { 106 JSONObjectComparator.sortAnnotations(results, sortBy); 107 } 108 109 JSONArray resultsJa = new JSONArray(); 110 for (JSONObject result : results) { 111 resultsJa.put(result); 112 } 113 118 114 // assemble result object 119 115 JSONObject result = new JSONObject(); … … 130 126 } 131 127 132 133 134 135 136 /** 128 /** 137 129 * POST with JSON content-type. Creates a new Annotation. 138 130 * … … 144 136 // set headers 145 137 setCorsHeaders(); 146 147 // do authentication TODO: who's allowed to create? 138 139 // do authentication TODO: who's allowed to create? 148 140 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); 149 141 logger.debug("request authenticated=" + authUser); … … 222 214 return null; 223 215 } 224 if (! 216 if (!storedAnnot.isActionAllowed("update", authUser, store)) { 225 217 setStatus(Status.CLIENT_ERROR_FORBIDDEN); 226 218 return null; … … 272 264 Annotation annot = store.getAnnotationById(id); 273 265 if (annot != null) { 274 if (! 266 if (!annot.isActionAllowed("delete", authUser, store)) { 275 267 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); 276 268 return null; 277 269 } 278 270 } 279 271 280 272 // delete annotation 281 273 store.deleteAnnotationById(id);
Note: See TracChangeset
for help on using the changeset viewer.