Changeset 4207 for DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java

Timestamp:

12/19/13 14:36:04 (10 years ago)

Author:

olhsha

Message:

adding trasnactional, refactoring and fixing bugs in updated annotations, removing try-catch from resource methods (The Greek's advice)

File:

• DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java (modified) (25 diffs)

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java

@@ -34 +34 @@
 import java.io.IOException;
 import java.net.URI;
-import java.security.Principal;
 import java.sql.Timestamp;
 import java.util.ArrayList;
@@ -52 +51 @@
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.SecurityContext;
 import javax.ws.rs.core.UriInfo;
 import javax.ws.rs.ext.Providers;
@@ -61 +59 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.transaction.annotation.Transactional;
 
 /**
@@ -68 +67 @@
 @Component
 @Path("/annotations")
+@Transactional(rollbackFor = {Exception.class})
 public class AnnotationResource {
 
@@ -110 +110 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}")
     @Secured("ROLE_USER")
-    public JAXBElement<Annotation> getAnnotation(@PathParam("annotationid") String ExternalIdentifier) {
+    @Transactional(readOnly = true)
+    public JAXBElement<Annotation> getAnnotation(@PathParam("annotationid") String ExternalIdentifier) throws IOException {
         URI baseURI = uriInfo.getBaseUri();
         String baseURIstr = baseURI.toString();
@@ -123 +124 @@
             return rootElement;
         } else {
-            try {
-                logger.error("FORBIDDEN-access attempt");
-                httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
             return null;
         }
@@ -139 +135 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/targets")
     @Secured("ROLE_USER")
-    public JAXBElement<ReferenceList> getAnnotationTargets(@PathParam("annotationid") String ExternalIdentifier) {
+    @Transactional(readOnly = true)
+    public JAXBElement<ReferenceList> getAnnotationTargets(@PathParam("annotationid") String ExternalIdentifier) throws IOException {
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(ExternalIdentifier));
@@ -148 +145 @@
             return new ObjectFactory().createTargetList(TargetList);
         } else {
-            try {
-                logger.error("FORBIDDEN-access attempt");
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return null;
         }
@@ -163 +155 @@
     @Path("")
     @Secured("ROLE_USER")
+    @Transactional(readOnly = true)
     public JAXBElement<AnnotationInfoList> getFilteredAnnotations(@QueryParam("link") String link,
             @QueryParam("text") String text,
@@ -175 +168 @@
         UUID ownerExternalUUID = (ownerExternalId != null) ? UUID.fromString(ownerExternalId) : null;
         String access = (permission != null) ? permission : default_permission;
-        final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(link, text, userID, access, namespace, ownerExternalUUID, after, before);
+        final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(link, text, userID, makeAccessModeChain(access), namespace, ownerExternalUUID, after, before);
         logger.info("getFilteredAnnotations method: OK");
         return new ObjectFactory().createAnnotationInfoList(annotationInfoList);
@@ -185 +178 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/permissions")
     @Secured("ROLE_USER")
-    public JAXBElement<UserWithPermissionList> getAnnotationPermissions(@PathParam("annotationid") String ExternalIdentifier) {
+    @Transactional(readOnly = true)
+    public JAXBElement<UserWithPermissionList> getAnnotationPermissions(@PathParam("annotationid") String ExternalIdentifier) throws IOException {
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(ExternalIdentifier));
@@ -194 +188 @@
             return new ObjectFactory().createPermissionList(permissionList);
         } else {
-            try {
-                logger.error("FORBIDDEN-access attempt");
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return null;
         }
@@ -210 +199 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}")
     @Secured("ROLE_USER")
-    public String deleteAnnotation(@PathParam("annotationid") String externalIdentifier) {
+    public String deleteAnnotation(@PathParam("annotationid") String externalIdentifier) throws IOException {
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier));
@@ -220 +209 @@
             return result + " annotation(s) deleted.";
         } else {
-            logger.error("FORBIDDEN-access attempt. Only the owner can delete an annotation.");
-            try {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return null;
         }
@@ -237 +221 @@
     @Path("")
     @Secured("ROLE_USER")
-    public JAXBElement<ResponseBody> createAnnotation(Annotation annotation) {
+    public JAXBElement<ResponseBody> createAnnotation(Annotation annotation) throws IOException {
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
@@ -252 +236 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}")
     @Secured("ROLE_USER")
-    public JAXBElement<ResponseBody> updateAnnotation(@PathParam("annotationid") String externalIdentifier, Annotation annotation) {
+    public JAXBElement<ResponseBody> updateAnnotation(@PathParam("annotationid") String externalIdentifier, Annotation annotation) throws IOException {
         String path = uriInfo.getBaseUri().toString();
         dbIntegrityService.setServiceURI(path);
@@ -269 +253 @@
 
         } else {
-            logger.error("FORBIDDEN-access attempt.");
-            logger.error("The logged-in user is not authorised to alter this annotation. ");
-            try {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
-            return null;
-        }
-
-    }
-    
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            return null;
+        }
+
+    }
+
     @PUT
     @Consumes(MediaType.APPLICATION_XML)
@@ -286 +264 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/body")
     @Secured("ROLE_USER")
-    public JAXBElement<ResponseBody> updateAnnotationBody(@PathParam("annotationid") String externalIdentifier, AnnotationBody annotationBody) {
+    public JAXBElement<ResponseBody> updateAnnotationBody(@PathParam("annotationid") String externalIdentifier, AnnotationBody annotationBody) throws IOException {
         String path = uriInfo.getBaseUri().toString();
         dbIntegrityService.setServiceURI(path);
-        
+
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier));
         final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
@@ -296 +274 @@
             logger.info("updateAnnotationBody method: OK");
             return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
-
-        } else {
-            logger.error("FORBIDDEN-access attempt.");
-            logger.error("The logged-in user is not authorised to alter this annotation. ");
-            try {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return null;
         }
@@ -315 +286 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/permissions/{userid: " + BackendConstants.regExpIdentifier + "}")
     @Secured("ROLE_USER")
-    public String updatePermission(@PathParam("annotationid") String annotationExternalId, @PathParam("userid") String userExternalId, Permission permission) {
+    public String updatePermission(@PathParam("annotationid") String annotationExternalId, @PathParam("userid") String userExternalId, Permission permission) throws IOException {
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(annotationExternalId));
@@ -328 +299 @@
 
         } else {
-            logger.error("FORBIDDEN-access attempt");
-            logger.error("The logged-in user is not authorised to alter this annotation. ");
-            try {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return null;
         }
@@ -344 +309 @@
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/permissions/")
     @Secured("ROLE_USER")
-    public JAXBElement<ResponseBody> updatePermissions(@PathParam("annotationid") String annotationExternalId, UserWithPermissionList permissions) {
+    public JAXBElement<ResponseBody> updatePermissions(@PathParam("annotationid") String annotationExternalId, UserWithPermissionList permissions) throws IOException {
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(annotationExternalId));
@@ -353 +318 @@
             return new ObjectFactory().createResponseBody(makePermissionResponseEnvelope(annotationID));
         } else {
-            logger.error("FORBIDDEN-access attempt");
-            logger.error("The logged-in user is not authorised to alter this annotation. ");
-            try {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (IOException ioe) {
-                logger.error("IOException: Cannot send server respond about unaithorized access.");
-            }
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return null;
         }
@@ -390 +349 @@
     }
 
+    // REFACTOR : move to the integrity service all te methods below  
     private List<Action> makeActionList(List<String> resourceURIs, String message) {
         if (resourceURIs != null) {
@@ -435 +395 @@
         }
     }
+
+    private String[] makeAccessModeChain(String accessMode) {
+        if (accessMode != null) {
+            if (accessMode == Permission.OWNER.value()) {
+                String[] result = new String[1];
+                result[0] = accessMode;
+                return result;
+            } else {
+                if (accessMode == Permission.WRITER.value()) {
+                    String[] result = new String[2];
+                    result[0] = Permission.WRITER.value();
+                    result[1] = Permission.OWNER.value();
+                    return result;
+                } else {
+                    if (accessMode == Permission.READER.value()) {
+                        String[] result = new String[3];
+                        result[0] = Permission.READER.value();
+                        result[1] = Permission.WRITER.value();
+                        result[2] = Permission.OWNER.value();
+                        return result;
+                    } else {
+                        logger.error("Invalide access " + accessMode);
+                        return null;
+                    }
+
+                }
+            }
+
+        } else {
+            return null;
+        }
+    }
 }