Changeset 4529
- Timestamp:
- 02/17/14 17:19:07 (10 years ago)
- Location:
- DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src
- Files:
-
- 1 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/DBIntegrityService.java
r4523 r4529 245 245 public NotebookInfoList getNotebooks(Number prinipalID, String permission); 246 246 247 boolean hasAccess(Number notebookID, Number principalID, Permission permission); 248 247 249 public ReferenceList getNotebooksOwnedBy(Number principalID); 248 250 -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/NotebookDao.java
r4495 r4529 43 43 44 44 Number getOwner(Number notebookID); 45 46 45 47 46 48 List<Number> getNotebookIDs(Number principalID, Permission acessMode); -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceImlp.java
r4523 r4529 471 471 472 472 @Override 473 public boolean hasAccess(Number notebookID, Number principalID, Permission permission){ 474 List<Number> notebookIDs = notebookDao.getNotebookIDs(principalID, permission); 475 if (notebookIDs == null) { 476 return false; 477 } 478 return notebookIDs.contains(notebookID); 479 } 480 481 482 @Override 473 483 public ReferenceList getNotebooksOwnedBy(Number principalID) { 474 484 ReferenceList result = new ReferenceList(); -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/JdbcNotebookDao.java
r4506 r4529 24 24 import java.sql.ResultSet; 25 25 import java.sql.SQLException; 26 import java.util.GregorianCalendar;27 26 import java.util.HashMap; 28 27 import java.util.List; … … 31 30 import javax.sql.DataSource; 32 31 import org.springframework.jdbc.core.RowMapper; 33 import javax.xml.datatype.DatatypeConfigurationException;34 import javax.xml.datatype.DatatypeFactory;35 import javax.xml.datatype.XMLGregorianCalendar;36 32 import org.slf4j.Logger; 37 33 import org.slf4j.LoggerFactory; … … 72 68 } 73 69 } 70 71 74 72 75 73 @Override -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java
r4491 r4529 83 83 @Context 84 84 private ServletContext context; 85 86 private final Logger logger = LoggerFactory.getLogger(AnnotationResource.class);87 85 public static final Logger loggerServer = LoggerFactory.getLogger(HttpServletResponse.class); 86 private final VerboseOutput verboseOutput = new VerboseOutput(httpServletResponse, loggerServer); 88 87 final private String admin = "admin"; 89 88 … … 112 111 @Transactional(readOnly = true) 113 112 public JAXBElement<Annotation> getAnnotation(@PathParam("annotationid") String externalIdentifier) throws IOException { 114 115 URI baseURI = uriInfo.getBaseUri(); 116 String baseURIstr = baseURI.toString(); 117 dbIntegrityService.setServiceURI(baseURIstr); 118 113 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 119 114 try { 120 115 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier)); … … 125 120 if (dbIntegrityService.canRead(userID, annotationID)) { 126 121 final Annotation annotation = dbIntegrityService.getAnnotation(annotationID); 127 JAXBElement<Annotation> rootElement = new ObjectFactory().createAnnotation(annotation); 128 return rootElement; 129 } else { 130 loggerServer.debug(httpServletResponse.SC_FORBIDDEN + ": The logged-in user cannot read the annotation."); 131 httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation."); 132 return null; 133 } 134 } else { 135 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 136 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 137 return null; 138 } 139 } else { 140 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + externalIdentifier + " is not found in the database"); 141 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + externalIdentifier + " is not found in the database"); 142 return null; 143 } 144 } catch (IllegalArgumentException e) { 145 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + externalIdentifier); 146 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + externalIdentifier); 147 return null; 148 } 149 122 return new ObjectFactory().createAnnotation(annotation); 123 } else { 124 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_ANNOTATION_READING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 125 } 126 } else { 127 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 128 129 } 130 } else { 131 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 132 } 133 } catch (IllegalArgumentException e) { 134 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(externalIdentifier), HttpServletResponse.SC_BAD_REQUEST); 135 } 136 return new ObjectFactory().createAnnotation(new Annotation()); 150 137 } 151 138 … … 157 144 public JAXBElement<ReferenceList> getAnnotationTargets(@PathParam("annotationid") String externalIdentifier) throws IOException { 158 145 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 159 160 146 try { 161 147 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier)); … … 166 152 if (dbIntegrityService.canRead(userID, annotationID)) { 167 153 final ReferenceList TargetList = dbIntegrityService.getAnnotationTargets(annotationID); 168 logger.info("getAnnotationTargets method: OK");169 154 return new ObjectFactory().createTargetList(TargetList); 170 155 } else { 171 loggerServer.debug(httpServletResponse.SC_FORBIDDEN + ": The logged-in user cannot read the annotation."); 172 httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation."); 173 return null; 174 } 175 } else { 176 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 177 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 178 return null; 179 } 180 } else { 181 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + externalIdentifier + " is not found in the database"); 182 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + externalIdentifier + " is not found in the database"); 183 return null; 184 } 185 } catch (IllegalArgumentException e) { 186 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + externalIdentifier); 187 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + externalIdentifier); 188 return null; 189 } 156 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_ANNOTATION_READING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 157 } 158 } else { 159 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 160 161 } 162 } else { 163 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 164 165 } 166 } catch (IllegalArgumentException e) { 167 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(externalIdentifier), HttpServletResponse.SC_BAD_REQUEST); 168 } 169 return new ObjectFactory().createTargetList(new ReferenceList()); 190 170 } 191 171 // TODO Unit test … … 209 189 try { 210 190 UUID ownerExternalUUID = (ownerExternalId != null) ? UUID.fromString(ownerExternalId) : null; 211 191 212 192 final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(ownerExternalUUID, link, text, userID, access, namespace, after, before); 213 193 return new ObjectFactory().createAnnotationInfoList(annotationInfoList); 214 194 } catch (IllegalArgumentException e) { 215 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + ownerExternalId); 216 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + ownerExternalId); 217 return null; 195 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(ownerExternalId), HttpServletResponse.SC_BAD_REQUEST); 218 196 } 219 197 } else { 220 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 221 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 222 return null; 223 } 224 198 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 199 200 } 201 return new ObjectFactory().createAnnotationInfoList(new AnnotationInfoList()); 225 202 } 226 203 … … 240 217 if (dbIntegrityService.canRead(userID, annotationID)) { 241 218 final UserWithPermissionList permissionList = dbIntegrityService.getPermissionsForAnnotation(annotationID); 242 logger.debug("getAnnotationPermissions method: OK");243 219 return new ObjectFactory().createPermissionList(permissionList); 244 220 } else { 245 loggerServer.debug(httpServletResponse.SC_FORBIDDEN + ": The logged-in user cannot read the annotation."); 246 httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation."); 247 return null; 248 } 249 } else { 250 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + externalIdentifier + " is not found in the database"); 251 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + externalIdentifier + " is not found in the database"); 252 return null; 253 } 254 } else { 255 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 256 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 257 return null; 258 } 259 } catch (IllegalArgumentException e) { 260 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + externalIdentifier); 261 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + externalIdentifier); 262 return null; 263 } 221 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_ANNOTATION_READING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 222 } 223 } else { 224 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 225 } 226 } else { 227 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 228 229 } 230 } catch (IllegalArgumentException e) { 231 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(externalIdentifier), HttpServletResponse.SC_BAD_REQUEST); 232 } 233 return new ObjectFactory().createUserWithPermissionList(new UserWithPermissionList()); 264 234 } 265 235 /////////////////////////////////////////////////////// … … 279 249 int[] resultDelete = dbIntegrityService.deleteAnnotation(annotationID); 280 250 String result = Integer.toString(resultDelete[0]); 281 logger.info("deleteAnnotation method: OK");282 251 return result + " annotation(s) deleted."; 283 252 } else { 284 loggerServer.debug(httpServletResponse.SC_FORBIDDEN + ": The logged-in user cannot delete the annotation. Only the owner can delete the annotation."); 285 httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot delete the annotation. Only the owner can delete the annotation."); 286 return null; 287 } 288 } else { 289 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + externalIdentifier + " is not found in the database"); 290 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + externalIdentifier + " is not found in the database."); 291 return null; 292 } 293 294 } else { 295 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database."); 296 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 297 return null; 298 } 299 } catch (IllegalArgumentException e) { 300 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + externalIdentifier); 301 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + externalIdentifier); 302 return null; 303 } 253 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_ANNOTATION_WRITING(externalIdentifier) + " Only a principal with 'owner' access can delete the annotation.", HttpServletResponse.SC_FORBIDDEN); 254 255 } 256 } else { 257 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 258 } 259 260 } else { 261 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 262 263 } 264 } catch (IllegalArgumentException e) { 265 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(externalIdentifier), HttpServletResponse.SC_BAD_REQUEST); 266 } 267 268 return "Due to the failure no annotation is deleted."; 304 269 } 305 270 … … 318 283 return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID)); 319 284 } else { 320 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database");321 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 322 return null;323 }285 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 286 287 } 288 return new ObjectFactory().createResponseBody(new ResponseBody()); 324 289 } 325 290 /////////////////////////////////////////////////////// … … 336 301 337 302 if (!(path + "annotations/" + externalIdentifier).equals(annotationURI)) { 338 loggerServer.debug(httpServletResponse.SC_CONFLICT + "Wrong request: the annotation identifier " + externalIdentifier + " and the annotation ID from the request body do not match. Correct the request and resend."); 339 httpServletResponse.sendError(HttpServletResponse.SC_CONFLICT, "Wrong request: the annotation identifier " + externalIdentifier + " and the annotation ID from the request body do not match. Correct the request and resend."); 340 return null; 303 verboseOutput.sendFailureMessage("Wrong request: the annotation identifier " + externalIdentifier + " and the annotation ID from the request body do not match. Correct the request and resend.", HttpServletResponse.SC_CONFLICT); 304 return new ObjectFactory().createResponseBody(new ResponseBody()); 341 305 } 342 306 … … 351 315 int updatedRows = dbIntegrityService.updateAnnotation(annotation); 352 316 return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID)); 353 354 } else { 355 loggerServer.debug(httpServletResponse.SC_UNAUTHORIZED + "Only the owner can update the annotation fully (incl. permissions). Only writer can update the annotation's body."); 356 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Only the owner can update the annotation fully (incl. permissions). Only writer can update the annotation's body."); 357 return null; 358 } 359 } else { 360 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 361 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 362 return null; 363 } 364 } else { 365 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + externalIdentifier + " is not found in the database"); 366 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + externalIdentifier + " is not found in the database."); 367 return null; 368 } 369 } catch (IllegalArgumentException e) { 370 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + externalIdentifier); 371 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + externalIdentifier); 372 return null; 373 } 317 } else { 318 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_PERMISSION_CHANGING(externalIdentifier) + " Permission changing is the part of the full update of the annotation.", HttpServletResponse.SC_FORBIDDEN); 319 } 320 } else { 321 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 322 } 323 } else { 324 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 325 } 326 } catch (IllegalArgumentException e) { 327 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(externalIdentifier), HttpServletResponse.SC_BAD_REQUEST); 328 } 329 return new ObjectFactory().createResponseBody(new ResponseBody()); 374 330 } 375 331 … … 391 347 return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID)); 392 348 } else { 393 loggerServer.debug(httpServletResponse.SC_UNAUTHORIZED + "The logged-in user cannot change the body of this annotation because (s)he is not its 'writer'."); 394 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged-in user cannot change the body of this annotation because (s)he is not its 'writer'."); 395 return null; 396 } 397 } else { 398 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + externalIdentifier + " is not found in the database"); 399 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + externalIdentifier + " is not found in the database."); 400 return null; 401 } 402 } else { 403 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 404 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 405 return null; 406 } 407 } catch (IllegalArgumentException e) { 408 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + externalIdentifier); 409 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + externalIdentifier); 410 return null; 411 } 349 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_ANNOTATION_WRITING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 350 } 351 } else { 352 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 353 } 354 } else { 355 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 356 357 } 358 } catch (IllegalArgumentException e) { 359 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(externalIdentifier), HttpServletResponse.SC_BAD_REQUEST); 360 } 361 return new ObjectFactory().createResponseBody(new ResponseBody()); 412 362 } 413 363 … … 432 382 ? dbIntegrityService.updateAnnotationPrincipalPermission(annotationID, userID, permission) 433 383 : dbIntegrityService.addAnnotationPrincipalPermission(annotationID, userID, permission); 434 logger.info("updatePermission method: OK");435 384 return result + " rows are updated/added"; 436 385 437 386 } else { 438 loggerServer.debug(httpServletResponse.SC_UNAUTHORIZED + "The logged-in user cannot change the body of this annotation because (s)he is not its 'writer'."); 439 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged-in user cannot change the rights on this annotation because (s)he is not its owner."); 440 return null; 387 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_PERMISSION_CHANGING(annotationExternalId), HttpServletResponse.SC_FORBIDDEN); 441 388 } 442 389 } else { 443 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + annotationExternalId + " is not found in the database"); 444 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + annotationExternalId + " is not found in the database."); 445 return null; 390 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(annotationExternalId), HttpServletResponse.SC_NOT_FOUND); 446 391 } 447 392 } catch (IllegalArgumentException e) { 448 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + annotationExternalId); 449 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + annotationExternalId); 450 return null; 451 } 452 } else { 453 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The user with the given id " + userExternalId + " is not found in the database"); 454 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id " + userExternalId + " is not found in the database."); 455 return null; 393 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(annotationExternalId), HttpServletResponse.SC_BAD_REQUEST); 394 } 395 } else { 396 verboseOutput.sendFailureMessage(VerboseOutput.PRINCIPAL_NOT_FOUND(userExternalId), HttpServletResponse.SC_NOT_FOUND); 456 397 } 457 398 } catch (IllegalArgumentException e) { 458 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + userExternalId); 459 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + userExternalId); 460 return null; 399 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(userExternalId), HttpServletResponse.SC_BAD_REQUEST); 461 400 } 462 401 463 402 } else { 464 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database");465 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 466 return null;467 }403 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 404 405 } 406 return "Due to the failure no permissionis updated."; 468 407 } 469 408 … … 484 423 return new ObjectFactory().createResponseBody(makePermissionResponseEnvelope(annotationID)); 485 424 } else { 486 loggerServer.debug(httpServletResponse.SC_UNAUTHORIZED + "The logged-in user cannot change the access rights on this annotation because (s)he is not its owner."); 487 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged-in user cannot change the access rights on this annotation because (s)he is not its owner."); 488 return null; 489 } 490 } else { 491 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + annotationExternalId + " is not found in the database"); 492 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + annotationExternalId + " is not found in the database."); 493 return null; 494 } 495 } else { 496 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 497 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 498 return null; 499 } 500 } catch (IllegalArgumentException e) { 501 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + annotationExternalId); 502 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + annotationExternalId); 503 return null; 425 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_PERMISSION_CHANGING(annotationExternalId), HttpServletResponse.SC_FORBIDDEN); 426 } 427 } else { 428 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(annotationExternalId), HttpServletResponse.SC_NOT_FOUND); 429 } 430 } else { 431 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 432 433 } 434 return new ObjectFactory().createResponseBody(new ResponseBody()); 435 436 } catch (IllegalArgumentException e) { 437 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(annotationExternalId), HttpServletResponse.SC_BAD_REQUEST); 438 return new ObjectFactory().createResponseBody(new ResponseBody()); 439 504 440 } 505 441 } … … 523 459 524 460 } else { 525 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the user external identifier " + userId + " is not found the the databse."); 526 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The user external identifier " + userId + " is not found the the databse."); 527 461 verboseOutput.sendFailureMessage(VerboseOutput.PRINCIPAL_NOT_FOUND(userId), HttpServletResponse.SC_NOT_FOUND); 528 462 } 529 463 } else { 530 loggerServer.debug(httpServletResponse.SC_UNAUTHORIZED + "The logged-in user cannot change the access rights on this annotation because (s)he is not its owner."); 531 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged-in user cannot change the access rights on this annotation because (s)he is not its owner."); 532 533 } 534 } else { 535 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The annotation with the given id " + annotationId + " is not found in the database"); 536 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id " + annotationId + " is not found in the database."); 537 538 } 539 } else { 540 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 541 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database."); 542 543 } 544 } catch (IllegalArgumentException e) { 545 loggerServer.debug(HttpServletResponse.SC_BAD_REQUEST + ": Illegal argument UUID " + annotationId); 546 httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Illegal argument UUID " + annotationId); 547 464 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_PERMISSION_CHANGING(annotationId), HttpServletResponse.SC_FORBIDDEN); 465 466 } 467 } else { 468 verboseOutput.sendFailureMessage(VerboseOutput.ANNOTATION_NOT_FOUND(annotationId), HttpServletResponse.SC_NOT_FOUND); 469 } 470 } else { 471 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 472 473 } 474 } catch (IllegalArgumentException e) { 475 verboseOutput.sendFailureMessage(VerboseOutput.ILLEGAL_UUID(annotationId), HttpServletResponse.SC_BAD_REQUEST); 548 476 } 549 477 return (deletedRows + " is deleted."); … … 595 523 } 596 524 } 597 598 525 } -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/NotebookResource.java
r4523 r4529 23 23 import eu.dasish.annotation.schema.NotebookInfoList; 24 24 import eu.dasish.annotation.schema.ObjectFactory; 25 import eu.dasish.annotation.schema.Permission; 25 26 import eu.dasish.annotation.schema.ReferenceList; 26 27 import java.io.IOException; … … 67 68 @Context 68 69 protected Providers providers; 69 private final Logger logger = LoggerFactory.getLogger(AnnotationResource.class);70 70 private final Logger loggerServer = LoggerFactory.getLogger(HttpServletResponse.class); 71 private final VerboseOutput verboseOutput = new VerboseOutput(httpServletResponse, loggerServer); 71 72 72 73 public NotebookResource() { 73 74 } 74 75 76 // changed w.r.t.the spec, query parameter persmission is added 75 77 @GET 76 78 @Produces(MediaType.APPLICATION_XML) … … 78 80 @Transactional(readOnly = true) 79 81 public JAXBElement<NotebookInfoList> getNotebookInfos(@QueryParam("permission") String permissionMode) throws IOException { 80 81 URI baseURI = uriInfo.getBaseUri(); 82 String baseURIstr = baseURI.toString(); 83 dbIntegrityService.setServiceURI(baseURIstr); 84 85 String remoteUser = httpServletRequest.getRemoteUser(); 86 final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser); 87 if (userID != null) { 82 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 83 String remoteUser = httpServletRequest.getRemoteUser(); 84 final Number principalID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser); 85 if (principalID != null) { 88 86 if (permissionMode.equalsIgnoreCase("reader") || permissionMode.equalsIgnoreCase("writer") || permissionMode.equalsIgnoreCase("owner")) { 89 NotebookInfoList notebookInfos = dbIntegrityService.getNotebooks( userID, permissionMode);87 NotebookInfoList notebookInfos = dbIntegrityService.getNotebooks(principalID, permissionMode); 90 88 return new ObjectFactory().createNotebookInfoList(notebookInfos); 91 89 } else { 92 loggerServer.debug(httpServletResponse.SC_BAD_REQUEST + ": '" + permissionMode + "' is an invalid permission value, which must be either owner, or reader, or writer."); 93 httpServletResponse.sendError(httpServletResponse.SC_BAD_REQUEST, permissionMode + "' is an invalid permission value, which must be either owner, or reader, or writer."); 94 return null; 95 } 96 } else { 97 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 98 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 99 return null; 100 } 90 verboseOutput.sendFailureMessage(VerboseOutput.INVALID_PERMISSION_MODE(permissionMode), httpServletResponse.SC_BAD_REQUEST); 91 } 92 } else { 93 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 94 } 95 return (new ObjectFactory()).createNotebookInfoList(new NotebookInfoList()); 101 96 } 102 97 … … 107 102 public JAXBElement<ReferenceList> getOwnedNotebooks() throws IOException { 108 103 109 URI baseURI = uriInfo.getBaseUri(); 110 String baseURIstr = baseURI.toString(); 111 dbIntegrityService.setServiceURI(baseURIstr); 104 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 112 105 113 106 String remoteUser = httpServletRequest.getRemoteUser(); … … 117 110 return new ObjectFactory().createReferenceList(references); 118 111 } else { 119 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 120 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 121 return null; 122 } 123 } 124 125 @GET 126 @Produces(MediaType.APPLICATION_XML) 127 @Path("{notebookid: " + BackendConstants.regExpIdentifier + "}/targets") 128 @Transactional(readOnly = true) 129 public JAXBElement<Notebook> getNotebook(@PathParam("notebookid") String externalIdentifier) throws IOException { 130 131 URI baseURI = uriInfo.getBaseUri(); 132 String baseURIstr = baseURI.toString(); 133 dbIntegrityService.setServiceURI(baseURIstr); 134 135 String remoteUser = httpServletRequest.getRemoteUser(); 136 final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser); 137 if (userID != null) { 112 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, httpServletResponse.SC_NOT_FOUND); 113 } 114 return new ObjectFactory().createReferenceList(new ReferenceList()); 115 } 116 117 @GET 118 @Produces(MediaType.APPLICATION_XML) 119 @Path("{notebookid: " + BackendConstants.regExpIdentifier + "}/{permission}") 120 @Transactional(readOnly = true) 121 public JAXBElement<ReferenceList> getPrincipals(@PathParam("notebookid") String externalIdentifier, @PathParam("permission") String permissionMode) throws IOException { 122 123 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 124 125 String remoteUser = httpServletRequest.getRemoteUser(); 126 final Number principalID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser); 127 if (principalID != null) { 138 128 Number notebookID = dbIntegrityService.getNotebookInternalIdentifier(UUID.fromString(externalIdentifier)); 139 129 if (notebookID != null) { 140 Notebook notebook = dbIntegrityService.getNotebook(notebookID); 141 return new ObjectFactory().createNotebook(notebook); 142 } else { 143 loggerServer.debug(HttpServletResponse.SC_NOT_FOUND + ": The notebook with the given id " + externalIdentifier + " is not found in the database"); 144 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The notebook with the given id " + externalIdentifier + " is not found in the database"); 145 return null; 146 } 147 } else { 148 loggerServer.debug(httpServletResponse.SC_NOT_FOUND + ": the logged-in user is not found in the database"); 149 httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged-in user is not found in the database"); 150 return null; 151 } 130 if (dbIntegrityService.hasAccess(notebookID, principalID, Permission.fromValue("reader"))) { 131 ReferenceList principals = dbIntegrityService.getPrincipals(notebookID, permissionMode); 132 return new ObjectFactory().createReferenceList(principals); 133 } else { 134 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_NOTEBOOK_READING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 135 } 136 } else { 137 verboseOutput.sendFailureMessage(VerboseOutput.NOTEBOOK_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 138 } 139 } else { 140 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND); 141 } 142 143 return new ObjectFactory().createReferenceList(new ReferenceList()); 144 } 145 146 // Notebook and NotebookInfo (metadata) schemata may be changed 147 // 1) we do not have information "private notebook" directly in the xml, but we have readers and writers in the schema 148 //so if both are empty then we see that it is private for the owner 149 // or shall we change the scheme? for notebooks 150 // 2) d we need to include the reference list of annotations in teh metadata of the notebook 151 @GET 152 @Produces(MediaType.APPLICATION_XML) 153 @Path("{notebookid: " + BackendConstants.regExpIdentifier + "}/metadata") 154 @Transactional(readOnly = true) 155 public JAXBElement<Notebook> getNotebook(@PathParam("notebookid") String externalIdentifier) throws IOException { 156 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 157 String remoteUser = httpServletRequest.getRemoteUser(); 158 final Number principalID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser); 159 if (principalID != null) { 160 Number notebookID = dbIntegrityService.getNotebookInternalIdentifier(UUID.fromString(externalIdentifier)); 161 if (notebookID != null) { 162 if (dbIntegrityService.hasAccess(notebookID, principalID, Permission.fromValue("reader"))) { 163 Notebook notebook = dbIntegrityService.getNotebook(notebookID); 164 return new ObjectFactory().createNotebook(notebook); 165 } else { 166 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_NOTEBOOK_READING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 167 } 168 } else { 169 verboseOutput.sendFailureMessage(VerboseOutput.NOTEBOOK_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 170 } 171 } else { 172 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND); 173 } 174 return new ObjectFactory().createNotebook(new Notebook()); 175 } 176 177 @GET 178 @Produces(MediaType.APPLICATION_XML) 179 @Path("{notebookid: " + BackendConstants.regExpIdentifier + "}") 180 @Transactional(readOnly = true) 181 public JAXBElement<ReferenceList> getNotebookAnnotations(@PathParam("notebookid") String externalIdentifier, 182 @QueryParam("maximumAnnotations") int maximumAnnotations, 183 @QueryParam("startAnnotation") int startAnnotations, 184 @QueryParam("orderBy") String orderBy, 185 @QueryParam("descending") boolean desc) throws IOException { 186 187 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 188 189 String remoteUser = httpServletRequest.getRemoteUser(); 190 final Number principalID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser); 191 if (principalID != null) { 192 Number notebookID = dbIntegrityService.getNotebookInternalIdentifier(UUID.fromString(externalIdentifier)); 193 if (notebookID != null) { 194 if (dbIntegrityService.hasAccess(notebookID, principalID, Permission.fromValue("reader"))) { 195 ReferenceList annotations = dbIntegrityService.getAnnotationsForNotebook(notebookID, startAnnotations, maximumAnnotations, orderBy, desc); 196 return new ObjectFactory().createReferenceList(annotations); 197 } else { 198 verboseOutput.sendFailureMessage(VerboseOutput.FORBIDDEN_NOTEBOOK_READING(externalIdentifier), HttpServletResponse.SC_FORBIDDEN); 199 } 200 } else { 201 verboseOutput.sendFailureMessage(VerboseOutput.NOTEBOOK_NOT_FOUND(externalIdentifier), HttpServletResponse.SC_NOT_FOUND); 202 } 203 } else { 204 verboseOutput.sendFailureMessage(VerboseOutput.REMOTE_PRINCIPAL_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND); 205 } 206 return new ObjectFactory().createReferenceList(new ReferenceList()); 152 207 } 153 208 } -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/test/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceTest.java
r4523 r4529 985 985 assertEquals(TestBackendConstants._TEST_SERVLET_URI_notebooks + "00000000-0000-0000-0000-000000000014", result.getRef().get(1)); 986 986 } 987 987 988 /* public boolean hasAccess(Number notebookID, Number principalID, Permission permission){ 989 List<Number> notebookIDs = notebookDao.getNotebookIDs(principalID, permission); 990 if (notebookIDs == null) { 991 return false; 992 } 993 return notebookIDs.contains(notebookID); 994 } */ 995 996 @Test 997 public void testHasAccess() { 998 999 1000 final Permission writer = Permission.fromValue("writer"); 1001 final List<Number> mockNotebookIDwriter = new ArrayList<Number>(); 1002 mockNotebookIDwriter.add(1); 1003 mockNotebookIDwriter.add(4); 1004 1005 mockeryDao.checking(new Expectations() { 1006 { 1007 oneOf(notebookDao).getNotebookIDs(2, writer); 1008 will(returnValue(mockNotebookIDwriter)); 1009 1010 oneOf(notebookDao).getNotebookIDs(2, writer); 1011 will(returnValue(mockNotebookIDwriter)); 1012 1013 } 1014 }); 1015 1016 assertTrue(dbIntegrityService.hasAccess(4, 2, writer)); 1017 assertFalse(dbIntegrityService.hasAccess(5, 2, writer)); 1018 } 1019 988 1020 /* 989 1021 public ReferenceList getPrincipals(Number notebookID, String permission) { -
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/test/java/eu/dasish/annotation/backend/rest/AnnotationResourceTest.java
r4491 r4529 68 68 private Mockery mockeryRest; 69 69 @Autowired 70 private MockObjectsFactoryRest mockObjectFactory;71 @Autowired72 70 private DBIntegrityService mockDbIntegrityService; 73 71 @Autowired … … 81 79 mockRequest = new MockHttpServletRequest(); 82 80 mockRequest.setRemoteUser("olhsha@mpi.nl"); 81 83 82 84 83 }
Note: See TracChangeset
for help on using the changeset viewer.