Mercurial > lada > lada-server
view src/main/java/de/intevation/lada/rest/ZusatzwertService.java @ 722:c81881dac97e
Switch to shibboleth authorization in all REST-services.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Fri, 14 Aug 2015 09:45:01 +0200 |
parents | 21a49dc9984d |
children | 5bdd1631a451 |
line wrap: on
line source
/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=3) * and comes with ABSOLUTELY NO WARRANTY! Check out * the documentation coming with IMIS-Labordaten-Application for details. */ package de.intevation.lada.rest; import java.sql.Timestamp; import java.util.Date; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.DELETE; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; import de.intevation.lada.lock.LockConfig; import de.intevation.lada.lock.LockType; import de.intevation.lada.lock.ObjectLocker; import de.intevation.lada.model.land.LZusatzWert; import de.intevation.lada.util.annotation.AuthorizationConfig; import de.intevation.lada.util.annotation.RepositoryConfig; import de.intevation.lada.util.auth.Authorization; import de.intevation.lada.util.auth.AuthorizationType; import de.intevation.lada.util.data.QueryBuilder; import de.intevation.lada.util.data.Repository; import de.intevation.lada.util.data.RepositoryType; import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; /** * REST service for Zusatzwert objects. * <p> * The services produce data in the application/json media type. * All HTTP methods use the authorization module to determine if the user is * allowed to perform the requested action. * A typical response holds information about the action performed and the data. * <pre> * <code> * { * "success": [boolean]; * "message": [string], * "data":[{ * "id": [number], * "letzteAenderung": [timestamp], * "messfehler": [number], * "messwertPzs": [number], * "nwgZuMesswert": [number], * "probeId": [number], * "pzsId": [string], * "owner": [boolean], * "readonly": [boolean], * "treeModified": [timestamp], * "parentModified": [timestamp] * }], * "errors": [object], * "warnings": [object], * "readonly": [boolean], * "totalCount": [number] * } * </code> * </pre> * * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> */ @Path("zusatzwert") @RequestScoped public class ZusatzwertService { /** * The data repository granting read/write access. */ @Inject @RepositoryConfig(type=RepositoryType.RW) private Repository defaultRepo; /** * The object lock mechanism. */ @Inject @LockConfig(type=LockType.TIMESTAMP) private ObjectLocker lock; /** * The authorization module. */ @Inject @AuthorizationConfig(type=AuthorizationType.HEADER) private Authorization authorization; /** * Get all Zusatzwert objects. * <p> * The requested objects can be filtered using a URL parameter named * probeId. * <p> * Example: http://example.com/zusatzwert?probeId=[ID] * * * @return Response object containing all Zusatzwert objects. */ @GET @Path("/") @Produces(MediaType.APPLICATION_JSON) public Response get( @Context HttpHeaders headers, @Context HttpServletRequest request, @Context UriInfo info ) { MultivaluedMap<String, String> params = info.getQueryParameters(); if (params.isEmpty() || !params.containsKey("probeId")) { return defaultRepo.getAll(LZusatzWert.class, "land"); } String probeId = params.getFirst("probeId"); QueryBuilder<LZusatzWert> builder = new QueryBuilder<LZusatzWert>( defaultRepo.entityManager("land"), LZusatzWert.class); builder.and("probeId", probeId); return authorization.filter( request, defaultRepo.filter(builder.getQuery(), "land"), LZusatzWert.class); } /** * Get a Zusatzwert object by id. * <p> * The id is appended to the URL as a path parameter. * <p> * Example: http://example.com/zusatzwert/{id} * * @return Response object containing a single Zusatzwert. */ @GET @Path("/{id}") @Produces(MediaType.APPLICATION_JSON) public Response getById( @Context HttpHeaders headers, @Context HttpServletRequest request, @PathParam("id") String id ) { return authorization.filter( request, defaultRepo.getById(LZusatzWert.class, Integer.valueOf(id), "land"), LZusatzWert.class); } /** * Create a Zusatzwert object. * <p> * The new object is embedded in the post data as JSON formatted string. * <p> * <pre> * <code> * { * "owner": [boolean], * "probeId": [number], * "pzsId": [string], * "nwgZuMesswert": [number], * "messwertPzs": [number], * "messfehler": [number], * "treeModified": null, * "parentModified": null, * "letzteAenderung": [date] * } * </code> * </pre> * * @return A response object containing the created Zusatzwert. */ @POST @Path("/") @Produces(MediaType.APPLICATION_JSON) public Response create( @Context HttpHeaders headers, @Context HttpServletRequest request, LZusatzWert zusatzwert ) { if (!authorization.isAuthorized( request, zusatzwert, RequestMethod.POST, LZusatzWert.class) ) { return new Response(false, 699, null); } /* Persist the new object*/ return authorization.filter( request, defaultRepo.create(zusatzwert, "land"), LZusatzWert.class); } /** * Update an existing Zusatzwert object. * <p> * The object to update should come as JSON formatted string. * <pre> * <code> * { * "id": [number], * "owner": [boolean], * "probeId": [number], * "pzsId": [string], * "nwgZuMesswert": [number], * "messwertPzs": [number], * "messfehler": [number], * "treeModified": [timestamp], * "parentModified": [timestamp], * "letzteAenderung": [date] * } * </code> * </pre> * * @return Response object containing the updated Zusatzwert object. */ @PUT @Path("/{id}") @Produces(MediaType.APPLICATION_JSON) public Response update( @Context HttpHeaders headers, @Context HttpServletRequest request, LZusatzWert zusatzwert ) { if (!authorization.isAuthorized( request, zusatzwert, RequestMethod.PUT, LZusatzWert.class) ) { return new Response(false, 699, null); } if (lock.isLocked(zusatzwert)) { return new Response(false, 697, null); } zusatzwert.setLetzteAenderung(new Timestamp(new Date().getTime())); Response response = defaultRepo.update(zusatzwert, "land"); Response updated = defaultRepo.getById( LZusatzWert.class, ((LZusatzWert)response.getData()).getId(), "land"); return authorization.filter( request, updated, LZusatzWert.class); } /** * Delete an existing Zusatzwert object by id. * <p> * The id is appended to the URL as a path parameter. * <p> * Example: http://example.com/zusatzwert/{id} * * @return Response object. */ @DELETE @Path("/{id}") @Produces(MediaType.APPLICATION_JSON) public Response delete( @Context HttpHeaders headers, @Context HttpServletRequest request, @PathParam("id") String id ) { /* Get the object by id*/ Response object = defaultRepo.getById(LZusatzWert.class, Integer.valueOf(id), "land"); LZusatzWert obj = (LZusatzWert)object.getData(); if (!authorization.isAuthorized( request, obj, RequestMethod.DELETE, LZusatzWert.class) ) { return new Response(false, 699, null); } if (lock.isLocked(obj)) { return new Response(false, 697, null); } /* Delete the object*/ return defaultRepo.delete(obj, "land"); } }