def read_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found!', status=404)
failure = _check_action(annotation, 'read', current_user_id())
if failure:
return failure
return jsonify(annotation)
def read_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found!', status=404)
failure = _check_action(annotation, 'read', current_user_id())
if failure:
return failure
return jsonify(annotation)
def create_annotation():
# Only registered users can create annotations
if not auth.verify_request(request):
return _failed_auth_response()
if request.json:
annotation = Annotation(_filter_input(request.json))
annotation['consumer'] = request.headers[auth.HEADER_PREFIX + 'consumer-key']
annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']
annotation.save()
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.', status=400)
def _failed_authz_response(msg=''):
return jsonify(
"Cannot authorize request{0}. Perhaps you're not logged in as "
"a user with appropriate permissions on this annotation?".format(' (' +
msg +
')'),
status=401)
def create_annotation():
# Only registered users can create annotations
if not auth.verify_request(request):
return _failed_auth_response()
if request.json:
annotation = Annotation(_filter_input(request.json))
annotation['consumer'] = request.headers[auth.HEADER_PREFIX +
'consumer-key']
annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']
annotation.save()
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.',
status=400)
def index():
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
annotations = Annotation.search(_user_id=uid)
else:
annotations = Annotation.search()
return jsonify(annotations)
def index():
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
annotations = Annotation.search(_user_id=uid)
else:
annotations = Annotation.search()
return jsonify(annotations)
def update_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found! No update performed.', status=404)
failure = _check_action(annotation, 'update', current_user_id())
if failure:
return failure
if request.json:
updated = _filter_input(request.json)
updated['id'] = id # use id from URL, regardless of what arrives in JSON payload
if 'permissions' in updated and updated['permissions'] != annotation.get('permissions', {}):
if not authz.authorize(annotation, 'admin', current_user_id()):
return _failed_authz_response('permissions update')
annotation.update(updated)
annotation.save()
return jsonify(annotation)
def delete_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found. No delete performed.', status=404)
failure = _check_action(annotation, 'delete', current_user_id())
if failure:
return failure
annotation.delete()
return None, 204
def delete_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found. No delete performed.',
status=404)
failure = _check_action(annotation, 'delete', current_user_id())
if failure:
return failure
annotation.delete()
return None, 204
def update_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found! No update performed.',
status=404)
failure = _check_action(annotation, 'update', current_user_id())
if failure:
return failure
if request.json:
updated = _filter_input(request.json)
updated[
'id'] = id # use id from URL, regardless of what arrives in JSON payload
if 'permissions' in updated and updated[
'permissions'] != annotation.get('permissions', {}):
if not authz.authorize(annotation, 'admin', current_user_id()):
return _failed_authz_response('permissions update')
annotation.update(updated)
annotation.save()
return jsonify(annotation)
def search_annotations():
kwargs = dict(request.args.items())
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
results = Annotation.search(**kwargs)
results = filter(lambda a: authz.authorize(a, 'read', uid), results)
total = Annotation.count(**kwargs)
return jsonify({
'total': total,
'rows': results,
})
def search_annotations():
kwargs = dict(request.args.items())
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
results = Annotation.search(**kwargs)
results = filter(lambda a: authz.authorize(a, 'read', uid), results)
total = Annotation.count(**kwargs)
return jsonify({
'total': total,
'rows': results,
})
def auth_token():
if g.user:
return jsonify(auth.generate_token('annotateit', g.user.username))
else:
root = current_app.config['ROOT_URL']
return jsonify('Please go to {0} to log in!'.format(root), status=401)
def _failed_authz_response(msg=''):
return jsonify("Cannot authorize request{0}. Perhaps you're not logged in as "
"a user with appropriate permissions on this annotation?".format(' (' + msg + ')'),
status=401)
def _failed_auth_response():
return jsonify("Cannot authenticate request. Perhaps you didn't send the "
"X-Annotator-* headers?",
status=401)
def root():
return jsonify("Annotator Store API")
def _failed_auth_response():
return jsonify(
"Cannot authenticate request. Perhaps you didn't send the "
"X-Annotator-* headers?",
status=401)
def root():
return jsonify("Annotator Store API")
def auth_token():
if g.user:
return jsonify(auth.generate_token('annotateit', g.user.username))
else:
root = current_app.config['ROOT_URL']
return jsonify('Please go to {0} to log in!'.format(root), status=401)
