public/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2026-01-01 10:59:28 +00:00
Code Issues Releases Wiki Activity

#32: Comments system (server side)

Browse Source
This commit is contained in:
jendib
2015-11-16 02:22:51 +01:00
parent b3e44b84d2
commit 97252bb5da
30 changed files with 743 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
docs-web/src/main/java/com/sismics/docs/rest/resource/CommentResource.java Normal file
View File

@@ -0,0 +1,150 @@
package com.sismics.docs.rest.resource;
import java.util.List;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.sismics.docs.core.constant.PermType;
import com.sismics.docs.core.dao.jpa.CommentDao;
import com.sismics.docs.core.dao.jpa.DocumentDao;
import com.sismics.docs.core.dao.jpa.dto.CommentDto;
import com.sismics.docs.core.model.jpa.Comment;
import com.sismics.rest.exception.ForbiddenClientException;
import com.sismics.rest.util.ValidationUtil;
/**
* Comment REST resource.
*
* @author bgamard
*/
@Path("/comment")
public class CommentResource extends BaseResource {
/**
* Add a comment.
*
* @param documentId Document ID
* @param content Comment content
* @return Response
*/
@PUT
public Response add(@FormParam("id") String documentId,
@FormParam("content") String content) {
if (!authenticate()) {
throw new ForbiddenClientException();
}
// Validate input data
ValidationUtil.validateRequired(documentId, "id");
content = ValidationUtil.validateLength(content, "content", 1, 4000, false);
// Read access on doc gives access to write comments
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(documentId, PermType.READ, principal.getId()) == null) {
return Response.status(Status.NOT_FOUND).build();
}
// Create the comment
Comment comment = new Comment();
comment.setDocumentId(documentId);
comment.setContent(content);
comment.setUserId(principal.getId());
CommentDao commentDao = new CommentDao();
commentDao.create(comment);
// Returns the comment
JsonObjectBuilder response = Json.createObjectBuilder()
.add("id", comment.getId())
.add("creator", principal.getName())
.add("content", comment.getContent())
.add("create_date", comment.getCreateDate().getTime());
return Response.ok().entity(response.build()).build();
}
/**
* Delete a comment.
*
* @param id Comment ID
* @return Response
*/
@DELETE
@Path("{id: [a-z0-9\\-]+}")
public Response delete(@PathParam("id") String id) {
if (!authenticate()) {
throw new ForbiddenClientException();
}
// Validate input data
ValidationUtil.validateRequired(id, "id");
// Get the comment
CommentDao commentDao = new CommentDao();
Comment comment = commentDao.getActiveById(id);
if (comment == null) {
return Response.status(Status.NOT_FOUND).build();
}
// If the current user owns the comment, skip ACL check
if (!comment.getUserId().equals(principal.getId())) {
// Get the associated document
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(comment.getDocumentId(), PermType.WRITE, principal.getId()) == null) {
return Response.status(Status.NOT_FOUND).build();
}
}
// Delete the comment
commentDao.delete(id);
// Always return OK
JsonObjectBuilder response = Json.createObjectBuilder()
.add("status", "ok");
return Response.ok().entity(response.build()).build();
}
/**
* Get all comments on a document.
*
* @param documentId DocumentID
* @return Response
*/
@GET
@Path("{documentId: [a-z0-9\\-]+}")
public Response get(@PathParam("documentId") String documentId) {
if (!authenticate()) {
throw new ForbiddenClientException();
}
// Read access on doc gives access to read comments
DocumentDao documentDao = new DocumentDao();
if (documentDao.getDocument(documentId, PermType.READ, principal.getId()) == null) {
return Response.status(Status.NOT_FOUND).build();
}
// Assemble results
CommentDao commentDao = new CommentDao();
List<CommentDto> commentDtoList = commentDao.getByDocumentId(documentId);
JsonArrayBuilder comments = Json.createArrayBuilder();
for (CommentDto commentDto : commentDtoList) {
comments.add(Json.createObjectBuilder()
.add("id", commentDto.getId())
.add("content", commentDto.getContent())
.add("creator", commentDto.getCreatorName())
.add("create_date", commentDto.getCreateTimestamp()));
}
// Always return OK
JsonObjectBuilder response = Json.createObjectBuilder()
.add("comments", comments);
return Response.ok().entity(response.build()).build();
}
}

31
docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
View File

@@ -11,7 +11,6 @@ import java.util.UUID;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.persistence.NoResultException;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
@@ -82,17 +81,15 @@ public class DocumentResource extends BaseResource {
DocumentDao documentDao = new DocumentDao();
AclDao aclDao = new AclDao();
DocumentDto documentDto;
try {
documentDto = documentDao.getDocument(documentId);
// Check document visibility
if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
throw new ForbiddenClientException();
}
} catch (NoResultException e) {
DocumentDto documentDto = documentDao.getDocument(documentId);
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
}
// Check document visibility
if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
throw new ForbiddenClientException();
}
JsonObjectBuilder document = Json.createObjectBuilder()
.add("id", documentDto.getId())
@@ -415,9 +412,8 @@ public class DocumentResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
Document document;
try {
document = documentDao.getDocument(id, PermType.WRITE, principal.getId());
} catch (NoResultException e) {
document = documentDao.getDocument(id, PermType.WRITE, principal.getId());
if (document == null) {
return Response.status(Status.NOT_FOUND).build();
}
@@ -492,12 +488,9 @@ public class DocumentResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
FileDao fileDao = new FileDao();
Document document;
List<File> fileList;
try {
document = documentDao.getDocument(id, PermType.WRITE, principal.getId());
fileList = fileDao.getByDocumentId(principal.getId(), id);
} catch (NoResultException e) {
Document document = documentDao.getDocument(id, PermType.WRITE, principal.getId());
List<File> fileList = fileDao.getByDocumentId(principal.getId(), id);
if (document == null) {
return Response.status(Status.NOT_FOUND).build();
}

94
docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
View File

@@ -16,7 +16,6 @@ import java.util.zip.ZipOutputStream;
import javax.json.Json;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObjectBuilder;
import javax.persistence.NoResultException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
@@ -98,9 +97,8 @@ public class FileResource extends BaseResource {
documentId = null;
} else {
DocumentDao documentDao = new DocumentDao();
try {
document = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
} catch (NoResultException e) {
document = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
if (document == null) {
return Response.status(Status.NOT_FOUND).build();
}
}
@@ -190,12 +188,9 @@ public class FileResource extends BaseResource {
// Get the document and the file
DocumentDao documentDao = new DocumentDao();
FileDao fileDao = new FileDao();
Document document;
File file;
try {
file = fileDao.getFile(id, principal.getId());
document = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
} catch (NoResultException e) {
File file = fileDao.getFile(id, principal.getId());
Document document = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
if (file == null || document == null) {
return Response.status(Status.NOT_FOUND).build();
}
@@ -251,9 +246,7 @@ public class FileResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
try {
documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
} catch (NoResultException e) {
if (documentDao.getDocument(documentId, PermType.WRITE, principal.getId()) == null) {
return Response.status(Status.NOT_FOUND).build();
}
@@ -330,19 +323,18 @@ public class FileResource extends BaseResource {
// Get the file
FileDao fileDao = new FileDao();
DocumentDao documentDao = new DocumentDao();
File file;
try {
file = fileDao.getFile(id);
if (file.getDocumentId() == null) {
// It's an orphan file
if (!file.getUserId().equals(principal.getId())) {
// But not ours
throw new ForbiddenClientException();
}
} else {
documentDao.getDocument(file.getDocumentId(), PermType.WRITE, principal.getId());
File file = fileDao.getFile(id);
if (file == null) {
return Response.status(Status.NOT_FOUND).build();
}
if (file.getDocumentId() == null) {
// It's an orphan file
if (!file.getUserId().equals(principal.getId())) {
// But not ours
throw new ForbiddenClientException();
}
} catch (NoResultException e) {
} else if (documentDao.getDocument(file.getDocumentId(), PermType.WRITE, principal.getId()) == null) {
return Response.status(Status.NOT_FOUND).build();
}
@@ -383,26 +375,24 @@ public class FileResource extends BaseResource {
// Get the file
FileDao fileDao = new FileDao();
UserDao userDao = new UserDao();
File file;
try {
file = fileDao.getFile(fileId);
if (file.getDocumentId() == null) {
// It's an orphan file
if (!file.getUserId().equals(principal.getId())) {
// But not ours
throw new ForbiddenClientException();
}
} else {
// Check document accessibility
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(file.getDocumentId(), PermType.READ, shareId == null ? principal.getId() : shareId)) {
throw new ForbiddenClientException();
}
}
} catch (NoResultException e) {
File file = fileDao.getFile(fileId);
if (file == null) {
return Response.status(Status.NOT_FOUND).build();
}
if (file.getDocumentId() == null) {
// It's an orphan file
if (!file.getUserId().equals(principal.getId())) {
// But not ours
throw new ForbiddenClientException();
}
} else {
// Check document accessibility
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(file.getDocumentId(), PermType.READ, shareId == null ? principal.getId() : shareId)) {
throw new ForbiddenClientException();
}
}
// Get the stored file
@@ -470,19 +460,17 @@ public class FileResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
DocumentDto documentDto;
try {
documentDto = documentDao.getDocument(documentId);
// Check document visibility
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
throw new ForbiddenClientException();
}
} catch (NoResultException e) {
DocumentDto documentDto = documentDao.getDocument(documentId);
if (documentDto == null) {
return Response.status(Status.NOT_FOUND).build();
}
// Check document visibility
AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
throw new ForbiddenClientException();
}
// Get files and user associated with this document
FileDao fileDao = new FileDao();
final UserDao userDao = new UserDao();

8
docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
View File

@@ -6,13 +6,13 @@ import java.util.List;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.persistence.NoResultException;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.sismics.docs.core.constant.AclTargetType;
import com.sismics.docs.core.constant.PermType;
@@ -53,10 +53,8 @@ public class ShareResource extends BaseResource {
// Get the document
DocumentDao documentDao = new DocumentDao();
try {
documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
} catch (NoResultException e) {
throw new ClientException("DocumentNotFound", MessageFormat.format("Document not found: {0}", documentId));
if (documentDao.getDocument(documentId, PermType.WRITE, principal.getId()) == null) {
return Response.status(Status.NOT_FOUND).build();
}
// Create the share

3
docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
View File

@@ -17,6 +17,9 @@
<span ng-switch-when="File">
<a ng-href="#/document/view/{{ log.message }}/file/{{ log.target }}">Open</a>
</span>
<span ng-switch-when="Comment">
<a ng-href="#/document/view/{{ log.message }}/comments">See</a>
</span>
<span ng-switch-when="Acl">
{{ log.message }}
</span>