Authorization for GET requests

author: mr <mr@mrautenberg.de> 2011-01-05 10:30:54 +0100
committer: mr <mr@mrautenberg.de> 2011-01-05 10:30:54 +0100
commit: 4c089275d34ba42014e1add97a41ccf351790260 (patch)
tree: 9640ab6a457cd6f9666cd820bd3b0569b0c591cf
parent: b22110ae0d8e902d700e0a3dc629ebfde1edfe10 (diff)
4 files changed, 39 insertions, 30 deletions
diff --git a/lib/dataset.rb b/lib/dataset.rb
index aba7754..52b41a7 100644
--- a/lib/dataset.rb
+++ b/lib/dataset.rb
@@ -14,7 +14,7 @@ module OpenTox
     #   dataset = OpenTox::Dataset.new("http:://webservices.in-silico/ch/dataset/1")
     # @param [optional, String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object
-    def initialize(uri=nil)
+    def initialize(uri=nil,subjectid=nil)
       super uri
       @features = {}
       @compounds = []
@@ -27,7 +27,7 @@ module OpenTox
     # @param [optional, String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object
     def self.create(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
-      dataset = Dataset.new
+      dataset = Dataset.new(nil,subjectid)
       dataset.save(subjectid)
       dataset
     end
@@ -50,17 +50,17 @@ module OpenTox
     # Find a dataset and load all data. This can be time consuming, use Dataset.new together with one of the load_* methods for a fine grained control over data loading.
     # @param [String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object with all data
-    def self.find(uri)
-      dataset = Dataset.new(uri)
-      dataset.load_all
+    def self.find(uri, subjectid=nil)
+      dataset = Dataset.new(uri, subjectid)
+      dataset.load_all(subjectid)
       dataset
     end
 
     # Get all datasets from a service
     # @param [optional,String] uri URI of the dataset service, defaults to service specified in configuration
     # @return [Array] Array of dataset object without data (use one of the load_* methods to pull data from the server)
-    def self.all(uri=CONFIG[:services]["opentox-dataset"])
-      RestClientWrapper.get(uri,:accept => "text/uri-list").to_s.each_line.collect{|u| Dataset.new(u)}
+    def self.all(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
+      RestClientWrapper.get(uri,{:accept => "text/uri-list",:subjectid => subjectid}).to_s.each_line.collect{|u| Dataset.new(u)}
     end
 
     # Load YAML representation into the dataset
@@ -118,9 +118,9 @@ module OpenTox
     end
 
     # Load all data (metadata, data_entries, compounds and features) from URI
-    def load_all
+    def load_all(subjectid=nil)
       if (CONFIG[:yaml_hosts].include?(URI.parse(@uri).host))
-        copy YAML.load(RestClientWrapper.get(@uri, :accept => "application/x-yaml"))
+        copy YAML.load(RestClientWrapper.get(@uri, {:accept => "application/x-yaml", :subjectid => subjectid}))
       else
         parser = Parser::Owl::Dataset.new(@uri)
         copy parser.load_uri
@@ -129,8 +129,8 @@ module OpenTox
 
     # Load and return only compound URIs from the dataset service
     # @return [Array]  Compound URIs in the dataset
-    def load_compounds
-      RestClientWrapper.get(File.join(uri,"compounds"),:accept=> "text/uri-list").to_s.each_line do |compound_uri|
+    def load_compounds(subjectid=nil)
+      RestClientWrapper.get(File.join(uri,"compounds"),{:accept=> "text/uri-list", :subjectid => subjectid}).to_s.each_line do |compound_uri|
         @compounds << compound_uri.chomp
       end
       @compounds.uniq!
@@ -258,7 +258,7 @@ module OpenTox
           task_uri = RestClient.post(@uri, {:file => File.new(@path)},{:accept => "text/uri-list" , :subjectid => subjectid}).to_s.chomp
           #task_uri = `curl -X POST -H "Accept:text/uri-list" -F "file=@#{@path};type=application/rdf+xml" http://apps.ideaconsult.net:8080/ambit2/dataset`
           Task.find(task_uri).wait_for_completion
-          self.uri = RestClientWrapper.get(task_uri,:accept => 'text/uri-list')
+          self.uri = RestClientWrapper.get(task_uri,{:accept => 'text/uri-list', :subjectid => subjectid})
         end
       else
         # create dataset if uri is empty
@@ -293,9 +293,9 @@ module OpenTox
     # Find a prediction dataset and load all data. 
     # @param [String] uri Prediction dataset URI
     # @return [OpenTox::Dataset] Prediction dataset object with all data
-    def self.find(uri)
-      prediction = LazarPrediction.new(uri)
-      prediction.load_all
+    def self.find(uri, subjectid=nil)
+      prediction = LazarPrediction.new(uri, subjectid)
+      prediction.load_all(subjectid)
       prediction
     end
 
diff --git a/lib/feature.rb b/lib/feature.rb
index 9e28077..349f8ae 100644
--- a/lib/feature.rb
+++ b/lib/feature.rb
@@ -2,10 +2,10 @@ module OpenTox
   class Feature
     include OpenTox
 
-    def self.find(uri)
+    def self.find(uri, subjectid=nil)
       feature = Feature.new uri
       if (CONFIG[:yaml_hosts].include?(URI.parse(uri).host))
-        feature.add_metadata YAML.load(RestClientWrapper.get(uri,:accept => "application/x-yaml"))
+        feature.add_metadata YAML.load(RestClientWrapper.get(uri,{:accept => "application/x-yaml", :subjectid => subjectid}))
       else
         feature.add_metadata  Parser::Owl::Dataset.new(uri).load_metadata
       end
diff --git a/lib/helper.rb b/lib/helper.rb
index 965b4ad..cb80018 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -15,21 +15,35 @@ helpers do
     return unless authorized?(subjectid)
   end
 
+  #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
+    uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}")
     if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD'])
-      ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], subjectid)
-      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return #{ret}."
+      ret = OpenTox::Authorization.authorize(uri, request.env['REQUEST_METHOD'], subjectid)
+      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<"
       return ret
     end
     if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD'])
-      if OpenTox::Authorization.is_token_valid(subjectid)
-        return true
-      end
+      return true if OpenTox::Authorization.is_token_valid(subjectid)
     end
     LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}"
     return false
   end
 
+  #cleans URI from querystring and file-extension. Sets port 80 to emptystring
+  # @param [String] uri 
+  def clean_uri(uri)
+    out = URI.parse(uri)
+    "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path.chomp(File.extname(out.path))}"
+  end
+
+  def check_subjectid(subjectid)
+    return false if !subjectid
+    return true if subjectid.size > 62
+    false
+  end
+
+  #unprotected uris for login/logout, webapplication ...
   def unprotected_requests
     case  env['REQUEST_URI']
     when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/
@@ -41,18 +55,13 @@ helpers do
     end
    end
 
-  def check_subjectid(subjectid)
-    return false if !subjectid
-    return true if subjectid.size > 62
-    false
-  end
 end
 
 before do
   unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
       subjectid = session[:subjectid] if session[:subjectid]
-      subjectid = params[:subjectid]  if params[:subjectid]  and !check_subjectid(subjectid)
+      subjectid = params[:subjectid]  if params[:subjectid] and !check_subjectid(subjectid)
       subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
diff --git a/lib/model.rb b/lib/model.rb
index c645bdc..32f5604 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -67,8 +67,8 @@ module OpenTox
       # Find a lazar model
       # @param [String] uri Model URI
       # @return [OpenTox::Model::Lazar] lazar model
-      def self.find(uri)
-        YAML.load RestClientWrapper.get(uri,:accept => 'application/x-yaml')
+      def self.find(uri, subjectid=nil)
+        YAML.load RestClientWrapper.get(uri,{:accept => 'application/x-yaml', :subjectid => subjectid})
       end
 
       # Create a new lazar model
author	mr <mr@mrautenberg.de>	2011-01-05 10:30:54 +0100
committer	mr <mr@mrautenberg.de>	2011-01-05 10:30:54 +0100
commit	4c089275d34ba42014e1add97a41ccf351790260 (patch)
tree	9640ab6a457cd6f9666cd820bd3b0569b0c591cf
parent	b22110ae0d8e902d700e0a3dc629ebfde1edfe10 (diff)