From 4c089275d34ba42014e1add97a41ccf351790260 Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Wed, 5 Jan 2011 10:30:54 +0100
Subject: Authorization for GET requests

---
 lib/dataset.rb | 30 +++++++++++++++---------------
 lib/feature.rb |  4 ++--
 lib/helper.rb  | 31 ++++++++++++++++++++-----------
 lib/model.rb   |  4 ++--
 4 files changed, 39 insertions(+), 30 deletions(-)

diff --git a/lib/dataset.rb b/lib/dataset.rb
index aba7754..52b41a7 100644
--- a/lib/dataset.rb
+++ b/lib/dataset.rb
@@ -14,7 +14,7 @@ module OpenTox
     #   dataset = OpenTox::Dataset.new("http:://webservices.in-silico/ch/dataset/1")
     # @param [optional, String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object
-    def initialize(uri=nil)
+    def initialize(uri=nil,subjectid=nil)
       super uri
       @features = {}
       @compounds = []
@@ -27,7 +27,7 @@ module OpenTox
     # @param [optional, String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object
     def self.create(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
-      dataset = Dataset.new
+      dataset = Dataset.new(nil,subjectid)
       dataset.save(subjectid)
       dataset
     end
@@ -50,17 +50,17 @@ module OpenTox
     # Find a dataset and load all data. This can be time consuming, use Dataset.new together with one of the load_* methods for a fine grained control over data loading.
     # @param [String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object with all data
-    def self.find(uri)
-      dataset = Dataset.new(uri)
-      dataset.load_all
+    def self.find(uri, subjectid=nil)
+      dataset = Dataset.new(uri, subjectid)
+      dataset.load_all(subjectid)
       dataset
     end
 
     # Get all datasets from a service
     # @param [optional,String] uri URI of the dataset service, defaults to service specified in configuration
     # @return [Array] Array of dataset object without data (use one of the load_* methods to pull data from the server)
-    def self.all(uri=CONFIG[:services]["opentox-dataset"])
-      RestClientWrapper.get(uri,:accept => "text/uri-list").to_s.each_line.collect{|u| Dataset.new(u)}
+    def self.all(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
+      RestClientWrapper.get(uri,{:accept => "text/uri-list",:subjectid => subjectid}).to_s.each_line.collect{|u| Dataset.new(u)}
     end
 
     # Load YAML representation into the dataset
@@ -118,9 +118,9 @@ module OpenTox
     end
 
     # Load all data (metadata, data_entries, compounds and features) from URI
-    def load_all
+    def load_all(subjectid=nil)
       if (CONFIG[:yaml_hosts].include?(URI.parse(@uri).host))
-        copy YAML.load(RestClientWrapper.get(@uri, :accept => "application/x-yaml"))
+        copy YAML.load(RestClientWrapper.get(@uri, {:accept => "application/x-yaml", :subjectid => subjectid}))
       else
         parser = Parser::Owl::Dataset.new(@uri)
         copy parser.load_uri
@@ -129,8 +129,8 @@ module OpenTox
 
     # Load and return only compound URIs from the dataset service
     # @return [Array]  Compound URIs in the dataset
-    def load_compounds
-      RestClientWrapper.get(File.join(uri,"compounds"),:accept=> "text/uri-list").to_s.each_line do |compound_uri|
+    def load_compounds(subjectid=nil)
+      RestClientWrapper.get(File.join(uri,"compounds"),{:accept=> "text/uri-list", :subjectid => subjectid}).to_s.each_line do |compound_uri|
         @compounds << compound_uri.chomp
       end
       @compounds.uniq!
@@ -258,7 +258,7 @@ module OpenTox
           task_uri = RestClient.post(@uri, {:file => File.new(@path)},{:accept => "text/uri-list" , :subjectid => subjectid}).to_s.chomp
           #task_uri = `curl -X POST -H "Accept:text/uri-list" -F "file=@#{@path};type=application/rdf+xml" http://apps.ideaconsult.net:8080/ambit2/dataset`
           Task.find(task_uri).wait_for_completion
-          self.uri = RestClientWrapper.get(task_uri,:accept => 'text/uri-list')
+          self.uri = RestClientWrapper.get(task_uri,{:accept => 'text/uri-list', :subjectid => subjectid})
         end
       else
         # create dataset if uri is empty
@@ -293,9 +293,9 @@ module OpenTox
     # Find a prediction dataset and load all data. 
     # @param [String] uri Prediction dataset URI
     # @return [OpenTox::Dataset] Prediction dataset object with all data
-    def self.find(uri)
-      prediction = LazarPrediction.new(uri)
-      prediction.load_all
+    def self.find(uri, subjectid=nil)
+      prediction = LazarPrediction.new(uri, subjectid)
+      prediction.load_all(subjectid)
       prediction
     end
 
diff --git a/lib/feature.rb b/lib/feature.rb
index 9e28077..349f8ae 100644
--- a/lib/feature.rb
+++ b/lib/feature.rb
@@ -2,10 +2,10 @@ module OpenTox
   class Feature
     include OpenTox
 
-    def self.find(uri)
+    def self.find(uri, subjectid=nil)
       feature = Feature.new uri
       if (CONFIG[:yaml_hosts].include?(URI.parse(uri).host))
-        feature.add_metadata YAML.load(RestClientWrapper.get(uri,:accept => "application/x-yaml"))
+        feature.add_metadata YAML.load(RestClientWrapper.get(uri,{:accept => "application/x-yaml", :subjectid => subjectid}))
       else
         feature.add_metadata  Parser::Owl::Dataset.new(uri).load_metadata
       end
diff --git a/lib/helper.rb b/lib/helper.rb
index 965b4ad..cb80018 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -15,21 +15,35 @@ helpers do
     return unless authorized?(subjectid)
   end
 
+  #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
+    uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}")
     if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD'])
-      ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], subjectid)
-      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return #{ret}."
+      ret = OpenTox::Authorization.authorize(uri, request.env['REQUEST_METHOD'], subjectid)
+      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<"
       return ret
     end
     if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD'])
-      if OpenTox::Authorization.is_token_valid(subjectid)
-        return true
-      end
+      return true if OpenTox::Authorization.is_token_valid(subjectid)
     end
     LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}"
     return false
   end
 
+  #cleans URI from querystring and file-extension. Sets port 80 to emptystring
+  # @param [String] uri 
+  def clean_uri(uri)
+    out = URI.parse(uri)
+    "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path.chomp(File.extname(out.path))}"
+  end
+
+  def check_subjectid(subjectid)
+    return false if !subjectid
+    return true if subjectid.size > 62
+    false
+  end
+
+  #unprotected uris for login/logout, webapplication ...
   def unprotected_requests
     case  env['REQUEST_URI']
     when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/
@@ -41,18 +55,13 @@ helpers do
     end
    end
 
-  def check_subjectid(subjectid)
-    return false if !subjectid
-    return true if subjectid.size > 62
-    false
-  end
 end
 
 before do
   unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
       subjectid = session[:subjectid] if session[:subjectid]
-      subjectid = params[:subjectid]  if params[:subjectid]  and !check_subjectid(subjectid)
+      subjectid = params[:subjectid]  if params[:subjectid] and !check_subjectid(subjectid)
       subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
diff --git a/lib/model.rb b/lib/model.rb
index c645bdc..32f5604 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -67,8 +67,8 @@ module OpenTox
       # Find a lazar model
       # @param [String] uri Model URI
       # @return [OpenTox::Model::Lazar] lazar model
-      def self.find(uri)
-        YAML.load RestClientWrapper.get(uri,:accept => 'application/x-yaml')
+      def self.find(uri, subjectid=nil)
+        YAML.load RestClientWrapper.get(uri,{:accept => 'application/x-yaml', :subjectid => subjectid})
       end
 
       # Create a new lazar model
-- 
cgit v1.2.3


From a0bcb593e95320bff832f5cca9b9f4c105c817d3 Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Mon, 10 Jan 2011 17:04:20 +0100
Subject: A&A

---
 lib/authorization.rb |  4 +++-
 lib/dataset.rb       | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/lib/authorization.rb b/lib/authorization.rb
index f9499e6..dab228a 100644
--- a/lib/authorization.rb
+++ b/lib/authorization.rb
@@ -114,7 +114,9 @@ module OpenTox
       begin
         resource = RestClient::Resource.new("#{AA_SERVER}/pol")
         out = resource.get(:subjectid => subjectid)
-        return out.split("\n") 
+        return out.split("\n")
+      rescue RestClient::InternalServerError => e
+        raise e.response  
       rescue
         return nil
       end
diff --git a/lib/dataset.rb b/lib/dataset.rb
index 7c70c9d..52b41a7 100644
--- a/lib/dataset.rb
+++ b/lib/dataset.rb
@@ -14,7 +14,7 @@ module OpenTox
     #   dataset = OpenTox::Dataset.new("http:://webservices.in-silico/ch/dataset/1")
     # @param [optional, String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object
-    def initialize(uri=nil)
+    def initialize(uri=nil,subjectid=nil)
       super uri
       @features = {}
       @compounds = []
@@ -27,7 +27,7 @@ module OpenTox
     # @param [optional, String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object
     def self.create(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
-      dataset = Dataset.new
+      dataset = Dataset.new(nil,subjectid)
       dataset.save(subjectid)
       dataset
     end
@@ -38,29 +38,29 @@ module OpenTox
     # - you will have to set remaining metadata manually
     # @param [String] file CSV file path
     # @return [OpenTox::Dataset] Dataset object with CSV data
-    def self.create_from_csv_file(file) 
-      dataset = Dataset.create
+    def self.create_from_csv_file(file, subjectid=nil) 
+      dataset = Dataset.create(CONFIG[:services]["opentox-dataset"], subjectid)
       parser = Parser::Spreadsheets.new
       parser.dataset = dataset
       parser.load_csv(File.open(file).read)
-      dataset.save
+      dataset.save(subjectid)
       dataset
     end
 
     # Find a dataset and load all data. This can be time consuming, use Dataset.new together with one of the load_* methods for a fine grained control over data loading.
     # @param [String] uri Dataset URI
     # @return [OpenTox::Dataset] Dataset object with all data
-    def self.find(uri)
-      dataset = Dataset.new(uri)
-      dataset.load_all
+    def self.find(uri, subjectid=nil)
+      dataset = Dataset.new(uri, subjectid)
+      dataset.load_all(subjectid)
       dataset
     end
 
     # Get all datasets from a service
     # @param [optional,String] uri URI of the dataset service, defaults to service specified in configuration
     # @return [Array] Array of dataset object without data (use one of the load_* methods to pull data from the server)
-    def self.all(uri=CONFIG[:services]["opentox-dataset"])
-      RestClientWrapper.get(uri,:accept => "text/uri-list").to_s.each_line.collect{|u| Dataset.new(u)}
+    def self.all(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
+      RestClientWrapper.get(uri,{:accept => "text/uri-list",:subjectid => subjectid}).to_s.each_line.collect{|u| Dataset.new(u)}
     end
 
     # Load YAML representation into the dataset
@@ -89,8 +89,8 @@ module OpenTox
     # - you will have to set remaining metadata manually
     # @param [String] csv CSV representation of the dataset
     # @return [OpenTox::Dataset] Dataset object with CSV data
-    def load_csv(csv) 
-      save unless @uri # get a uri for creating features
+    def load_csv(csv, subjectid=nil) 
+      save(subjectid) unless @uri # get a uri for creating features
       parser = Parser::Spreadsheets.new
       parser.dataset = self
       parser.load_csv(csv)
@@ -102,8 +102,8 @@ module OpenTox
     # - you will have to set remaining metadata manually
     # @param [Excel] book Excel workbook object (created with roo gem)
     # @return [OpenTox::Dataset] Dataset object with Excel data
-    def load_spreadsheet(book)
-      save unless @uri # get a uri for creating features
+    def load_spreadsheet(book, subjectid=nil)
+      save(subjectid) unless @uri # get a uri for creating features
       parser = Parser::Spreadsheets.new
       parser.dataset = self
       parser.load_spreadsheet(book)
@@ -118,9 +118,9 @@ module OpenTox
     end
 
     # Load all data (metadata, data_entries, compounds and features) from URI
-    def load_all
+    def load_all(subjectid=nil)
       if (CONFIG[:yaml_hosts].include?(URI.parse(@uri).host))
-        copy YAML.load(RestClientWrapper.get(@uri, :accept => "application/x-yaml"))
+        copy YAML.load(RestClientWrapper.get(@uri, {:accept => "application/x-yaml", :subjectid => subjectid}))
       else
         parser = Parser::Owl::Dataset.new(@uri)
         copy parser.load_uri
@@ -129,8 +129,8 @@ module OpenTox
 
     # Load and return only compound URIs from the dataset service
     # @return [Array]  Compound URIs in the dataset
-    def load_compounds
-      RestClientWrapper.get(File.join(uri,"compounds"),:accept=> "text/uri-list").to_s.each_line do |compound_uri|
+    def load_compounds(subjectid=nil)
+      RestClientWrapper.get(File.join(uri,"compounds"),{:accept=> "text/uri-list", :subjectid => subjectid}).to_s.each_line do |compound_uri|
         @compounds << compound_uri.chomp
       end
       @compounds.uniq!
@@ -258,7 +258,7 @@ module OpenTox
           task_uri = RestClient.post(@uri, {:file => File.new(@path)},{:accept => "text/uri-list" , :subjectid => subjectid}).to_s.chomp
           #task_uri = `curl -X POST -H "Accept:text/uri-list" -F "file=@#{@path};type=application/rdf+xml" http://apps.ideaconsult.net:8080/ambit2/dataset`
           Task.find(task_uri).wait_for_completion
-          self.uri = RestClientWrapper.get(task_uri,:accept => 'text/uri-list')
+          self.uri = RestClientWrapper.get(task_uri,{:accept => 'text/uri-list', :subjectid => subjectid})
         end
       else
         # create dataset if uri is empty
@@ -268,8 +268,8 @@ module OpenTox
     end
 
     # Delete dataset at the dataset service
-    def delete
-      RestClientWrapper.delete @uri
+    def delete(subjectid=nil)
+      RestClientWrapper.delete(@uri, :subjectid => subjectid)
     end
 
     private
@@ -293,9 +293,9 @@ module OpenTox
     # Find a prediction dataset and load all data. 
     # @param [String] uri Prediction dataset URI
     # @return [OpenTox::Dataset] Prediction dataset object with all data
-    def self.find(uri)
-      prediction = LazarPrediction.new(uri)
-      prediction.load_all
+    def self.find(uri, subjectid=nil)
+      prediction = LazarPrediction.new(uri, subjectid)
+      prediction.load_all(subjectid)
       prediction
     end
 
-- 
cgit v1.2.3


From 57cab7b2e22b4f07ee7f53afb15d05873abeca6d Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Mon, 10 Jan 2011 17:04:49 +0100
Subject: A&A

---
 lib/helper.rb | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/lib/helper.rb b/lib/helper.rb
index 6b616bc..857c5b5 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -15,25 +15,42 @@ helpers do
     return unless authorized?(subjectid)
   end
 
+  #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
+    uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}")
     if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD'])
-      ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], subjectid)
-      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return #{ret}."
+      ret = OpenTox::Authorization.authorize(uri, request.env['REQUEST_METHOD'], subjectid)
+      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<"
       return ret
     end
     if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD'])
-      if OpenTox::Authorization.is_token_valid(subjectid)
-        return true
-      end
+      return true if OpenTox::Authorization.is_token_valid(subjectid)
     end
     LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}"
     return false
   end
 
+  #cleans URI from querystring and file-extension. Sets port 80 to emptystring
+  # @param [String] uri 
+  def clean_uri(uri)
+    out = URI.parse(uri)
+    out.path = out.path[0, out.path.rindex(/[0-9]/) + 1] if out.path.rindex(/[0-9]/) #cuts after id for a&a
+    "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path}"
+  end
+
+  def check_subjectid(subjectid)
+    return false if !subjectid
+    return true if subjectid.size > 62
+    false
+  end
+
+  #unprotected uris for login/logout, webapplication ...
   def unprotected_requests
     case  env['REQUEST_URI']
     when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/
       return true
+    when /\/features/
+      return false
     when /\/compound|\/feature|\/task|\/toxcreate/   #to fix: read from config | validation should be protected
       return true
     else
@@ -41,23 +58,18 @@ helpers do
     end
    end
 
-  def check_subjectid(subjectid)
-    return false if !subjectid
-    return true if subjectid.size > 62
-    false
-  end
 end
 
 before do
   unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
       subjectid = session[:subjectid] if session[:subjectid]
-      subjectid = params[:subjectid]  if params[:subjectid]  and !check_subjectid(subjectid)
+      subjectid = params[:subjectid]  if params[:subjectid] and !check_subjectid(subjectid)
       subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
     rescue
-      LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid."
+      LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid for URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}"
       subjectid = ""
     end
     protected!(subjectid) if AA_SERVER
-- 
cgit v1.2.3


From 7327b1632cdaafd2d49d1ba8703a962f3c0e00d6 Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Mon, 10 Jan 2011 17:05:07 +0100
Subject: A&A

---
 lib/model.rb | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/model.rb b/lib/model.rb
index 953bb6c..32f5604 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -67,8 +67,8 @@ module OpenTox
       # Find a lazar model
       # @param [String] uri Model URI
       # @return [OpenTox::Model::Lazar] lazar model
-      def self.find(uri)
-        YAML.load RestClientWrapper.get(uri,:accept => 'application/x-yaml')
+      def self.find(uri, subjectid=nil)
+        YAML.load RestClientWrapper.get(uri,{:accept => 'application/x-yaml', :subjectid => subjectid})
       end
 
       # Create a new lazar model
@@ -90,8 +90,8 @@ module OpenTox
       # Predict a dataset
       # @param [String] dataset_uri Dataset URI
       # @return [OpenTox::Dataset] Dataset with predictions
-      def predict_dataset(dataset_uri)
-        @prediction_dataset = Dataset.create
+      def predict_dataset(dataset_uri, subjectid=nil)
+        @prediction_dataset = Dataset.create(CONFIG[:services]["opentox-dataset"], subjectid)
         @prediction_dataset.add_metadata({
           OT.hasSource => @uri,
           DC.creator => @uri,
@@ -101,9 +101,9 @@ module OpenTox
         d = Dataset.new(dataset_uri)
         d.load_compounds
         d.compounds.each do |compound_uri|
-          predict(compound_uri,false)
+          predict(compound_uri,false,subjectid)
         end
-        @prediction_dataset.save
+        @prediction_dataset.save(subjectid)
         @prediction_dataset
       end
 
@@ -129,7 +129,7 @@ module OpenTox
           } )
         end
 
-        return @prediction_dataset if database_activity
+        return @prediction_dataset if database_activity(subjectid)
 
         neighbors
         prediction = eval("#{@prediction_algorithm}(@neighbors,{:similarity_algorithm => @similarity_algorithm, :p_values => @p_values})")
@@ -245,11 +245,11 @@ module OpenTox
 
       # Find database activities and store them in @prediction_dataset
       # @return [Boolean] true if compound has databasse activities, false if not
-      def database_activity
+      def database_activity(subjectid)
         if @activities[@compound.uri]
           @activities[@compound.uri].each { |act| @prediction_dataset.add @compound.uri, @metadata[OT.dependentVariables], act }
           @prediction_dataset.add_metadata(OT.hasSource => @metadata[OT.trainingDataset])
-          @prediction_dataset.save
+          @prediction_dataset.save(subjectid)
           true
         else
           false
@@ -262,8 +262,8 @@ module OpenTox
       end
 
       # Delete model at model service
-      def delete
-        RestClientWrapper.delete @uri unless @uri == CONFIG[:services]["opentox-model"]
+      def delete(subjectid)
+        RestClientWrapper.delete(@uri, :subjectid => subjectid) unless @uri == CONFIG[:services]["opentox-model"]
       end
 
     end
-- 
cgit v1.2.3


From ecdd0347a347bd2ac5fa9e6a41ec7475b007309d Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Mon, 10 Jan 2011 17:47:09 +0100
Subject: A&A extent

---
 lib/feature.rb |  4 ++--
 lib/model.rb   |  8 ++++----
 lib/policy.rb  |  9 +++++++++
 lib/task.rb    | 12 ++++++------
 4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/lib/feature.rb b/lib/feature.rb
index 9e28077..349f8ae 100644
--- a/lib/feature.rb
+++ b/lib/feature.rb
@@ -2,10 +2,10 @@ module OpenTox
   class Feature
     include OpenTox
 
-    def self.find(uri)
+    def self.find(uri, subjectid=nil)
       feature = Feature.new uri
       if (CONFIG[:yaml_hosts].include?(URI.parse(uri).host))
-        feature.add_metadata YAML.load(RestClientWrapper.get(uri,:accept => "application/x-yaml"))
+        feature.add_metadata YAML.load(RestClientWrapper.get(uri,{:accept => "application/x-yaml", :subjectid => subjectid}))
       else
         feature.add_metadata  Parser::Owl::Dataset.new(uri).load_metadata
       end
diff --git a/lib/model.rb b/lib/model.rb
index 32f5604..7aa3f5c 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -60,8 +60,8 @@ module OpenTox
 
       # Get URIs of all lazar models
       # @return [Array] List of lazar model URIs
-      def self.all
-        RestClientWrapper.get(CONFIG[:services]["opentox-model"]).to_s.split("\n")
+      def self.all(subjectid=nil)
+        RestClientWrapper.get(CONFIG[:services]["opentox-model"], :subjectid => subjectid).to_s.split("\n")
       end
 
       # Find a lazar model
@@ -77,7 +77,7 @@ module OpenTox
       def self.create(params)
         lazar_algorithm = OpenTox::Algorithm::Generic.new File.join( CONFIG[:services]["opentox-algorithm"],"lazar")
         model_uri = lazar_algorithm.run(params)
-        OpenTox::Model::Lazar.find(model_uri)
+        OpenTox::Model::Lazar.find(model_uri, params[:subjectid])
       end
 
       # Get a parameter value
@@ -98,7 +98,7 @@ module OpenTox
           DC.title => URI.decode(File.basename( @metadata[OT.dependentVariables] )),
           OT.parameters => [{DC.title => "dataset_uri", OT.paramValue => dataset_uri}]
         })
-        d = Dataset.new(dataset_uri)
+        d = Dataset.new(dataset_uri,subjectid)
         d.load_compounds
         d.compounds.each do |compound_uri|
           predict(compound_uri,false,subjectid)
diff --git a/lib/policy.rb b/lib/policy.rb
index 0ef8298..9c81fbd 100644
--- a/lib/policy.rb
+++ b/lib/policy.rb
@@ -33,6 +33,15 @@ module OpenTox
       return true
     end
 
+        #drop all policies in a policies instance
+    def names
+      out = []
+      @policies.each do |name, policy|
+        out << name 
+      end
+      return out
+    end
+
     #loads a default policy template in policies instance
     def load_default_policy(user, uri, group="member")    
       template = case user
diff --git a/lib/task.rb b/lib/task.rb
index 18fba6e..9cf909f 100644
--- a/lib/task.rb
+++ b/lib/task.rb
@@ -50,12 +50,12 @@ module OpenTox
       cpu_load = `cat /proc/loadavg`.split(/\s+/)[0..2].collect{|c| c.to_f}
       nr_cpu_cores = `cat /proc/cpuinfo |grep "cpu cores"|cut -d ":" -f2|tr -d " "`.split("\n").collect{|c| c.to_i}.inject{|sum,n| sum+n}
       nr_cpu_cores = 1 if !nr_cpu_cores
-      if cpu_load[0] > nr_cpu_cores and cpu_load[0] > cpu_load[1] and cpu_load[1] > cpu_load[2] # average CPU load of the last minute is high and CPU load is increasing
-        LOGGER.warn "Cannot start task  - CPU load too high (#{cpu_load.join(", ")})"
-        task.cancel
-        return task
-        #raise "Server too busy to start a new task"
-      end
+      #if cpu_load[0] > nr_cpu_cores and cpu_load[0] > cpu_load[1] and cpu_load[1] > cpu_load[2] # average CPU load of the last minute is high and CPU load is increasing
+      #  LOGGER.warn "Cannot start task  - CPU load too high (#{cpu_load.join(", ")})"
+      #  task.cancel
+      #  return task
+      #  #raise "Server too busy to start a new task"
+      #end
 
 
       task_pid = Spork.spork(:logger => LOGGER) do
-- 
cgit v1.2.3


From 2aafed7543287c420a5aa2e751b8c74ad771d14c Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Thu, 13 Jan 2011 12:01:19 +0100
Subject: A&A for GET requests

---
 lib/dataset.rb | 22 +++++++++++-----------
 lib/model.rb   |  2 +-
 lib/opentox.rb |  8 ++++----
 lib/parser.rb  | 17 ++++++++++-------
 4 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/lib/dataset.rb b/lib/dataset.rb
index 52b41a7..a85c2b5 100644
--- a/lib/dataset.rb
+++ b/lib/dataset.rb
@@ -60,7 +60,7 @@ module OpenTox
     # @param [optional,String] uri URI of the dataset service, defaults to service specified in configuration
     # @return [Array] Array of dataset object without data (use one of the load_* methods to pull data from the server)
     def self.all(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil)
-      RestClientWrapper.get(uri,{:accept => "text/uri-list",:subjectid => subjectid}).to_s.each_line.collect{|u| Dataset.new(u)}
+      RestClientWrapper.get(uri,{:accept => "text/uri-list",:subjectid => subjectid}).to_s.each_line.collect{|u| Dataset.new(u, subjectid)}
     end
 
     # Load YAML representation into the dataset
@@ -77,10 +77,10 @@ module OpenTox
     # Load RDF/XML representation from a file
     # @param [String] file File with RDF/XML representation of the dataset
     # @return [OpenTox::Dataset] Dataset object with RDF/XML data
-    def load_rdfxml_file(file)
-      parser = Parser::Owl::Dataset.new @uri
+    def load_rdfxml_file(file, subjectid=nil)
+      parser = Parser::Owl::Dataset.new @uri, subjectid
       parser.uri = file.path
-      copy parser.load_uri
+      copy parser.load_uri(subjectid)
     end
 
     # Load CSV string (format specification: http://toxcreate.org/help)
@@ -111,8 +111,8 @@ module OpenTox
     
     # Load and return only metadata of a Dataset object
     # @return [Hash] Metadata of the dataset
-    def load_metadata
-      add_metadata Parser::Owl::Dataset.new(@uri).load_metadata
+    def load_metadata(subjectid=nil)
+      add_metadata Parser::Owl::Dataset.new(@uri, subjectid).load_metadata(subjectid)
       self.uri = @uri if @uri # keep uri
       @metadata
     end
@@ -122,8 +122,8 @@ module OpenTox
       if (CONFIG[:yaml_hosts].include?(URI.parse(@uri).host))
         copy YAML.load(RestClientWrapper.get(@uri, {:accept => "application/x-yaml", :subjectid => subjectid}))
       else
-        parser = Parser::Owl::Dataset.new(@uri)
-        copy parser.load_uri
+        parser = Parser::Owl::Dataset.new(@uri, subjectid)
+        copy parser.load_uri(subjectid)
       end
     end
 
@@ -138,9 +138,9 @@ module OpenTox
 
     # Load and return only features from the dataset service
     # @return [Hash]  Features of the dataset
-    def load_features
-      parser = Parser::Owl::Dataset.new(@uri)
-      @features = parser.load_features
+    def load_features(subjectid=nil)
+      parser = Parser::Owl::Dataset.new(@uri, subjectid)
+      @features = parser.load_features(subjectid)
       @features
     end
 
diff --git a/lib/model.rb b/lib/model.rb
index 7aa3f5c..6ef4af2 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -99,7 +99,7 @@ module OpenTox
           OT.parameters => [{DC.title => "dataset_uri", OT.paramValue => dataset_uri}]
         })
         d = Dataset.new(dataset_uri,subjectid)
-        d.load_compounds
+        d.load_compounds(subjectid)
         d.compounds.each do |compound_uri|
           predict(compound_uri,false,subjectid)
         end
diff --git a/lib/opentox.rb b/lib/opentox.rb
index 90683e5..f1af5c3 100644
--- a/lib/opentox.rb
+++ b/lib/opentox.rb
@@ -19,14 +19,14 @@ module OpenTox
 
   # Get all objects from a service
   # @return [Array] List of available URIs
-  def self.all(uri)
-    RestClientWrapper.get(uri,:accept => "text/uri-list").to_s.split(/\n/)
+  def self.all(uri, subjectid=nil)
+    RestClientWrapper.get(uri,:accept => "text/uri-list", :subjectid => subjectid).to_s.split(/\n/)
   end
 
   # Load (and return) metadata from object URI
   # @return [Hash] Metadata
-  def load_metadata
-    @metadata = Parser::Owl::Generic.new(@uri).load_metadata
+  def load_metadata(subjectid=nil)
+    @metadata = Parser::Owl::Generic.new(@uri).load_metadata(subjectid)
     @metadata
   end
 
diff --git a/lib/parser.rb b/lib/parser.rb
index b727412..a913cf2 100644
--- a/lib/parser.rb
+++ b/lib/parser.rb
@@ -29,14 +29,14 @@ module OpenTox
 
       # Read metadata from opentox service
       # @return [Hash] Object metadata
-      def load_metadata
+      def load_metadata(subjectid=nil)
 
         if @dataset
           uri = File.join(@uri,"metadata")
         else
           uri = @uri
         end
-
+        uri += "?subjectid=#{CGI.escape(subjectid)}" if subjectid 
         statements = []
         parameter_ids = []
         `rapper -i rdfxml -o ntriples #{uri} 2>/dev/null`.each_line do |line|
@@ -71,9 +71,9 @@ module OpenTox
         # Create a new OWL-DL dataset parser
         # @param uri Dataset URI 
         # @return [OpenTox::Parser::Owl::Dataset] OWL-DL parser
-        def initialize(uri)
+        def initialize(uri, subjectid=nil)
           super uri
-          @dataset = ::OpenTox::Dataset.new(@uri)
+          @dataset = ::OpenTox::Dataset.new(@uri, subjectid)
         end
 
         # Read data from dataset service. Files can be parsed by setting #uri to a filename (after initialization with a real URI)
@@ -87,12 +87,14 @@ module OpenTox
         #   dataset = parser.load_uri
         #   dataset.save
         # @return [Hash] Internal dataset representation
-        def load_uri
+        def load_uri(subjectid=nil)
+          uri = @uri
+          uri += "?subjectid=#{CGI.escape(subjectid)}" if subjectid
           data = {}
           feature_values = {}
           feature = {}
           other_statements = {}
-          `rapper -i rdfxml -o ntriples #{@uri} 2>/dev/null`.each_line do |line|
+          `rapper -i rdfxml -o ntriples #{uri} 2>/dev/null`.each_line do |line|
             triple = line.chomp.split(' ',3)
             triple = triple[0..2].collect{|i| i.sub(/\s+.$/,'').gsub(/[<>"]/,'')}
             case triple[1] 
@@ -122,8 +124,9 @@ module OpenTox
 
         # Read only features from a dataset service. 
         # @return [Hash] Internal features representation
-        def load_features
+        def load_features(subjectid=nil)
           uri = File.join(@uri,"features")
+          uri += "?subjectid=#{CGI.escape(subjectid)}" if subjectid 
           statements = []
           features = Set.new
           `rapper -i rdfxml -o ntriples #{uri} 2>/dev/null`.each_line do |line|
-- 
cgit v1.2.3


From 9197d6a6503b3995e6f9499840e91a9ed6d3a1db Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Tue, 18 Jan 2011 13:07:52 +0100
Subject: get subjectid from api-wrapper helper

---
 lib/environment.rb |  3 +++
 lib/helper.rb      | 13 ++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/environment.rb b/lib/environment.rb
index 1761d92..203ebc6 100644
--- a/lib/environment.rb
+++ b/lib/environment.rb
@@ -84,6 +84,9 @@ class OwlNamespace
 end
 
 AA_SERVER = CONFIG[:authorization] ? (CONFIG[:authorization][:server] ? CONFIG[:authorization][:server] : nil) : nil
+CONFIG[:authorization][:authenticate_request] = [""] unless CONFIG[:authorization][:authenticate_request]
+CONFIG[:authorization][:authorize_request] =  [""] unless CONFIG[:authorization][:authorize_request]
+CONFIG[:authorization][:free_request] =  [""] unless CONFIG[:authorization][:free_request]
 
 RDF = OwlNamespace.new 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'
 OWL = OwlNamespace.new 'http://www.w3.org/2002/07/owl#'
diff --git a/lib/helper.rb b/lib/helper.rb
index 857c5b5..cc643f3 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -17,16 +17,18 @@ helpers do
 
   #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
+    request_method = request.env['REQUEST_METHOD']
     uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}")
-    if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD'])
-      ret = OpenTox::Authorization.authorize(uri, request.env['REQUEST_METHOD'], subjectid)
-      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<"
+    request_method = "GET" if request_method == "POST" &&  uri =~ /\/model\/\d+\/?$/
+    if CONFIG[:authorization][:authorize_request].include?(request_method)
+      ret = OpenTox::Authorization.authorize(uri, request_method, subjectid)
+      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request_method} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<"
       return ret
     end
-    if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD'])
+    if CONFIG[:authorization][:authenticate_request].include?(request_method)
       return true if OpenTox::Authorization.is_token_valid(subjectid)
     end
-    LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}"
+    LOGGER.debug "Not authorized for: #{uri} with Method: #{request.env['REQUEST_METHOD']}/#{request_method} with Token #{subjectid}"
     return false
   end
 
@@ -68,6 +70,7 @@ before do
       subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
+      @subjectid = subjectid
     rescue
       LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid for URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}"
       subjectid = ""
-- 
cgit v1.2.3


From dbd302164b74de2b241627bcc205de7245ea0da1 Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Tue, 18 Jan 2011 17:15:14 +0100
Subject: refactoring A&A

---
 lib/authorization.rb |  6 +++++-
 lib/helper.rb        | 30 ++++++++++++++----------------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/lib/authorization.rb b/lib/authorization.rb
index dab228a..7e898cc 100644
--- a/lib/authorization.rb
+++ b/lib/authorization.rb
@@ -286,7 +286,11 @@ module OpenTox
       end
       true
     end    
-    
+
+    class << self    
+      alias :token_valid? :is_token_valid
+    end
+
   end 
 end
 
diff --git a/lib/helper.rb b/lib/helper.rb
index cc643f3..5fe1857 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -3,18 +3,21 @@ helpers do
   # Authentification
   def protected!(subjectid)
     if env["session"]
-      flash[:notice] = "You don't have access to this section: " and \
-      redirect back and \
-      return unless authorized?(subjectid)
+      unless authorized?(subjectid)
+        flash[:notice] = "You don't have access to this section: "
+        redirect back
+      end
     elsif !env["session"] && subjectid
-      throw(:halt, [401, "Not authorized.\n"]) and \
-      redirect back and \
-      return unless authorized?(subjectid)
+      unless authorized?(subjectid)
+        throw(:halt, [401, "Not authorized.\n"])
+        redirect back
+      end
+    else
+      throw(:halt, [401, "Not authorized.\n"]) unless authorized?(subjectid)
     end
-    throw(:halt, [401, "Not authorized.\n"]) and \
-    return unless authorized?(subjectid)
   end
 
+
   #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
     request_method = request.env['REQUEST_METHOD']
@@ -40,12 +43,6 @@ helpers do
     "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path}"
   end
 
-  def check_subjectid(subjectid)
-    return false if !subjectid
-    return true if subjectid.size > 62
-    false
-  end
-
   #unprotected uris for login/logout, webapplication ...
   def unprotected_requests
     case  env['REQUEST_URI']
@@ -65,9 +62,10 @@ end
 before do
   unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
+      subjectid = nil
       subjectid = session[:subjectid] if session[:subjectid]
-      subjectid = params[:subjectid]  if params[:subjectid] and !check_subjectid(subjectid)
-      subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
+      subjectid = params[:subjectid]  if params[:subjectid] and !subjectid
+      subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !subjectid
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
       @subjectid = subjectid
-- 
cgit v1.2.3