Modified: trunk/lib/authorization.rb (2579 => 2580)
--- trunk/lib/authorization.rb 2011-03-17 13:47:11 UTC (rev 2579)
+++ trunk/lib/authorization.rb 2011-03-17 13:47:43 UTC (rev 2580)
@@ -191,6 +191,19 @@
return true
end
+ # Tagging permissions
+
+ if (object_type == 'Tagging') && (action == 'create')
+
+ # Taggings can only be created by authenticated users
+ return false if user.nil?
+
+ # Taggings can only be set on things that a user can view
+ return Authorization.is_authorized?('view', nil, context, user) if context
+
+ return true
+ end
+
# Bookmark permissions
if (object_type == 'Bookmark') && (action == 'create')
Modified: trunk/lib/rest.rb (2579 => 2580)
--- trunk/lib/rest.rb 2011-03-17 13:47:11 UTC (rev 2579)
+++ trunk/lib/rest.rb 2011-03-17 13:47:43 UTC (rev 2580)
@@ -1900,6 +1900,59 @@
rating_aux('destroy', opts)
end
+# Taggings
+
+def tagging_aux(action, opts)
+
+ # Obtain object
+
+ case action
+ when 'create':
+ return rest_response(401, :reason => "Not authorised to create a tagging") unless Authorization.is_authorized_for_type?('create', 'Tagging', opts[:user], nil)
+
+ ob = Tagging.new(:user => opts[:user])
+ when 'read', 'update', 'destroy':
+ ob = obtain_rest_resource('Tagging', opts[:query]['id'], opts[:query]['version'], opts[:user], action)
+ else
+ raise "Invalid action '#{action}'"
+ end
+
+ return if ob.nil? # appropriate rest response already given
+
+ if action == "destroy"
+
+ ob.destroy
+
+ else
+
+ data = ""
+
+ subject = parse_element(data, :resource, '/tagging/subject')
+ label = parse_element(data, :text, '/tagging/label')
+ tag = parse_element(data, :resource, '/tagging/tag')
+
+ ob.label = label if label
+ ob.tag = tag if tag
+
+ if subject
+ return rest_response(401, :reason => "Not authorised for the specified resource") unless Authorization.is_authorized_for_type?(action, 'Rating', opts[:user], subject)
+ ob.taggable = subject
+ end
+
+ return rest_response(400, :object => ob) unless ob.save
+ end
+
+ rest_get_request(ob, "tagging", opts[:user], rest_resource_uri(ob), "tagging", { "id" => ob.id.to_s })
+end
+
+def post_tagging(opts)
+ tagging_aux('create', opts)
+end
+
+def delete_tagging(opts)
+ tagging_aux('destroy', opts)
+end
+
# Call dispatcher
def rest_call_request(req_uri, format, rules, user, query)
Modified: trunk/test/functional/api_controller_test.rb (2579 => 2580)
--- trunk/test/functional/api_controller_test.rb 2011-03-17 13:47:11 UTC (rev 2579)
+++ trunk/test/functional/api_controller_test.rb 2011-03-17 13:47:43 UTC (rev 2580)
@@ -622,6 +622,78 @@
assert_response(:not_found)
end
+ def test_taggings
+
+ login_as(:john)
+
+ # post a workflow to test with
+
+ content = Base64.encode64(File.read('test/fixtures/files/workflow_dilbert.xml'))
+
+ existing_workflows = Workflow.find(:all)
+
+ rest_request(:post, 'workflow', "<?xml version='1.0'?>
+ <workflow>
+ <title>Unique tags</title>
+ <description>A workflow description.</description>
+ <license-type>by-sa</license-type>
+ <content-type>application/vnd.taverna.scufl+xml</content-type>
+ <content>#{content}</content>
+ </workflow>")
+
+ assert_response(:success)
+
+ extra_workflows = Workflow.find(:all) - existing_workflows
+
+ assert_equal(extra_workflows.length, 1)
+
+ workflow = extra_workflows.first
+ workflow_url = rest_resource_uri(workflow)
+
+ # post a tagging
+
+ existing_taggings = Tagging.find(:all)
+
+ rest_request(:post, 'tagging', "<?xml version='1.0'?>
+ <tagging>
+ <subject resource='#{workflow_url}'/>
+ <label>my test tag</label>
+ </tagging>")
+
+ assert_response(:success)
+
+ extra_taggings = Tagging.find(:all) - existing_taggings
+
+ assert_equal(extra_taggings.length, 1)
+
+ tagging = extra_taggings.first
+
+ assert_equal(tagging.user, users(:john));
+ assert_equal(tagging.taggable, workflow);
+ assert_equal(tagging.label, 'my test tag');
+
+ # update the tagging (which should fail)
+
+ rest_request(:put, 'tagging', "<?xml version='1.0'?>
+ <tagging>
+ <label>fail</label>
+ </tagging>", "id" => tagging.id)
+
+ assert_response(400)
+
+ # delete the tagging
+
+ rest_request(:delete, 'tagging', nil, "id" => tagging.id)
+
+ assert_response(:success)
+
+ # try to get the deleted tagging
+
+ rest_request(:get, 'tagging', nil, "id" => tagging.id)
+
+ assert_response(:not_found)
+ end
+
private
def rest_request(method, uri, data = "" query = {})