root/trunk/grails-app/controllers/RestController.groovy @ 935

Revision 935, 11.4 KB (checked in by j.saito@…, 4 years ago)

Added dummy REST resource for getAuthorizationLevel.

Line 
1/**
2 * RestController
3 *
4 * This controler provides a REST service.
5 * The names of the RESET resources are the same as the names of this
6 * controller's actions. E.g., the resources called getStudies simply
7 * corresponds to the action getStudies. Some of the resources are parameterized.
8 * The parameters are passed as parameters in the url and are available in the
9 * params respecting Grails' conventions. In this file, we adher to the javadoc 
10 * convention for describing parameters ("@param"), but actually we mean
11 * key-value pairs in the params object of each Grails action we comment on.
12 *
13 * @author      Jahn-Takeshi Saito
14 * @since       20100601
15 *
16 */
17
18import dbnp.studycapturing.Study
19import dbnp.studycapturing.Assay
20import dbnp.user.User
21import grails.converters.*
22import nl.metabolomicscentre.dsp.http.BasicAuthentication
23
24
25class RestController {
26
27
28
29       /**************************************************/
30      /** Rest resources for Simple Assay Module (SAM) **/
31     /**************************************************/
32
33        def authService
34        def beforeInterceptor = [action:this.&auth,except:["isUser"]]
35        def credentials
36        def requestUser = User.findByName( "user" )
37
38        /**
39         * Authorization closure, which is run before executing any of the REST resource actions
40         * It fetches a username/password combination from basic HTTP authentication and checks whether
41         * that is an active (nimble) account
42         * @return
43         */
44        private def auth() {
45
46            credentials = BasicAuthentication.credentialsFromRequest(request)
47                //requestUser = authService.authUser(credentials.u,credentials.p)
48                // we circumvene the user
49                if(!requestUser) {
50                    response.sendError(403)
51                return false
52            }
53                else {
54                        return true
55                }
56        }
57
58        /**
59        * REST resource for data modules.
60        * Username and password should be supplied via HTTP Basic Authentication.
61        * Determines whether the given user/password combination is a valid GSCF account.
62        *
63        * @return bool {"authenticated":true} when user/password is a valid GSCF account, {"authenticated":false} otherwise.
64        */
65        def isUser= {
66                boolean isUser
67                credentials = BasicAuthentication.credentialsFromRequest(request)
68                def reqUser = authService.authUser(credentials.u,credentials.p)
69                if (reqUser) {
70                        isUser = true
71                }
72                else {
73                        isUser = false
74                }
75                def reply = ['authenticated':isUser]
76                render reply as JSON
77        }
78
79        /**
80        * REST resource for data modules.
81        * Username and password should be supplied via HTTP Basic Authentication.
82        * Provide a list of all studies owned by the supplied user.
83        *
84        * @return JSON object list containing 'studyToken', and 'name' (title) for each study
85        */
86        def getStudies = {
87                List studies = []
88                def user = params.user
89                Study.findAllByOwner(requestUser).each { study ->
90                        studies.push( [ 'title':study.title, 'studyToken':study.getToken()] )
91                }
92                render studies as JSON
93        }
94
95
96        /**
97        * REST resource for data modules.
98        * Username and password should be supplied via HTTP Basic Authentication.
99        * Provide a list of all subjects belonging to a study.
100        *
101        * @param studyToken String The external study id (code) of the target GSCF Study object
102        * @return JSON object list of subject names
103        */
104        def getSubjects = {
105                List subjects = []
106                if( params.studyToken ) {
107                        def id = params.studyToken
108                        def study = Study.find( "from Study as s where s.code=?", [id])
109                        if(study) study.subjects.each { subjects.push it.name }
110                }
111                render subjects as JSON
112        }
113
114
115        /**
116        * REST resource for data modules.
117        * Username and password should be supplied via HTTP Basic Authentication.
118        * Provide a list of all assays for a given study
119        *
120        * Example call of the getAssays REST resource:
121        * http://localhost:8080/gscf/rest/getAssays?studyToken=PPSH&moduleURL=http://localhost:8182/sam
122        *
123        * @param stuyToken String The external study id (code) of the target GSCF Study object
124        * @param moduleURL String The base URL of the calling dbNP module
125        * @return list of assays in the study as JSON object list, filtered to only contain assays
126        *         for the specified module, with 'assayToken' and 'name' for each assay
127        */
128        def getAssays = {
129                List assays = []
130                if( params.studyToken ) {
131                        def id = params.studyToken
132                        def study = Study.find( "from Study as s where s.code=?", [id] )
133                        if(study && study.owner == requestUser) study.assays.each{ assay ->
134                                if (assay.module.url.equals(params.moduleURL)) {
135                                def map = ['name':assay.name, 'assayToken':assay.getToken()]
136                                        assays.push( map )
137                                }
138                        }
139                }
140                render assays as JSON
141        }
142
143
144        /**
145        * REST resource for data modules.
146        * Username and password should be supplied via HTTP Basic Authentication.
147        * Provide all samples of a given Assay. The result is an enriched list with additional information for each sample.
148        *
149        * @param assayToken String (assayToken of some Assay in GSCF)
150        * @return As a JSON object list, for each sample in that assay:
151        * @return 'name' (Sample name, which is unique)
152        * @return 'material' (Sample material)
153        * @return 'subject' (The name of the subject from which the sample was taken)
154        * @return 'event' (the name of the template of the SamplingEvent describing the sampling)
155        * @return 'startTime' (the time the sample was taken relative to the start of the study, as a string)
156        */
157        def getSamples = {
158                def items = []
159                if( params.assayToken ) {
160                        def assay = Assay.find( "from Assay as a where externalAssayID=?",[params.assayToken])
161                        assay.getSamples().each { sample ->
162                                def item = [
163                                        'sampleToken' : sample.name,
164                                        'material'        : sample.material.name,
165                                        'subject'         : sample.parentSubject.name,
166                                        'event'           : sample.parentEvent.template.name,
167                                        'startTime'       : sample.parentEvent.getStartTimeString()
168                                ]
169                                items.push item
170                        }
171                }
172                render items as JSON
173        }
174
175
176        /**
177        * REST resource for dbNP modules.
178        *
179        * @param studyToken String, the external identifier of the study
180        * @return List of all fields of this study
181        * @return
182        *
183        * Example REST call (without authentication):
184    * http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH
185    *
186        * Returns the JSON object:
187        * {"title":"NuGO PPS human study","studyToken":"PPSH","startDate":"2008-01-13T23:00:00Z",
188        * "Description":"Human study performed at RRI; centres involved: RRI, IFR, TUM, Maastricht U.",
189        * "Objectives":null,"Consortium":null,"Cohort name":null,"Lab id":null,"Institute":null,
190        * "Study protocol":null}
191        */
192        def getStudy = {
193                def items = [:]
194                if( params.studyToken ) {
195                        def study = Study.find( "from Study as s where code=?",[params.studyToken])
196                        study.giveFields().each { field ->
197                                def name = field.name
198                                def value = study.getFieldValue( name )
199                                items[name] = value
200                        }
201        }
202                render items as JSON
203        }
204
205
206
207        /**
208        * REST resource for dbNP modules.
209        *
210        * @param assayToken String, the external identifier of the study
211        * @return List of all fields of this assay
212        *
213        * Example REST call (without authentication):
214    * http://localhost:8080/gscf/rest/getAssay/assay?assayToken=PPS3_SAM
215    *
216        * Returns the JSON object: {"name":"Lipid profiling","module":{"class":"dbnp.studycapturing.AssayModule","id":1,
217        * "name":"SAM module for clinical data","platform":"clinical measurements","url":"http://sam.nmcdsp.org"},
218        * "assayToken":"PPS3_SAM","Description":null}
219        */
220        def getAssay = {
221                def items = [:]
222                if( params.assayToken ) {
223                        def assay = Assay.find( "from Assay as a where externalAssayID=?",[params.assayToken])
224                        assay.giveFields().each { field ->
225                                def name = field.name
226                                def value = assay.getFieldValue( name )
227                                items[name] = value
228                        }
229        }
230                render items as JSON
231        }
232
233
234
235        /**
236        * REST resource for data modules.
237        * Username and password should be supplied via HTTP Basic Authentication.
238        * One specific sample of a given Assay.
239        *
240        * @param assayToken String (id of some Assay in GSCF)
241        * @return As a JSON object list, for each sample in that assay:
242        * @return 'name' (Sample name, which is unique)
243        * @return 'material' (Sample material)
244        * @return 'subject' (The name of the subject from which the sample was taken)
245        * @return 'event' (the name of the template of the SamplingEvent describing the sampling)
246        * @return 'startTime' (the time the sample was taken relative to the start of the study, as a string)
247        *
248        * Example REST call (without authentication):
249    * http://localhost:8080/gscf/rest/getSample/sam?assayToken=PPS3_SAM&sampleToken=A30_B
250    *
251        * Returns the JSON object:
252        * {"subject":"A30","event":"Liver extraction","startTime":"1 week, 1 hour",
253        * "sampleToken":"A30_B","material":{"class":"dbnp.data.Term","id":6,"accession":"BTO:0000131",
254        * "name":"blood plasma","ontology":{"class":"Ontology","id":2}},"Remarks":null,
255        * "Text on vial":"T70.91709057820039","Sample measured volume":null}
256        */
257        def getSample = {
258                def items = [:]
259                if( params.assayToken && params.sampleToken ) {
260                        def assay = Assay.find( "from Assay as a where externalAssayID=?",[params.assayToken])
261                        assay.getSamples().each { sample ->
262                                if( sample.name == params.sampleToken ) {
263                                        items = [
264                                                'subject'             : sample.parentSubject.name,
265                                                'event'               : sample.parentEvent.template.name,
266                                                'startTime'           : sample.parentEvent.getStartTimeString()
267                                        ]
268                                        sample.giveFields().each { field ->
269                                                def name = field.name
270                                                def value = sample.getFieldValue( name )
271                                                items[name] = value
272                        }
273                                }
274                        }
275                }
276                render items as JSON
277        }
278
279   /**
280        * REST resource for dbNP modules.
281        *
282        * @param studyToken String, the external identifier of the study
283        * @return List of all fields of this study
284        * @return
285        *
286        * Example REST call (without authentication):
287    *   http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH
288    *
289        * Returns the JSON object:
290        * {"title":"NuGO PPS human study","studyToken":"PPSH","startDate":"2008-01-13T23:00:00Z",
291        * "Description":"Human study performed at RRI; centres involved: RRI, IFR, TUM, Maastricht U.",
292        * "Objectives":null,"Consortium":null,"Cohort name":null,"Lab id":null,"Institute":null,
293        * "Study protocol":null}
294        */
295        def getAuthorizationLevel = {
296                def items = [:]
297                /*if( params.studyToken ) {
298                        def study = Study.find( "from Study as s where code=?",[params.studyToken])
299                       
300                }
301        render items as JSON*/
302        }
303
304
305
306
307
308   /**
309        * REST resource for dbNP modules.
310        *
311        * @param studyToken String, the external identifier of the study
312        *
313        * Dummy for testing only. (Warning: to be replaced as soon as the authorization is implemented!)
314        * @param Hash with exactly the values that will be returned
315        *
316        * @return Hash with keys 'isReader', 'isEditor', 'isOwner' }
317        */
318
319        def getAuthorizationLevel = {
320
321                isReader = false
322                isEditor = false
323                isOwner  = false
324
325                // Warning: this case is only for testing!
326                // The code below should be used until the
327                // authorization works.
328                if( params.isOwner || params.isEditor || params.Owner ) {
329                        return render ['isReader':params.isOwner,
330                                'isEditor':params.isEditor, 'isOwner':params.isOwner] as JSON
331                }
332
333
334                // in future the users authorization level will be based on authorization model
335                /*
336                if( params.studyToken ) {
337                        def id = params.studyToken
338                        def study = Study.find( "from Study as s where s.code=?", [id])
339                        if(study) study.subjects.each { subjects.push it.name }
340                }
341
342                def user
343                if( params.user ) {
344                        def id = params.user
345                        user = users.find( "from User as u where u.code=?", [id])
346                }
347
348                if( study.readers.contains(user) ) isReader = true
349                if( study.editors.contains(user) ) isEditor = true
350                if( study.owner.contains(user) )   isOwner  = true
351
352                */
353
354                render ['isReader':isOwner, 'isEditor':isEditor, 'isOwner':isOwner] as JSON
355    }
356
357
358}
Note: See TracBrowser for help on using the browser.