Changeset 2211

Timestamp:

Apr 5, 2012, 6:23:14 PM (11 years ago)

Author:

work@…

Message:

• cleaned up api controller, moved re-used logic (as far as possible) into service to perform validation checks and takes a closure as an argument:

def executeApiCall(params,response,itemName,item,block) { ... }

Location:

trunk/grails-app

Files:

• controllers/api/ApiController.groovy (modified) (10 diffs)
• services/api/ApiService.groovy (modified) (3 diffs)

trunk/grails-app/controllers/api/ApiController.groovy

@@ -155 +155 @@
         println "api::getSubjectsForStudy: ${params}"
 
-        String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
-        String validation   = (params.containsKey('validation')) ? params.validation : ''
+        // fetch study
         String studyToken   = (params.containsKey('studyToken')) ? params.studyToken : ''
-
-        // fetch user and study
-        def user    = Token.findByDeviceID(deviceID)?.user
-        def study   = Study.findByStudyUUID(studyToken)
-        
-        // check
-        if (!apiService.validateRequest(deviceID,validation)) {
-            response.sendError(401, 'Unauthorized')
-        } else if (!study) {
-            response.sendError(400, 'No such study')
-        } else if (!study.canRead(user)) {
-            response.sendError(401, 'Unauthorized')
-        } else {
+        def study           = Study.findByStudyUUID(studyToken)
+
+        // wrap result in api call validator
+        apiService.executeApiCall(params,response,'study',study,{
             def subjects = apiService.flattenDomainData( study.subjects )
 
@@ -188 +178 @@
                 render result as JSON
             }
-        }
+        })
     }
 
@@ -201 +191 @@
         println "api::getAssaysForStudy: ${params}"
 
-        String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
-        String validation   = (params.containsKey('validation')) ? params.validation : ''
+        // fetch study
         String studyToken   = (params.containsKey('studyToken')) ? params.studyToken : ''
-
-        // fetch user and study
-        def user    = Token.findByDeviceID(deviceID)?.user
-        def study   = Study.findByStudyUUID(studyToken)
-
-        // check
-        if (!apiService.validateRequest(deviceID,validation)) {
-            response.sendError(401, 'Unauthorized')
-        } else if (!study) {
-            response.sendError(400, 'No such study')
-        } else if (!study.canRead(user)) {
-            response.sendError(401, 'Unauthorized')
-        } else {
+        def study           = Study.findByStudyUUID(studyToken)
+
+        // wrap result in api call validator
+        apiService.executeApiCall(params,response,'study',study,{
             def assays = apiService.flattenDomainData( study.assays )
 
@@ -234 +214 @@
                 render result as JSON
             }
-        }
+        })
     }
 
@@ -247 +227 @@
         println "api::getSamplesForAssay: ${params}"
 
-        String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
-        String validation   = (params.containsKey('validation')) ? params.validation : ''
+        // fetch assay
         String assayToken   = (params.containsKey('assayToken')) ? params.assayToken : ''
-
-        // fetch user and study
-        def user    = Token.findByDeviceID(deviceID)?.user
-        def assay   = Assay.findByAssayUUID(assayToken)
-
-        // check
-        if (!apiService.validateRequest(deviceID,validation)) {
-            response.sendError(401, 'Unauthorized')
-        } else if (!assay) {
-            response.sendError(400, 'No such assay')
-        } else if (!assay.parent.canRead(user)) {
-            response.sendError(401, 'Unauthorized')
-        } else {
+        def assay           = Assay.findByAssayUUID(assayToken)
+
+        // wrap result in api call validator
+        apiService.executeApiCall(params,response,'assay',assay,{
             def samples = apiService.flattenDomainData( assay.samples )
 
@@ -280 +250 @@
                 render result as JSON
             }
-        }
+        })
     }
 
@@ -293 +263 @@
         println "api:getMeasurementDataForAssay: ${params}"
 
+        // fetch assay
+        String assayToken   = (params.containsKey('assayToken')) ? params.assayToken : ''
+        def assay           = Assay.findByAssayUUID(assayToken)
+
+        // fetch user based on deviceID
         String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
-        String validation   = (params.containsKey('validation')) ? params.validation : ''
-        String assayToken   = (params.containsKey('assayToken')) ? params.assayToken : ''
-
-        // fetch user and study
-        def user    = Token.findByDeviceID(deviceID)?.user
-        def assay   = Assay.findByAssayUUID(assayToken)
-
-        // check
-        if (!apiService.validateRequest(deviceID,validation)) {
-            response.sendError(401, 'Unauthorized')
-        } else if (!assay) {
-            response.sendError(400, 'No such assay')
-        } else if (!assay.parent.canRead(user)) {
-            response.sendError(401, 'Unauthorized')
-        } else {
+        def user            = Token.findByDeviceID(deviceID)?.user
+
+        // wrap result in api call validator
+        apiService.executeApiCall(params,response,'assay',assay,{
             // define sample measurement data matrix
             def matrix = [:]
-            def measurementData     = apiService.getMeasurementData(assay, user)
-            def measurementMetaData = apiService.getMeasurementData(assay, user)
+            def measurementData = apiService.getMeasurementData(assay, user)
+            //def measurementMetaData = apiService.getMeasurementData(assay, user)
 
             // iterate through measurementData and build data matrix
@@ -339 +303 @@
                 response.sendError(500, "module '${assay.module}' does not properly implement getMeasurementData REST specification (${e.getMessage()})")
             }
-        }
+        })
     }
 
@@ -348 +312 @@
         println "api:debugModuleDataForAssay: ${params}"
 
+        // fetch assay
+        String assayToken   = (params.containsKey('assayToken')) ? params.assayToken : ''
+        def assay           = Assay.findByAssayUUID(assayToken)
+
+        // fetch user based on deviceID
         String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
-        String validation   = (params.containsKey('validation')) ? params.validation : ''
-        String assayToken   = (params.containsKey('assayToken')) ? params.assayToken : ''
-
-        // fetch user and study
-        def user    = Token.findByDeviceID(deviceID)?.user
-        def assay   = Assay.findByAssayUUID(assayToken)
-
-        // check
-        if (!apiService.validateRequest(deviceID,validation)) {
-            response.sendError(401, 'Unauthorized')
-        } else if (!assay) {
-            response.sendError(400, 'No such assay')
-        } else if (!assay.parent.canRead(user)) {
-            response.sendError(401, 'Unauthorized')
-        } else {
+        def user            = Token.findByDeviceID(deviceID)?.user
+
+        // wrap result in api call validator
+        apiService.executeApiCall(params,response,'assay',assay,{
             def serviceURL = "${assay.module.url}/rest/getMeasurementData"
             def serviceArguments = "assayToken=${assay.assayUUID}&verbose=false"
@@ -393 +351 @@
                 render result as JSON
             }
-        }
+        })
     }
 }

trunk/grails-app/services/api/ApiService.groovy

@@ -20 +20 @@
 import grails.converters.JSON
 import org.dbnp.gdt.TemplateEntity
-
-class ApiService implements Serializable {
+import org.springframework.context.ApplicationContextAware
+import org.codehaus.groovy.grails.plugins.web.taglib.ApplicationTagLib
+import org.springframework.context.ApplicationContext
+
+class ApiService implements Serializable, ApplicationContextAware {
     // inject the module communication service
     def moduleCommunicationService
@@ -52 +55 @@
     ]
 
+    private ApplicationTagLib g
+
+    void setApplicationContext(ApplicationContext applicationContext) {
+        g = applicationContext.getBean(ApplicationTagLib)
+
+        // now you have a reference to g that you can call render() on
+    }
+
     /**
      * validate a client request by checking the validation checksum
@@ -145 +156 @@
 
     /**
+     * wrapper for performing api calls
+     *
+     * validates if the user may call this api
+     *
+     * @param params
+     * @param response
+     * @param itemName
+     * @param item
+     * @param block
+     */
+    def executeApiCall(params,response,itemName,item,block) {
+        // get variables from parameters
+        String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
+        String validation   = (params.containsKey('validation')) ? params.validation : ''
+
+        // fetch user based on deviceID
+        def user = Token.findByDeviceID(deviceID)?.user
+
+        // check if api call may be performed
+        if (!validateRequest(deviceID,validation)) {
+            // validation md5sum does not match predicted hash
+            response.sendError(401, "Unauthorized")
+        } else if (!item) {
+            // no results
+            response.sendError(400, "No such ${itemName}")
+        } else if (item.respondsTo('canRead') && !item.canRead(user)) {
+            // the user cannot read this data
+            response.sendError(401, "Unauthorized")
+        } else if (item.hasProperty('parent') && item.parent.respondsTo('canRead') && !item.parent.canRead(user)) {
+            // the user cannot read this data
+            response.sendError(401, "Unauthorized")
+        } else {
+            // allowed api call, execute block / closure
+            block()
+        }
+    }
+
+    /**
      * get the measurement tokens from the remote module
      *