Ignore:
Timestamp:
Apr 5, 2012, 6:23:14 PM (5 years ago)
Author:
work@…
Message:
  • cleaned up api controller, moved re-used logic (as far as possible) into service to perform validation checks and takes a closure as an argument:

def executeApiCall(params,response,itemName,item,block) { ... }

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/services/api/ApiService.groovy

    r2210 r2211  
    2020import grails.converters.JSON
    2121import org.dbnp.gdt.TemplateEntity
    22 
    23 class ApiService implements Serializable {
     22import org.springframework.context.ApplicationContextAware
     23import org.codehaus.groovy.grails.plugins.web.taglib.ApplicationTagLib
     24import org.springframework.context.ApplicationContext
     25
     26class ApiService implements Serializable, ApplicationContextAware {
    2427    // inject the module communication service
    2528    def moduleCommunicationService
     
    5255    ]
    5356
     57    private ApplicationTagLib g
     58
     59    void setApplicationContext(ApplicationContext applicationContext) {
     60        g = applicationContext.getBean(ApplicationTagLib)
     61
     62        // now you have a reference to g that you can call render() on
     63    }
     64
    5465    /**
    5566     * validate a client request by checking the validation checksum
     
    145156
    146157    /**
     158     * wrapper for performing api calls
     159     *
     160     * validates if the user may call this api
     161     *
     162     * @param params
     163     * @param response
     164     * @param itemName
     165     * @param item
     166     * @param block
     167     */
     168    def executeApiCall(params,response,itemName,item,block) {
     169        // get variables from parameters
     170        String deviceID     = (params.containsKey('deviceID')) ? params.deviceID : ''
     171        String validation   = (params.containsKey('validation')) ? params.validation : ''
     172
     173        // fetch user based on deviceID
     174        def user = Token.findByDeviceID(deviceID)?.user
     175
     176        // check if api call may be performed
     177        if (!validateRequest(deviceID,validation)) {
     178            // validation md5sum does not match predicted hash
     179            response.sendError(401, "Unauthorized")
     180        } else if (!item) {
     181            // no results
     182            response.sendError(400, "No such ${itemName}")
     183        } else if (item.respondsTo('canRead') && !item.canRead(user)) {
     184            // the user cannot read this data
     185            response.sendError(401, "Unauthorized")
     186        } else if (item.hasProperty('parent') && item.parent.respondsTo('canRead') && !item.parent.canRead(user)) {
     187            // the user cannot read this data
     188            response.sendError(401, "Unauthorized")
     189        } else {
     190            // allowed api call, execute block / closure
     191            block()
     192        }
     193    }
     194
     195    /**
    147196     * get the measurement tokens from the remote module
    148197     *
Note: See TracChangeset for help on using the changeset viewer.