org.eurekaclinical.common.resource

Class AbstractResource<E extends org.eurekaclinical.standardapis.entity.Entity,C>

java.lang.Object

org.eurekaclinical.common.resource.AbstractResource<E,C>

Type Parameters:

E - the entity class

C - the comm class

Direct Known Subclasses:

AbstractReadOnlyResource, AbstractReadWriteResource

public abstract class AbstractResource<E extends org.eurekaclinical.standardapis.entity.Entity,C>
extends Object

Base class for creating Jersey root resource classes. It provides implementations of REST APIs for getting all objects accessed through this resource and for getting specific objects by its unique id. It additionally allows configuring the resource to grant users with the admin role access to all objects through these two APIs even if they are not the owner of the object, and even if they are not a member of a group with access to the object.

Author:

Andrew Post

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractResource(org.eurekaclinical.standardapis.dao.Dao<E,Long> inDao) Creates an instance of a resource that will use the given data access object for database queries.
protected	AbstractResource(org.eurekaclinical.standardapis.dao.Dao<E,Long> inDao, boolean inRestricted) Creates an instance of a resource that will use the given data access object for database queries.

Method Summary

Modifier and Type	Method and Description
List<C>	getAll(javax.servlet.http.HttpServletRequest req) Gets all objects managed by this resource.
C	getAny(Long inId, javax.servlet.http.HttpServletRequest req) Gets the object with the given unique identifier.
protected abstract boolean	isAuthorizedEntity(E entity, javax.servlet.http.HttpServletRequest req) Returns whether the requesting user is authorized to access an entity.
boolean	isRestricted() Whether or not admin users have read-only access to all objects, even if they are not the object's owner, and even if they are not a member of a group that has access to the object.
protected abstract C	toComm(E entity, javax.servlet.http.HttpServletRequest req) Converts a JPA entity to a Jersey POJO.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractResource

protected AbstractResource(org.eurekaclinical.standardapis.dao.Dao<E,Long> inDao)

Creates an instance of a resource that will use the given data access object for database queries.

Parameters:

inDao - the data access object. Cannot be null.

AbstractResource

protected AbstractResource(org.eurekaclinical.standardapis.dao.Dao<E,Long> inDao,
                           boolean inRestricted)

Creates an instance of a resource that will use the given data access object for database queries. This constructor additionally permits authorizing admin users for read-only access to objects that they are not otherwise authorized to access through Eureka! Clinical's group and owner permissions.

Parameters:

inDao - the data access object. Cannot be null.

inRestricted - false to grant users with the admin role read-only access to objects that they are not otherwise authorized to access through Eureka! Clinical's group and owner permissions. Setting this parameter to true achieves the same behavior as the one-argument constructor, which grants all users access only to objects that they own or otherwise have access to through being a member of a group.

Method Detail

isRestricted

public boolean isRestricted()

Whether or not admin users have read-only access to all objects, even if they are not the object's owner, and even if they are not a member of a group that has access to the object.

Returns:

false if admin users do have these extra privileges, false if they do not. The default value is true.

getAll

public List<C> getAll(@Context
                      javax.servlet.http.HttpServletRequest req)

Gets all objects managed by this resource. By default, only users with the admin role are authorized to use this API. Setting the restricted field to false in the two- argument constructor will change this behavior so that non-admin users may also make this API call.

Parameters:

req - the HTTP servlet request.

Returns:

the list of objects managed by this resource.

Throws:

org.eurekaclinical.standardapis.exception.HttpStatusException - if an error occurred, for example, the user is not authorized to make this call.

getAny

public C getAny(Long inId,
                @Context
                javax.servlet.http.HttpServletRequest req)

Gets the object with the given unique identifier.

Parameters:

inId - the unique identifier. Cannot be null.

req - the HTTP servlet request.

Returns:

the object with the given unique identifier. Guaranteed not null.

Throws:

org.eurekaclinical.standardapis.exception.HttpStatusException - if there is no object with the given unique identifier, or if the user is not authorized to access the object.

toComm

protected abstract C toComm(E entity,
                            javax.servlet.http.HttpServletRequest req)

Converts a JPA entity to a Jersey POJO. Your implementation of this method should create a Jersey POJO and copy the entity's fields into the corresponding fields of the Jersey POJO.

Parameters:

entity - the entity. Cannot be null.

req - the HTTP servlet request.

Returns:

the Jersey POJO. Guaranteed not null.

isAuthorizedEntity

protected abstract boolean isAuthorizedEntity(E entity,
                                              javax.servlet.http.HttpServletRequest req)

Returns whether the requesting user is authorized to access an entity.

Parameters:

entity - the entity.

req - the HTTP servlet request.

Returns:

true if the current user is authorized to access the entity, false otherwise.