public void deleteDataset(Dataset dataset, org.hibernate.Session hibernateSession) {
hibernateSession.delete(dataset);
if (dataset.getFile() != null && dataset.getFile().getFileId() != null) {
UUID fileId = dataset.getFile().getFileId();
@SuppressWarnings("unchecked")
List<Dataset> fileDatasets =
hibernateSession
.createQuery("from Dataset where file=:file")
.setParameter("file", dataset.getFile())
.list();
// don't care about the dataset that is being deleted
// why do we still see it?
fileDatasets.remove(dataset);
// there isn't anymore anyone using this file and the file-broker
// can delete it
if (fileDatasets.isEmpty()) {
// only for file-broker
sessionResource.publish(
SessionDb.FILES_TOPIC,
new SessionEvent(sessionId, ResourceType.FILE, fileId, EventType.DELETE),
hibernateSession);
}
}
sessionResource.publish(
sessionId.toString(),
new SessionEvent(sessionId, ResourceType.DATASET, dataset.getDatasetId(), EventType.DELETE),
hibernateSession);
}
public void update(Dataset dataset, org.hibernate.Session hibernateSession) {
hibernateSession.merge(dataset);
sessionResource.publish(
sessionId.toString(),
new SessionEvent(sessionId, ResourceType.DATASET, dataset.getDatasetId(), EventType.UPDATE),
hibernateSession);
}
@DELETE
@Path("{id}")
@Transaction
public Response delete(@PathParam("id") UUID datasetId, @Context SecurityContext sc) {
// checks authorization
Session session = sessionResource.getSessionForWriting(sc, sessionId);
Dataset dataset = sessionResource.getHibernate().session().get(Dataset.class, datasetId);
if (dataset == null || dataset.getSession().getSessionId() != session.getSessionId()) {
throw new NotFoundException("dataset not found");
}
deleteDataset(dataset, getHibernate().session());
return Response.noContent().build();
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Transaction
public Response getAll(@Context SecurityContext sc) {
Collection<Dataset> result =
sessionResource.getSessionForReading(sc, sessionId).getDatasets().values();
// if nothing is found, just return 200 (OK) and an empty list
return Response.ok(toJaxbList(result)).build();
}
public void create(Dataset dataset, org.hibernate.Session hibernateSession) {
checkFileModification(dataset, hibernateSession);
if (dataset.getFile() != null) {
// why CascadeType.PERSIST isn't enough?
hibernateSession.save(dataset.getFile());
}
hibernateSession.save(dataset);
sessionResource.publish(
sessionId.toString(),
new SessionEvent(sessionId, ResourceType.DATASET, dataset.getDatasetId(), EventType.CREATE),
hibernateSession);
}
// CRUD
@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
@Transaction
public Response get(@PathParam("id") UUID datasetId, @Context SecurityContext sc) {
// checks authorization
Session session = sessionResource.getSessionForReading(sc, sessionId);
Dataset result = getDataset(datasetId, getHibernate().session());
if (result == null || result.getSession().getSessionId() != session.getSessionId()) {
throw new NotFoundException();
}
return Response.ok(result).build();
}
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Transaction
public Response post(Dataset dataset, @Context UriInfo uriInfo, @Context SecurityContext sc) {
if (dataset.getDatasetId() != null) {
throw new BadRequestException("dataset already has an id, post not allowed");
}
UUID id = RestUtils.createUUID();
dataset.setDatasetId(id);
Session session = sessionResource.getSessionForWriting(sc, sessionId);
// make sure a hostile client doesn't set the session
dataset.setSession(session);
create(dataset, getHibernate().session());
URI uri = uriInfo.getAbsolutePathBuilder().path(id.toString()).build();
return Response.created(uri).build();
}
@PUT
@Path("{id}")
@Consumes(MediaType.APPLICATION_JSON)
@Transaction
public Response put(
Dataset requestDataset, @PathParam("id") UUID datasetId, @Context SecurityContext sc) {
// override the url in json with the id in the url, in case a
// malicious client has changed it
requestDataset.setDatasetId(datasetId);
/*
* Checks that
* - user has write authorization for the session
* - the session contains this dataset
*/
Session session = sessionResource.getSessionForWriting(sc, sessionId);
Dataset dbDataset = getHibernate().session().get(Dataset.class, datasetId);
if (dbDataset == null || dbDataset.getSession().getSessionId() != session.getSessionId()) {
throw new NotFoundException("dataset doesn't exist");
}
if (!sc.isUserInRole(Role.FILE_BROKER)) {
checkFileModification(requestDataset, getHibernate().session());
}
if (requestDataset.getFile() == null || requestDataset.getFile().isEmpty()) {
// if the client doesn't care about the File, simply keep the db version
requestDataset.setFile(dbDataset.getFile());
}
// make sure a hostile client doesn't set the session
requestDataset.setSession(session);
update(requestDataset, getHibernate().session());
return Response.noContent().build();
}
private HibernateUtil getHibernate() {
return sessionResource.getHibernate();
}
