#251 added eTag verification for delete method

annotation-web/src/main/java/eu/europeana/annotation/web/service/controller/jsonld/BaseJsonldRest.java

@@ -62,7 +62,6 @@
 import eu.europeana.api.common.config.I18nConstants;
 import eu.europeana.api.commons.web.definitions.WebFields;
 import eu.europeana.api.commons.web.exception.ApplicationAuthenticationException;
-import eu.europeana.api.commons.web.exception.HeaderValidationException;
 import eu.europeana.api.commons.web.exception.HttpException;
 import eu.europeana.api.commons.web.http.HttpHeaders;
 
@@ -449,11 +448,12 @@ protected ResponseEntity<String> updateAnnotation(String identifier, String anno
 
 	try {
 //	    String userId = authentication.getPrincipal().toString();
-	    
+
 	    // 1. authorize user
 	    // already performed in verify write access
-	    //			getAuthorizationService().authorizeUser(userId, authentication, annoId, Operations.UPDATE);
-	    //check permissions for update
+	    // getAuthorizationService().authorizeUser(userId, authentication, annoId,
+	    // Operations.UPDATE);
+	    // check permissions for update
 	    Annotation storedAnnotation = verifyOwnerOrAdmin(identifier, authentication);
 
 	    // 2. check time stamp
@@ -472,13 +472,13 @@ protected ResponseEntity<String> updateAnnotation(String identifier, String anno
 	    String apiVersion = getConfiguration().getAnnotationApiVersion();
 	    String eTagOrigin = generateETag(storedAnnotation.getGenerated(), WebFields.FORMAT_JSONLD, apiVersion);
 
-    	checkIfMatchHeader(eTagOrigin, request);
+	    checkIfMatchHeader(eTagOrigin, request);
 	    getAnnotationService().validateWebAnnotation(updateWebAnnotation);
 
 	    // 6. apply updates - merge current and updated annotation
 	    // 7. and call database update method
-	    Annotation updatedAnnotation = getAnnotationService().updateAnnotation((PersistentAnnotation)storedAnnotation,
-		    updateWebAnnotation);
+	    Annotation updatedAnnotation = getAnnotationService()
+		    .updateAnnotation((PersistentAnnotation) storedAnnotation, updateWebAnnotation);
 
 	    String eTag = generateETag(updatedAnnotation.getGenerated(), WebFields.FORMAT_JSONLD, apiVersion);
 
@@ -524,12 +524,12 @@ protected ResponseEntity<String> updateAnnotation(String identifier, String anno
      * @return response entity that comprises response body, headers and status code
      * @throws HttpException
      */
-    protected ResponseEntity<String> deleteAnnotation(String identifier, Authentication authentication)
+    protected ResponseEntity<String> deleteAnnotation(String identifier, Authentication authentication, HttpServletRequest request)
 	    throws HttpException {
 
 	try {
 //	    String userId = authentication.getPrincipal().toString();
-	    
+
 	    // 5. authorize user
 	    // already performed in verify write access
 //			getAuthorizationService().authorizeUser(userId, authentication, annoId, Operations.DELETE);
@@ -538,6 +538,12 @@ protected ResponseEntity<String> deleteAnnotation(String identifier, Authenticat
 	    // Verify if user is allowed to perform the deletion.
 	    Annotation storedAnno = verifyOwnerOrAdmin(identifier, authentication);
 
+	    // validate annotation
+	    String apiVersion = getConfiguration().getAnnotationApiVersion();
+	    String eTagOrigin = generateETag(storedAnno.getGenerated(), WebFields.FORMAT_JSONLD, apiVersion);
+
+	    checkIfMatchHeader(eTagOrigin, request);
+
 	    // call database delete method that deactivates existing Annotation
 	    // in Mongo
 	    getAnnotationService().disableAnnotation(storedAnno);

annotation-web/src/main/java/eu/europeana/annotation/web/service/controller/jsonld/WebAnnotationProtocolRest.java

@@ -93,7 +93,7 @@ public ResponseEntity<String> deleteAnnotation(
 		Authentication authentication = verifyWriteAccess(Operations.DELETE, request);
 
 //		String action = "delete:/annotation/{identifier}[.{format}]";
-		return deleteAnnotation(identifier, authentication);
+		return deleteAnnotation(identifier, authentication, request);
 	}
 
 }