function updateAnnotation($id)
{
$params = $this->listBodyParams();
// Check for cross-site request forgery
if (!$this->verifySession($params)) {
$this->httpError(403, 'Forbidden', 'Illegal request');
return;
}
$annotation = $this->doGetAnnotation($id);
if (null === $annotation) {
$this->httpError(404, 'Not Found', 'No such annotation');
} elseif ($this->currentUserId != $annotation->getUserId() && !$this->allowAnyUserPatch) {
$this->httpError(403, 'Forbidden', 'Not your annotation');
} else {
// If this is a patch update by another user, restrict the update to ranges parameters only
if ($this->currentUserId != $annotation->getUserId()) {
$newParams = array();
if (array_key_exists($params['sequence-range'])) {
$newParams['sequence-range'] = $params['sequence-range'];
}
if (array_key_exists($params['xpath-range'])) {
$newParams['xpath-range'] = $params['xpath-range'];
}
$params = $newParams;
}
// Set only the fields that were passed in
$error = $annotation->fromArray($params);
if ($error) {
$this->httpError(MarginaliaHelper::httpResultCodeForError($error), 'Error', $error);
} else {
// Update the annotation in the database
if ($this->doUpdateAnnotation($annotation)) {
header('HTTP/1.1 204 Updated');
} else {
$this->httpError(500, 'Internal Service Error', 'Update failed');
}
}
}
}
function updateAnnotation($id)
{
$params = $this->listBodyParams();
$annotation = $this->doGetAnnotation($id);
if (null === $annotation) {
$this->httpError(404, 'Not Found', 'No such annotation');
} elseif ($this->currentUserId != $annotation->getUserId()) {
$this->httpError(403, 'Forbidden', 'Not your annotation');
} else {
// Set only the fields that were passed in
$error = $annotation->fromArray($params);
if ($error) {
$this->httpError(MarginaliaHelper::httpResultCodeForError($error), 'Error', $error);
} else {
// Update the annotation in the database
if ($this->doUpdateAnnotation($annotation)) {
header('HTTP/1.1 204 Updated');
} else {
$this->httpError(500, 'Internal Service Error', 'Update failed');
}
}
}
}
