public static function getLibraryURI($libraryID) { $libraryType = Zotero_Libraries::getType($libraryID); switch ($libraryType) { case 'user': $id = Zotero_Users::getUserIDFromLibraryID($libraryID); return self::getUserURI($id); case 'group': $id = Zotero_Groups::getGroupIDFromLibraryID($libraryID); $group = Zotero_Groups::get($id); return self::getGroupURI($group); } }
public function canAccess($libraryID, $permission = 'library') { if ($this->super) { return true; } if (!$libraryID) { throw new Exception('libraryID not provided'); } // If requested permission is explicitly set // // This assumes that permissions can't be incorrectly set // (e.g., are properly removed when a user loses group access) if (!empty($this->permissions[$libraryID][$permission])) { return true; } $libraryType = Zotero_Libraries::getType($libraryID); switch ($libraryType) { case 'user': $userID = Zotero_Users::getUserIDFromLibraryID($libraryID); $privacy = $this->getUserPrivacy($userID); break; case 'group': $groupID = Zotero_Groups::getGroupIDFromLibraryID($libraryID); // If key has access to all groups, grant access if user // has read access to group if (!empty($this->permissions[0]['library'])) { $group = Zotero_Groups::get($groupID); // Only members have file access if ($permission == 'files') { return !!$group->getUserRole($this->userID); } if ($group->userCanRead($this->userID)) { return true; } } $privacy = $this->getGroupPrivacy($groupID); break; default: throw new Exception("Unsupported library type '{$libraryType}'"); } switch ($permission) { case 'library': return $privacy['publishLibrary']; case 'notes': return $privacy['publishNotes']; default: return false; } }
public function laststoragesync() { $this->allowMethods(array('GET', 'POST')); // Deprecated after 3.0, which used auth=1 if ($this->apiVersion < 2 || !empty($_GET['auth'])) { $lastSync = Zotero_Users::getLastStorageSync($this->objectUserID); } else { $lastSync = Zotero_Libraries::getLastStorageSync($this->objectLibraryID); } if (!$lastSync) { $this->e404(); } echo $lastSync; exit; }
public function laststoragesync() { if (!$this->httpAuth && !$this->permissions->isSuper()) { $this->e403(); } $this->allowMethods(array('GET', 'POST')); if ($this->method == 'POST') { //Zotero_Users::setLastStorageSync($this->userID); } // Deprecated after 3.0, which used auth=1 if ($this->apiVersion < 2 || !empty($_GET['auth'])) { $lastSync = Zotero_Users::getLastStorageSync($this->objectUserID); } else { $lastSync = Zotero_Libraries::getLastStorageSync($this->objectLibraryID); } if (!$lastSync) { $this->e404(); } echo $lastSync; exit; }
/** * Converts a Zotero_Item object to a SimpleXMLElement Atom object * * Note: Increment Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY when changing * the response. * * @param object $item Zotero_Item object * @param string $content * @return SimpleXMLElement Item data as SimpleXML element */ public static function convertItemToAtom(Zotero_Item $item, $queryParams, $permissions, $sharedData = null) { $t = microtime(true); // Uncached stuff or parts of the cache key $version = $item->version; $parent = $item->getSource(); $isRegularItem = !$parent && $item->isRegularItem(); $downloadDetails = $permissions->canAccess($item->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($item) : false; if ($isRegularItem) { $numChildren = $permissions->canAccess($item->libraryID, 'notes') ? $item->numChildren() : $item->numAttachments(); } // <id> changes based on group visibility in v1 if ($queryParams['v'] < 2) { $id = Zotero_URI::getItemURI($item, false, true); } else { $id = Zotero_URI::getItemURI($item); } $libraryType = Zotero_Libraries::getType($item->libraryID); // Any query parameters that have an effect on the output // need to be added here $allowedParams = array('content', 'style', 'css', 'linkwrap'); $cachedParams = Z_Array::filterKeys($queryParams, $allowedParams); $cacheVersion = 2; $cacheKey = "atomEntry_" . $item->libraryID . "/" . $item->id . "_" . md5($version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') . ($libraryType == 'group' ? 'id' . $id : '')) . "_" . $queryParams['v'] . "_" . $cacheVersion . (isset(Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY) ? "_" . Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY : "") . (in_array('bib', $queryParams['content']) && isset(Z_CONFIG::$CACHE_VERSION_BIB) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : ""); $xmlstr = Z_Core::$MC->get($cacheKey); if ($xmlstr) { try { // TEMP: Strip control characters $xmlstr = Zotero_Utilities::cleanString($xmlstr, true); $doc = new DOMDocument(); $doc->loadXML($xmlstr); $xpath = new DOMXpath($doc); $xpath->registerNamespace('atom', Zotero_Atom::$nsAtom); $xpath->registerNamespace('zapi', Zotero_Atom::$nsZoteroAPI); $xpath->registerNamespace('xhtml', Zotero_Atom::$nsXHTML); // Make sure numChildren reflects the current permissions if ($isRegularItem) { $xpath->query('/atom:entry/zapi:numChildren')->item(0)->nodeValue = $numChildren; } // To prevent PHP from messing with namespace declarations, // we have to extract, remove, and then add back <content> // subelements. Otherwise the subelements become, say, // <default:span xmlns="http://www.w3.org/1999/xhtml"> instead // of just <span xmlns="http://www.w3.org/1999/xhtml">, and // xmlns:default="http://www.w3.org/1999/xhtml" gets added to // the parent <entry>. While you might reasonably think that // // echo $xml->saveXML(); // // and // // $xml = new SimpleXMLElement($xml->saveXML()); // echo $xml->saveXML(); // // would be identical, you would be wrong. $multiFormat = !!$xpath->query('/atom:entry/atom:content/zapi:subcontent')->length; $contentNodes = array(); if ($multiFormat) { $contentNodes = $xpath->query('/atom:entry/atom:content/zapi:subcontent'); } else { $contentNodes = $xpath->query('/atom:entry/atom:content'); } foreach ($contentNodes as $contentNode) { $contentParts = array(); while ($contentNode->hasChildNodes()) { $contentParts[] = $doc->saveXML($contentNode->firstChild); $contentNode->removeChild($contentNode->firstChild); } foreach ($contentParts as $part) { if (!trim($part)) { continue; } // Strip the namespace and add it back via SimpleXMLElement, // which keeps it from being changed later if (preg_match('%^<[^>]+xmlns="http://www.w3.org/1999/xhtml"%', $part)) { $part = preg_replace('%^(<[^>]+)xmlns="http://www.w3.org/1999/xhtml"%', '$1', $part); $html = new SimpleXMLElement($part); $html['xmlns'] = "http://www.w3.org/1999/xhtml"; $subNode = dom_import_simplexml($html); $importedNode = $doc->importNode($subNode, true); $contentNode->appendChild($importedNode); } else { if (preg_match('%^<[^>]+xmlns="http://zotero.org/ns/transfer"%', $part)) { $part = preg_replace('%^(<[^>]+)xmlns="http://zotero.org/ns/transfer"%', '$1', $part); $html = new SimpleXMLElement($part); $html['xmlns'] = "http://zotero.org/ns/transfer"; $subNode = dom_import_simplexml($html); $importedNode = $doc->importNode($subNode, true); $contentNode->appendChild($importedNode); } else { $docFrag = $doc->createDocumentFragment(); $docFrag->appendXML($part); $contentNode->appendChild($docFrag); } } } } $xml = simplexml_import_dom($doc); StatsD::timing("api.items.itemToAtom.cached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToAtom.hit"); // Skip the cache every 10 times for now, to ensure cache sanity if (Z_Core::probability(10)) { $xmlstr = $xml->saveXML(); } else { return $xml; } } catch (Exception $e) { error_log($xmlstr); error_log("WARNING: " . $e); } } $content = $queryParams['content']; $contentIsHTML = sizeOf($content) == 1 && $content[0] == 'html'; $contentParamString = urlencode(implode(',', $content)); $style = $queryParams['style']; $entry = '<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>'; $xml = new SimpleXMLElement($entry); $title = $item->getDisplayTitle(true); $title = $title ? $title : '[Untitled]'; $xml->title = $title; $author = $xml->addChild('author'); $createdByUserID = null; $lastModifiedByUserID = null; switch (Zotero_Libraries::getType($item->libraryID)) { case 'group': $createdByUserID = $item->createdByUserID; // Used for zapi:lastModifiedByUser below $lastModifiedByUserID = $item->lastModifiedByUserID; break; } if ($createdByUserID) { $author->name = Zotero_Users::getUsername($createdByUserID); $author->uri = Zotero_URI::getUserURI($createdByUserID); } else { $author->name = Zotero_Libraries::getName($item->libraryID); $author->uri = Zotero_URI::getLibraryURI($item->libraryID); } $xml->id = $id; $xml->published = Zotero_Date::sqlToISO8601($item->dateAdded); $xml->updated = Zotero_Date::sqlToISO8601($item->dateModified); $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $href = Zotero_API::getItemURI($item); if (!$contentIsHTML) { $href .= "?content={$contentParamString}"; } $link['href'] = $href; if ($parent) { // TODO: handle group items? $parentItem = Zotero_Items::get($item->libraryID, $parent); $link = $xml->addChild("link"); $link['rel'] = "up"; $link['type'] = "application/atom+xml"; $href = Zotero_API::getItemURI($parentItem); if (!$contentIsHTML) { $href .= "?content={$contentParamString}"; } $link['href'] = $href; } $link = $xml->addChild('link'); $link['rel'] = 'alternate'; $link['type'] = 'text/html'; $link['href'] = Zotero_URI::getItemURI($item, true); // If appropriate permissions and the file is stored in ZFS, get file request link if ($downloadDetails) { $details = $downloadDetails; $link = $xml->addChild('link'); $link['rel'] = 'enclosure'; $type = $item->attachmentMIMEType; if ($type) { $link['type'] = $type; } $link['href'] = $details['url']; if (!empty($details['filename'])) { $link['title'] = $details['filename']; } if (isset($details['size'])) { $link['length'] = $details['size']; } } $xml->addChild('zapi:key', $item->key, Zotero_Atom::$nsZoteroAPI); $xml->addChild('zapi:version', $item->version, Zotero_Atom::$nsZoteroAPI); if ($lastModifiedByUserID) { $xml->addChild('zapi:lastModifiedByUser', Zotero_Users::getUsername($lastModifiedByUserID), Zotero_Atom::$nsZoteroAPI); } $xml->addChild('zapi:itemType', Zotero_ItemTypes::getName($item->itemTypeID), Zotero_Atom::$nsZoteroAPI); if ($isRegularItem) { $val = $item->creatorSummary; if ($val !== '') { $xml->addChild('zapi:creatorSummary', htmlspecialchars($val), Zotero_Atom::$nsZoteroAPI); } $val = $item->getField('date', true, true, true); if ($val !== '') { if ($queryParams['v'] < 3) { $val = substr($val, 0, 4); if ($val !== '0000') { $xml->addChild('zapi:year', $val, Zotero_Atom::$nsZoteroAPI); } } else { $sqlDate = Zotero_Date::multipartToSQL($val); if (substr($sqlDate, 0, 4) !== '0000') { $xml->addChild('zapi:parsedDate', Zotero_Date::sqlToISO8601($sqlDate), Zotero_Atom::$nsZoteroAPI); } } } $xml->addChild('zapi:numChildren', $numChildren, Zotero_Atom::$nsZoteroAPI); } if ($queryParams['v'] < 3) { $xml->addChild('zapi:numTags', $item->numTags(), Zotero_Atom::$nsZoteroAPI); } $xml->content = ''; // // DOM XML from here on out // $contentNode = dom_import_simplexml($xml->content); $domDoc = $contentNode->ownerDocument; $multiFormat = sizeOf($content) > 1; // Create a root XML document for multi-format responses if ($multiFormat) { $contentNode->setAttribute('type', 'application/xml'); /*$multicontent = $domDoc->createElementNS( Zotero_Atom::$nsZoteroAPI, 'multicontent' ); $contentNode->appendChild($multicontent);*/ } foreach ($content as $type) { // Set the target to either the main <content> // or a <multicontent> <content> if (!$multiFormat) { $target = $contentNode; } else { $target = $domDoc->createElementNS(Zotero_Atom::$nsZoteroAPI, 'subcontent'); $contentNode->appendChild($target); } $target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:type", $type); if ($type == 'html') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } $div = $domDoc->createElementNS(Zotero_Atom::$nsXHTML, 'div'); $target->appendChild($div); $html = $item->toHTML(true); $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $div->appendChild($importedNode); } else { if ($type == 'citation') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) { $html = $sharedData[$type][$item->libraryID . "/" . $item->key]; } else { if ($sharedData !== null) { //error_log("Citation not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getCitationFromCiteServer($item, $queryParams); } $html = new SimpleXMLElement($html); $html['xmlns'] = Zotero_Atom::$nsXHTML; $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if ($type == 'bib') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) { $html = $sharedData[$type][$item->libraryID . "/" . $item->key]; } else { if ($sharedData !== null) { //error_log("Bibliography not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getBibliographyFromCitationServer(array($item), $queryParams); } $html = new SimpleXMLElement($html); $html['xmlns'] = Zotero_Atom::$nsXHTML; $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if ($type == 'json') { if ($queryParams['v'] < 2) { $target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:etag", $item->etag); } $textNode = $domDoc->createTextNode($item->toJSON(false, $queryParams, true)); $target->appendChild($textNode); } else { if ($type == 'csljson') { $arr = $item->toCSLItem(); $json = Zotero_Utilities::formatJSON($arr); $textNode = $domDoc->createTextNode($json); $target->appendChild($textNode); } else { if (in_array($type, Zotero_Translate::$exportFormats)) { $export = Zotero_Translate::doExport(array($item), $type); $target->setAttribute('type', $export['mimeType']); // Insert XML into document if (preg_match('/\\+xml$/', $export['mimeType'])) { // Strip prolog $body = preg_replace('/^<\\?xml.+\\n/', "", $export['body']); $subNode = $domDoc->createDocumentFragment(); $subNode->appendXML($body); $target->appendChild($subNode); } else { $textNode = $domDoc->createTextNode($export['body']); $target->appendChild($textNode); } } } } } } } } // TEMP if ($xmlstr) { $uncached = $xml->saveXML(); if ($xmlstr != $uncached) { $uncached = str_replace('<zapi:year></zapi:year>', '<zapi:year/>', $uncached); $uncached = str_replace('<content zapi:type="none"></content>', '<content zapi:type="none"/>', $uncached); $uncached = str_replace('<zapi:subcontent zapi:type="coins" type="text/html"></zapi:subcontent>', '<zapi:subcontent zapi:type="coins" type="text/html"/>', $uncached); $uncached = str_replace('<title></title>', '<title/>', $uncached); $uncached = str_replace('<note></note>', '<note/>', $uncached); $uncached = str_replace('<path></path>', '<path/>', $uncached); $uncached = str_replace('<td></td>', '<td/>', $uncached); if ($xmlstr != $uncached) { error_log("Cached Atom item entry does not match"); error_log(" Cached: " . $xmlstr); error_log("Uncached: " . $uncached); Z_Core::$MC->set($cacheKey, $uncached, 3600); // 1 hour for now } } } else { $xmlstr = $xml->saveXML(); Z_Core::$MC->set($cacheKey, $xmlstr, 3600); // 1 hour for now StatsD::timing("api.items.itemToAtom.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToAtom.miss"); } return $xml; }
public function setUp() { Zotero_Users::clearAllData(self::$config['userID']); }
protected function setKeyPermissions($keyObj, $accessElement) { foreach ($accessElement as $accessField => $accessVal) { // 'write' is handled below if ($accessField == 'write') { continue; } // Group library access (<access group="23456"/>) if ($accessField == 'group') { // Grant access to all groups if ($accessVal === 0) { $keyObj->setPermission(0, 'group', true); $keyObj->setPermission(0, 'write', $accessElement['write']); } else { $group = Zotero_Groups::get($accessVal); if (!$group) { $this->e400("Group not found"); } if (!$group->hasUser($keyObj->userID)) { $this->e400("User {$this->id} is not a member of group {$group->id}"); } $keyObj->setPermission($group->libraryID, 'library', true); $keyObj->setPermission($group->libraryID, 'write', $accessElement['write']); } } else { $libraryID = Zotero_Users::getLibraryIDFromUserID($keyObj->userID); $keyObj->setPermission($libraryID, $accessField, $accessVal); $keyObj->setPermission($libraryID, 'write', $accessElement['write']); } } }
public static function getByUserID($userID) { $libraryID = Zotero_Users::getLibraryIDFromUserID($userID); return self::getByLibraryID($libraryID); }
private static function getDeletedObjectIDs($userID, $timestamp, $includeAllUserObjects = false) { /* $sql = "SELECT version FROM version WHERE schema='syncdeletelog'"; $syncLogStart = Zotero_DB::valueQuery($sql); if (!$syncLogStart) { throw ('Sync log start time not found'); } */ /* // Last sync time is before start of log if ($lastSyncDate && new Date($syncLogStart * 1000) > $lastSyncDate) { return -1; } */ // Personal library $shardID = Zotero_Shards::getByUserID($userID); $libraryID = Zotero_Users::getLibraryIDFromUserID($userID); $shardLibraryIDs[$shardID] = array($libraryID); // Group libraries if ($includeAllUserObjects) { $groupIDs = Zotero_Groups::getUserGroups($userID); if ($groupIDs) { // Separate groups into shards for querying foreach ($groupIDs as $groupID) { $libraryID = Zotero_Groups::getLibraryIDFromGroupID($groupID); $shardID = Zotero_Shards::getByLibraryID($libraryID); if (!isset($shardLibraryIDs[$shardID])) { $shardLibraryIDs[$shardID] = array(); } $shardLibraryIDs[$shardID][] = $libraryID; } } } // Send query at each shard $rows = array(); foreach ($shardLibraryIDs as $shardID => $libraryIDs) { $sql = "SELECT libraryID, objectType, id, timestamp\n\t\t\t\t\tFROM syncDeleteLogIDs WHERE libraryID IN (" . implode(', ', array_fill(0, sizeOf($libraryIDs), '?')) . ")"; $params = $libraryIDs; if ($timestamp) { // Send any entries from before these were being properly sent if ($timestamp < 1260778500) { $sql .= " AND (timestamp >= FROM_UNIXTIME(?) OR timestamp BETWEEN 1257968068 AND FROM_UNIXTIME(?))"; $params[] = $timestamp; $params[] = 1260778500; } else { $sql .= " AND timestamp >= FROM_UNIXTIME(?)"; $params[] = $timestamp; } } $sql .= " ORDER BY timestamp"; $shardRows = Zotero_DB::query($sql, $params, $shardID); if ($shardRows) { $rows = array_merge($rows, $shardRows); } } if (!$rows) { return false; } $deletedIDs = array('groups' => array()); foreach ($rows as $row) { $type = $row['objectType'] . 's'; $deletedIDs[$type][] = $row['id']; } return $deletedIDs; }
private static function updateUser($userID, $username) { if (Zotero_Users::exists($userID)) { $currentUsername = Zotero_Users::getUsername($userID, true); if ($currentUsername != $username) { Zotero_Users::update($userID, $username); } } else { Zotero_Users::add($userID, $username); Zotero_Users::update($userID); } }
public function toJSON() { if (($this->id || $this->key) && !$this->loaded) { $this->load(); } $json = []; $json['key'] = $this->key; $json['userID'] = $this->userID; $json['username'] = Zotero_Users::getUsername($this->userID); $json['name'] = $this->name; if ($this->permissions) { $json['access'] = ['user' => [], 'groups' => []]; foreach ($this->permissions as $libraryID => $p) { // group="all" is stored as libraryID 0 if ($libraryID === 0) { $json['access']['groups']['all']['library'] = true; $json['access']['groups']['all']['write'] = !empty($p['write']); } else { $type = Zotero_Libraries::getType($libraryID); switch ($type) { case 'user': $json['access']['user']['library'] = true; foreach ($p as $permission => $granted) { if ($permission == 'library') { continue; } $json['access']['user'][$permission] = (bool) $granted; } break; case 'group': $groupID = Zotero_Groups::getGroupIDFromLibraryID($libraryID); $json['access']['groups'][$groupID]['library'] = true; $json['access']['groups'][$groupID]['write'] = !empty($p['write']); break; } } } if (sizeOf($json['access']['user']) === 0) { unset($json['access']['user']); } if (sizeOf($json['access']['groups']) === 0) { unset($json['access']['groups']); } } $json['dateAdded'] = Zotero_Date::sqlToISO8601($this->dateAdded); if ($this->lastUsed != '0000-00-00 00:00:00') { $json['lastUsed'] = Zotero_Date::sqlToISO8601($this->lastUsed); } $ips = $this->getRecentIPs(); if ($ips) { $json['recentIPs'] = $ips; } return $json; }
/** * This should be called after canAccess() */ public function canWrite($libraryID) { if ($this->super) { return true; } if ($libraryID === 0) { return false; } if (!$libraryID) { throw new Exception('libraryID not provided'); } if (!empty($this->permissions[$libraryID]['write'])) { return true; } $libraryType = Zotero_Libraries::getType($libraryID); switch ($libraryType) { case 'user': return false; // Write permissions match key's write access to user library // Write permissions match key's write access to user library case 'publications': $userLibraryID = Zotero_Users::getLibraryIDFromUserID($this->userID); return $this->canWrite($userLibraryID); case 'group': $groupID = Zotero_Groups::getGroupIDFromLibraryID($libraryID); // If key has write access to all groups, grant access if user // has write access to group if (!empty($this->permissions[0]['write'])) { $group = Zotero_Groups::get($groupID); return $group->userCanEdit($this->userID); } return false; default: throw new Exception("Unsupported library type '{$libraryType}'"); } }
public function groups() { $groupID = $this->objectGroupID; // // Add a group // if ($this->method == 'POST') { if (!$this->permissions->isSuper()) { $this->e403(); } if ($groupID) { $this->e400("POST requests cannot end with a groupID (did you mean PUT?)"); } try { $group = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } if ((int) $group['id']) { $this->e400("POST requests cannot contain a groupID in '" . $this->body . "'"); } $fields = $this->getFieldsFromGroupXML($group); Zotero_DB::beginTransaction(); try { $group = new Zotero_Group(); foreach ($fields as $field => $val) { $group->{$field} = $val; } $group->save(); } catch (Exception $e) { if (strpos($e->getMessage(), "Invalid") === 0) { $this->e400($e->getMessage() . " in " . $this->body . "'"); } switch ($e->getCode()) { case Z_ERROR_GROUP_NAME_UNAVAILABLE: $this->e400($e->getMessage()); default: $this->handleException($e); } } $this->queryParams['content'] = array('full'); $this->responseXML = $group->toAtom($this->queryParams); Zotero_DB::commit(); $url = Zotero_API::getGroupURI($group); $this->responseCode = 201; header("Location: " . $url, false, 201); $this->end(); } // // Update a group // if ($this->method == 'PUT') { if (!$this->permissions->isSuper()) { $this->e403(); } if (!$groupID) { $this->e400("PUT requests must end with a groupID (did you mean POST?)"); } try { $group = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } $fields = $this->getFieldsFromGroupXML($group); // Group id is optional, but, if it's there, make sure it matches $id = (string) $group['id']; if ($id && $id != $groupID) { $this->e400("Group ID {$id} does not match group ID {$groupID} from URI"); } Zotero_DB::beginTransaction(); try { $group = Zotero_Groups::get($groupID); if (!$group) { $this->e404("Group {$groupID} does not exist"); } foreach ($fields as $field => $val) { $group->{$field} = $val; } if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) { $this->e412(); } $group->save(); } catch (Exception $e) { if (strpos($e->getMessage(), "Invalid") === 0) { $this->e400($e->getMessage() . " in " . $this->body . "'"); } else { if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) { $this->e400($e->getMessage()); } } $this->handleException($e); } $this->queryParams['content'] = array('full'); $this->responseXML = $group->toAtom($this->queryParams); Zotero_DB::commit(); $this->end(); } // // Delete a group // if ($this->method == 'DELETE') { if (!$this->permissions->isSuper()) { $this->e403(); } if (!$groupID) { $this->e400("DELETE requests must end with a groupID"); } Zotero_DB::beginTransaction(); $group = Zotero_Groups::get($groupID); if (!$group) { $this->e404("Group {$groupID} does not exist"); } $group->erase(); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); exit; } // // View one or more groups // // Single group if ($groupID) { $group = Zotero_Groups::get($groupID); if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if (!$group) { $this->e404("Group not found"); } if ($this->apiVersion >= 3) { $this->libraryVersion = $group->version; } else { header("ETag: " . $group->etag); } if ($this->method == 'HEAD') { $this->end(); } switch ($this->queryParams['format']) { case 'atom': $this->responseXML = $group->toAtom($this->queryParams); break; case 'json': $json = $group->toResponseJSON($this->queryParams); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { if ($this->objectUserID) { $title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups"; } else { // For now, only root can do unrestricted group searches if (!$this->permissions->isSuper()) { $this->e403(); } $title = "Groups"; } try { $results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions); } catch (Exception $e) { switch ($e->getCode()) { case Z_ERROR_INVALID_GROUP_TYPE: $this->e400($e->getMessage()); } throw $e; } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $title])); break; case 'json': Zotero_API::multiResponse($options); break; case 'etags': case 'versions': $prop = substr($this->queryParams['format'], 0, -1); // remove 's' $newResults = []; foreach ($results['results'] as $group) { $newResults[$group->id] = $group->{$prop}; } $options['results']['results'] = $newResults; Zotero_API::multiResponse($options, 'versions'); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
public static function getValidUsers($userIDs) { if (!$userIDs) { return array(); } $newUserIDs = array(); foreach ($userIDs as $id) { if (Zotero_Users::isValidUser($id)) { $newUserIDs[] = $id; } } return $newUserIDs; }
public static function getAllAdvanced($userID = false, $params = array(), $permissions = null) { $buffer = 20; $maxTimes = 3; $groups = array(); $start = !empty($params['start']) ? $params['start'] : 0; $limit = !empty($params['limit']) ? $params['limit'] + $buffer : false; $totalResults = null; $times = 0; while (true) { if ($times > 0) { Z_Core::logError('Getting more groups in Zotero_Groups::getAllAdvanced()'); } $calcFoundRows = !$totalResults; $cacheFoundRows = $calcFoundRows && !$userID; // If we don't yet have a row count and this isn't a user-specific search, // try to get a cached row count. if ($cacheFoundRows) { $foundRowsCacheKey = self::getCacheComponentFromParam($params, 'q') . "," . self::getCacheComponentFromParam($params, 'fq'); $foundRowsTTL = 180; $foundRowsLockTTL = 10; $foundRowsRealTTL = 3600; $obj = Z_Core::$MC->get($foundRowsCacheKey); if ($obj) { $foundRows = $obj['rows']; $exp = $obj['exp']; // If count was found but is past the expiration time, check if another // request is getting the row count, and fetch it if not if ($exp < time()) { if (!Z_Core::$MC->add($foundRowsCacheKey . "Lock", true, $foundRowsLockTTL)) { $calcFoundRows = false; } } else { $calcFoundRows = false; } } } $sql = "SELECT " . ($calcFoundRows ? "SQL_CALC_FOUND_ROWS " : "") . "G.groupID, GUO.userID AS ownerUserID FROM groups G " . "JOIN groupUsers GUO ON (G.groupID=GUO.groupID AND GUO.role='owner') "; $sqlParams = array(); if ($userID) { $sql .= "JOIN groupUsers GUA ON (G.groupID=GUA.groupID) WHERE GUA.userID=? "; $sqlParams[] = $userID; } $paramSQL = ""; $includeEmpty = false; if (!empty($params['q'])) { if (!is_array($params['q'])) { $params['q'] = array($params['q']); } foreach ($params['q'] as $q) { $field = explode(":", $q); if (sizeOf($field) == 2) { switch ($field[0]) { case 'slug': $includeEmpty = true; break; default: throw new Exception("Cannot search by group field '{$field[0]}'", Z_ERROR_INVALID_GROUP_TYPE); } $paramSQL .= "AND " . $field[0]; // If first character is '-', negate $paramSQL .= $field[0][0] == '-' ? '!' : ''; $paramSQL .= "=? "; $sqlParams[] = $field[1]; } else { $paramSQL .= "AND name LIKE ? "; $sqlParams[] = "%{$q}%"; } } } if (!$userID) { if ($includeEmpty) { $sql .= "WHERE 1 "; } else { // Don't include groups that have never had items $sql .= "JOIN libraries L ON (G.libraryID=L.libraryID)\n\t\t\t\t\t\t\tWHERE L.lastUpdated != '0000-00-00 00:00:00' "; } } $sql .= $paramSQL; if (!empty($params['fq'])) { if (!is_array($params['fq'])) { $params['fq'] = array($params['fq']); } foreach ($params['fq'] as $fq) { $facet = explode(":", $fq); if (sizeOf($facet) == 2 && preg_match('/-?GroupType/', $facet[0])) { switch ($facet[1]) { case 'PublicOpen': case 'PublicClosed': case 'Private': break; default: throw new Exception("Invalid group type '{$facet[1]}'", Z_ERROR_INVALID_GROUP_TYPE); } $sql .= "AND type"; // If first character is '-', negate $sql .= $facet[0][0] == '-' ? '!' : ''; $sql .= "=? "; $sqlParams[] = $facet[1]; } } } if (!empty($params['sort'])) { $order = $params['sort']; if ($order == 'title') { $order = 'name'; } $sql .= "ORDER BY {$order}"; if (!empty($params['direction'])) { $sql .= " " . $params['direction'] . " "; } } // Limit is set $buffer higher than the actual limit, in case some groups are // removed during access checks // // Actual limiting is done below if ($limit) { $sql .= "LIMIT ?, ?"; $sqlParams[] = $start; $sqlParams[] = $limit; } $rows = Zotero_DB::query($sql, $sqlParams); if (!$rows) { break; } if (is_null($totalResults)) { if ($calcFoundRows) { $foundRows = Zotero_DB::valueQuery("SELECT FOUND_ROWS()"); // Cache found rows count, and store earlier expiration time so that one // request can trigger a recalculation before cached value expires if ($cacheFoundRows) { Z_Core::$MC->set($foundRowsCacheKey, ['rows' => $foundRows, 'exp' => time() + $foundRowsTTL], $foundRowsRealTTL); } } $totalResults = $foundRows; } // Include only groups with non-banned owners $owners = array(); foreach ($rows as $row) { $owners[] = $row['ownerUserID']; } $owners = Zotero_Users::getValidUsers($owners); $ids = array(); foreach ($rows as $row) { if (!in_array($row['ownerUserID'], $owners)) { $totalResults--; continue; } $ids[] = $row['groupID']; } $batchStartPos = sizeOf($groups); foreach ($ids as $id) { $group = Zotero_Groups::get($id, true); $groups[] = $group; } // Remove groups that can't be accessed if ($permissions) { for ($i = $batchStartPos; $i < sizeOf($groups); $i++) { if (!$permissions->canAccess($groups[$i]->libraryID, 'view')) { array_splice($groups, $i, 1); $i--; $totalResults--; } } } $times++; if ($times == $maxTimes) { Z_Core::logError('Too many queries in Zotero_Groups::getAllAdvanced()'); break; } if (empty($params['limit'])) { break; } // If we have enough groups to fill the limit, stop if (sizeOf($groups) > $params['limit']) { break; } // If there no more rows, stop if ($start + sizeOf($rows) >= $foundRows) { break; } $start = $start + sizeOf($rows); // Get number we still need plus the buffer or all remaining, whichever is lower $limit = min($params['limit'] - sizeOf($groups) + $buffer, $foundRows - $start); } // TODO: generate previous start value if (!$groups) { return array('results' => array(), 'total' => 0); } // Fake limiting -- we can't just use SQL limit because // some groups might be inaccessible if (!empty($params['limit'])) { $groups = array_slice($groups, 0, $params['limit']); } $results = array('results' => $groups, 'total' => $totalResults); return $results; }
public static function isEditable($obj) { $type = static::field('object'); // Only enforce for sync controller for now if (empty($GLOBALS['controller']) || !$GLOBALS['controller'] instanceof SyncController) { return true; } // Make sure user has access privileges to delete $userID = $GLOBALS['controller']->userID; if (!$userID) { return true; } $objectLibraryID = $obj->libraryID; $libraryType = Zotero_Libraries::getType($objectLibraryID); switch ($libraryType) { case 'user': if (!empty($GLOBALS['controller']->userLibraryID)) { $userLibraryID = $GLOBALS['controller']->userLibraryID; } else { $userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID); } if ($objectLibraryID != $userLibraryID) { return false; } return true; case 'group': $groupID = Zotero_Groups::getGroupIDFromLibraryID($objectLibraryID); $group = Zotero_Groups::get($groupID); if (!$group->hasUser($userID) || !$group->userCanEdit($userID)) { return false; } if ($type == 'item' && $obj->isImportedAttachment() && !$group->userCanEditFiles($userID)) { return false; } return true; default: throw new Exception("Unsupported library type '{$libraryType}'"); } }
public static function toJSON($libraryID) { // TODO: cache $libraryType = Zotero_Libraries::getType($libraryID); if ($libraryType == 'user') { $objectUserID = Zotero_Users::getUserIDFromLibraryID($libraryID); $json = ['type' => $libraryType, 'id' => $objectUserID, 'name' => self::getName($libraryID), 'links' => ['alternate' => ['href' => Zotero_URI::getUserURI($objectUserID, true), 'type' => 'text/html']]]; } else { if ($libraryType == 'publications') { $objectUserID = Zotero_Users::getUserIDFromLibraryID($libraryID); $json = ['type' => $libraryType, 'id' => $objectUserID, 'name' => self::getName($libraryID), 'links' => ['alternate' => ['href' => Zotero_URI::getUserURI($objectUserID, true) . "/publications", 'type' => 'text/html']]]; } else { if ($libraryType == 'group') { $objectGroupID = Zotero_Groups::getGroupIDFromLibraryID($libraryID); $group = Zotero_Groups::get($objectGroupID); $json = ['type' => $libraryType, 'id' => $objectGroupID, 'name' => self::getName($libraryID), 'links' => ['alternate' => ['href' => Zotero_URI::getGroupURI($group, true), 'type' => 'text/html']]]; } else { throw new Exception("Invalid library type '{$libraryType}'"); } } } return $json; }
public static function getUserLibraries($userID) { return array_merge(array(Zotero_Users::getLibraryIDFromUserID($userID)), Zotero_Groups::getUserGroupLibraries($userID)); }
public static function getUserUsage($userID) { $usage = array(); $libraryID = Zotero_Users::getLibraryIDFromUserID($userID); $sql = "SELECT SUM(size) AS bytes FROM storageFileItems\n\t\t\t\tJOIN items USING (itemID) WHERE libraryID=?"; $libraryBytes = Zotero_DB::valueQuery($sql, $libraryID, Zotero_Shards::getByLibraryID($libraryID)); $usage['library'] = round($libraryBytes / 1024 / 1024, 1); $groupBytes = 0; $usage['groups'] = array(); $ownedLibraries = Zotero_Groups::getUserOwnedGroupLibraries($userID); if ($ownedLibraries) { $shardIDs = Zotero_Groups::getUserGroupShards($userID); foreach ($shardIDs as $shardID) { $sql = "SELECT libraryID, SUM(size) AS `bytes` FROM storageFileItems\n\t\t\t\t\t\tJOIN items I USING (itemID)\n\t\t\t\t\t\tWHERE libraryID IN\n\t\t\t\t\t\t(" . implode(', ', array_fill(0, sizeOf($ownedLibraries), '?')) . ")\n\t\t\t\t\t\tGROUP BY libraryID WITH ROLLUP"; $libraries = Zotero_DB::query($sql, $ownedLibraries, $shardID); if ($libraries) { foreach ($libraries as $library) { if ($library['libraryID']) { $usage['groups'][] = array('id' => Zotero_Groups::getGroupIDFromLibraryID($library['libraryID']), 'usage' => round($library['bytes'] / 1024 / 1024, 1)); } else { $groupBytes += $library['bytes']; } } } } } $usage['total'] = round(($libraryBytes + $groupBytes) / 1024 / 1024, 1); return $usage; }
public static function getLibraryURI($libraryID) { $libraryType = Zotero_Libraries::getType($libraryID); switch ($libraryType) { case 'user': $id = Zotero_Users::getUserIDFromLibraryID($libraryID); return self::getBaseURI() . "users/{$id}"; case 'group': $id = Zotero_Groups::getGroupIDFromLibraryID($libraryID); return self::getBaseURI() . "groups/{$id}"; } }
/** * For HTTP Auth and session-based auth, generate blanket user permissions * manually, since there's no key object */ protected function grantUserPermissions($userID) { $this->permissions = new Zotero_Permissions($userID); $libraryID = Zotero_Users::getLibraryIDFromUserID($userID); // Grant user permissions on own library and all groups $this->permissions->setPermission($libraryID, 'library', true); $this->permissions->setPermission($libraryID, 'files', true); $this->permissions->setPermission($libraryID, 'notes', true); $this->permissions->setPermission($libraryID, 'write', true); $this->permissions->setPermission(0, 'library', true); $this->permissions->setPermission(0, 'write', true); }
public static function deleteUser($userID) { if (empty($userID)) { throw new Exception("userID not provided"); } $username = Zotero_Users::getUsername($userID, true); $sql = "SELECT LUM_Role.Name FROM LUM_User JOIN LUM_Role USING (RoleID) WHERE UserID=?"; try { $role = Zotero_WWW_DB_2::valueQuery($sql, $userID); } catch (Exception $e) { Z_Core::logError("WARNING: {$e} -- retrying on primary"); $role = Zotero_WWW_DB_1::valueQuery($sql, $userID); } if ($role != 'Deleted') { throw new Exception("User '{$username}' does not have role 'Deleted'"); } Zotero_DB::beginTransaction(); if (Zotero_Groups::getUserOwnedGroups($userID)) { throw new Exception("Cannot delete user '{$username}' with owned groups"); } // Remove user from any groups they're a member of // // This isn't strictly necessary thanks to foreign key cascades, // but it removes some extra keyPermissions rows $groupIDs = Zotero_Groups::getUserGroups($userID); foreach ($groupIDs as $groupID) { $group = Zotero_Groups::get($groupID, true); $group->removeUser($userID); } // Remove all data Zotero_Users::clearAllData($userID); // Remove user publications library $libraryID = self::getLibraryIDFromUserID($userID, 'publications'); if ($libraryID) { $shardID = Zotero_Shards::getByLibraryID($libraryID); Zotero_DB::query("DELETE FROM shardLibraries WHERE libraryID=?", $libraryID, $shardID); Zotero_DB::query("DELETE FROM libraries WHERE libraryID=?", $libraryID); } // Remove user/library rows $libraryID = self::getLibraryIDFromUserID($userID); $shardID = Zotero_Shards::getByLibraryID($libraryID); Zotero_DB::query("DELETE FROM shardLibraries WHERE libraryID=?", $libraryID, $shardID); Zotero_DB::query("DELETE FROM libraries WHERE libraryID=?", $libraryID); Zotero_DB::commit(); }
public static function getAllAdvanced($userID = false, $params = array(), $permissions = null) { $buffer = 20; $maxTimes = 3; $groups = array(); $start = !empty($params['start']) ? $params['start'] : 0; $limit = !empty($params['limit']) ? $params['limit'] + $buffer : false; $totalResults = null; $times = 0; while (true) { if ($times > 0) { Z_Core::logError('Getting more groups in Zotero_Groups::getAllAdvanced()'); } $sql = "SELECT SQL_CALC_FOUND_ROWS G.groupID, GUO.userID AS ownerUserID FROM groups G\n\t\t\t\t\tJOIN groupUsers GUO ON (G.groupID=GUO.groupID AND GUO.role='owner') "; $sqlParams = array(); if ($userID) { $sql .= "JOIN groupUsers GUA ON (G.groupID=GUA.groupID) WHERE GUA.userID=? "; $sqlParams[] = $userID; } $paramSQL = ""; $includeEmpty = false; if (!empty($params['q'])) { if (!is_array($params['q'])) { $params['q'] = array($params['q']); } foreach ($params['q'] as $q) { $field = explode(":", $q); if (sizeOf($field) == 2) { switch ($field[0]) { case 'slug': $includeEmpty = true; break; default: throw new Exception("Cannot search by group field '{$field[0]}'", Z_ERROR_INVALID_GROUP_TYPE); } $paramSQL .= "AND " . $field[0]; // If first character is '-', negate $paramSQL .= $field[0][0] == '-' ? '!' : ''; $paramSQL .= "=? "; $sqlParams[] = $field[1]; } else { $paramSQL .= "AND name LIKE ? "; $sqlParams[] = "%{$q}%"; } } } if (!$userID) { if ($includeEmpty) { $sql .= "WHERE 1 "; } else { // Don't include groups that have never had items $sql .= "JOIN libraries L ON (G.libraryID=L.libraryID)\n\t\t\t\t\t\t\tWHERE L.lastUpdated != '0000-00-00 00:00:00' "; } } $sql .= $paramSQL; if (!empty($params['fq'])) { if (!is_array($params['fq'])) { $params['fq'] = array($params['fq']); } foreach ($params['fq'] as $fq) { $facet = explode(":", $fq); if (sizeOf($facet) == 2 && preg_match('/-?GroupType/', $facet[0])) { switch ($facet[1]) { case 'PublicOpen': case 'PublicClosed': case 'Private': break; default: throw new Exception("Invalid group type '{$facet[1]}'", Z_ERROR_INVALID_GROUP_TYPE); } $sql .= "AND type"; // If first character is '-', negate $sql .= $facet[0][0] == '-' ? '!' : ''; $sql .= "=? "; $sqlParams[] = $facet[1]; } } } if (!empty($params['order'])) { $order = $params['order']; if ($order == 'title') { $order = 'name'; } $sql .= "ORDER BY {$order}"; if (!empty($params['sort'])) { $sql .= " " . $params['sort'] . " "; } } // Set limit higher than the actual limit, in case some groups are // removed during access checks // // Actual limiting is done below if ($limit) { $sql .= "LIMIT ?, ?"; $sqlParams[] = $start; $sqlParams[] = $limit; } $rows = Zotero_DB::query($sql, $sqlParams); if (!$rows) { break; } if (!$totalResults) { $foundRows = Zotero_DB::valueQuery("SELECT FOUND_ROWS()"); $totalResults = $foundRows; } // Include only groups with non-banned owners $owners = array(); foreach ($rows as $row) { $owners[] = $row['ownerUserID']; } $owners = Zotero_Users::getValidUsers($owners); $ids = array(); foreach ($rows as $row) { if (!in_array($row['ownerUserID'], $owners)) { $totalResults--; continue; } $ids[] = $row['groupID']; } $batchStartPos = sizeOf($groups); foreach ($ids as $id) { $group = Zotero_Groups::get($id, true); $groups[] = $group; } // Remove groups that can't be accessed if ($permissions) { for ($i = $batchStartPos; $i < sizeOf($groups); $i++) { $libraryID = (int) $groups[$i]->libraryID; // TEMP: casting shouldn't be necessary if (!$permissions->canAccess($libraryID)) { array_splice($groups, $i, 1); $i--; $totalResults--; } } } $times++; if ($times == $maxTimes) { Z_Core::logError('Too many queries in Zotero_Groups::getAllAdvanced()'); break; } if (empty($params['limit'])) { break; } // If we have enough groups to fill the limit, stop if (sizeOf($groups) > $params['limit']) { break; } // If there no more rows, stop if ($start + sizeOf($rows) == $foundRows) { break; } // This shouldn't happen if ($start + sizeOf($rows) > $foundRows) { Z_Core::logError('More rows than $foundRows in Zotero_Groups::getAllAdvanced()'); } $start = $start + sizeOf($rows); // Get number we still need plus the buffer or all remaining, whichever is lower $limit = min($params['limit'] - sizeOf($groups) + $buffer, $foundRows - $start); } // TODO: generate previous start value if (!$groups) { return array('groups' => array(), 'totalResults' => 0); } // Fake limiting -- we can't just use SQL limit because // some groups might be inaccessible if (!empty($params['limit'])) { $groups = array_slice($groups, 0, $params['limit']); } $results = array('groups' => $groups, 'totalResults' => $totalResults); return $results; }
/** * Make sure we have a valid session */ private function sessionCheck() { if (empty($_REQUEST['sessionid'])) { $this->error(403, 'NO_SESSION_ID', "Session ID not provided"); } if (!preg_match('/^[a-f0-9]{32}$/', $_REQUEST['sessionid'])) { $this->error($this->apiVersion >= 9 ? 403 : 500, 'INVALID_SESSION_ID', "Invalid session ID"); } $sessionID = $_REQUEST['sessionid']; $session = Z_Core::$MC->get("syncSession_{$sessionID}"); $userID = $session ? $session['userID'] : null; // TEMP: can switch to just $session $ipAddress = isset($session['ipAddress']) ? $session['ipAddress'] : null; if (!$userID) { $sql = "SELECT userid, (UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(timestamp)) AS age,\n\t\t\t\t\tINET_NTOA(ipAddress) AS ipAddress FROM sessions WHERE sessionID=?"; $session = Zotero_DB::rowQuery($sql, $sessionID); if (!$session) { $this->error($this->apiVersion >= 9 ? 403 : 500, 'INVALID_SESSION_ID', "Invalid session ID"); } if ($session['age'] > $this->sessionLifetime) { $this->error($this->apiVersion >= 9 ? 403 : 500, 'SESSION_TIMED_OUT', "Session timed out"); } $userID = $session['userid']; $ipAddress = $session['ipAddress']; } $updated = Z_Core::$MC->set("syncSession_{$sessionID}", array('sessionID' => $sessionID, 'userID' => $userID, 'ipAddress' => $ipAddress), $this->sessionLifetime - 1200); // Every 20 minutes, update the timestamp in the DB if (!Z_Core::$MC->get("syncSession_" . $sessionID . "_dbUpdated")) { $sql = "UPDATE sessions SET timestamp=NOW() WHERE sessionID=?"; Zotero_DB::query($sql, $sessionID); Z_Core::$MC->set("syncSession_" . $sessionID . "_dbUpdated", true, 1200); } $this->sessionID = $sessionID; $this->userID = $userID; $this->userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID); $this->ipAddress = $ipAddress; }
public function toResponseJSON($requestParams=[], Zotero_Permissions $permissions, $sharedData=null) { $t = microtime(true); if (!$this->loaded['primaryData']) { $this->loadPrimaryData(); } if (!$this->loaded['itemData']) { $this->loadItemData(); } // Uncached stuff or parts of the cache key $version = $this->version; $parent = $this->getSource(); $isRegularItem = !$parent && $this->isRegularItem(); $downloadDetails = $permissions->canAccess($this->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($this) : false; if ($isRegularItem) { $numChildren = $permissions->canAccess($this->libraryID, 'notes') ? $this->numChildren() : $this->numAttachments(); } $libraryType = Zotero_Libraries::getType($this->libraryID); // Any query parameters that have an effect on the output // need to be added here $allowedParams = [ 'include', 'style', 'css', 'linkwrap' ]; $cachedParams = Z_Array::filterKeys($requestParams, $allowedParams); $cacheVersion = 1; $cacheKey = "jsonEntry_" . $this->libraryID . "/" . $this->id . "_" . md5( $version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') // For groups, include the group WWW URL, which can change . ($libraryType == 'group' ? Zotero_URI::getItemURI($this, true) : '') ) . "_" . $requestParams['v'] // For code-based changes . "_" . $cacheVersion // For data-based changes . (isset(Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM) ? "_" . Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM : "") // If there's bib content, include the bib cache version . ((in_array('bib', $requestParams['include']) && isset(Z_CONFIG::$CACHE_VERSION_BIB)) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : ""); $cached = Z_Core::$MC->get($cacheKey); if (false && $cached) { // Make sure numChildren reflects the current permissions if ($isRegularItem) { $json = json_decode($cached); $json['numChildren'] = $numChildren; $cached = json_encode($json); } //StatsD::timing("api.items.itemToResponseJSON.cached", (microtime(true) - $t) * 1000); //StatsD::increment("memcached.items.itemToResponseJSON.hit"); // Skip the cache every 10 times for now, to ensure cache sanity if (!Z_Core::probability(10)) { return $cached; } } $json = [ 'key' => $this->key, 'version' => $version, 'library' => Zotero_Libraries::toJSON($this->libraryID) ]; $json['links'] = [ 'self' => [ 'href' => Zotero_API::getItemURI($this), 'type' => 'application/json' ], 'alternate' => [ 'href' => Zotero_URI::getItemURI($this, true), 'type' => 'text/html' ] ]; if ($parent) { $parentItem = Zotero_Items::get($this->libraryID, $parent); $json['links']['up'] = [ 'href' => Zotero_API::getItemURI($parentItem), 'type' => 'application/json' ]; } // If appropriate permissions and the file is stored in ZFS, get file request link if ($downloadDetails) { $details = $downloadDetails; $type = $this->attachmentMIMEType; if ($type) { $json['links']['enclosure'] = [ 'type' => $type ]; } $json['links']['enclosure']['href'] = $details['url']; if (!empty($details['filename'])) { $json['links']['enclosure']['title'] = $details['filename']; } if (isset($details['size'])) { $json['links']['enclosure']['length'] = $details['size']; } } // 'meta' $json['meta'] = new stdClass; if (Zotero_Libraries::getType($this->libraryID) == 'group') { $createdByUserID = $this->createdByUserID; $lastModifiedByUserID = $this->lastModifiedByUserID; if ($createdByUserID) { $json['meta']->createdByUser = Zotero_Users::toJSON($createdByUserID); } if ($lastModifiedByUserID && $lastModifiedByUserID != $createdByUserID) { $json['meta']->lastModifiedByUser = Zotero_Users::toJSON($lastModifiedByUserID); } } if ($isRegularItem) { $val = $this->getCreatorSummary(); if ($val !== '') { $json['meta']->creatorSummary = $val; } $val = $this->getField('date', true, true, true); if ($val !== '') { $sqlDate = Zotero_Date::multipartToSQL($val); if (substr($sqlDate, 0, 4) !== '0000') { $json['meta']->parsedDate = Zotero_Date::sqlToISO8601($sqlDate); } } $json['meta']->numChildren = $numChildren; } // 'include' $include = $requestParams['include']; foreach ($include as $type) { if ($type == 'html') { $json[$type] = trim($this->toHTML()); } else if ($type == 'citation') { if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) { $html = $sharedData[$type][$this->libraryID . "/" . $this->key]; } else { if ($sharedData !== null) { //error_log("Citation not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getCitationFromCiteServer($this, $requestParams); } $json[$type] = $html; } else if ($type == 'bib') { if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) { $html = $sharedData[$type][$this->libraryID . "/" . $this->key]; } else { if ($sharedData !== null) { //error_log("Bibliography not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getBibliographyFromCitationServer([$this], $requestParams); // Strip prolog $html = preg_replace('/^<\?xml.+\n/', "", $html); $html = trim($html); } $json[$type] = $html; } else if ($type == 'data') { $json[$type] = $this->toJSON(true, $requestParams, true); } else if ($type == 'csljson') { $json[$type] = $this->toCSLItem(); } else if (in_array($type, Zotero_Translate::$exportFormats)) { $export = Zotero_Translate::doExport([$this], $type); $json[$type] = $export['body']; unset($export); } } // TEMP if ($cached) { $uncached = Zotero_Utilities::formatJSON($json); if ($cached != $uncached) { error_log("Cached JSON item entry does not match"); error_log(" Cached: " . $cached); error_log("Uncached: " . $uncached); //Z_Core::$MC->set($cacheKey, $uncached, 3600); // 1 hour for now } } else { /*Z_Core::$MC->set($cacheKey, $xmlstr, 3600); // 1 hour for now StatsD::timing("api.items.itemToAtom.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToAtom.miss");*/ } return $json; }
/** * Converts a Zotero_Item object to a SimpleXMLElement Atom object * * @param object $item Zotero_Item object * @param string $content * @return SimpleXMLElement Item data as SimpleXML element */ public static function convertItemToAtom(Zotero_Item $item, $queryParams, $apiVersion = null, $permissions = null, $sharedData = null) { $content = $queryParams['content']; $contentIsHTML = sizeOf($content) == 1 && $content[0] == 'html'; $contentParamString = urlencode(implode(',', $content)); $style = $queryParams['style']; $entry = '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>'; $xml = new SimpleXMLElement($entry); $title = $item->getDisplayTitle(true); $title = $title ? $title : '[Untitled]'; $xml->title = $title; $author = $xml->addChild('author'); $createdByUserID = null; switch (Zotero_Libraries::getType($item->libraryID)) { case 'group': $createdByUserID = $item->createdByUserID; break; } if ($createdByUserID) { $author->name = Zotero_Users::getUsername($createdByUserID); $author->uri = Zotero_URI::getUserURI($createdByUserID); } else { $author->name = Zotero_Libraries::getName($item->libraryID); $author->uri = Zotero_URI::getLibraryURI($item->libraryID); } $id = Zotero_URI::getItemURI($item); /*if (!$contentIsHTML) { $id .= "?content=$content"; }*/ $xml->id = $id; $xml->published = Zotero_Date::sqlToISO8601($item->getField('dateAdded')); $xml->updated = Zotero_Date::sqlToISO8601($item->getField('dateModified')); $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $href = Zotero_Atom::getItemURI($item); if (!$contentIsHTML) { $href .= "?content={$contentParamString}"; } $link['href'] = $href; $parent = $item->getSource(); if ($parent) { // TODO: handle group items? $parentItem = Zotero_Items::get($item->libraryID, $parent); $link = $xml->addChild("link"); $link['rel'] = "up"; $link['type'] = "application/atom+xml"; $href = Zotero_Atom::getItemURI($parentItem); if (!$contentIsHTML) { $href .= "?content={$contentParamString}"; } $link['href'] = $href; } $link = $xml->addChild('link'); $link['rel'] = 'alternate'; $link['type'] = 'text/html'; $link['href'] = Zotero_URI::getItemURI($item); // If appropriate permissions and the file is stored in ZFS, get file request link if ($permissions && $permissions->canAccess($item->libraryID, 'files')) { $details = Zotero_S3::getDownloadDetails($item); if ($details) { $link = $xml->addChild('link'); $link['rel'] = 'enclosure'; $type = $item->attachmentMIMEType; if ($type) { $link['type'] = $type; } $link['href'] = $details['url']; if (!empty($details['filename'])) { $link['title'] = $details['filename']; } if (!empty($details['size'])) { $link['length'] = $details['size']; } } } $xml->addChild('zapi:key', $item->key, Zotero_Atom::$nsZoteroAPI); $xml->addChild('zapi:itemType', Zotero_ItemTypes::getName($item->itemTypeID), Zotero_Atom::$nsZoteroAPI); if ($item->isRegularItem()) { $val = $item->creatorSummary; if ($val !== '') { $xml->addChild('zapi:creatorSummary', htmlspecialchars($val), Zotero_Atom::$nsZoteroAPI); } $val = substr($item->getField('date', true, true, true), 0, 4); if ($val !== '' && $val !== '0000') { $xml->addChild('zapi:year', $val, Zotero_Atom::$nsZoteroAPI); } } if (!$parent && $item->isRegularItem()) { if ($permissions && !$permissions->canAccess($item->libraryID, 'notes')) { $numChildren = $item->numAttachments(); } else { $numChildren = $item->numChildren(); } $xml->addChild('zapi:numChildren', $numChildren, Zotero_Atom::$nsZoteroAPI); } $xml->addChild('zapi:numTags', $item->numTags(), Zotero_Atom::$nsZoteroAPI); $xml->content = ''; // // DOM XML from here on out // $contentNode = dom_import_simplexml($xml->content); $domDoc = $contentNode->ownerDocument; $multiFormat = sizeOf($content) > 1; // Create a root XML document for multi-format responses if ($multiFormat) { $contentNode->setAttribute('type', 'application/xml'); /*$multicontent = $domDoc->createElementNS( Zotero_Atom::$nsZoteroAPI, 'multicontent' ); $contentNode->appendChild($multicontent);*/ } foreach ($content as $type) { // Set the target to either the main <content> // or a <multicontent> <content> if (!$multiFormat) { $target = $contentNode; } else { $target = $domDoc->createElementNS(Zotero_Atom::$nsZoteroAPI, 'subcontent'); $contentNode->appendChild($target); } $target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:type", $type); if ($type == 'html') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } $div = $domDoc->createElement('div'); $div->setAttribute('xmlns', Zotero_Atom::$nsXHTML); $target->appendChild($div); $html = $item->toHTML(true); $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $div->appendChild($importedNode); } else { if ($type == 'citation') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) { $html = $sharedData[$type][$item->libraryID . "/" . $item->key]; } else { if ($sharedData !== null) { error_log("Citation not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getCitationFromCiteServer($item, $style); } $html = new SimpleXMLElement($html); $html['xmlns'] = Zotero_Atom::$nsXHTML; $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if ($type == 'bib') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) { $html = $sharedData[$type][$item->libraryID . "/" . $item->key]; } else { if ($sharedData !== null) { error_log("Bibliography not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getBibliographyFromCitationServer(array($item), $style); } $html = new SimpleXMLElement($html); $html['xmlns'] = Zotero_Atom::$nsXHTML; $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if ($type == 'json') { $target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:etag", $item->etag); $textNode = $domDoc->createTextNode($item->toJSON(false, $queryParams['pprint'], true)); $target->appendChild($textNode); } else { if ($type == 'csljson') { $arr = $item->toCSLItem(); $mask = JSON_HEX_TAG | JSON_HEX_AMP; if ($queryParams['pprint']) { $json = Zotero_Utilities::json_encode_pretty($arr, $mask); } else { $json = json_encode($arr, $mask); } // Until JSON_UNESCAPED_SLASHES is available $json = str_replace('\\/', '/', $json); $textNode = $domDoc->createTextNode($json); $target->appendChild($textNode); } else { if ($type == 'full') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } $fullXML = Zotero_Items::convertItemToXML($item, array(), $apiVersion); $fullXML->addAttribute("xmlns", Zotero_Atom::$nsZoteroTransfer); $subNode = dom_import_simplexml($fullXML); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if (in_array($type, Zotero_Translate::$exportFormats)) { $export = Zotero_Translate::doExport(array($item), $type); $target->setAttribute('type', $export['mimeType']); // Insert XML into document if (preg_match('/\\+xml$/', $export['mimeType'])) { // Strip prolog $body = preg_replace('/^<\\?xml.+\\n/', "", $export['body']); $subNode = $domDoc->createDocumentFragment(); $subNode->appendXML($body); $target->appendChild($subNode); } else { $textNode = $domDoc->createTextNode($export['body']); $target->appendChild($textNode); } } } } } } } } } return $xml; }
private static function getURIObject($objectURI, $type) { $Types = ucwords($type) . 's'; $types = strtolower($Types); $libraryType = null; $baseURI = self::getBaseURI(); // If not found, try global URI if (strpos($objectURI, $baseURI) !== 0) { throw new Exception("Invalid base URI '{$objectURI}'"); } $objectURI = substr($objectURI, strlen($baseURI)); $typeRE = "/^(users|groups)\\/([0-9]+)(?:\\/|\$)/"; if (!preg_match($typeRE, $objectURI, $matches)) { throw new Exception("Invalid library URI '{$objectURI}'"); } $libraryType = substr($matches[1], 0, -1); $id = $matches[2]; $objectURI = preg_replace($typeRE, '', $objectURI); if ($libraryType == 'user') { if (!Zotero_Users::exists($id)) { return false; } $libraryID = Zotero_Users::getLibraryIDFromUserID($id); } else { if ($libraryType == 'group') { if (!Zotero_Groups::get($id)) { return false; } $libraryID = Zotero_Groups::getLibraryIDFromGroupID($id); } else { throw new Exception("Invalid library type {$libraryType}"); } } if ($type === 'library') { return $libraryID; } else { // TODO: objectID-based URI? if (!preg_match($types . "\\/([A-Z0-9]{8})", $objectURI, $matches)) { throw new Exception("Invalid object URI '{$objectURI}'"); } $objectKey = $matches[1]; return call_user_func(array("Zotero_{$Types}", "getByLibraryAndKey"), $libraryID, $objectKey); } }
public function testAuthenticate() { $this->assertEquals(Zotero_Users::authenticate('password', array('username' => 'testuser', 'password' => 'letmein')), 1); $this->assertEquals(Zotero_Users::authenticate('password', array('username' => 'testuser', 'password' => 'letmein2')), false); }
public static function getLibraryURI($libraryID) { $libraryType = Zotero_Libraries::getType($libraryID); switch ($libraryType) { case 'user': $id = Zotero_Users::getUserIDFromLibraryID($libraryID); return self::getBaseURI() . "users/{$id}"; case 'publications': $id = Zotero_Users::getUserIDFromLibraryID($libraryID); return self::getBaseURI() . "users/{$id}/publications"; case 'group': $id = Zotero_Groups::getGroupIDFromLibraryID($libraryID); return self::getBaseURI() . "groups/{$id}"; default: throw new Exception("Invalid library type '{$libraryType}'"); } }
private function logGroupLibraryRemoval() { $users = $this->getUsers(); $usersByShard = array(); foreach ($users as $userID) { $shardID = Zotero_Shards::getByUserID($userID); if (!isset($usersByShard[$shardID])) { $usersByShard[$shardID] = array(); } $usersByShard[$shardID][] = $userID; } foreach ($usersByShard as $shardID => $userIDs) { // Add to delete log for all group members $sql = "REPLACE INTO syncDeleteLogIDs (libraryID, objectType, id) VALUES "; $params = array(); $sets = array(); foreach ($userIDs as $userID) { $libraryID = Zotero_Users::getLibraryIDFromUserID($userID); $sets[] = "(?,?,?)"; $params = array_merge($params, array($libraryID, 'group', $this->id)); } $sql .= implode(",", $sets); Zotero_DB::query($sql, $params, $shardID); } }