/**
* @param $observer Class Class with method notify($event, $type, $ids, $extraData)
* @param $types [array] Types to receive notications for
* @param $label [string] Name of the observer
*/
public static function registerObserver($observer, $types = [], $name = '')
{
if (is_scalar($types)) {
$types = array($types);
}
foreach ($types as $type) {
if (!in_array($type, self::$types)) {
throw new Exception("Invalid type '{$type}'");
}
}
if (empty($name) || isset(self::$observers[$name])) {
$len = 2;
$tries = 10;
do {
// Increase the hash length if we can't find a unique key
if (!$tries) {
$len++;
$tries = 5;
}
$key = strlen($name) ? "{$name}-" : '';
$key .= Zotero_Utilities::randomString($len, 'mixed');
$tries--;
} while (isset(self::$observers[$key]));
} else {
$key = $name;
}
Z_Core::debug('Registering observer for ' . ($types ? '[' . implode(",", $types) . ']' : 'all types') . ' in notifier ' . $key . "'", 4);
self::$observers[$key] = array("observer" => $observer, "types" => $types);
return $key;
}
public static function getUserURI($userID, $skipNames = false)
{
if ($skipNames) {
return self::getBaseURI() . "users/{$userID}";
}
$username = Zotero_Users::getUsername($userID);
return self::getBaseURI() . Zotero_Utilities::slugify($username);
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
API::userClear(self::$config['userID']);
// Create test data
$key = API::createItem("book", array("title" => "Title", "creators" => array(array("creatorType" => "author", "firstName" => "First", "lastName" => "Last"))), null, 'key');
self::$items[$key] = '<content xmlns:zapi="http://zotero.org/ns/api" type="application/xml"><zapi:subcontent zapi:type="bib"><div xmlns="http://www.w3.org/1999/xhtml" class="csl-bib-body" style="line-height: 1.35; padding-left: 2em; text-indent:-2em;"><div class="csl-entry">Last, First. <i>Title</i>, n.d.</div></div></zapi:subcontent><zapi:subcontent zapi:type="json">' . \Zotero_Utilities::formatJSON(json_decode('{"itemKey":"","itemVersion":0,"itemType":"book","title":"Title","creators":[{"creatorType":"author","firstName":"First","lastName":"Last"}],"abstractNote":"","series":"","seriesNumber":"","volume":"","numberOfVolumes":"","edition":"","place":"","publisher":"","date":"","numPages":"","language":"","ISBN":"","shortTitle":"","url":"","accessDate":"","archive":"","archiveLocation":"","libraryCatalog":"","callNumber":"","rights":"","extra":"","tags":[],"collections":[],"relations":{}}')) . '</zapi:subcontent></content>';
$key = API::createItem("book", array("title" => "Title 2", "creators" => array(array("creatorType" => "author", "firstName" => "First", "lastName" => "Last"), array("creatorType" => "editor", "firstName" => "Ed", "lastName" => "McEditor"))), null, 'key');
self::$items[$key] = '<content xmlns:zapi="http://zotero.org/ns/api" type="application/xml"><zapi:subcontent zapi:type="bib"><div xmlns="http://www.w3.org/1999/xhtml" class="csl-bib-body" style="line-height: 1.35; padding-left: 2em; text-indent:-2em;"><div class="csl-entry">Last, First. <i>Title 2</i>. Edited by Ed McEditor, n.d.</div></div></zapi:subcontent><zapi:subcontent zapi:type="json">' . \Zotero_Utilities::formatJSON(json_decode('{"itemKey":"","itemVersion":0,"itemType":"book","title":"Title 2","creators":[{"creatorType":"author","firstName":"First","lastName":"Last"},{"creatorType":"editor","firstName":"Ed","lastName":"McEditor"}],"abstractNote":"","series":"","seriesNumber":"","volume":"","numberOfVolumes":"","edition":"","place":"","publisher":"","date":"","numPages":"","language":"","ISBN":"","shortTitle":"","url":"","accessDate":"","archive":"","archiveLocation":"","libraryCatalog":"","callNumber":"","rights":"","extra":"","tags":[],"collections":[],"relations":{}}')) . '</zapi:subcontent></content>';
}
public static function getUserURI($userID, $www = false, $useSlug = false)
{
if ($www) {
$username = Zotero_Users::getUsername($userID);
return self::getBaseWWWURI() . Zotero_Utilities::slugify($username);
}
if ($useSlug) {
$username = Zotero_Users::getUsername($userID);
return self::getBaseURI() . Zotero_Utilities::slugify($username);
}
return self::getBaseURI() . "users/{$userID}";
}
public static function generate()
{
$tries = 5;
while ($tries > 0) {
$str = Zotero_Utilities::randomString(24, 'mixed');
$sql = "SELECT COUNT(*) FROM `keys` WHERE `key`=?";
if (Zotero_DB::valueQuery($sql, $str)) {
$tries--;
continue;
}
return $str;
}
throw new Exception("Unique key could not be generated");
}
public function deleted()
{
if ($this->apiVersion < 2) {
$this->e404();
}
$this->allowMethods(array('GET'));
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
// TEMP: sync transition
if ($this->queryParams['sincetime'] !== null) {
$deleted = array("collections" => Zotero_Collections::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['sincetime'], true), "items" => Zotero_Items::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['sincetime'], true), "searches" => Zotero_Searches::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['sincetime'], true), "tags" => Zotero_Tags::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['sincetime'], true), "settings" => Zotero_Settings::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['sincetime'], true));
echo Zotero_Utilities::formatJSON($deleted);
$this->end();
}
if ($this->queryParams['since'] === null) {
$this->e400("'since' parameter must be provided");
}
$deleted = array("collections" => Zotero_Collections::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['since']), "items" => Zotero_Items::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['since']), "searches" => Zotero_Searches::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['since']), "tags" => Zotero_Tags::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['since']), "settings" => Zotero_Settings::getDeleteLogKeys($this->objectLibraryID, $this->queryParams['since']));
echo Zotero_Utilities::formatJSON($deleted);
$this->end();
}
public static function publicNameExists($name)
{
$slug = Zotero_Utilities::slugify($name);
$sql = "SELECT groupID FROM groups WHERE (name=? OR slug=?) AND\n\t\t\t\t\ttype IN ('PublicOpen', 'PublicClosed')";
$groupID = Zotero_DB::valueQuery($sql, array($name, $slug));
return $groupID ? $groupID : false;
}
public function newItem()
{
if (empty($_GET['itemType'])) {
$this->e400("'itemType' not provided");
}
$itemType = $_GET['itemType'];
if ($itemType == 'attachment') {
if (empty($_GET['linkMode'])) {
$this->e400("linkMode required for itemType=attachment");
}
$linkModeName = $_GET['linkMode'];
try {
$linkMode = Zotero_Attachments::linkModeNameToNumber(strtoupper($linkModeName));
} catch (Exception $e) {
$this->e400("Invalid linkMode '{$linkModeName}'");
}
}
$itemTypeID = Zotero_ItemTypes::getID($itemType);
if (!$itemTypeID) {
$this->e400("Invalid item type '{$itemType}'");
}
// TODO: check If-Modified-Since and return 304 if not changed
$cacheKey = "newItemJSON_" . $itemTypeID;
if ($itemType == 'attachment') {
$cacheKey .= "_" . $linkMode;
}
$ttl = 60;
if ($this->queryParams['pprint']) {
$cacheKey .= "_pprint";
}
$json = Z_Core::$MC->get($cacheKey);
if ($json) {
header("Content-Type: application/json");
echo $json;
exit;
}
// Generate template
$json = array('itemType' => $itemType);
if ($itemType == 'attachment') {
$json['linkMode'] = $linkModeName;
}
$fieldIDs = Zotero_ItemFields::getItemTypeFields($itemTypeID);
$first = true;
foreach ($fieldIDs as $fieldID) {
$fieldName = Zotero_ItemFields::getName($fieldID);
if ($itemType == 'attachment' && $fieldName == 'url' && !preg_match('/_url$/', $linkModeName)) {
continue;
}
$json[$fieldName] = "";
if ($first && $itemType != 'note' && $itemType != 'attachment') {
$creatorTypeID = Zotero_CreatorTypes::getPrimaryIDForType($itemTypeID);
$creatorTypeName = Zotero_CreatorTypes::getName($creatorTypeID);
$json['creators'] = array(array('creatorType' => $creatorTypeName, 'firstName' => '', 'lastName' => ''));
$first = false;
}
}
if ($itemType == 'note' || $itemType == 'attachment') {
$json['note'] = '';
}
$json['tags'] = array();
if ($itemType != 'note' && $itemType != 'attachment') {
$json['attachments'] = array();
$json['notes'] = array();
}
if ($itemType == 'attachment') {
$json['contentType'] = '';
$json['charset'] = '';
if (preg_match('/^imported_/', $linkModeName)) {
$json['filename'] = '';
$json['md5'] = null;
$json['mtime'] = null;
//$json['zip'] = false;
}
}
header("Content-Type: application/json");
if ($this->queryParams['pprint']) {
$json = Zotero_Utilities::json_encode_pretty($json);
Z_Core::$MC->set($cacheKey, $json, $ttl);
} else {
$json = json_encode($json);
Z_Core::$MC->set($cacheKey, $json, $ttl);
}
echo $json;
exit;
}
protected function jsonDecode($json)
{
$obj = json_decode($json);
Zotero_Utilities::cleanStringRecursive($obj);
$this->checkJSONError();
return $obj;
}
public function itemContent()
{
$this->allowMethods(array('GET', 'PUT'));
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if (!$this->singleObject) {
$this->e404();
}
if ($this->isWriteMethod()) {
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
$item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if (!$item) {
$this->e404();
}
// If no access to the note, don't show that it exists
if ($item->isNote() && !$this->permissions->canAccess($this->objectLibraryID, 'notes')) {
$this->e404();
}
if (!$item->isAttachment() || Zotero_Attachments::linkModeNumberToName($item->attachmentLinkMode) == 'LINKED_URL') {
$this->e404();
}
if ($this->isWriteMethod()) {
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
if ($this->method == 'PUT') {
$this->requireContentType("application/json");
$json = json_decode($this->body, true);
if (!$json) {
$this->e400("PUT data is not valid JSON");
}
$stats = [];
foreach (Zotero_FullText::$metadata as $prop) {
if (isset($json[$prop])) {
$stats[$prop] = $json[$prop];
}
}
Zotero_FullText::indexItem($item, $json['content'], $stats);
$this->e204();
} else {
$this->e405();
}
}
$data = Zotero_FullText::getItemData($item->libraryID, $item->key);
if (!$data) {
$this->e404();
}
$this->libraryVersion = $data['version'];
$json = ["content" => $data['content']];
foreach (Zotero_FullText::$metadata as $prop) {
if (!empty($data[$prop])) {
$json[$prop] = $data[$prop];
}
}
echo Zotero_Utilities::formatJSON($json);
$this->end();
}
private function checkValue($field, $value)
{
if (!property_exists($this, $field)) {
trigger_error("Invalid property '{$field}'", E_USER_ERROR);
}
// Data validation
switch ($field) {
case 'id':
case 'libraryID':
if (!Zotero_Utilities::isPosInt($value)) {
$this->invalidValueError($field, $value);
}
break;
case 'key':
if (!preg_match('/^[23456789ABCDEFGHIJKMNPQRSTUVWXTZ]{8}$/', $value)) {
$this->invalidValueError($field, $value);
}
break;
case 'dateAdded':
case 'dateModified':
if (!preg_match("/^[0-9]{4}\\-[0-9]{2}\\-[0-9]{2} ([0-1][0-9]|[2][0-3]):([0-5][0-9]):([0-5][0-9])\$/", $value)) {
$this->invalidValueError($field, $value);
}
break;
}
}
public function testFullTextNoAccess()
{
API::groupClear(self::$config['ownedPrivateGroupID2']);
// Add item to group as user 2
$user2SessionID = Sync::login(['username' => self::$config['username2'], 'password' => self::$config['password2']]);
$xml = Sync::updated($user2SessionID);
$updateKey = (string) $xml['updateKey'];
$key = Zotero_Utilities::randomString(8, 'key', true);
$dateAdded = date('Y-m-d H:i:s', time() - 1);
$dateModified = date('Y-m-d H:i:s');
$xmlstr = '<data version="9">' . '<items>' . '<item libraryID="' . self::$config['ownedPrivateGroupLibraryID2'] . '" ' . 'itemType="attachment" ' . 'dateAdded="' . $dateAdded . '" ' . 'dateModified="' . $dateModified . '" ' . 'key="' . $key . '"/>' . '</items>' . '</data>';
$response = Sync::upload($user2SessionID, $updateKey, $xmlstr);
Sync::waitForUpload($user2SessionID, $response, $this);
// Make sure item exists
$xml = Sync::updated($user2SessionID, 1);
$this->assertEquals(1, $xml->updated[0]->items->count());
$this->assertEquals(1, $xml->updated[0]->items[0]->item->count());
// Try to add full-text content as user 1
$xml = Sync::updated(self::$sessionID);
$updateKey = (string) $xml['updateKey'];
$content = "This is some full-text content.";
$totalChars = 2500;
$xmlstr = '<data version="9">' . '<fulltexts>' . '<fulltext libraryID="' . self::$config['ownedPrivateGroupLibraryID2'] . '" ' . 'key="' . $key . '" ' . 'indexedChars="' . strlen($content) . '" ' . 'totalChars="' . $totalChars . '" ' . 'indexedPages="0" ' . 'totalPages="0">' . htmlspecialchars($content) . '</fulltext>' . '</fulltexts>' . '</data>';
$response = Sync::upload(self::$sessionID, $updateKey, $xmlstr);
Sync::waitForUpload(self::$sessionID, $response, $this);
// Retrieve it as user 2
$xml = Sync::updated($user2SessionID, 1, false, false, ["ft" => 1]);
$this->assertEquals(0, $xml->updated[0]->fulltexts->count());
API::groupClear(self::$config['ownedPrivateGroupID2']);
}
private static function processUploadInternal($userID, SimpleXMLElement $xml, $syncQueueID = null, $syncProcessID = null)
{
$userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID);
$affectedLibraries = self::parseAffectedLibraries($xml->asXML());
// Relations-only uploads don't have affected libraries
if (!$affectedLibraries) {
$affectedLibraries = array(Zotero_Users::getLibraryIDFromUserID($userID));
}
$processID = self::addUploadProcess($userID, $affectedLibraries, $syncQueueID, $syncProcessID);
set_time_limit(5400);
$profile = false;
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileStart($shardID);
}
try {
Zotero_DB::beginTransaction();
// Mark libraries as updated
foreach ($affectedLibraries as $libraryID) {
Zotero_Libraries::updateVersion($libraryID);
}
$timestamp = Zotero_Libraries::updateTimestamps($affectedLibraries);
Zotero_DB::registerTransactionTimestamp($timestamp);
// Make sure no other upload sessions use this same timestamp
// for any of these libraries, since we return >= 1 as the next
// last sync time
if (!Zotero_Libraries::setTimestampLock($affectedLibraries, $timestamp)) {
throw new Exception("Library timestamp already used", Z_ERROR_LIBRARY_TIMESTAMP_ALREADY_USED);
}
$modifiedItems = array();
// Add/update creators
if ($xml->creators) {
// DOM
$keys = array();
$xmlElements = dom_import_simplexml($xml->creators);
$xmlElements = $xmlElements->getElementsByTagName('creator');
Zotero_DB::query("SET foreign_key_checks = 0");
try {
$addedLibraryIDs = array();
$addedCreatorDataHashes = array();
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Creator {$key} already processed");
}
$keys[$key] = true;
$creatorObj = Zotero_Creators::convertXMLToCreator($xmlElement);
if (Zotero_Utilities::unicodeTrim($creatorObj->firstName) === '' && Zotero_Utilities::unicodeTrim($creatorObj->lastName) === '') {
continue;
}
$addedLibraryIDs[] = $creatorObj->libraryID;
$changed = $creatorObj->save($userID);
// If the creator changed, we need to update all linked items
if ($changed) {
$modifiedItems = array_merge($modifiedItems, $creatorObj->getLinkedItems());
}
}
} catch (Exception $e) {
Zotero_DB::query("SET foreign_key_checks = 1");
throw $e;
}
Zotero_DB::query("SET foreign_key_checks = 1");
unset($keys);
unset($xml->creators);
//
// Manual foreign key checks
//
// libraryID
foreach (array_unique($addedLibraryIDs) as $addedLibraryID) {
$shardID = Zotero_Shards::getByLibraryID($addedLibraryID);
$sql = "SELECT COUNT(*) FROM shardLibraries WHERE libraryID=?";
if (!Zotero_DB::valueQuery($sql, $addedLibraryID, $shardID)) {
throw new Exception("libraryID inserted into `creators` not found in `shardLibraries` ({$addedLibraryID}, {$shardID})");
}
}
}
// Add/update items
$savedItems = array();
if ($xml->items) {
$childItems = array();
// DOM
$xmlElements = dom_import_simplexml($xml->items);
$xmlElements = $xmlElements->getElementsByTagName('item');
foreach ($xmlElements as $xmlElement) {
$libraryID = (int) $xmlElement->getAttribute('libraryID');
$key = $xmlElement->getAttribute('key');
if (isset($savedItems[$libraryID . "/" . $key])) {
throw new Exception("Item {$libraryID}/{$key} already processed");
}
$itemObj = Zotero_Items::convertXMLToItem($xmlElement);
if (!$itemObj->getSourceKey()) {
try {
$modified = $itemObj->save($userID);
if ($modified) {
$savedItems[$libraryID . "/" . $key] = true;
}
} catch (Exception $e) {
if (strpos($e->getMessage(), 'libraryIDs_do_not_match') !== false) {
throw new Exception($e->getMessage() . " ({$key})");
}
throw $e;
}
} else {
$childItems[] = $itemObj;
}
}
unset($xml->items);
while ($childItem = array_shift($childItems)) {
$libraryID = $childItem->libraryID;
$key = $childItem->key;
if (isset($savedItems[$libraryID . "/" . $key])) {
throw new Exception("Item {$libraryID}/{$key} already processed");
}
$modified = $childItem->save($userID);
if ($modified) {
$savedItems[$libraryID . "/" . $key] = true;
}
}
}
// Add/update collections
if ($xml->collections) {
$collections = array();
$collectionSets = array();
// DOM
// Build an array of unsaved collection objects and the keys of child items
$keys = array();
$xmlElements = dom_import_simplexml($xml->collections);
$xmlElements = $xmlElements->getElementsByTagName('collection');
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Collection {$key} already processed");
}
$keys[$key] = true;
$collectionObj = Zotero_Collections::convertXMLToCollection($xmlElement);
$xmlItems = $xmlElement->getElementsByTagName('items')->item(0);
// Fix an error if there's leading or trailing whitespace,
// which was possible in 2.0.3
if ($xmlItems) {
$xmlItems = trim($xmlItems->nodeValue);
}
$arr = array('obj' => $collectionObj, 'items' => $xmlItems ? explode(' ', $xmlItems) : array());
$collections[] = $collectionObj;
$collectionSets[] = $arr;
}
unset($keys);
unset($xml->collections);
self::saveCollections($collections, $userID);
unset($collections);
// Set child items
foreach ($collectionSets as $collection) {
// Child items
if (isset($collection['items'])) {
$ids = array();
foreach ($collection['items'] as $key) {
$item = Zotero_Items::getByLibraryAndKey($collection['obj']->libraryID, $key);
if (!$item) {
throw new Exception("Child item '{$key}' of collection {$collection['obj']->id} not found", Z_ERROR_ITEM_NOT_FOUND);
}
$ids[] = $item->id;
}
$collection['obj']->setItems($ids);
}
}
unset($collectionSets);
}
// Add/update saved searches
if ($xml->searches) {
$searches = array();
$keys = array();
foreach ($xml->searches->search as $xmlElement) {
$key = (string) $xmlElement['key'];
if (isset($keys[$key])) {
throw new Exception("Search {$key} already processed");
}
$keys[$key] = true;
$searchObj = Zotero_Searches::convertXMLToSearch($xmlElement);
$searchObj->save($userID);
}
unset($xml->searches);
}
// Add/update tags
if ($xml->tags) {
$keys = array();
// DOM
$xmlElements = dom_import_simplexml($xml->tags);
$xmlElements = $xmlElements->getElementsByTagName('tag');
foreach ($xmlElements as $xmlElement) {
// TEMP
$tagItems = $xmlElement->getElementsByTagName('items');
if ($tagItems->length && $tagItems->item(0)->nodeValue == "") {
error_log("Skipping tag with no linked items");
continue;
}
$libraryID = (int) $xmlElement->getAttribute('libraryID');
$key = $xmlElement->getAttribute('key');
$lk = $libraryID . "/" . $key;
if (isset($keys[$lk])) {
throw new Exception("Tag {$lk} already processed");
}
$keys[$lk] = true;
$itemKeysToUpdate = array();
$tagObj = Zotero_Tags::convertXMLToTag($xmlElement, $itemKeysToUpdate);
// We need to update removed items, added items, and,
// if the tag itself has changed, existing items
$modifiedItems = array_merge($modifiedItems, array_map(function ($key) use($libraryID) {
return $libraryID . "/" . $key;
}, $itemKeysToUpdate));
$tagObj->save($userID, true);
}
unset($keys);
unset($xml->tags);
}
// Add/update relations
if ($xml->relations) {
// DOM
$xmlElements = dom_import_simplexml($xml->relations);
$xmlElements = $xmlElements->getElementsByTagName('relation');
foreach ($xmlElements as $xmlElement) {
$relationObj = Zotero_Relations::convertXMLToRelation($xmlElement, $userLibraryID);
if ($relationObj->exists()) {
continue;
}
$relationObj->save($userID);
}
unset($keys);
unset($xml->relations);
}
// Add/update settings
if ($xml->settings) {
// DOM
$xmlElements = dom_import_simplexml($xml->settings);
$xmlElements = $xmlElements->getElementsByTagName('setting');
foreach ($xmlElements as $xmlElement) {
$settingObj = Zotero_Settings::convertXMLToSetting($xmlElement);
$settingObj->save($userID);
}
unset($xml->settings);
}
if ($xml->fulltexts) {
// DOM
$xmlElements = dom_import_simplexml($xml->fulltexts);
$xmlElements = $xmlElements->getElementsByTagName('fulltext');
foreach ($xmlElements as $xmlElement) {
Zotero_FullText::indexFromXML($xmlElement, $userID);
}
unset($xml->fulltexts);
}
// TODO: loop
if ($xml->deleted) {
// Delete collections
if ($xml->deleted->collections) {
Zotero_Collections::deleteFromXML($xml->deleted->collections, $userID);
}
// Delete items
if ($xml->deleted->items) {
Zotero_Items::deleteFromXML($xml->deleted->items, $userID);
}
// Delete creators
if ($xml->deleted->creators) {
Zotero_Creators::deleteFromXML($xml->deleted->creators, $userID);
}
// Delete saved searches
if ($xml->deleted->searches) {
Zotero_Searches::deleteFromXML($xml->deleted->searches, $userID);
}
// Delete tags
if ($xml->deleted->tags) {
$xmlElements = dom_import_simplexml($xml->deleted->tags);
$xmlElements = $xmlElements->getElementsByTagName('tag');
foreach ($xmlElements as $xmlElement) {
$libraryID = (int) $xmlElement->getAttribute('libraryID');
$key = $xmlElement->getAttribute('key');
$tagObj = Zotero_Tags::getByLibraryAndKey($libraryID, $key);
if (!$tagObj) {
continue;
}
// We need to update all items on the deleted tag
$modifiedItems = array_merge($modifiedItems, array_map(function ($key) use($libraryID) {
return $libraryID . "/" . $key;
}, $tagObj->getLinkedItems(true)));
}
Zotero_Tags::deleteFromXML($xml->deleted->tags, $userID);
}
// Delete relations
if ($xml->deleted->relations) {
Zotero_Relations::deleteFromXML($xml->deleted->relations, $userID);
}
// Delete relations
if ($xml->deleted->settings) {
Zotero_Settings::deleteFromXML($xml->deleted->settings, $userID);
}
}
$toUpdate = array();
foreach ($modifiedItems as $item) {
// libraryID/key string
if (is_string($item)) {
if (isset($savedItems[$item])) {
continue;
}
$savedItems[$item] = true;
list($libraryID, $key) = explode("/", $item);
$item = Zotero_Items::getByLibraryAndKey($libraryID, $key);
if (!$item) {
// Item was deleted
continue;
}
} else {
$lk = $item->libraryID . "/" . $item->key;
if (isset($savedItems[$lk])) {
continue;
}
$savedItems[$lk] = true;
}
$toUpdate[] = $item;
}
Zotero_Items::updateVersions($toUpdate, $userID);
unset($savedItems);
unset($modifiedItems);
try {
self::removeUploadProcess($processID);
} catch (Exception $e) {
if (strpos($e->getMessage(), 'MySQL server has gone away') !== false) {
// Reconnect
error_log("Reconnecting to MySQL master");
Zotero_DB::close();
self::removeUploadProcess($processID);
} else {
throw $e;
}
}
// Send notifications for changed libraries
foreach ($affectedLibraries as $libraryID) {
Zotero_Notifier::trigger('modify', 'library', $libraryID);
}
Zotero_DB::commit();
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileEnd($shardID);
}
// Return timestamp + 1, to keep the next /updated call
// (using >= timestamp) from returning this data
return $timestamp + 1;
} catch (Exception $e) {
Zotero_DB::rollback(true);
self::removeUploadProcess($processID);
throw $e;
}
}
public function toJSON($asArray = false, $prettyPrint = false, $includeEmpty = false, $unformattedFields = false)
{
if ($this->id || $this->key) {
if (!$this->loaded['primaryData']) {
$this->loadPrimaryData(true);
}
if (!$this->loaded['itemData']) {
$this->loadItemData();
}
}
$regularItem = $this->isRegularItem();
$arr = array();
$arr['itemType'] = Zotero_ItemTypes::getName($this->itemTypeID);
if ($this->isAttachment()) {
$val = $this->attachmentLinkMode;
$arr['linkMode'] = strtolower(Zotero_Attachments::linkModeNumberToName($val));
}
// For regular items, show title and creators first
if ($regularItem) {
// Get 'title' or the equivalent base-mapped field
$titleFieldID = Zotero_ItemFields::getFieldIDFromTypeAndBase($this->itemTypeID, 'title');
$titleFieldName = Zotero_ItemFields::getName($titleFieldID);
if ($includeEmpty || $this->itemData[$titleFieldID] !== false) {
$arr[$titleFieldName] = $this->itemData[$titleFieldID] !== false ? $this->itemData[$titleFieldID] : "";
}
// Creators
$arr['creators'] = array();
$creators = $this->getCreators();
foreach ($creators as $creator) {
$c = array();
$c['creatorType'] = Zotero_CreatorTypes::getName($creator['creatorTypeID']);
// Single-field mode
if ($creator['ref']->fieldMode == 1) {
$c['name'] = $creator['ref']->lastName;
} else {
$c['firstName'] = $creator['ref']->firstName;
$c['lastName'] = $creator['ref']->lastName;
}
$arr['creators'][] = $c;
}
if (!$arr['creators'] && !$includeEmpty) {
unset($arr['creators']);
}
} else {
$titleFieldID = false;
}
// Item metadata
$fields = array_keys($this->itemData);
foreach ($fields as $field) {
if ($field == $titleFieldID) {
continue;
}
if ($unformattedFields) {
$value = $this->itemData[$field];
} else {
$value = $this->getField($field);
}
if (!$includeEmpty && ($value === false || $value === "")) {
continue;
}
$arr[Zotero_ItemFields::getName($field)] = $value ? $value : "";
}
// Embedded note for notes and attachments
if (!$regularItem) {
// Use sanitized version
$arr['note'] = $this->getNote(true);
}
if ($this->isAttachment()) {
$val = $this->attachmentLinkMode;
$arr['linkMode'] = strtolower(Zotero_Attachments::linkModeNumberToName($val));
$val = $this->attachmentMIMEType;
if ($includeEmpty || $val !== false && $val !== "") {
$arr['contentType'] = $val;
}
$val = $this->attachmentCharset;
if ($includeEmpty || $val !== false && $val !== "") {
$arr['charset'] = $val;
}
if ($this->isImportedAttachment()) {
$arr['filename'] = $this->attachmentFilename;
$val = $this->attachmentStorageHash;
if ($includeEmpty || $val) {
$arr['md5'] = $val;
}
$val = $this->attachmentStorageModTime;
if ($includeEmpty || $val) {
$arr['mtime'] = $val;
}
}
}
if ($this->getDeleted()) {
$arr['deleted'] = 1;
}
// Tags
$arr['tags'] = array();
$tags = $this->getTags();
if ($tags) {
foreach ($tags as $tag) {
$t = array('tag' => $tag->name);
if ($tag->type != 0) {
$t['type'] = $tag->type;
}
$arr['tags'][] = $t;
}
}
if ($asArray) {
return $arr;
}
$mask = JSON_HEX_TAG | JSON_HEX_AMP;
if ($prettyPrint) {
$json = Zotero_Utilities::json_encode_pretty($arr, $mask);
} else {
$json = json_encode($arr, $mask);
}
// Until JSON_UNESCAPED_SLASHES is available
$json = str_replace('\\/', '/', $json);
return $json;
}
public function toJSON($asArray=false, $requestParams=array(), $includeEmpty=false, $unformattedFields=false) {
if ($this->id || $this->key) {
if (!$this->loaded['primaryData']) {
$this->loadPrimaryData();
}
if (!$this->loaded['itemData']) {
$this->loadItemData();
}
}
if (!isset($requestParams['v'])) {
$requestParams['v'] = 3;
}
$regularItem = $this->isRegularItem();
$arr = array();
if ($requestParams['v'] >= 2) {
if ($requestParams['v'] >= 3) {
$arr['key'] = $this->key;
$arr['version'] = $this->version;
}
else {
$arr['itemKey'] = $this->key;
$arr['itemVersion'] = $this->version;
}
$key = $this->getSourceKey();
if ($key) {
$arr['parentItem'] = $key;
}
}
$arr['itemType'] = Zotero_ItemTypes::getName($this->itemTypeID);
if ($this->isAttachment()) {
$val = $this->attachmentLinkMode;
$arr['linkMode'] = strtolower(Zotero_Attachments::linkModeNumberToName($val));
}
// For regular items, show title and creators first
if ($regularItem) {
// Get 'title' or the equivalent base-mapped field
$titleFieldID = Zotero_ItemFields::getFieldIDFromTypeAndBase($this->itemTypeID, 'title');
$titleFieldName = Zotero_ItemFields::getName($titleFieldID);
if ($includeEmpty || $this->itemData[$titleFieldID] !== false) {
$arr[$titleFieldName] = $this->itemData[$titleFieldID] !== false ? $this->itemData[$titleFieldID] : "";
}
// Creators
$arr['creators'] = array();
$creators = $this->getCreators();
foreach ($creators as $creator) {
$c = array();
$c['creatorType'] = Zotero_CreatorTypes::getName($creator['creatorTypeID']);
// Single-field mode
if ($creator['ref']->fieldMode == 1) {
$c['name'] = $creator['ref']->lastName;
}
// Two-field mode
else {
$c['firstName'] = $creator['ref']->firstName;
$c['lastName'] = $creator['ref']->lastName;
}
$arr['creators'][] = $c;
}
if (!$arr['creators'] && !$includeEmpty) {
unset($arr['creators']);
}
}
else {
$titleFieldID = false;
}
// Item metadata
$fields = array_keys($this->itemData);
foreach ($fields as $field) {
if ($field == $titleFieldID) {
continue;
}
if ($unformattedFields) {
$value = $this->itemData[$field];
}
else {
$value = $this->getField($field);
}
if (!$includeEmpty && ($value === false || $value === "")) {
continue;
}
$fieldName = Zotero_ItemFields::getName($field);
// TEMP
if ($fieldName == 'versionNumber') {
if ($requestParams['v'] < 3) {
$fieldName = 'version';
}
}
else if ($fieldName == 'accessDate') {
if ($requestParams['v'] >= 3 && $value !== false && $value !== "") {
$value = Zotero_Date::sqlToISO8601($value);
}
}
$arr[$fieldName] = ($value !== false && $value !== "") ? $value : "";
}
if ($requestParams['v'] >= 3) {
$arr['dateAdded'] = Zotero_Date::sqlToISO8601($this->dateAdded);
$arr['dateModified'] = Zotero_Date::sqlToISO8601($this->dateModified);
}
// Embedded note for notes and attachments
if (!$regularItem) {
// Use sanitized version
$arr['note'] = $this->getNote(true);
}
if ($this->isAttachment()) {
$val = $this->attachmentLinkMode;
$arr['linkMode'] = strtolower(Zotero_Attachments::linkModeNumberToName($val));
$val = $this->attachmentMIMEType;
if ($includeEmpty || ($val !== false && $val !== "")) {
$arr['contentType'] = $val;
}
$val = $this->attachmentCharset;
if ($includeEmpty || ($val !== false && $val !== "")) {
$arr['charset'] = $val;
}
if ($this->isImportedAttachment()) {
$arr['filename'] = $this->attachmentFilename;
$val = $this->attachmentStorageHash;
if ($includeEmpty || $val) {
$arr['md5'] = $val;
}
$val = $this->attachmentStorageModTime;
if ($includeEmpty || $val) {
$arr['mtime'] = $val;
}
}
}
if ($this->getDeleted()) {
$arr['deleted'] = 1;
}
// Tags
$arr['tags'] = array();
$tags = $this->getTags();
if ($tags) {
foreach ($tags as $tag) {
$t = array(
'tag' => $tag->name
);
if ($tag->type != 0) {
$t['type'] = $tag->type;
}
$arr['tags'][] = $t;
}
}
if ($requestParams['v'] >= 2) {
if ($this->isTopLevelItem()) {
$collections = $this->getCollections(true);
$arr['collections'] = $collections;
}
$arr['relations'] = $this->getRelations();
}
if ($asArray) {
return $arr;
}
// Before v3, additional characters were escaped in the JSON, for unclear reasons
$escapeAll = $requestParams['v'] <= 2;
return Zotero_Utilities::formatJSON($arr, $escapeAll);
}
public function toAtom($queryParams)
{
if (!empty($queryParams['content'])) {
$content = $queryParams['content'];
} else {
$content = array('none');
}
// TEMP: multi-format support
$content = $content[0];
if (!$this->loaded) {
$this->load();
}
$xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" ' . 'xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '" ' . 'xmlns:zxfer="' . Zotero_Atom::$nsZoteroTransfer . '"/>');
$title = $this->name ? $this->name : '[Untitled]';
$xml->title = $title;
$author = $xml->addChild('author');
$ownerLibraryID = Zotero_Users::getLibraryIDFromUserID($this->ownerUserID);
$author->name = Zotero_Users::getUsername($this->ownerUserID);
$author->uri = Zotero_URI::getLibraryURI($ownerLibraryID);
$xml->id = Zotero_URI::getGroupURI($this);
$xml->published = Zotero_Date::sqlToISO8601($this->dateAdded);
$xml->updated = Zotero_Date::sqlToISO8601($this->dateModified);
$link = $xml->addChild("link");
$link['rel'] = "self";
$link['type'] = "application/atom+xml";
$link['href'] = Zotero_API::getGroupURI($this);
$link = $xml->addChild('link');
$link['rel'] = 'alternate';
$link['type'] = 'text/html';
$link['href'] = Zotero_URI::getGroupURI($this);
$xml->addChild('zapi:groupID', $this->id, Zotero_Atom::$nsZoteroAPI);
$xml->addChild('zapi:numItems', $this->numItems(), Zotero_Atom::$nsZoteroAPI);
if ($content == 'html') {
$xml->content['type'] = 'html';
$htmlXML = $this->toHTML();
$xml->content->div = '';
$xml->content->div['xmlns'] = Zotero_Atom::$nsXHTML;
$fNode = dom_import_simplexml($xml->content->div);
$subNode = dom_import_simplexml($htmlXML);
$importedNode = $fNode->ownerDocument->importNode($subNode, true);
$fNode->appendChild($importedNode);
} else {
if ($content == 'json') {
$xml->content['type'] = 'application/json';
$xml->content['etag'] = $this->etag;
// Deprecated
if ($queryParams['v'] < 2) {
$xml->content->addAttribute("zapi:etag", $this->etag, Zotero_Atom::$nsZoteroAPI);
}
$xml->content = Zotero_Utilities::formatJSON($this->toJSON($queryParams, true));
} else {
if ($content == 'full') {
$xml->content['type'] = 'application/xml';
$fullXML = $this->toXML();
$fNode = dom_import_simplexml($xml->content);
$subNode = dom_import_simplexml($fullXML);
$importedNode = $fNode->ownerDocument->importNode($subNode, true);
$fNode->appendChild($importedNode);
}
}
}
return $xml;
}
public function keys()
{
$userID = $this->objectUserID;
$key = $this->objectName;
$this->allowMethods(['GET', 'POST', 'PUT', 'DELETE']);
if ($this->method == 'GET') {
// Single key
if ($key) {
$keyObj = Zotero_Keys::getByKey($key);
if (!$keyObj) {
$this->e404("Key not found");
}
// /users/<userID>/keys/<keyID> (deprecated)
if ($userID) {
// If we have a userID, make sure it matches
if ($keyObj->userID != $userID) {
$this->e404("Key not found");
}
} else {
if ($this->apiVersion < 3) {
$this->e404();
}
}
if ($this->apiVersion >= 3) {
$json = $keyObj->toJSON();
// If not super-user, don't include name or recent IP addresses
if (!$this->permissions->isSuper()) {
unset($json['dateAdded']);
unset($json['lastUsed']);
unset($json['name']);
unset($json['recentIPs']);
}
header('application/json');
echo Zotero_Utilities::formatJSON($json);
} else {
$this->responseXML = $keyObj->toXML();
// If not super-user, don't include name or recent IP addresses
if (!$this->permissions->isSuper()) {
unset($this->responseXML['dateAdded']);
unset($this->responseXML['lastUsed']);
unset($this->responseXML->name);
unset($this->responseXML->recentIPs);
}
}
} else {
if (!$this->permissions->isSuper()) {
$this->e403();
}
$keyObjs = Zotero_Keys::getUserKeys($userID);
if ($keyObjs) {
if ($this->apiVersion >= 3) {
$json = [];
foreach ($keyObjs as $keyObj) {
$json[] = $keyObj->toJSON();
}
echo Zotero_Utilities::formatJSON($json);
} else {
$xml = new SimpleXMLElement('<keys/>');
$domXML = dom_import_simplexml($xml);
foreach ($keyObjs as $keyObj) {
$keyXML = $keyObj->toXML();
$domKeyXML = dom_import_simplexml($keyXML);
$node = $domXML->ownerDocument->importNode($domKeyXML, true);
$domXML->appendChild($node);
}
$this->responseXML = $xml;
}
}
}
} else {
if ($this->method == 'DELETE') {
if (!$key) {
$this->e400("DELETE requests must end with a key");
}
Zotero_DB::beginTransaction();
$keyObj = Zotero_Keys::getByKey($key);
if (!$keyObj) {
$this->e404("Key '{$key}' does not exist");
}
$keyObj->erase();
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
exit;
} else {
// Require super-user for modifications
if (!$this->permissions->isSuper()) {
$this->e403();
}
if ($this->method == 'POST') {
if ($key) {
$this->e400("POST requests cannot end with a key (did you mean PUT?)");
}
if ($this->apiVersion >= 3) {
$json = json_decode($this->body, true);
if (!$json) {
$this->e400("{$this->method} data is not valid JSON");
}
if (!empty($json['key'])) {
$this->e400("POST requests cannot contain a key in '" . $this->body . "'");
}
$fields = $this->getFieldsFromJSON($json);
} else {
try {
$keyXML = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
if (!empty($key['key'])) {
$this->e400("POST requests cannot contain a key in '" . $this->body . "'");
}
$fields = $this->getFieldsFromKeyXML($keyXML);
}
Zotero_DB::beginTransaction();
try {
$keyObj = new Zotero_Key();
$keyObj->userID = $userID;
foreach ($fields as $field => $val) {
if ($field == 'access') {
foreach ($val as $access) {
$this->setKeyPermissions($keyObj, $access);
}
} else {
$keyObj->{$field} = $val;
}
}
$keyObj->save();
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) {
$this->e400($e->getMessage());
}
$this->handleException($e);
}
if ($this->apiVersion >= 3) {
header('application/json');
echo Zotero_Utilities::formatJSON($keyObj->toJSON());
} else {
$this->responseXML = $keyObj->toXML();
}
Zotero_DB::commit();
$url = Zotero_API::getKeyURI($keyObj);
$this->responseCode = 201;
header("Location: " . $url, false, 201);
} else {
if ($this->method == 'PUT') {
if (!$key) {
$this->e400("PUT requests must end with a key (did you mean POST?)");
}
if ($this->apiVersion >= 3) {
$json = json_decode($this->body, true);
if (!$json) {
$this->e400("{$this->method} data is not valid JSON");
}
$fields = $this->getFieldsFromJSON($json);
} else {
try {
$keyXML = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
$fields = $this->getFieldsFromKeyXML($keyXML);
}
// Key attribute is optional, but, if it's there, make sure it matches
if (isset($fields['key']) && $fields['key'] != $key) {
$this->e400("Key '{$fields['key']}' does not match key '{$key}' from URI");
}
Zotero_DB::beginTransaction();
try {
$keyObj = Zotero_Keys::getByKey($key);
if (!$keyObj) {
$this->e404("Key '{$key}' does not exist");
}
foreach ($fields as $field => $val) {
if ($field == 'access') {
foreach ($val as $access) {
$this->setKeyPermissions($keyObj, $access);
}
} else {
$keyObj->{$field} = $val;
}
}
$keyObj->save();
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) {
$this->e400($e->getMessage());
}
$this->handleException($e);
}
if ($this->apiVersion >= 3) {
echo Zotero_Utilities::formatJSON($keyObj->toJSON());
} else {
$this->responseXML = $keyObj->toXML();
}
Zotero_DB::commit();
}
}
}
}
if ($this->apiVersion >= 3) {
$this->end();
} else {
header('Content-Type: application/xml');
$xmlstr = $this->responseXML->asXML();
$doc = new DOMDocument('1.0');
$doc->loadXML($xmlstr);
$doc->formatOutput = true;
echo $doc->saveXML();
exit;
}
}
public function searches()
{
if ($this->apiVersion < 2) {
$this->e404();
}
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if ($this->isWriteMethod()) {
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
// Make sure library hasn't been modified
if (!$this->singleObject) {
$libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
}
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
$results = array();
// Single search
if ($this->singleObject) {
$this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']);
$search = Zotero_Searches::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if ($this->isWriteMethod()) {
$search = $this->handleObjectWrite('search', $search ? $search : null);
$this->e204();
}
if (!$search) {
$this->e404("Search not found");
}
$this->libraryVersion = $search->version;
if ($this->method == 'HEAD') {
$this->end();
}
// Display search
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = $search->toAtom($this->queryParams);
break;
case 'json':
$json = $search->toResponseJSON($this->queryParams, $this->permissions);
echo Zotero_Utilities::formatJSON($json);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
} else {
$this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']);
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
// Create a search
if ($this->method == 'POST') {
$this->queryParams['format'] = 'writereport';
$obj = $this->jsonDecode($this->body);
$results = Zotero_Searches::updateMultipleFromJSON($obj, $this->objectLibraryID, $this->queryParams, $this->userID, $libraryTimestampChecked ? 0 : 1, null);
if ($cacheKey = $this->getWriteTokenCacheKey()) {
Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
}
} else {
if ($this->method == 'DELETE') {
Zotero_DB::beginTransaction();
foreach ($this->queryParams['searchKey'] as $searchKey) {
Zotero_Searches::delete($this->objectLibraryID, $searchKey);
}
Zotero_DB::commit();
$this->e204();
} else {
$title = "Searches";
$results = Zotero_Searches::search($this->objectLibraryID, $this->queryParams);
}
}
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title]));
break;
case 'json':
case 'keys':
case 'versions':
case 'writereport':
Zotero_API::multiResponse($options);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
$this->end();
}
public function items()
{
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if ($this->isWriteMethod()) {
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
// Make sure library hasn't been modified
if (!$this->singleObject) {
$libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
}
// We don't update the library version in file mode, because currently
// to avoid conflicts in the client the timestamp can't change
// when the client updates file metadata
if (!$this->fileMode) {
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
}
$itemIDs = array();
$itemKeys = array();
$results = array();
$title = "";
//
// Single item
//
if ($this->singleObject) {
if ($this->fileMode) {
if ($this->fileView) {
$this->allowMethods(array('HEAD', 'GET', 'POST'));
} else {
$this->allowMethods(array('HEAD', 'GET', 'PUT', 'POST', 'PATCH'));
}
} else {
$this->allowMethods(array('HEAD', 'GET', 'PUT', 'PATCH', 'DELETE'));
}
if (!$this->objectLibraryID || !Zotero_ID::isValidKey($this->objectKey)) {
$this->e404();
}
$item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if ($item) {
// If no access to the note, don't show that it exists
if ($item->isNote() && !$this->permissions->canAccess($this->objectLibraryID, 'notes')) {
$this->e404();
}
// Make sure URL libraryID matches item libraryID
if ($this->objectLibraryID != $item->libraryID) {
$this->e404("Item does not exist");
}
// File access mode
if ($this->fileMode) {
$this->_handleFileRequest($item);
}
if ($this->scopeObject) {
switch ($this->scopeObject) {
// Remove item from collection
case 'collections':
$this->allowMethods(array('DELETE'));
$collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
if (!$collection) {
$this->e404("Collection not found");
}
if (!$collection->hasItem($item->id)) {
$this->e404("Item not found in collection");
}
$collection->removeItem($item->id);
$this->e204();
default:
$this->e400();
}
}
} else {
// Possibly temporary workaround to block unnecessary full syncs
if ($this->fileMode && $this->httpAuth && $this->method == 'POST') {
// If > 2 requests for missing file, trigger a full sync via 404
$cacheKey = "apiMissingFile_" . $this->objectLibraryID . "_" . $this->objectKey;
$set = Z_Core::$MC->get($cacheKey);
if (!$set) {
Z_Core::$MC->set($cacheKey, 1, 86400);
} else {
if ($set < 2) {
Z_Core::$MC->increment($cacheKey);
} else {
Z_Core::$MC->delete($cacheKey);
$this->e404("A file sync error occurred. Please sync again.");
}
}
$this->e500("A file sync error occurred. Please sync again.");
}
}
if ($this->isWriteMethod()) {
$item = $this->handleObjectWrite('item', $item ? $item : null);
if ($this->apiVersion < 2 && ($this->method == 'PUT' || $this->method == 'PATCH')) {
$this->queryParams['format'] = 'atom';
$this->queryParams['content'] = ['json'];
}
}
if (!$item) {
$this->e404("Item does not exist");
}
$this->libraryVersion = $item->version;
if ($this->method == 'HEAD') {
$this->end();
}
// Display item
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_Items::convertItemToAtom($item, $this->queryParams, $this->permissions);
break;
case 'bib':
echo Zotero_Cite::getBibliographyFromCitationServer(array($item), $this->queryParams);
break;
case 'csljson':
$json = Zotero_Cite::getJSONFromItems(array($item), true);
echo Zotero_Utilities::formatJSON($json);
break;
case 'json':
$json = $item->toResponseJSON($this->queryParams, $this->permissions);
echo Zotero_Utilities::formatJSON($json);
break;
default:
$export = Zotero_Translate::doExport(array($item), $this->queryParams['format']);
$this->queryParams['format'] = null;
header("Content-Type: " . $export['mimeType']);
echo $export['body'];
break;
}
} else {
$this->allowMethods(array('HEAD', 'GET', 'POST', 'DELETE'));
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
$includeTrashed = $this->queryParams['includeTrashed'];
if ($this->scopeObject) {
$this->allowMethods(array('GET', 'POST'));
switch ($this->scopeObject) {
case 'collections':
// TEMP
if (Zotero_ID::isValidKey($this->scopeObjectKey)) {
$collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
} else {
$collection = false;
}
if (!$collection) {
// If old collectionID, redirect
if ($this->method == 'GET' && Zotero_Utilities::isPosInt($this->scopeObjectKey)) {
$collection = Zotero_Collections::get($this->objectLibraryID, $this->scopeObjectKey);
if ($collection) {
$qs = !empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '';
$base = Zotero_API::getCollectionURI($collection);
$this->redirect($base . "/items" . $qs, 301);
}
}
$this->e404("Collection not found");
}
// Add items to collection
if ($this->method == 'POST') {
$itemKeys = explode(' ', $this->body);
$itemIDs = array();
foreach ($itemKeys as $key) {
try {
$item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $key);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_OBJECT_LIBRARY_MISMATCH) {
$item = false;
} else {
throw $e;
}
}
if (!$item) {
throw new Exception("Item '{$key}' not found in library", Z_ERROR_INVALID_INPUT);
}
if ($item->getSource()) {
throw new Exception("Child items cannot be added to collections directly", Z_ERROR_INVALID_INPUT);
}
$itemIDs[] = $item->id;
}
$collection->addItems($itemIDs);
$this->e204();
}
if ($this->subset == 'top' || $this->apiVersion < 2) {
$title = "Top-Level Items in Collection ‘" . $collection->name . "’";
$itemIDs = $collection->getItems();
} else {
$title = "Items in Collection ‘" . $collection->name . "’";
$itemIDs = $collection->getItems(true);
}
break;
case 'tags':
if ($this->apiVersion >= 2) {
$this->e404();
}
$this->allowMethods(array('GET'));
$tagIDs = Zotero_Tags::getIDs($this->objectLibraryID, $this->scopeObjectName);
if (!$tagIDs) {
$this->e404("Tag not found");
}
foreach ($tagIDs as $tagID) {
$tag = new Zotero_Tag();
$tag->libraryID = $this->objectLibraryID;
$tag->id = $tagID;
// Use a real tag name, in case case differs
if (!$title) {
$title = "Items of Tag ‘" . $tag->name . "’";
}
$itemKeys = array_merge($itemKeys, $tag->getLinkedItems(true));
}
$itemKeys = array_unique($itemKeys);
break;
default:
$this->e404();
}
} else {
// Top-level items
if ($this->subset == 'top') {
$this->allowMethods(array('GET'));
$title = "Top-Level Items";
$results = Zotero_Items::search($this->objectLibraryID, true, $this->queryParams, $includeTrashed, $this->permissions);
} else {
if ($this->subset == 'trash') {
$this->allowMethods(array('GET'));
$title = "Deleted Items";
$this->queryParams['trashedItemsOnly'] = true;
$includeTrashed = true;
$results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
} else {
if ($this->subset == 'children') {
$item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if (!$item) {
$this->e404("Item not found");
}
if ($item->isAttachment()) {
$this->e400("/children cannot be called on attachment items");
}
if ($item->isNote()) {
$this->e400("/children cannot be called on note items");
}
if ($item->getSource()) {
$this->e400("/children cannot be called on child items");
}
// Create new child items
if ($this->method == 'POST') {
if ($this->apiVersion >= 2) {
$this->allowMethods(array('GET'));
}
Zotero_DB::beginTransaction();
$obj = $this->jsonDecode($this->body);
$results = Zotero_Items::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, $item);
Zotero_DB::commit();
if ($cacheKey = $this->getWriteTokenCacheKey()) {
Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
}
$uri = Zotero_API::getItemsURI($this->objectLibraryID);
$keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
$queryString = "itemKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=itemKeyList&sort=asc";
if ($this->apiKey) {
$queryString .= "&key=" . $this->apiKey;
}
$uri .= "?" . $queryString;
$this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, false);
$this->responseCode = 201;
$title = "Items";
$results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
} else {
$title = "Child Items of ‘" . $item->getDisplayTitle() . "’";
$notes = $item->getNotes();
$attachments = $item->getAttachments();
$itemIDs = array_merge($notes, $attachments);
}
} else {
// Create new items
if ($this->method == 'POST') {
$this->queryParams['format'] = 'writereport';
$obj = $this->jsonDecode($this->body);
// Server-side translation
if (isset($obj->url)) {
if ($this->apiVersion == 1) {
Zotero_DB::beginTransaction();
}
$token = $this->getTranslationToken($obj);
$results = Zotero_Items::addFromURL($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $token);
if ($this->apiVersion == 1) {
Zotero_DB::commit();
}
// Multiple choices
if ($results instanceof stdClass) {
$this->queryParams['format'] = null;
header("Content-Type: application/json");
if ($this->queryParams['v'] >= 2) {
echo Zotero_Utilities::formatJSON(['url' => $obj->url, 'token' => $token, 'items' => $results->select]);
} else {
echo Zotero_Utilities::formatJSON($results->select);
}
$this->e300();
} else {
if (is_int($results)) {
switch ($results) {
case 501:
$this->e501("No translators found for URL");
break;
default:
$this->e500("Error translating URL");
}
} else {
if ($this->apiVersion == 1) {
$uri = Zotero_API::getItemsURI($this->objectLibraryID);
$keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
$queryString = "itemKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=itemKeyList&sort=asc";
if ($this->apiKey) {
$queryString .= "&key=" . $this->apiKey;
}
$uri .= "?" . $queryString;
$this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, false);
$this->responseCode = 201;
$title = "Items";
$results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
}
}
}
// Otherwise return write status report
} else {
if ($this->apiVersion < 2) {
Zotero_DB::beginTransaction();
}
$results = Zotero_Items::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null);
if ($this->apiVersion < 2) {
Zotero_DB::commit();
$uri = Zotero_API::getItemsURI($this->objectLibraryID);
$keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
$queryString = "itemKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=itemKeyList&sort=asc";
if ($this->apiKey) {
$queryString .= "&key=" . $this->apiKey;
}
$uri .= "?" . $queryString;
$this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, false);
$this->responseCode = 201;
$title = "Items";
$results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
}
}
if ($cacheKey = $this->getWriteTokenCacheKey()) {
Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
}
} else {
if ($this->method == 'DELETE') {
Zotero_DB::beginTransaction();
foreach ($this->queryParams['itemKey'] as $itemKey) {
Zotero_Items::delete($this->objectLibraryID, $itemKey);
}
Zotero_DB::commit();
$this->e204();
} else {
$title = "Items";
$results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
}
}
}
}
}
}
if ($itemIDs || $itemKeys) {
if ($itemIDs) {
$this->queryParams['itemIDs'] = $itemIDs;
}
if ($itemKeys) {
$this->queryParams['itemKey'] = $itemKeys;
}
$results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
}
if ($this->queryParams['format'] == 'bib') {
$maxBibItems = Zotero_API::MAX_BIBLIOGRAPHY_ITEMS;
if ($results['total'] > $maxBibItems) {
$this->e413("Cannot generate bibliography with more than {$maxBibItems} items");
}
}
$this->generateMultiResponse($results, $title);
}
$this->end();
}
/**
* Converts a Zotero_Item object to a SimpleXMLElement Atom object
*
* @param object $item Zotero_Item object
* @param string $content
* @return SimpleXMLElement Item data as SimpleXML element
*/
public static function convertItemToAtom(Zotero_Item $item, $queryParams, $apiVersion = null, $permissions = null, $sharedData = null)
{
$content = $queryParams['content'];
$contentIsHTML = sizeOf($content) == 1 && $content[0] == 'html';
$contentParamString = urlencode(implode(',', $content));
$style = $queryParams['style'];
$entry = '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>';
$xml = new SimpleXMLElement($entry);
$title = $item->getDisplayTitle(true);
$title = $title ? $title : '[Untitled]';
$xml->title = $title;
$author = $xml->addChild('author');
$createdByUserID = null;
switch (Zotero_Libraries::getType($item->libraryID)) {
case 'group':
$createdByUserID = $item->createdByUserID;
break;
}
if ($createdByUserID) {
$author->name = Zotero_Users::getUsername($createdByUserID);
$author->uri = Zotero_URI::getUserURI($createdByUserID);
} else {
$author->name = Zotero_Libraries::getName($item->libraryID);
$author->uri = Zotero_URI::getLibraryURI($item->libraryID);
}
$id = Zotero_URI::getItemURI($item);
/*if (!$contentIsHTML) {
$id .= "?content=$content";
}*/
$xml->id = $id;
$xml->published = Zotero_Date::sqlToISO8601($item->getField('dateAdded'));
$xml->updated = Zotero_Date::sqlToISO8601($item->getField('dateModified'));
$link = $xml->addChild("link");
$link['rel'] = "self";
$link['type'] = "application/atom+xml";
$href = Zotero_Atom::getItemURI($item);
if (!$contentIsHTML) {
$href .= "?content={$contentParamString}";
}
$link['href'] = $href;
$parent = $item->getSource();
if ($parent) {
// TODO: handle group items?
$parentItem = Zotero_Items::get($item->libraryID, $parent);
$link = $xml->addChild("link");
$link['rel'] = "up";
$link['type'] = "application/atom+xml";
$href = Zotero_Atom::getItemURI($parentItem);
if (!$contentIsHTML) {
$href .= "?content={$contentParamString}";
}
$link['href'] = $href;
}
$link = $xml->addChild('link');
$link['rel'] = 'alternate';
$link['type'] = 'text/html';
$link['href'] = Zotero_URI::getItemURI($item);
// If appropriate permissions and the file is stored in ZFS, get file request link
if ($permissions && $permissions->canAccess($item->libraryID, 'files')) {
$details = Zotero_S3::getDownloadDetails($item);
if ($details) {
$link = $xml->addChild('link');
$link['rel'] = 'enclosure';
$type = $item->attachmentMIMEType;
if ($type) {
$link['type'] = $type;
}
$link['href'] = $details['url'];
if (!empty($details['filename'])) {
$link['title'] = $details['filename'];
}
if (!empty($details['size'])) {
$link['length'] = $details['size'];
}
}
}
$xml->addChild('zapi:key', $item->key, Zotero_Atom::$nsZoteroAPI);
$xml->addChild('zapi:itemType', Zotero_ItemTypes::getName($item->itemTypeID), Zotero_Atom::$nsZoteroAPI);
if ($item->isRegularItem()) {
$val = $item->creatorSummary;
if ($val !== '') {
$xml->addChild('zapi:creatorSummary', htmlspecialchars($val), Zotero_Atom::$nsZoteroAPI);
}
$val = substr($item->getField('date', true, true, true), 0, 4);
if ($val !== '' && $val !== '0000') {
$xml->addChild('zapi:year', $val, Zotero_Atom::$nsZoteroAPI);
}
}
if (!$parent && $item->isRegularItem()) {
if ($permissions && !$permissions->canAccess($item->libraryID, 'notes')) {
$numChildren = $item->numAttachments();
} else {
$numChildren = $item->numChildren();
}
$xml->addChild('zapi:numChildren', $numChildren, Zotero_Atom::$nsZoteroAPI);
}
$xml->addChild('zapi:numTags', $item->numTags(), Zotero_Atom::$nsZoteroAPI);
$xml->content = '';
//
// DOM XML from here on out
//
$contentNode = dom_import_simplexml($xml->content);
$domDoc = $contentNode->ownerDocument;
$multiFormat = sizeOf($content) > 1;
// Create a root XML document for multi-format responses
if ($multiFormat) {
$contentNode->setAttribute('type', 'application/xml');
/*$multicontent = $domDoc->createElementNS(
Zotero_Atom::$nsZoteroAPI, 'multicontent'
);
$contentNode->appendChild($multicontent);*/
}
foreach ($content as $type) {
// Set the target to either the main <content>
// or a <multicontent> <content>
if (!$multiFormat) {
$target = $contentNode;
} else {
$target = $domDoc->createElementNS(Zotero_Atom::$nsZoteroAPI, 'subcontent');
$contentNode->appendChild($target);
}
$target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:type", $type);
if ($type == 'html') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
$div = $domDoc->createElement('div');
$div->setAttribute('xmlns', Zotero_Atom::$nsXHTML);
$target->appendChild($div);
$html = $item->toHTML(true);
$subNode = dom_import_simplexml($html);
$importedNode = $domDoc->importNode($subNode, true);
$div->appendChild($importedNode);
} else {
if ($type == 'citation') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) {
$html = $sharedData[$type][$item->libraryID . "/" . $item->key];
} else {
if ($sharedData !== null) {
error_log("Citation not found in sharedData -- retrieving individually");
}
$html = Zotero_Cite::getCitationFromCiteServer($item, $style);
}
$html = new SimpleXMLElement($html);
$html['xmlns'] = Zotero_Atom::$nsXHTML;
$subNode = dom_import_simplexml($html);
$importedNode = $domDoc->importNode($subNode, true);
$target->appendChild($importedNode);
} else {
if ($type == 'bib') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) {
$html = $sharedData[$type][$item->libraryID . "/" . $item->key];
} else {
if ($sharedData !== null) {
error_log("Bibliography not found in sharedData -- retrieving individually");
}
$html = Zotero_Cite::getBibliographyFromCitationServer(array($item), $style);
}
$html = new SimpleXMLElement($html);
$html['xmlns'] = Zotero_Atom::$nsXHTML;
$subNode = dom_import_simplexml($html);
$importedNode = $domDoc->importNode($subNode, true);
$target->appendChild($importedNode);
} else {
if ($type == 'json') {
$target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:etag", $item->etag);
$textNode = $domDoc->createTextNode($item->toJSON(false, $queryParams['pprint'], true));
$target->appendChild($textNode);
} else {
if ($type == 'csljson') {
$arr = $item->toCSLItem();
$mask = JSON_HEX_TAG | JSON_HEX_AMP;
if ($queryParams['pprint']) {
$json = Zotero_Utilities::json_encode_pretty($arr, $mask);
} else {
$json = json_encode($arr, $mask);
}
// Until JSON_UNESCAPED_SLASHES is available
$json = str_replace('\\/', '/', $json);
$textNode = $domDoc->createTextNode($json);
$target->appendChild($textNode);
} else {
if ($type == 'full') {
if (!$multiFormat) {
$target->setAttribute('type', 'xhtml');
}
$fullXML = Zotero_Items::convertItemToXML($item, array(), $apiVersion);
$fullXML->addAttribute("xmlns", Zotero_Atom::$nsZoteroTransfer);
$subNode = dom_import_simplexml($fullXML);
$importedNode = $domDoc->importNode($subNode, true);
$target->appendChild($importedNode);
} else {
if (in_array($type, Zotero_Translate::$exportFormats)) {
$export = Zotero_Translate::doExport(array($item), $type);
$target->setAttribute('type', $export['mimeType']);
// Insert XML into document
if (preg_match('/\\+xml$/', $export['mimeType'])) {
// Strip prolog
$body = preg_replace('/^<\\?xml.+\\n/', "", $export['body']);
$subNode = $domDoc->createDocumentFragment();
$subNode->appendXML($body);
$target->appendChild($subNode);
} else {
$textNode = $domDoc->createTextNode($export['body']);
$target->appendChild($textNode);
}
}
}
}
}
}
}
}
}
return $xml;
}
public function settings()
{
if ($this->apiVersion < 2) {
$this->e404();
}
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if ($this->isWriteMethod()) {
Zotero_DB::beginTransaction();
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
// Make sure library hasn't been modified
if (!$this->singleObject) {
$libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
}
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
// Single setting
if ($this->singleObject) {
$this->allowMethods(array('GET', 'PUT', 'DELETE'));
$setting = Zotero_Settings::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if (!$setting) {
if ($this->method == 'PUT') {
$setting = new Zotero_Setting();
$setting->libraryID = $this->objectLibraryID;
$setting->name = $this->objectKey;
} else {
$this->e404("Setting not found");
}
}
if ($this->isWriteMethod()) {
if ($this->method == 'PUT') {
$json = $this->jsonDecode($this->body);
$objectVersionValidated = $this->checkSingleObjectWriteVersion('setting', $setting, $json);
}
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
// Update setting
if ($this->method == 'PUT') {
$changed = Zotero_Settings::updateFromJSON($setting, $json, $this->queryParams, $this->userID, $objectVersionValidated ? 0 : 2);
// If not updated, return the original library version
if (!$changed) {
$this->libraryVersion = Zotero_Libraries::getOriginalVersion($this->objectLibraryID);
Zotero_DB::rollback();
$this->e204();
}
} else {
if ($this->method == 'DELETE') {
Zotero_Settings::delete($this->objectLibraryID, $this->objectKey);
} else {
throw new Exception("Unexpected method {$this->method}");
}
}
Zotero_DB::commit();
$this->e204();
} else {
$this->libraryVersion = $setting->version;
$json = $setting->toJSON(true, $this->queryParams);
echo Zotero_Utilities::formatJSON($json);
}
} else {
$this->allowMethods(array('GET', 'POST'));
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
// Create a setting
if ($this->method == 'POST') {
$obj = $this->jsonDecode($this->body);
$changed = Zotero_Settings::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null);
// If not updated, return the original library version
if (!$changed) {
$this->libraryVersion = Zotero_Libraries::getOriginalVersion($this->objectLibraryID);
}
Zotero_DB::commit();
$this->e204();
} else {
$settings = Zotero_Settings::search($this->objectLibraryID, $this->queryParams);
$json = new stdClass();
foreach ($settings as $setting) {
$json->{$setting->name} = $setting->toJSON(true, $this->queryParams);
}
echo Zotero_Utilities::formatJSON($json);
}
}
$this->end();
}
/**
* Converts a Zotero_Collection object to a SimpleXMLElement Atom object
*
* @param Zotero_Collection $collection Zotero_Collection object
* @param array $requestParams
* @return SimpleXMLElement Collection data as SimpleXML element
*/
public static function convertCollectionToAtom(Zotero_Collection $collection, $requestParams)
{
// TEMP: multi-format support
if (!empty($requestParams['content'])) {
$content = $requestParams['content'];
} else {
$content = array('none');
}
$content = $content[0];
$xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>');
$title = $collection->name ? $collection->name : '[Untitled]';
$xml->title = $title;
$author = $xml->addChild('author');
// TODO: group item creator
$author->name = Zotero_Libraries::getName($collection->libraryID);
$author->uri = Zotero_URI::getLibraryURI($collection->libraryID, true);
$xml->id = Zotero_URI::getCollectionURI($collection);
$xml->published = Zotero_Date::sqlToISO8601($collection->dateAdded);
$xml->updated = Zotero_Date::sqlToISO8601($collection->dateModified);
$link = $xml->addChild("link");
$link['rel'] = "self";
$link['type'] = "application/atom+xml";
$link['href'] = Zotero_API::getCollectionURI($collection);
$parent = $collection->parent;
if ($parent) {
$parentCol = self::get($collection->libraryID, $parent);
$link = $xml->addChild("link");
$link['rel'] = "up";
$link['type'] = "application/atom+xml";
$link['href'] = Zotero_API::getCollectionURI($parentCol);
}
$link = $xml->addChild('link');
$link['rel'] = 'alternate';
$link['type'] = 'text/html';
$link['href'] = Zotero_URI::getCollectionURI($collection, true);
$xml->addChild('zapi:key', $collection->key, Zotero_Atom::$nsZoteroAPI);
$xml->addChild('zapi:version', $collection->version, Zotero_Atom::$nsZoteroAPI);
$collections = $collection->getChildCollections();
$xml->addChild('zapi:numCollections', sizeOf($collections), Zotero_Atom::$nsZoteroAPI);
$xml->addChild('zapi:numItems', $collection->numItems(), Zotero_Atom::$nsZoteroAPI);
if ($content == 'json') {
$xml->content['type'] = 'application/json';
// Deprecated
if ($requestParams['v'] < 2) {
$xml->content->addAttribute('zapi:etag', $collection->etag, Zotero_Atom::$nsZoteroAPI);
$xml->content['etag'] = $collection->etag;
}
$xml->content = Zotero_Utilities::formatJSON($collection->toJSON($requestParams));
}
return $xml;
}
private function checkValue($field, $value)
{
if (!property_exists($this, $field)) {
trigger_error("Invalid property '{$field}'", E_USER_ERROR);
}
// Data validation
switch ($field) {
case 'id':
case 'libraryID':
if (!Zotero_Utilities::isPosInt($value)) {
$this->invalidValueError($field, $value);
}
break;
case 'key':
// 'I' used to exist in client
if (!preg_match('/^[23456789ABCDEFGHIJKLMNPQRSTUVWXYZ]{8}$/', $value)) {
$this->invalidValueError($field, $value);
}
break;
case 'dateAdded':
case 'dateModified':
if (!preg_match("/^[0-9]{4}\\-[0-9]{2}\\-[0-9]{2} ([0-1][0-9]|[2][0-3]):([0-5][0-9]):([0-5][0-9])\$/", $value)) {
$this->invalidValueError($field, $value);
}
break;
case 'name':
if (mb_strlen($value) > Zotero_Tags::$maxLength) {
throw new Exception("Tag '" . $value . "' too long", Z_ERROR_TAG_TOO_LONG);
}
break;
}
}
public function collections()
{
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if ($this->isWriteMethod()) {
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
// Make sure library hasn't been modified
if (!$this->singleObject) {
$libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
}
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
$collectionIDs = array();
$collectionKeys = array();
$results = array();
// Single collection
if ($this->singleObject) {
$this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']);
if (!Zotero_ID::isValidKey($this->objectKey)) {
$this->e404();
}
$collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if ($this->isWriteMethod()) {
$collection = $this->handleObjectWrite('collection', $collection ? $collection : null);
$this->queryParams['content'] = ['json'];
}
if (!$collection) {
$this->e404("Collection not found");
}
$this->libraryVersion = $collection->version;
if ($this->method == 'HEAD') {
$this->end();
}
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_Collections::convertCollectionToAtom($collection, $this->queryParams);
break;
case 'json':
$json = $collection->toResponseJSON($this->queryParams, $this->permissions);
echo Zotero_Utilities::formatJSON($json);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
} else {
$this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']);
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
if ($this->scopeObject) {
$this->allowMethods(array('GET'));
switch ($this->scopeObject) {
case 'collections':
$collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
if (!$collection) {
$this->e404("Collection not found");
}
$title = "Child Collections of ‘{$collection->name}'’";
$collectionIDs = $collection->getChildCollections();
break;
default:
throw new Exception("Invalid collections scope object '{$this->scopeObject}'");
}
} else {
// Top-level items
if ($this->subset == 'top') {
$this->allowMethods(array('GET'));
$title = "Top-Level Collections";
$results = Zotero_Collections::search($this->objectLibraryID, true, $this->queryParams);
} else {
// Create a collection
if ($this->method == 'POST') {
$this->queryParams['format'] = 'writereport';
$obj = $this->jsonDecode($this->body);
$results = Zotero_Collections::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null);
if ($cacheKey = $this->getWriteTokenCacheKey()) {
Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
}
if ($this->apiVersion < 2) {
$uri = Zotero_API::getCollectionsURI($this->objectLibraryID);
$keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
$queryString = "collectionKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=collectionKeyList&sort=asc";
if ($this->apiKey) {
$queryString .= "&key=" . $this->apiKey;
}
$uri .= "?" . $queryString;
$this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, true, $this->apiVersion);
$title = "Collections";
$results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams);
}
} else {
if ($this->method == 'DELETE') {
Zotero_DB::beginTransaction();
foreach ($this->queryParams['collectionKey'] as $collectionKey) {
Zotero_Collections::delete($this->objectLibraryID, $collectionKey);
}
Zotero_DB::commit();
$this->e204();
} else {
$title = "Collections";
$results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams);
}
}
}
}
if ($collectionIDs) {
$this->queryParams['collectionIDs'] = $collectionIDs;
$results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams);
}
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title]));
break;
case 'json':
case 'keys':
case 'versions':
case 'writereport':
Zotero_API::multiResponse($options);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
$this->end();
}
/**
* Converts a Zotero_Creator object to a DOMElement
*
* @param object $item Zotero_Creator object
* @return DOMElement Creator data as DOMElement element
*/
public static function convertCreatorToXML(Zotero_Creator $creator, DOMDocument $doc)
{
$xmlCreator = $doc->createElement('creator');
$xmlCreator->setAttributeNode(new DOMAttr('libraryID', $creator->libraryID));
$xmlCreator->setAttributeNode(new DOMAttr('key', $creator->key));
$xmlCreator->setAttributeNode(new DOMAttr('dateAdded', $creator->dateAdded));
$xmlCreator->setAttributeNode(new DOMAttr('dateModified', $creator->dateModified));
if ($creator->fieldMode == 1) {
$lastName = htmlspecialchars($creator->lastName);
if (Zotero_Utilities::unicodeTrim($lastName) === "") {
error_log("Empty name for creator " . $creator->libraryID . "/" . $creator->key);
$lastName = json_decode('"\\uFFFD"');
}
$xmlCreator->appendChild(new DOMElement('name', $lastName));
$xmlCreator->appendChild(new DOMElement('fieldMode', 1));
} else {
$firstName = htmlspecialchars($creator->firstName);
$lastName = htmlspecialchars($creator->lastName);
if (Zotero_Utilities::unicodeTrim($firstName) === "" && Zotero_Utilities::unicodeTrim($lastName) === "") {
error_log("Empty first or last name for creator " . $creator->libraryID . "/" . $creator->key);
$firstName = json_decode('"\\uFFFD"');
$lastName = json_decode('"\\uFFFD"');
}
$xmlCreator->appendChild(new DOMElement('firstName', $firstName));
$xmlCreator->appendChild(new DOMElement('lastName', $lastName));
}
if ($creator->birthYear) {
$xmlCreator->appendChild(new DOMElement('birthYear', $creator->birthYear));
}
return $xmlCreator;
}
public static function updateFromJSON(Zotero_Item $item, $json, Zotero_Item $parentItem = null, $requestParams, $userID, $requireVersion = 0, $partialUpdate = false)
{
$json = Zotero_API::extractEditableJSON($json);
$exists = Zotero_API::processJSONObjectKey($item, $json, $requestParams);
// computerProgram used 'version' instead of 'versionNumber' before v3
if ($requestParams['v'] < 3 && isset($json->version)) {
$json->versionNumber = $json->version;
unset($json->version);
}
Zotero_API::checkJSONObjectVersion($item, $json, $requestParams, $requireVersion);
self::validateJSONItem($json, $item->libraryID, $exists ? $item : null, $parentItem || ($exists ? !!$item->getSourceKey() : false), $requestParams, $partialUpdate && $exists);
$changed = false;
$twoStage = false;
if (!Zotero_DB::transactionInProgress()) {
Zotero_DB::beginTransaction();
$transactionStarted = true;
} else {
$transactionStarted = false;
}
// Set itemType first
if (isset($json->itemType)) {
$item->setField("itemTypeID", Zotero_ItemTypes::getID($json->itemType));
}
$changedDateModified = false;
foreach ($json as $key => $val) {
switch ($key) {
case 'key':
case 'version':
case 'itemKey':
case 'itemVersion':
case 'itemType':
case 'deleted':
continue;
case 'parentItem':
$item->setSourceKey($val);
break;
case 'creators':
if (!$val && !$item->numCreators()) {
continue 2;
}
$orderIndex = -1;
foreach ($val as $newCreatorData) {
// JSON uses 'name' and 'firstName'/'lastName',
// so switch to just 'firstName'/'lastName'
if (isset($newCreatorData->name)) {
$newCreatorData->firstName = '';
$newCreatorData->lastName = $newCreatorData->name;
unset($newCreatorData->name);
$newCreatorData->fieldMode = 1;
} else {
$newCreatorData->fieldMode = 0;
}
// Skip empty creators
if (Zotero_Utilities::unicodeTrim($newCreatorData->firstName) === "" && Zotero_Utilities::unicodeTrim($newCreatorData->lastName) === "") {
break;
}
$orderIndex++;
$newCreatorTypeID = Zotero_CreatorTypes::getID($newCreatorData->creatorType);
// Same creator in this position
$existingCreator = $item->getCreator($orderIndex);
if ($existingCreator && $existingCreator['ref']->equals($newCreatorData)) {
// Just change the creatorTypeID
if ($existingCreator['creatorTypeID'] != $newCreatorTypeID) {
$item->setCreator($orderIndex, $existingCreator['ref'], $newCreatorTypeID);
}
continue;
}
// Same creator in a different position, so use that
$existingCreators = $item->getCreators();
for ($i = 0, $len = sizeOf($existingCreators); $i < $len; $i++) {
if ($existingCreators[$i]['ref']->equals($newCreatorData)) {
$item->setCreator($orderIndex, $existingCreators[$i]['ref'], $newCreatorTypeID);
continue;
}
}
// Make a fake creator to use for the data lookup
$newCreator = new Zotero_Creator();
$newCreator->libraryID = $item->libraryID;
foreach ($newCreatorData as $key => $val) {
if ($key == 'creatorType') {
continue;
}
$newCreator->{$key} = $val;
}
// Look for an equivalent creator in this library
$candidates = Zotero_Creators::getCreatorsWithData($item->libraryID, $newCreator, true);
if ($candidates) {
$c = Zotero_Creators::get($item->libraryID, $candidates[0]);
$item->setCreator($orderIndex, $c, $newCreatorTypeID);
continue;
}
// None found, so make a new one
$creatorID = $newCreator->save();
$newCreator = Zotero_Creators::get($item->libraryID, $creatorID);
$item->setCreator($orderIndex, $newCreator, $newCreatorTypeID);
}
// Remove all existing creators above the current index
if ($exists && ($indexes = array_keys($item->getCreators()))) {
$i = max($indexes);
while ($i > $orderIndex) {
$item->removeCreator($i);
$i--;
}
}
break;
case 'tags':
$item->setTags($val);
break;
case 'collections':
$item->setCollections($val);
break;
case 'relations':
$item->setRelations($val);
break;
case 'attachments':
case 'notes':
if (!$val) {
continue;
}
$twoStage = true;
break;
case 'note':
$item->setNote($val);
break;
// Attachment properties
// Attachment properties
case 'linkMode':
$item->attachmentLinkMode = Zotero_Attachments::linkModeNameToNumber($val, true);
break;
case 'contentType':
case 'charset':
case 'filename':
$k = "attachment" . ucwords($key);
$item->{$k} = $val;
break;
case 'md5':
$item->attachmentStorageHash = $val;
break;
case 'mtime':
$item->attachmentStorageModTime = $val;
break;
case 'dateModified':
$changedDateModified = $item->setField($key, $val);
break;
default:
$item->setField($key, $val);
break;
}
}
if ($parentItem) {
$item->setSource($parentItem->id);
} else {
if ($requestParams['v'] >= 2 && !$partialUpdate && $item->getSourceKey() && !isset($json->parentItem)) {
$item->setSourceKey(false);
}
}
$item->deleted = !empty($json->deleted);
// If item has changed, update it with the current timestamp
if ($item->hasChanged() && !$changedDateModified) {
$item->dateModified = Zotero_DB::getTransactionTimestamp();
}
$changed = $item->save($userID) || $changed;
// Additional steps that have to be performed on a saved object
if ($twoStage) {
foreach ($json as $key => $val) {
switch ($key) {
case 'attachments':
if (!$val) {
continue;
}
foreach ($val as $attachmentJSON) {
$childItem = new Zotero_Item();
$childItem->libraryID = $item->libraryID;
self::updateFromJSON($childItem, $attachmentJSON, $item, $requestParams, $userID);
}
break;
case 'notes':
if (!$val) {
continue;
}
$noteItemTypeID = Zotero_ItemTypes::getID("note");
foreach ($val as $note) {
$childItem = new Zotero_Item();
$childItem->libraryID = $item->libraryID;
$childItem->itemTypeID = $noteItemTypeID;
$childItem->setSource($item->id);
$childItem->setNote($note->note);
$childItem->save();
}
break;
}
}
}
if ($transactionStarted) {
Zotero_DB::commit();
}
return $changed;
}
private function checkValue($field, $value)
{
if (!property_exists($this, '_' . $field)) {
trigger_error("Invalid property '{$field}'", E_USER_ERROR);
}
// Data validation
switch ($field) {
case 'id':
case 'libraryID':
if (!Zotero_Utilities::isPosInt($value)) {
$this->invalidValueError($field, $value);
}
break;
case 'key':
if (!Zotero_ID::isValidKey($value)) {
$this->invalidValueError($field, $value);
}
break;
case 'dateAdded':
case 'dateModified':
if (!preg_match("/^[0-9]{4}\\-[0-9]{2}\\-[0-9]{2} ([0-1][0-9]|[2][0-3]):([0-5][0-9]):([0-5][0-9])\$/", $value)) {
$this->invalidValueError($field, $value);
}
break;
case 'name':
if (mb_strlen($value) > Zotero_Collections::$maxLength) {
throw new Exception("Collection '" . $value . "' too long", Z_ERROR_COLLECTION_TOO_LONG);
}
break;
}
}
public static function getKey()
{
return Zotero_Utilities::randomString(8, 'key', true);
}
/**
* @param object $object Zotero object (Zotero_Item, Zotero_Collection, Zotero_Search, Zotero_Setting)
* @param object $json JSON object to check
* @param array $requestParams
* @param int $requireVersion If 0, don't require; if 1, require if there's
* an object key property in the JSON; if 2,
* always require
*/
public static function checkJSONObjectVersion($object, $json, $requestParams, $requireVersion)
{
$objectType = Zotero_Utilities::getObjectTypeFromObject($object);
if (!in_array($objectType, array('item', 'collection', 'search', 'setting'))) {
throw new Exception("Invalid object type");
}
$oldKeyProp = $objectType . "Key";
$oldVersionProp = $objectType == 'setting' ? 'version' : $objectType . "Version";
$newKeyProp = 'key';
$newVersionProp = 'version';
if ($requestParams['v'] >= 3) {
$keyProp = $newKeyProp;
$versionProp = $newVersionProp;
// Disallow old properties
if (isset($json->{$oldKeyProp})) {
throw new Exception("'{$oldKeyProp}' property is now '" . $newKeyProp . "'", Z_ERROR_INVALID_INPUT);
} else {
if (isset($json->{$oldVersionProp}) && $oldVersionProp != $newVersionProp) {
throw new Exception("'{$oldVersionProp}' property is now '" . $newVersionProp . "'", Z_ERROR_INVALID_INPUT);
}
}
} else {
$keyProp = $oldKeyProp;
$versionProp = $oldVersionProp;
// Disallow new properties
if (isset($json->{$newKeyProp})) {
throw new Exception("Invalid property '{$newKeyProp}'", Z_ERROR_INVALID_INPUT);
} else {
if (isset($json->{$newVersionProp}) && $oldVersionProp != $newVersionProp) {
throw new Exception("Invalid property '{$newVersionProp}'", Z_ERROR_INVALID_INPUT);
}
}
}
if (isset($json->{$versionProp})) {
if ($requestParams['v'] < 2) {
throw new Exception("Invalid property '{$versionProp}'", Z_ERROR_INVALID_INPUT);
}
if (!is_numeric($json->{$versionProp})) {
throw new Exception("'{$versionProp}' must be an integer", Z_ERROR_INVALID_INPUT);
}
if (!isset($json->{$keyProp}) && $objectType != 'setting' && !$object->key) {
throw new Exception("'{$versionProp}' is valid only if {$objectType} key is provided", Z_ERROR_INVALID_INPUT);
}
$originalVersion = Zotero_Libraries::getOriginalVersion($object->libraryID);
$updatedVersion = Zotero_Libraries::getUpdatedVersion($object->libraryID);
// Make sure the object hasn't been modified since the specified version
if ($object->version > $json->{$versionProp}) {
// Unless it was modified in this request
if ($updatedVersion != $originalVersion && $object->version == $updatedVersion) {
return;
}
throw new HTTPException(ucwords($objectType) . " has been modified since specified version " . "(expected {$json->{$versionProp}}, found {$object->version})", 412);
} else {
if ($json->{$versionProp} > 0 && !$object->version) {
throw new HTTPException(ucwords($objectType) . " doesn't exist (expected version {$json->{$versionProp}}; use 0 instead)", 404);
}
}
} else {
if ($requireVersion == 1 && isset($json->{$keyProp})) {
if ($objectType == 'setting') {
throw new HTTPException("Either If-Unmodified-Since-Version or " . "'{$versionProp}' property must be provided", 428);
} else {
throw new HTTPException("Either If-Unmodified-Since-Version or " . "'{$versionProp}' property must be provided for " . "'{$keyProp}'-based writes", 428);
}
} else {
if ($requireVersion == 2) {
throw new HTTPException("Either If-Unmodified-Since-Version or " . "'{$versionProp}' property must be provided for " . "single-{$objectType} writes", 428);
}
}
}
}
private function checkProperty($prop, $val)
{
if (!property_exists($this, $prop)) {
throw new Exception("Invalid property '{$prop}'");
}
// Data validation
switch ($prop) {
case 'libraryID':
if (!Zotero_Utilities::isPosInt($val)) {
throw new Exception("Invalid '{$prop}' value '{$value}'");
}
break;
case 'name':
switch ($val) {
case 'tagColors':
break;
default:
throw new Exception("Invalid setting '{$val}'", Z_ERROR_INVALID_INPUT);
}
break;
case 'value':
Zotero_Settings::checkSettingValue($this->name, $val);
break;
}
}
