public function keys() { $userID = $this->objectUserID; $key = $this->objectName; $this->allowMethods(['GET', 'POST', 'PUT', 'DELETE']); if ($this->method == 'GET') { // Single key if ($key) { $keyObj = Zotero_Keys::getByKey($key); if (!$keyObj) { $this->e404("Key not found"); } // /users/<userID>/keys/<keyID> (deprecated) if ($userID) { // If we have a userID, make sure it matches if ($keyObj->userID != $userID) { $this->e404("Key not found"); } } else { if ($this->apiVersion < 3) { $this->e404(); } } if ($this->apiVersion >= 3) { $json = $keyObj->toJSON(); // If not super-user, don't include name or recent IP addresses if (!$this->permissions->isSuper()) { unset($json['dateAdded']); unset($json['lastUsed']); unset($json['name']); unset($json['recentIPs']); } header('application/json'); echo Zotero_Utilities::formatJSON($json); } else { $this->responseXML = $keyObj->toXML(); // If not super-user, don't include name or recent IP addresses if (!$this->permissions->isSuper()) { unset($this->responseXML['dateAdded']); unset($this->responseXML['lastUsed']); unset($this->responseXML->name); unset($this->responseXML->recentIPs); } } } else { if (!$this->permissions->isSuper()) { $this->e403(); } $keyObjs = Zotero_Keys::getUserKeys($userID); if ($keyObjs) { if ($this->apiVersion >= 3) { $json = []; foreach ($keyObjs as $keyObj) { $json[] = $keyObj->toJSON(); } echo Zotero_Utilities::formatJSON($json); } else { $xml = new SimpleXMLElement('<keys/>'); $domXML = dom_import_simplexml($xml); foreach ($keyObjs as $keyObj) { $keyXML = $keyObj->toXML(); $domKeyXML = dom_import_simplexml($keyXML); $node = $domXML->ownerDocument->importNode($domKeyXML, true); $domXML->appendChild($node); } $this->responseXML = $xml; } } } } else { if ($this->method == 'DELETE') { if (!$key) { $this->e400("DELETE requests must end with a key"); } Zotero_DB::beginTransaction(); $keyObj = Zotero_Keys::getByKey($key); if (!$keyObj) { $this->e404("Key '{$key}' does not exist"); } $keyObj->erase(); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); exit; } else { // Require super-user for modifications if (!$this->permissions->isSuper()) { $this->e403(); } if ($this->method == 'POST') { if ($key) { $this->e400("POST requests cannot end with a key (did you mean PUT?)"); } if ($this->apiVersion >= 3) { $json = json_decode($this->body, true); if (!$json) { $this->e400("{$this->method} data is not valid JSON"); } if (!empty($json['key'])) { $this->e400("POST requests cannot contain a key in '" . $this->body . "'"); } $fields = $this->getFieldsFromJSON($json); } else { try { $keyXML = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } if (!empty($key['key'])) { $this->e400("POST requests cannot contain a key in '" . $this->body . "'"); } $fields = $this->getFieldsFromKeyXML($keyXML); } Zotero_DB::beginTransaction(); try { $keyObj = new Zotero_Key(); $keyObj->userID = $userID; foreach ($fields as $field => $val) { if ($field == 'access') { foreach ($val as $access) { $this->setKeyPermissions($keyObj, $access); } } else { $keyObj->{$field} = $val; } } $keyObj->save(); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) { $this->e400($e->getMessage()); } $this->handleException($e); } if ($this->apiVersion >= 3) { header('application/json'); echo Zotero_Utilities::formatJSON($keyObj->toJSON()); } else { $this->responseXML = $keyObj->toXML(); } Zotero_DB::commit(); $url = Zotero_API::getKeyURI($keyObj); $this->responseCode = 201; header("Location: " . $url, false, 201); } else { if ($this->method == 'PUT') { if (!$key) { $this->e400("PUT requests must end with a key (did you mean POST?)"); } if ($this->apiVersion >= 3) { $json = json_decode($this->body, true); if (!$json) { $this->e400("{$this->method} data is not valid JSON"); } $fields = $this->getFieldsFromJSON($json); } else { try { $keyXML = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } $fields = $this->getFieldsFromKeyXML($keyXML); } // Key attribute is optional, but, if it's there, make sure it matches if (isset($fields['key']) && $fields['key'] != $key) { $this->e400("Key '{$fields['key']}' does not match key '{$key}' from URI"); } Zotero_DB::beginTransaction(); try { $keyObj = Zotero_Keys::getByKey($key); if (!$keyObj) { $this->e404("Key '{$key}' does not exist"); } foreach ($fields as $field => $val) { if ($field == 'access') { foreach ($val as $access) { $this->setKeyPermissions($keyObj, $access); } } else { $keyObj->{$field} = $val; } } $keyObj->save(); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) { $this->e400($e->getMessage()); } $this->handleException($e); } if ($this->apiVersion >= 3) { echo Zotero_Utilities::formatJSON($keyObj->toJSON()); } else { $this->responseXML = $keyObj->toXML(); } Zotero_DB::commit(); } } } } if ($this->apiVersion >= 3) { $this->end(); } else { header('Content-Type: application/xml'); $xmlstr = $this->responseXML->asXML(); $doc = new DOMDocument('1.0'); $doc->loadXML($xmlstr); $doc->formatOutput = true; echo $doc->saveXML(); exit; } }