public function collections()
     if (($this->method == 'POST' || $this->method == 'PUT') && !$this->body) {
         $this->e400("{$this->method} data not provided");
     $collections = array();
     // Single collection
     if (($this->objectID || $this->objectKey) && $this->subset != 'collections') {
         $this->allowMethods(array('GET', 'PUT', 'DELETE'));
         // If id, redirect to key URL
         if ($this->objectID) {
             $collection = Zotero_Collections::get($this->objectLibraryID, $this->objectID);
             if (!$collection) {
                 $this->e404("Collection not found");
             $qs = !empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '';
             header("Location: " . Zotero_API::getCollectionURI($collection) . $qs);
         $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
         if (!$collection) {
             $this->e404("Collection not found");
         // In single-collection mode, require public pref to be enabled
         if (!$this->permissions->canAccess($this->objectLibraryID)) {
         if ($this->method == 'PUT' || $this->method == 'DELETE') {
             if (!$this->permissions->canWrite($this->objectLibraryID)) {
                 $this->e403("Write access denied");
             if (!Z_CONFIG::$TESTING_SITE || empty($_GET['skipetag'])) {
                 if (empty($_SERVER['HTTP_IF_MATCH'])) {
                     $this->e400("If-Match header not provided");
                 if (!preg_match('/^"?([a-f0-9]{32})"?$/', $_SERVER['HTTP_IF_MATCH'], $matches)) {
                     $this->e400("Invalid ETag in If-Match header");
                 if ($collection->etag != $matches[1]) {
                     $this->e412("ETag does not match current version of collection");
             if ($this->method == 'PUT') {
                 $obj = $this->jsonDecode($this->body);
                 Zotero_Collections::updateFromJSON($collection, $obj);
                 $this->queryParams['format'] = 'atom';
                 $this->queryParams['content'] = array('json');
                 if ($cacheKey = $this->getWriteTokenCacheKey()) {
                     Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
             } else {
                 Zotero_Collections::delete($this->objectLibraryID, $this->objectKey, true);
         $this->responseXML = Zotero_Collections::convertCollectionToAtom($collection, $this->queryParams['content']);
     } else {
         $this->allowMethods(array('GET', 'POST'));
         if (!$this->permissions->canAccess($this->objectLibraryID)) {
         if ($this->scopeObject) {
             switch ($this->scopeObject) {
                 case 'collections':
                     // If id, redirect to key URL
                     if ($this->scopeObjectID) {
                         $collection = Zotero_Collections::get($this->objectLibraryID, $this->scopeObjectID);
                         if (!$collection) {
                             $this->e404("Collection not found");
                         $qs = !empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '';
                         header("Location: " . Zotero_API::getCollectionURI($collection) . $qs);
                     $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
                     if (!$collection) {
                         $this->e404("Collection not found");
                     $title = "Child Collections of ‘{$collection->name}'’";
                     $collectionIDs = $collection->getChildCollections();
                     throw new Exception("Invalid collections scope object '{$this->scopeObject}'");
         } else {
             // Top-level items
             if ($this->subset == 'top') {
                 $title = "Top-Level Collections";
                 $results = Zotero_Collections::getAllAdvanced($this->objectLibraryID, true, $this->queryParams);
             } else {
                 // Create a collection
                 if ($this->method == 'POST') {
                     if (!$this->permissions->canWrite($this->objectLibraryID)) {
                         $this->e403("Write access denied");
                     $obj = $this->jsonDecode($this->body);
                     $collection = Zotero_Collections::addFromJSON($obj, $this->objectLibraryID);
                     if ($cacheKey = $this->getWriteTokenCacheKey()) {
                         Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
                     $uri = Zotero_API::getCollectionURI($collection);
                     $queryString = "content=json";
                     if ($this->apiKey) {
                         $queryString .= "&key=" . $this->apiKey;
                     $uri .= "?" . $queryString;
                     $this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, true);
                 $title = "Collections";
                 $results = Zotero_Collections::getAllAdvanced($this->objectLibraryID, false, $this->queryParams);
             $collections = $results['collections'];
             $totalResults = $results['total'];
         if (!empty($collectionIDs)) {
             foreach ($collectionIDs as $collectionID) {
                 $collections[] = Zotero_Collections::get($this->objectLibraryID, $collectionID);
             // Fake sorting and limiting
             $totalResults = sizeOf($collections);
             $key = $this->queryParams['order'];
             if ($key == 'title') {
                 $key = 'name';
             $dir = $this->queryParams['sort'];
             usort($collections, function ($a, $b) use($key, $dir) {
                 $dir = $dir == "asc" ? 1 : -1;
                 if ($a->{$key} == $b->{$key}) {
                     return 0;
                 } else {
                     return $a->{$key} > $b->{$key} ? $dir : $dir * -1;
             $collections = array_slice($collections, $this->queryParams['start'], $this->queryParams['limit']);
         $this->responseXML = Zotero_Atom::createAtomFeed($this->getFeedNamePrefix($this->objectLibraryID) . $title, $this->uri, $collections, $totalResults, $this->queryParams, $this->apiVersion, $this->permissions);
  * Add a collection to the cached child collections list if loaded
 public function registerChildCollection($collectionID)
     if ($this->loaded['childCollections']) {
         $collection = Zotero_Collections::get($this->libraryID, $collectionID);
         if ($collection) {
             $this->_hasChildCollections = true;
             $this->childCollections[] = $collection;
 public function setParentKey($parentCollectionKey)
     if ($this->id || $this->key) {
         if (!$this->loaded) {
     } else {
         $this->loaded = true;
     $oldParentCollectionID = $this->getParent();
     if ($oldParentCollectionID) {
         $parentCollection = Zotero_Collections::get($this->libraryID, $oldParentCollectionID);
         $oldParentCollectionKey = $parentCollection->key;
         if (!$oldParentCollectionKey) {
             throw new Exception("No key for parent collection {$oldParentCollectionID}");
     } else {
         $oldParentCollectionKey = null;
     if ($oldParentCollectionKey == $parentCollectionKey) {
         Z_Core::debug('Source collection has not changed in Zotero_Collection::setParentKey()');
         return false;
     /*if ($this->id && $this->exists() && !$this->previousData) {
     			$this->previousData = $this.serialize();
     $this->_parent = $parentCollectionKey ? $parentCollectionKey : null;
     $this->changed = true;
     return true;
 public function items()
     // Check for general library access
     if (!$this->permissions->canAccess($this->objectLibraryID)) {
     if ($this->isWriteMethod()) {
         // Check for library write access
         if (!$this->permissions->canWrite($this->objectLibraryID)) {
             $this->e403("Write access denied");
         // Make sure library hasn't been modified
         if (!$this->singleObject) {
             $libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
         // We don't update the library version in file mode, because currently
         // to avoid conflicts in the client the timestamp can't change
         // when the client updates file metadata
         if (!$this->fileMode) {
     $itemIDs = array();
     $itemKeys = array();
     $results = array();
     $title = "";
     // Single item
     if ($this->singleObject) {
         if ($this->fileMode) {
             if ($this->fileView) {
                 $this->allowMethods(array('HEAD', 'GET', 'POST'));
             } else {
                 $this->allowMethods(array('HEAD', 'GET', 'PUT', 'POST', 'PATCH'));
         } else {
             $this->allowMethods(array('HEAD', 'GET', 'PUT', 'PATCH', 'DELETE'));
         if (!$this->objectLibraryID || !Zotero_ID::isValidKey($this->objectKey)) {
         $item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
         if ($item) {
             // If no access to the note, don't show that it exists
             if ($item->isNote() && !$this->permissions->canAccess($this->objectLibraryID, 'notes')) {
             // Make sure URL libraryID matches item libraryID
             if ($this->objectLibraryID != $item->libraryID) {
                 $this->e404("Item does not exist");
             // File access mode
             if ($this->fileMode) {
             if ($this->scopeObject) {
                 switch ($this->scopeObject) {
                     // Remove item from collection
                     case 'collections':
                         $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
                         if (!$collection) {
                             $this->e404("Collection not found");
                         if (!$collection->hasItem($item->id)) {
                             $this->e404("Item not found in collection");
         } else {
             // Possibly temporary workaround to block unnecessary full syncs
             if ($this->fileMode && $this->httpAuth && $this->method == 'POST') {
                 // If > 2 requests for missing file, trigger a full sync via 404
                 $cacheKey = "apiMissingFile_" . $this->objectLibraryID . "_" . $this->objectKey;
                 $set = Z_Core::$MC->get($cacheKey);
                 if (!$set) {
                     Z_Core::$MC->set($cacheKey, 1, 86400);
                 } else {
                     if ($set < 2) {
                     } else {
                         $this->e404("A file sync error occurred. Please sync again.");
                 $this->e500("A file sync error occurred. Please sync again.");
         if ($this->isWriteMethod()) {
             $item = $this->handleObjectWrite('item', $item ? $item : null);
             if ($this->apiVersion < 2 && ($this->method == 'PUT' || $this->method == 'PATCH')) {
                 $this->queryParams['format'] = 'atom';
                 $this->queryParams['content'] = ['json'];
         if (!$item) {
             $this->e404("Item does not exist");
         $this->libraryVersion = $item->version;
         if ($this->method == 'HEAD') {
         // Display item
         switch ($this->queryParams['format']) {
             case 'atom':
                 $this->responseXML = Zotero_Items::convertItemToAtom($item, $this->queryParams, $this->permissions);
             case 'bib':
                 echo Zotero_Cite::getBibliographyFromCitationServer(array($item), $this->queryParams);
             case 'csljson':
                 $json = Zotero_Cite::getJSONFromItems(array($item), true);
                 echo Zotero_Utilities::formatJSON($json);
             case 'json':
                 $json = $item->toResponseJSON($this->queryParams, $this->permissions);
                 echo Zotero_Utilities::formatJSON($json);
                 $export = Zotero_Translate::doExport(array($item), $this->queryParams['format']);
                 $this->queryParams['format'] = null;
                 header("Content-Type: " . $export['mimeType']);
                 echo $export['body'];
     } else {
         $this->allowMethods(array('HEAD', 'GET', 'POST', 'DELETE'));
         $this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
         $includeTrashed = $this->queryParams['includeTrashed'];
         if ($this->scopeObject) {
             $this->allowMethods(array('GET', 'POST'));
             switch ($this->scopeObject) {
                 case 'collections':
                     // TEMP
                     if (Zotero_ID::isValidKey($this->scopeObjectKey)) {
                         $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
                     } else {
                         $collection = false;
                     if (!$collection) {
                         // If old collectionID, redirect
                         if ($this->method == 'GET' && Zotero_Utilities::isPosInt($this->scopeObjectKey)) {
                             $collection = Zotero_Collections::get($this->objectLibraryID, $this->scopeObjectKey);
                             if ($collection) {
                                 $qs = !empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '';
                                 $base = Zotero_API::getCollectionURI($collection);
                                 $this->redirect($base . "/items" . $qs, 301);
                         $this->e404("Collection not found");
                     // Add items to collection
                     if ($this->method == 'POST') {
                         $itemKeys = explode(' ', $this->body);
                         $itemIDs = array();
                         foreach ($itemKeys as $key) {
                             try {
                                 $item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $key);
                             } catch (Exception $e) {
                                 if ($e->getCode() == Z_ERROR_OBJECT_LIBRARY_MISMATCH) {
                                     $item = false;
                                 } else {
                                     throw $e;
                             if (!$item) {
                                 throw new Exception("Item '{$key}' not found in library", Z_ERROR_INVALID_INPUT);
                             if ($item->getSource()) {
                                 throw new Exception("Child items cannot be added to collections directly", Z_ERROR_INVALID_INPUT);
                             $itemIDs[] = $item->id;
                     if ($this->subset == 'top' || $this->apiVersion < 2) {
                         $title = "Top-Level Items in Collection ‘" . $collection->name . "’";
                         $itemIDs = $collection->getItems();
                     } else {
                         $title = "Items in Collection ‘" . $collection->name . "’";
                         $itemIDs = $collection->getItems(true);
                 case 'tags':
                     if ($this->apiVersion >= 2) {
                     $tagIDs = Zotero_Tags::getIDs($this->objectLibraryID, $this->scopeObjectName);
                     if (!$tagIDs) {
                         $this->e404("Tag not found");
                     foreach ($tagIDs as $tagID) {
                         $tag = new Zotero_Tag();
                         $tag->libraryID = $this->objectLibraryID;
                         $tag->id = $tagID;
                         // Use a real tag name, in case case differs
                         if (!$title) {
                             $title = "Items of Tag ‘" . $tag->name . "’";
                         $itemKeys = array_merge($itemKeys, $tag->getLinkedItems(true));
                     $itemKeys = array_unique($itemKeys);
         } else {
             // Top-level items
             if ($this->subset == 'top') {
                 $title = "Top-Level Items";
                 $results = Zotero_Items::search($this->objectLibraryID, true, $this->queryParams, $includeTrashed, $this->permissions);
             } else {
                 if ($this->subset == 'trash') {
                     $title = "Deleted Items";
                     $this->queryParams['trashedItemsOnly'] = true;
                     $includeTrashed = true;
                     $results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
                 } else {
                     if ($this->subset == 'children') {
                         $item = Zotero_Items::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
                         if (!$item) {
                             $this->e404("Item not found");
                         if ($item->isAttachment()) {
                             $this->e400("/children cannot be called on attachment items");
                         if ($item->isNote()) {
                             $this->e400("/children cannot be called on note items");
                         if ($item->getSource()) {
                             $this->e400("/children cannot be called on child items");
                         // Create new child items
                         if ($this->method == 'POST') {
                             if ($this->apiVersion >= 2) {
                             $obj = $this->jsonDecode($this->body);
                             $results = Zotero_Items::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, $item);
                             if ($cacheKey = $this->getWriteTokenCacheKey()) {
                                 Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
                             $uri = Zotero_API::getItemsURI($this->objectLibraryID);
                             $keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
                             $queryString = "itemKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=itemKeyList&sort=asc";
                             if ($this->apiKey) {
                                 $queryString .= "&key=" . $this->apiKey;
                             $uri .= "?" . $queryString;
                             $this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, false);
                             $this->responseCode = 201;
                             $title = "Items";
                             $results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
                         } else {
                             $title = "Child Items of ‘" . $item->getDisplayTitle() . "’";
                             $notes = $item->getNotes();
                             $attachments = $item->getAttachments();
                             $itemIDs = array_merge($notes, $attachments);
                     } else {
                         // Create new items
                         if ($this->method == 'POST') {
                             $this->queryParams['format'] = 'writereport';
                             $obj = $this->jsonDecode($this->body);
                             // Server-side translation
                             if (isset($obj->url)) {
                                 if ($this->apiVersion == 1) {
                                 $token = $this->getTranslationToken($obj);
                                 $results = Zotero_Items::addFromURL($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $token);
                                 if ($this->apiVersion == 1) {
                                 // Multiple choices
                                 if ($results instanceof stdClass) {
                                     $this->queryParams['format'] = null;
                                     header("Content-Type: application/json");
                                     if ($this->queryParams['v'] >= 2) {
                                         echo Zotero_Utilities::formatJSON(['url' => $obj->url, 'token' => $token, 'items' => $results->select]);
                                     } else {
                                         echo Zotero_Utilities::formatJSON($results->select);
                                 } else {
                                     if (is_int($results)) {
                                         switch ($results) {
                                             case 501:
                                                 $this->e501("No translators found for URL");
                                                 $this->e500("Error translating URL");
                                     } else {
                                         if ($this->apiVersion == 1) {
                                             $uri = Zotero_API::getItemsURI($this->objectLibraryID);
                                             $keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
                                             $queryString = "itemKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=itemKeyList&sort=asc";
                                             if ($this->apiKey) {
                                                 $queryString .= "&key=" . $this->apiKey;
                                             $uri .= "?" . $queryString;
                                             $this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, false);
                                             $this->responseCode = 201;
                                             $title = "Items";
                                             $results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
                                 // Otherwise return write status report
                             } else {
                                 if ($this->apiVersion < 2) {
                                 $results = Zotero_Items::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null);
                                 if ($this->apiVersion < 2) {
                                     $uri = Zotero_API::getItemsURI($this->objectLibraryID);
                                     $keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
                                     $queryString = "itemKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=itemKeyList&sort=asc";
                                     if ($this->apiKey) {
                                         $queryString .= "&key=" . $this->apiKey;
                                     $uri .= "?" . $queryString;
                                     $this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, false);
                                     $this->responseCode = 201;
                                     $title = "Items";
                                     $results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
                             if ($cacheKey = $this->getWriteTokenCacheKey()) {
                                 Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
                         } else {
                             if ($this->method == 'DELETE') {
                                 foreach ($this->queryParams['itemKey'] as $itemKey) {
                                     Zotero_Items::delete($this->objectLibraryID, $itemKey);
                             } else {
                                 $title = "Items";
                                 $results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
         if ($itemIDs || $itemKeys) {
             if ($itemIDs) {
                 $this->queryParams['itemIDs'] = $itemIDs;
             if ($itemKeys) {
                 $this->queryParams['itemKey'] = $itemKeys;
             $results = Zotero_Items::search($this->objectLibraryID, false, $this->queryParams, $includeTrashed, $this->permissions);
         if ($this->queryParams['format'] == 'bib') {
             $maxBibItems = Zotero_API::MAX_BIBLIOGRAPHY_ITEMS;
             if ($results['total'] > $maxBibItems) {
                 $this->e413("Cannot generate bibliography with more than {$maxBibItems} items");
         $this->generateMultiResponse($results, $title);
 public function toResponseJSON($requestParams = [])
     $t = microtime(true);
     // Child collections and items can't be cached (easily)
     $numCollections = $this->numCollections();
     $numItems = $this->numItems();
     if (!$requestParams['uncached']) {
         $cacheKey = $this->getCacheKey($requestParams);
         $cached = Z_Core::$MC->get($cacheKey);
         if ($cached) {
             Z_Core::debug("Using cached JSON for {$this->libraryKey}");
             $cached['meta']->numCollections = $numCollections;
             $cached['meta']->numItems = $numItems;
             StatsD::timing("api.collections.toResponseJSON.cached", (microtime(true) - $t) * 1000);
             return $cached;
     $json = ['key' => $this->key, 'version' => $this->version, 'library' => Zotero_Libraries::toJSON($this->libraryID)];
     // 'links'
     $json['links'] = ['self' => ['href' => Zotero_API::getCollectionURI($this), 'type' => 'application/json'], 'alternate' => ['href' => Zotero_URI::getCollectionURI($this, true), 'type' => 'text/html']];
     $parent = $this->parent;
     if ($parent) {
         $parentCol = Zotero_Collections::get($this->libraryID, $parent);
         $json['links']['up'] = ['href' => Zotero_API::getCollectionURI($parentCol), 'type' => "application/atom+xml"];
     // 'meta'
     $json['meta'] = new stdClass();
     $json['meta']->numCollections = $numCollections;
     $json['meta']->numItems = $numItems;
     // 'include'
     $include = $requestParams['include'];
     foreach ($include as $type) {
         if ($type == 'data') {
             $json[$type] = $this->toJSON($requestParams);
     if (!$requestParams['uncached']) {
         Z_Core::$MC->set($cacheKey, $json);
         StatsD::timing("api.collections.toResponseJSON.uncached", (microtime(true) - $t) * 1000);
     return $json;