public function groups()
{
if (($this->method == 'POST' || $this->method == 'PUT') && !$this->body) {
$this->e400("{$this->method} data not provided");
}
$groupID = $this->groupID;
//
// Add a group
//
if ($this->method == 'POST') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if ($groupID) {
$this->e400("POST requests cannot end with a groupID (did you mean PUT?)");
}
try {
$group = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
if ((int) $group['id']) {
$this->e400("POST requests cannot contain a groupID in '" . $this->body . "'");
}
$fields = $this->getFieldsFromGroupXML($group);
Zotero_DB::beginTransaction();
try {
$group = new Zotero_Group();
foreach ($fields as $field => $val) {
$group->{$field} = $val;
}
$group->save();
} catch (Exception $e) {
if (strpos($e->getMessage(), "Invalid") === 0) {
$this->e400($e->getMessage() . " in " . $this->body . "'");
}
switch ($e->getCode()) {
case Z_ERROR_GROUP_NAME_UNAVAILABLE:
$this->e400($e->getMessage());
default:
$this->e500($e->getMessage());
}
}
$this->responseXML = $group->toAtom(array('full'), $this->queryParams, $this->apiVersion);
Zotero_DB::commit();
$url = Zotero_Atom::getGroupURI($group);
header("Location: " . $url, false, 201);
$this->end();
}
//
// Update a group
//
if ($this->method == 'PUT') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if (!$groupID) {
$this->e400("PUT requests must end with a groupID (did you mean POST?)");
}
try {
$group = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
$fields = $this->getFieldsFromGroupXML($group);
// Group id is optional, but, if it's there, make sure it matches
$id = (string) $group['id'];
if ($id && $id != $groupID) {
$this->e400("Group ID {$id} does not match group ID {$groupID} from URI");
}
Zotero_DB::beginTransaction();
try {
$group = Zotero_Groups::get($groupID);
if (!$group) {
$this->e404("Group {$groupID} does not exist");
}
foreach ($fields as $field => $val) {
$group->{$field} = $val;
}
if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) {
$this->e412();
}
$group->save();
} catch (Exception $e) {
if (strpos($e->getMessage(), "Invalid") === 0) {
$this->e400($e->getMessage() . " in " . $this->body . "'");
} else {
if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) {
$this->e400($e->getMessage());
}
}
$this->e500($e->getMessage());
}
$this->responseXML = $group->toAtom(array('full'), $this->queryParams, $this->apiVersion);
Zotero_DB::commit();
$this->end();
}
//
// Delete a group
//
if ($this->method == 'DELETE') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if (!$groupID) {
$this->e400("DELETE requests must end with a groupID");
}
Zotero_DB::beginTransaction();
$group = Zotero_Groups::get($groupID);
if (!$group) {
$this->e404("Group {$groupID} does not exist");
}
$group->erase();
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
exit;
}
//
// View one or more groups
//
// Single group
if ($groupID) {
$group = Zotero_Groups::get($groupID);
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if (!$group) {
$this->e404("Group not found");
}
$this->responseXML = $group->toAtom($this->queryParams['content'], $this->queryParams, $this->apiVersion);
} else {
if ($this->objectUserID) {
// Users (or their keys) can see only their own groups
if (!$this->permissions->isSuper() && $this->userID != $this->objectUserID) {
$this->e403();
}
$title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups";
} else {
// For now, only root can do unrestricted group searches
if (!$this->permissions->isSuper()) {
$this->e403();
}
$title = "Groups";
}
try {
$results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions);
} catch (Exception $e) {
switch ($e->getCode()) {
case Z_ERROR_INVALID_GROUP_TYPE:
$this->e400($e->getMessage());
}
throw $e;
}
$groups = $results['groups'];
$totalResults = $results['totalResults'];
$this->responseXML = Zotero_Atom::createAtomFeed($title, $this->uri, $groups, $totalResults, $this->queryParams, $this->apiVersion, $this->permissions);
}
$this->end();
}
public function groups()
{
$groupID = $this->objectGroupID;
//
// Add a group
//
if ($this->method == 'POST') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if ($groupID) {
$this->e400("POST requests cannot end with a groupID (did you mean PUT?)");
}
try {
$group = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
if ((int) $group['id']) {
$this->e400("POST requests cannot contain a groupID in '" . $this->body . "'");
}
$fields = $this->getFieldsFromGroupXML($group);
Zotero_DB::beginTransaction();
try {
$group = new Zotero_Group();
foreach ($fields as $field => $val) {
$group->{$field} = $val;
}
$group->save();
} catch (Exception $e) {
if (strpos($e->getMessage(), "Invalid") === 0) {
$this->e400($e->getMessage() . " in " . $this->body . "'");
}
switch ($e->getCode()) {
case Z_ERROR_GROUP_NAME_UNAVAILABLE:
$this->e400($e->getMessage());
default:
$this->handleException($e);
}
}
$this->queryParams['content'] = array('full');
$this->responseXML = $group->toAtom($this->queryParams);
Zotero_DB::commit();
$url = Zotero_API::getGroupURI($group);
$this->responseCode = 201;
header("Location: " . $url, false, 201);
$this->end();
}
//
// Update a group
//
if ($this->method == 'PUT') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if (!$groupID) {
$this->e400("PUT requests must end with a groupID (did you mean POST?)");
}
try {
$group = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
$fields = $this->getFieldsFromGroupXML($group);
// Group id is optional, but, if it's there, make sure it matches
$id = (string) $group['id'];
if ($id && $id != $groupID) {
$this->e400("Group ID {$id} does not match group ID {$groupID} from URI");
}
Zotero_DB::beginTransaction();
try {
$group = Zotero_Groups::get($groupID);
if (!$group) {
$this->e404("Group {$groupID} does not exist");
}
foreach ($fields as $field => $val) {
$group->{$field} = $val;
}
if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) {
$this->e412();
}
$group->save();
} catch (Exception $e) {
if (strpos($e->getMessage(), "Invalid") === 0) {
$this->e400($e->getMessage() . " in " . $this->body . "'");
} else {
if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) {
$this->e400($e->getMessage());
}
}
$this->handleException($e);
}
$this->queryParams['content'] = array('full');
$this->responseXML = $group->toAtom($this->queryParams);
Zotero_DB::commit();
$this->end();
}
//
// Delete a group
//
if ($this->method == 'DELETE') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if (!$groupID) {
$this->e400("DELETE requests must end with a groupID");
}
Zotero_DB::beginTransaction();
$group = Zotero_Groups::get($groupID);
if (!$group) {
$this->e404("Group {$groupID} does not exist");
}
$group->erase();
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
exit;
}
//
// View one or more groups
//
// Single group
if ($groupID) {
$group = Zotero_Groups::get($groupID);
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if (!$group) {
$this->e404("Group not found");
}
if ($this->apiVersion >= 3) {
$this->libraryVersion = $group->version;
} else {
header("ETag: " . $group->etag);
}
if ($this->method == 'HEAD') {
$this->end();
}
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = $group->toAtom($this->queryParams);
break;
case 'json':
$json = $group->toResponseJSON($this->queryParams);
echo Zotero_Utilities::formatJSON($json);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
} else {
if ($this->objectUserID) {
$title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups";
} else {
// For now, only root can do unrestricted group searches
if (!$this->permissions->isSuper()) {
$this->e403();
}
$title = "Groups";
}
try {
$results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions);
} catch (Exception $e) {
switch ($e->getCode()) {
case Z_ERROR_INVALID_GROUP_TYPE:
$this->e400($e->getMessage());
}
throw $e;
}
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $title]));
break;
case 'json':
Zotero_API::multiResponse($options);
break;
case 'etags':
case 'versions':
$prop = substr($this->queryParams['format'], 0, -1);
// remove 's'
$newResults = [];
foreach ($results['results'] as $group) {
$newResults[$group->id] = $group->{$prop};
}
$options['results']['results'] = $newResults;
Zotero_API::multiResponse($options, 'versions');
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
$this->end();
}