Exemplo n.º 1
0
 public function groups()
 {
     if (($this->method == 'POST' || $this->method == 'PUT') && !$this->body) {
         $this->e400("{$this->method} data not provided");
     }
     $groupID = $this->groupID;
     //
     // Add a group
     //
     if ($this->method == 'POST') {
         if (!$this->permissions->isSuper()) {
             $this->e403();
         }
         if ($groupID) {
             $this->e400("POST requests cannot end with a groupID (did you mean PUT?)");
         }
         try {
             $group = @new SimpleXMLElement($this->body);
         } catch (Exception $e) {
             $this->e400("{$this->method} data is not valid XML");
         }
         if ((int) $group['id']) {
             $this->e400("POST requests cannot contain a groupID in '" . $this->body . "'");
         }
         $fields = $this->getFieldsFromGroupXML($group);
         Zotero_DB::beginTransaction();
         try {
             $group = new Zotero_Group();
             foreach ($fields as $field => $val) {
                 $group->{$field} = $val;
             }
             $group->save();
         } catch (Exception $e) {
             if (strpos($e->getMessage(), "Invalid") === 0) {
                 $this->e400($e->getMessage() . " in " . $this->body . "'");
             }
             switch ($e->getCode()) {
                 case Z_ERROR_GROUP_NAME_UNAVAILABLE:
                     $this->e400($e->getMessage());
                 default:
                     $this->e500($e->getMessage());
             }
         }
         $this->responseXML = $group->toAtom(array('full'), $this->queryParams, $this->apiVersion);
         Zotero_DB::commit();
         $url = Zotero_Atom::getGroupURI($group);
         header("Location: " . $url, false, 201);
         $this->end();
     }
     //
     // Update a group
     //
     if ($this->method == 'PUT') {
         if (!$this->permissions->isSuper()) {
             $this->e403();
         }
         if (!$groupID) {
             $this->e400("PUT requests must end with a groupID (did you mean POST?)");
         }
         try {
             $group = @new SimpleXMLElement($this->body);
         } catch (Exception $e) {
             $this->e400("{$this->method} data is not valid XML");
         }
         $fields = $this->getFieldsFromGroupXML($group);
         // Group id is optional, but, if it's there, make sure it matches
         $id = (string) $group['id'];
         if ($id && $id != $groupID) {
             $this->e400("Group ID {$id} does not match group ID {$groupID} from URI");
         }
         Zotero_DB::beginTransaction();
         try {
             $group = Zotero_Groups::get($groupID);
             if (!$group) {
                 $this->e404("Group {$groupID} does not exist");
             }
             foreach ($fields as $field => $val) {
                 $group->{$field} = $val;
             }
             if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) {
                 $this->e412();
             }
             $group->save();
         } catch (Exception $e) {
             if (strpos($e->getMessage(), "Invalid") === 0) {
                 $this->e400($e->getMessage() . " in " . $this->body . "'");
             } else {
                 if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) {
                     $this->e400($e->getMessage());
                 }
             }
             $this->e500($e->getMessage());
         }
         $this->responseXML = $group->toAtom(array('full'), $this->queryParams, $this->apiVersion);
         Zotero_DB::commit();
         $this->end();
     }
     //
     // Delete a group
     //
     if ($this->method == 'DELETE') {
         if (!$this->permissions->isSuper()) {
             $this->e403();
         }
         if (!$groupID) {
             $this->e400("DELETE requests must end with a groupID");
         }
         Zotero_DB::beginTransaction();
         $group = Zotero_Groups::get($groupID);
         if (!$group) {
             $this->e404("Group {$groupID} does not exist");
         }
         $group->erase();
         Zotero_DB::commit();
         header("HTTP/1.1 204 No Content");
         exit;
     }
     //
     // View one or more groups
     //
     // Single group
     if ($groupID) {
         $group = Zotero_Groups::get($groupID);
         if (!$this->permissions->canAccess($this->objectLibraryID)) {
             $this->e403();
         }
         if (!$group) {
             $this->e404("Group not found");
         }
         $this->responseXML = $group->toAtom($this->queryParams['content'], $this->queryParams, $this->apiVersion);
     } else {
         if ($this->objectUserID) {
             // Users (or their keys) can see only their own groups
             if (!$this->permissions->isSuper() && $this->userID != $this->objectUserID) {
                 $this->e403();
             }
             $title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups";
         } else {
             // For now, only root can do unrestricted group searches
             if (!$this->permissions->isSuper()) {
                 $this->e403();
             }
             $title = "Groups";
         }
         try {
             $results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions);
         } catch (Exception $e) {
             switch ($e->getCode()) {
                 case Z_ERROR_INVALID_GROUP_TYPE:
                     $this->e400($e->getMessage());
             }
             throw $e;
         }
         $groups = $results['groups'];
         $totalResults = $results['totalResults'];
         $this->responseXML = Zotero_Atom::createAtomFeed($title, $this->uri, $groups, $totalResults, $this->queryParams, $this->apiVersion, $this->permissions);
     }
     $this->end();
 }
Exemplo n.º 2
0
 public function groups()
 {
     $groupID = $this->objectGroupID;
     //
     // Add a group
     //
     if ($this->method == 'POST') {
         if (!$this->permissions->isSuper()) {
             $this->e403();
         }
         if ($groupID) {
             $this->e400("POST requests cannot end with a groupID (did you mean PUT?)");
         }
         try {
             $group = @new SimpleXMLElement($this->body);
         } catch (Exception $e) {
             $this->e400("{$this->method} data is not valid XML");
         }
         if ((int) $group['id']) {
             $this->e400("POST requests cannot contain a groupID in '" . $this->body . "'");
         }
         $fields = $this->getFieldsFromGroupXML($group);
         Zotero_DB::beginTransaction();
         try {
             $group = new Zotero_Group();
             foreach ($fields as $field => $val) {
                 $group->{$field} = $val;
             }
             $group->save();
         } catch (Exception $e) {
             if (strpos($e->getMessage(), "Invalid") === 0) {
                 $this->e400($e->getMessage() . " in " . $this->body . "'");
             }
             switch ($e->getCode()) {
                 case Z_ERROR_GROUP_NAME_UNAVAILABLE:
                     $this->e400($e->getMessage());
                 default:
                     $this->handleException($e);
             }
         }
         $this->queryParams['content'] = array('full');
         $this->responseXML = $group->toAtom($this->queryParams);
         Zotero_DB::commit();
         $url = Zotero_API::getGroupURI($group);
         $this->responseCode = 201;
         header("Location: " . $url, false, 201);
         $this->end();
     }
     //
     // Update a group
     //
     if ($this->method == 'PUT') {
         if (!$this->permissions->isSuper()) {
             $this->e403();
         }
         if (!$groupID) {
             $this->e400("PUT requests must end with a groupID (did you mean POST?)");
         }
         try {
             $group = @new SimpleXMLElement($this->body);
         } catch (Exception $e) {
             $this->e400("{$this->method} data is not valid XML");
         }
         $fields = $this->getFieldsFromGroupXML($group);
         // Group id is optional, but, if it's there, make sure it matches
         $id = (string) $group['id'];
         if ($id && $id != $groupID) {
             $this->e400("Group ID {$id} does not match group ID {$groupID} from URI");
         }
         Zotero_DB::beginTransaction();
         try {
             $group = Zotero_Groups::get($groupID);
             if (!$group) {
                 $this->e404("Group {$groupID} does not exist");
             }
             foreach ($fields as $field => $val) {
                 $group->{$field} = $val;
             }
             if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) {
                 $this->e412();
             }
             $group->save();
         } catch (Exception $e) {
             if (strpos($e->getMessage(), "Invalid") === 0) {
                 $this->e400($e->getMessage() . " in " . $this->body . "'");
             } else {
                 if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) {
                     $this->e400($e->getMessage());
                 }
             }
             $this->handleException($e);
         }
         $this->queryParams['content'] = array('full');
         $this->responseXML = $group->toAtom($this->queryParams);
         Zotero_DB::commit();
         $this->end();
     }
     //
     // Delete a group
     //
     if ($this->method == 'DELETE') {
         if (!$this->permissions->isSuper()) {
             $this->e403();
         }
         if (!$groupID) {
             $this->e400("DELETE requests must end with a groupID");
         }
         Zotero_DB::beginTransaction();
         $group = Zotero_Groups::get($groupID);
         if (!$group) {
             $this->e404("Group {$groupID} does not exist");
         }
         $group->erase();
         Zotero_DB::commit();
         header("HTTP/1.1 204 No Content");
         exit;
     }
     //
     // View one or more groups
     //
     // Single group
     if ($groupID) {
         $group = Zotero_Groups::get($groupID);
         if (!$this->permissions->canAccess($this->objectLibraryID)) {
             $this->e403();
         }
         if (!$group) {
             $this->e404("Group not found");
         }
         if ($this->apiVersion >= 3) {
             $this->libraryVersion = $group->version;
         } else {
             header("ETag: " . $group->etag);
         }
         if ($this->method == 'HEAD') {
             $this->end();
         }
         switch ($this->queryParams['format']) {
             case 'atom':
                 $this->responseXML = $group->toAtom($this->queryParams);
                 break;
             case 'json':
                 $json = $group->toResponseJSON($this->queryParams);
                 echo Zotero_Utilities::formatJSON($json);
                 break;
             default:
                 throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
         }
     } else {
         if ($this->objectUserID) {
             $title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups";
         } else {
             // For now, only root can do unrestricted group searches
             if (!$this->permissions->isSuper()) {
                 $this->e403();
             }
             $title = "Groups";
         }
         try {
             $results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions);
         } catch (Exception $e) {
             switch ($e->getCode()) {
                 case Z_ERROR_INVALID_GROUP_TYPE:
                     $this->e400($e->getMessage());
             }
             throw $e;
         }
         $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
         switch ($this->queryParams['format']) {
             case 'atom':
                 $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $title]));
                 break;
             case 'json':
                 Zotero_API::multiResponse($options);
                 break;
             case 'etags':
             case 'versions':
                 $prop = substr($this->queryParams['format'], 0, -1);
                 // remove 's'
                 $newResults = [];
                 foreach ($results['results'] as $group) {
                     $newResults[$group->id] = $group->{$prop};
                 }
                 $options['results']['results'] = $newResults;
                 Zotero_API::multiResponse($options, 'versions');
                 break;
             default:
                 throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
         }
     }
     $this->end();
 }