function updateAnnotation($id) { $params = $this->listBodyParams(); // Check for cross-site request forgery if (!$this->verifySession($params)) { $this->httpError(403, 'Forbidden', 'Illegal request'); return; } $annotation = $this->doGetAnnotation($id); if (null === $annotation) { $this->httpError(404, 'Not Found', 'No such annotation'); } elseif ($this->currentUserId != $annotation->getUserId() && !$this->allowAnyUserPatch) { $this->httpError(403, 'Forbidden', 'Not your annotation'); } else { // If this is a patch update by another user, restrict the update to ranges parameters only if ($this->currentUserId != $annotation->getUserId()) { $newParams = array(); if (array_key_exists($params['sequence-range'])) { $newParams['sequence-range'] = $params['sequence-range']; } if (array_key_exists($params['xpath-range'])) { $newParams['xpath-range'] = $params['xpath-range']; } $params = $newParams; } // Set only the fields that were passed in $error = $annotation->fromArray($params); if ($error) { $this->httpError(MarginaliaHelper::httpResultCodeForError($error), 'Error', $error); } else { // Update the annotation in the database if ($this->doUpdateAnnotation($annotation)) { header('HTTP/1.1 204 Updated'); } else { $this->httpError(500, 'Internal Service Error', 'Update failed'); } } } }
function updateAnnotation($id) { $params = $this->listBodyParams(); $annotation = $this->doGetAnnotation($id); if (null === $annotation) { $this->httpError(404, 'Not Found', 'No such annotation'); } elseif ($this->currentUserId != $annotation->getUserId()) { $this->httpError(403, 'Forbidden', 'Not your annotation'); } else { // Set only the fields that were passed in $error = $annotation->fromArray($params); if ($error) { $this->httpError(MarginaliaHelper::httpResultCodeForError($error), 'Error', $error); } else { // Update the annotation in the database if ($this->doUpdateAnnotation($annotation)) { header('HTTP/1.1 204 Updated'); } else { $this->httpError(500, 'Internal Service Error', 'Update failed'); } } } }