public function collections()
{
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if ($this->isWriteMethod()) {
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
// Make sure library hasn't been modified
if (!$this->singleObject) {
$libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
}
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
$collectionIDs = array();
$collectionKeys = array();
$results = array();
// Single collection
if ($this->singleObject) {
$this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']);
if (!Zotero_ID::isValidKey($this->objectKey)) {
$this->e404();
}
$collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if ($this->isWriteMethod()) {
$collection = $this->handleObjectWrite('collection', $collection ? $collection : null);
$this->queryParams['content'] = ['json'];
}
if (!$collection) {
$this->e404("Collection not found");
}
$this->libraryVersion = $collection->version;
if ($this->method == 'HEAD') {
$this->end();
}
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_Collections::convertCollectionToAtom($collection, $this->queryParams);
break;
case 'json':
$json = $collection->toResponseJSON($this->queryParams, $this->permissions);
echo Zotero_Utilities::formatJSON($json);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
} else {
$this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']);
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
if ($this->scopeObject) {
$this->allowMethods(array('GET'));
switch ($this->scopeObject) {
case 'collections':
$collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey);
if (!$collection) {
$this->e404("Collection not found");
}
$title = "Child Collections of ‘{$collection->name}'’";
$collectionIDs = $collection->getChildCollections();
break;
default:
throw new Exception("Invalid collections scope object '{$this->scopeObject}'");
}
} else {
// Top-level items
if ($this->subset == 'top') {
$this->allowMethods(array('GET'));
$title = "Top-Level Collections";
$results = Zotero_Collections::search($this->objectLibraryID, true, $this->queryParams);
} else {
// Create a collection
if ($this->method == 'POST') {
$this->queryParams['format'] = 'writereport';
$obj = $this->jsonDecode($this->body);
$results = Zotero_Collections::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null);
if ($cacheKey = $this->getWriteTokenCacheKey()) {
Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
}
if ($this->apiVersion < 2) {
$uri = Zotero_API::getCollectionsURI($this->objectLibraryID);
$keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged']));
$queryString = "collectionKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=collectionKeyList&sort=asc";
if ($this->apiKey) {
$queryString .= "&key=" . $this->apiKey;
}
$uri .= "?" . $queryString;
$this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, true, $this->apiVersion);
$title = "Collections";
$results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams);
}
} else {
if ($this->method == 'DELETE') {
Zotero_DB::beginTransaction();
foreach ($this->queryParams['collectionKey'] as $collectionKey) {
Zotero_Collections::delete($this->objectLibraryID, $collectionKey);
}
Zotero_DB::commit();
$this->e204();
} else {
$title = "Collections";
$results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams);
}
}
}
}
if ($collectionIDs) {
$this->queryParams['collectionIDs'] = $collectionIDs;
$results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams);
}
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title]));
break;
case 'json':
case 'keys':
case 'versions':
case 'writereport':
Zotero_API::multiResponse($options);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
$this->end();
}
public function searches()
{
if ($this->apiVersion < 2) {
$this->e404();
}
// Check for general library access
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if ($this->isWriteMethod()) {
// Check for library write access
if (!$this->permissions->canWrite($this->objectLibraryID)) {
$this->e403("Write access denied");
}
// Make sure library hasn't been modified
if (!$this->singleObject) {
$libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion();
}
Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID);
}
$results = array();
// Single search
if ($this->singleObject) {
$this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']);
$search = Zotero_Searches::getByLibraryAndKey($this->objectLibraryID, $this->objectKey);
if ($this->isWriteMethod()) {
$search = $this->handleObjectWrite('search', $search ? $search : null);
$this->e204();
}
if (!$search) {
$this->e404("Search not found");
}
$this->libraryVersion = $search->version;
if ($this->method == 'HEAD') {
$this->end();
}
// Display search
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = $search->toAtom($this->queryParams);
break;
case 'json':
$json = $search->toResponseJSON($this->queryParams, $this->permissions);
echo Zotero_Utilities::formatJSON($json);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
} else {
$this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']);
$this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID);
// Create a search
if ($this->method == 'POST') {
$this->queryParams['format'] = 'writereport';
$obj = $this->jsonDecode($this->body);
$results = Zotero_Searches::updateMultipleFromJSON($obj, $this->objectLibraryID, $this->queryParams, $this->userID, $libraryTimestampChecked ? 0 : 1, null);
if ($cacheKey = $this->getWriteTokenCacheKey()) {
Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime);
}
} else {
if ($this->method == 'DELETE') {
Zotero_DB::beginTransaction();
foreach ($this->queryParams['searchKey'] as $searchKey) {
Zotero_Searches::delete($this->objectLibraryID, $searchKey);
}
Zotero_DB::commit();
$this->e204();
} else {
$title = "Searches";
$results = Zotero_Searches::search($this->objectLibraryID, $this->queryParams);
}
}
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title]));
break;
case 'json':
case 'keys':
case 'versions':
case 'writereport':
Zotero_API::multiResponse($options);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
$this->end();
}
public function groups()
{
$groupID = $this->objectGroupID;
//
// Add a group
//
if ($this->method == 'POST') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if ($groupID) {
$this->e400("POST requests cannot end with a groupID (did you mean PUT?)");
}
try {
$group = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
if ((int) $group['id']) {
$this->e400("POST requests cannot contain a groupID in '" . $this->body . "'");
}
$fields = $this->getFieldsFromGroupXML($group);
Zotero_DB::beginTransaction();
try {
$group = new Zotero_Group();
foreach ($fields as $field => $val) {
$group->{$field} = $val;
}
$group->save();
} catch (Exception $e) {
if (strpos($e->getMessage(), "Invalid") === 0) {
$this->e400($e->getMessage() . " in " . $this->body . "'");
}
switch ($e->getCode()) {
case Z_ERROR_GROUP_NAME_UNAVAILABLE:
$this->e400($e->getMessage());
default:
$this->handleException($e);
}
}
$this->queryParams['content'] = array('full');
$this->responseXML = $group->toAtom($this->queryParams);
Zotero_DB::commit();
$url = Zotero_API::getGroupURI($group);
$this->responseCode = 201;
header("Location: " . $url, false, 201);
$this->end();
}
//
// Update a group
//
if ($this->method == 'PUT') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if (!$groupID) {
$this->e400("PUT requests must end with a groupID (did you mean POST?)");
}
try {
$group = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
$fields = $this->getFieldsFromGroupXML($group);
// Group id is optional, but, if it's there, make sure it matches
$id = (string) $group['id'];
if ($id && $id != $groupID) {
$this->e400("Group ID {$id} does not match group ID {$groupID} from URI");
}
Zotero_DB::beginTransaction();
try {
$group = Zotero_Groups::get($groupID);
if (!$group) {
$this->e404("Group {$groupID} does not exist");
}
foreach ($fields as $field => $val) {
$group->{$field} = $val;
}
if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) {
$this->e412();
}
$group->save();
} catch (Exception $e) {
if (strpos($e->getMessage(), "Invalid") === 0) {
$this->e400($e->getMessage() . " in " . $this->body . "'");
} else {
if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) {
$this->e400($e->getMessage());
}
}
$this->handleException($e);
}
$this->queryParams['content'] = array('full');
$this->responseXML = $group->toAtom($this->queryParams);
Zotero_DB::commit();
$this->end();
}
//
// Delete a group
//
if ($this->method == 'DELETE') {
if (!$this->permissions->isSuper()) {
$this->e403();
}
if (!$groupID) {
$this->e400("DELETE requests must end with a groupID");
}
Zotero_DB::beginTransaction();
$group = Zotero_Groups::get($groupID);
if (!$group) {
$this->e404("Group {$groupID} does not exist");
}
$group->erase();
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
exit;
}
//
// View one or more groups
//
// Single group
if ($groupID) {
$group = Zotero_Groups::get($groupID);
if (!$this->permissions->canAccess($this->objectLibraryID)) {
$this->e403();
}
if (!$group) {
$this->e404("Group not found");
}
if ($this->apiVersion >= 3) {
$this->libraryVersion = $group->version;
} else {
header("ETag: " . $group->etag);
}
if ($this->method == 'HEAD') {
$this->end();
}
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = $group->toAtom($this->queryParams);
break;
case 'json':
$json = $group->toResponseJSON($this->queryParams);
echo Zotero_Utilities::formatJSON($json);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
} else {
if ($this->objectUserID) {
$title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups";
} else {
// For now, only root can do unrestricted group searches
if (!$this->permissions->isSuper()) {
$this->e403();
}
$title = "Groups";
}
try {
$results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions);
} catch (Exception $e) {
switch ($e->getCode()) {
case Z_ERROR_INVALID_GROUP_TYPE:
$this->e400($e->getMessage());
}
throw $e;
}
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $title]));
break;
case 'json':
Zotero_API::multiResponse($options);
break;
case 'etags':
case 'versions':
$prop = substr($this->queryParams['format'], 0, -1);
// remove 's'
$newResults = [];
foreach ($results['results'] as $group) {
$newResults[$group->id] = $group->{$prop};
}
$options['results']['results'] = $newResults;
Zotero_API::multiResponse($options, 'versions');
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
$this->end();
}
private function generateMultiResponse($results, $title = '')
{
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title]));
break;
case 'bib':
if ($this->method == 'HEAD') {
break;
}
if (isset($results['results'])) {
echo Zotero_Cite::getBibliographyFromCitationServer($results['results'], $this->queryParams);
}
break;
case 'csljson':
case 'json':
case 'keys':
case 'versions':
case 'writereport':
Zotero_API::multiResponse($options);
break;
default:
if ($this->method == 'HEAD') {
break;
}
$export = Zotero_Translate::doExport($results['results'], $this->queryParams['format']);
$this->queryParams['format'] = null;
header("Content-Type: " . $export['mimeType']);
echo $export['body'];
}
}
private function generateMultiResponse($results, $title, $fixedValues)
{
$options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD'];
switch ($this->queryParams['format']) {
case 'atom':
$this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title, 'fixedValues' => $fixedValues]));
break;
case 'json':
Zotero_API::multiResponse($options);
break;
default:
throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'");
}
}
