public function collections() { // Check for general library access if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if ($this->isWriteMethod()) { // Check for library write access if (!$this->permissions->canWrite($this->objectLibraryID)) { $this->e403("Write access denied"); } // Make sure library hasn't been modified if (!$this->singleObject) { $libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion(); } Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID); } $collectionIDs = array(); $collectionKeys = array(); $results = array(); // Single collection if ($this->singleObject) { $this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']); if (!Zotero_ID::isValidKey($this->objectKey)) { $this->e404(); } $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->objectKey); if ($this->isWriteMethod()) { $collection = $this->handleObjectWrite('collection', $collection ? $collection : null); $this->queryParams['content'] = ['json']; } if (!$collection) { $this->e404("Collection not found"); } $this->libraryVersion = $collection->version; if ($this->method == 'HEAD') { $this->end(); } switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_Collections::convertCollectionToAtom($collection, $this->queryParams); break; case 'json': $json = $collection->toResponseJSON($this->queryParams, $this->permissions); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { $this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']); $this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID); if ($this->scopeObject) { $this->allowMethods(array('GET')); switch ($this->scopeObject) { case 'collections': $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey); if (!$collection) { $this->e404("Collection not found"); } $title = "Child Collections of ‘{$collection->name}'’"; $collectionIDs = $collection->getChildCollections(); break; default: throw new Exception("Invalid collections scope object '{$this->scopeObject}'"); } } else { // Top-level items if ($this->subset == 'top') { $this->allowMethods(array('GET')); $title = "Top-Level Collections"; $results = Zotero_Collections::search($this->objectLibraryID, true, $this->queryParams); } else { // Create a collection if ($this->method == 'POST') { $this->queryParams['format'] = 'writereport'; $obj = $this->jsonDecode($this->body); $results = Zotero_Collections::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null); if ($cacheKey = $this->getWriteTokenCacheKey()) { Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime); } if ($this->apiVersion < 2) { $uri = Zotero_API::getCollectionsURI($this->objectLibraryID); $keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged'])); $queryString = "collectionKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=collectionKeyList&sort=asc"; if ($this->apiKey) { $queryString .= "&key=" . $this->apiKey; } $uri .= "?" . $queryString; $this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, true, $this->apiVersion); $title = "Collections"; $results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams); } } else { if ($this->method == 'DELETE') { Zotero_DB::beginTransaction(); foreach ($this->queryParams['collectionKey'] as $collectionKey) { Zotero_Collections::delete($this->objectLibraryID, $collectionKey); } Zotero_DB::commit(); $this->e204(); } else { $title = "Collections"; $results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams); } } } } if ($collectionIDs) { $this->queryParams['collectionIDs'] = $collectionIDs; $results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams); } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title])); break; case 'json': case 'keys': case 'versions': case 'writereport': Zotero_API::multiResponse($options); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
public function searches() { if ($this->apiVersion < 2) { $this->e404(); } // Check for general library access if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if ($this->isWriteMethod()) { // Check for library write access if (!$this->permissions->canWrite($this->objectLibraryID)) { $this->e403("Write access denied"); } // Make sure library hasn't been modified if (!$this->singleObject) { $libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion(); } Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID); } $results = array(); // Single search if ($this->singleObject) { $this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']); $search = Zotero_Searches::getByLibraryAndKey($this->objectLibraryID, $this->objectKey); if ($this->isWriteMethod()) { $search = $this->handleObjectWrite('search', $search ? $search : null); $this->e204(); } if (!$search) { $this->e404("Search not found"); } $this->libraryVersion = $search->version; if ($this->method == 'HEAD') { $this->end(); } // Display search switch ($this->queryParams['format']) { case 'atom': $this->responseXML = $search->toAtom($this->queryParams); break; case 'json': $json = $search->toResponseJSON($this->queryParams, $this->permissions); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { $this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']); $this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID); // Create a search if ($this->method == 'POST') { $this->queryParams['format'] = 'writereport'; $obj = $this->jsonDecode($this->body); $results = Zotero_Searches::updateMultipleFromJSON($obj, $this->objectLibraryID, $this->queryParams, $this->userID, $libraryTimestampChecked ? 0 : 1, null); if ($cacheKey = $this->getWriteTokenCacheKey()) { Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime); } } else { if ($this->method == 'DELETE') { Zotero_DB::beginTransaction(); foreach ($this->queryParams['searchKey'] as $searchKey) { Zotero_Searches::delete($this->objectLibraryID, $searchKey); } Zotero_DB::commit(); $this->e204(); } else { $title = "Searches"; $results = Zotero_Searches::search($this->objectLibraryID, $this->queryParams); } } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title])); break; case 'json': case 'keys': case 'versions': case 'writereport': Zotero_API::multiResponse($options); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
public function groups() { $groupID = $this->objectGroupID; // // Add a group // if ($this->method == 'POST') { if (!$this->permissions->isSuper()) { $this->e403(); } if ($groupID) { $this->e400("POST requests cannot end with a groupID (did you mean PUT?)"); } try { $group = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } if ((int) $group['id']) { $this->e400("POST requests cannot contain a groupID in '" . $this->body . "'"); } $fields = $this->getFieldsFromGroupXML($group); Zotero_DB::beginTransaction(); try { $group = new Zotero_Group(); foreach ($fields as $field => $val) { $group->{$field} = $val; } $group->save(); } catch (Exception $e) { if (strpos($e->getMessage(), "Invalid") === 0) { $this->e400($e->getMessage() . " in " . $this->body . "'"); } switch ($e->getCode()) { case Z_ERROR_GROUP_NAME_UNAVAILABLE: $this->e400($e->getMessage()); default: $this->handleException($e); } } $this->queryParams['content'] = array('full'); $this->responseXML = $group->toAtom($this->queryParams); Zotero_DB::commit(); $url = Zotero_API::getGroupURI($group); $this->responseCode = 201; header("Location: " . $url, false, 201); $this->end(); } // // Update a group // if ($this->method == 'PUT') { if (!$this->permissions->isSuper()) { $this->e403(); } if (!$groupID) { $this->e400("PUT requests must end with a groupID (did you mean POST?)"); } try { $group = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } $fields = $this->getFieldsFromGroupXML($group); // Group id is optional, but, if it's there, make sure it matches $id = (string) $group['id']; if ($id && $id != $groupID) { $this->e400("Group ID {$id} does not match group ID {$groupID} from URI"); } Zotero_DB::beginTransaction(); try { $group = Zotero_Groups::get($groupID); if (!$group) { $this->e404("Group {$groupID} does not exist"); } foreach ($fields as $field => $val) { $group->{$field} = $val; } if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) { $this->e412(); } $group->save(); } catch (Exception $e) { if (strpos($e->getMessage(), "Invalid") === 0) { $this->e400($e->getMessage() . " in " . $this->body . "'"); } else { if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) { $this->e400($e->getMessage()); } } $this->handleException($e); } $this->queryParams['content'] = array('full'); $this->responseXML = $group->toAtom($this->queryParams); Zotero_DB::commit(); $this->end(); } // // Delete a group // if ($this->method == 'DELETE') { if (!$this->permissions->isSuper()) { $this->e403(); } if (!$groupID) { $this->e400("DELETE requests must end with a groupID"); } Zotero_DB::beginTransaction(); $group = Zotero_Groups::get($groupID); if (!$group) { $this->e404("Group {$groupID} does not exist"); } $group->erase(); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); exit; } // // View one or more groups // // Single group if ($groupID) { $group = Zotero_Groups::get($groupID); if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if (!$group) { $this->e404("Group not found"); } if ($this->apiVersion >= 3) { $this->libraryVersion = $group->version; } else { header("ETag: " . $group->etag); } if ($this->method == 'HEAD') { $this->end(); } switch ($this->queryParams['format']) { case 'atom': $this->responseXML = $group->toAtom($this->queryParams); break; case 'json': $json = $group->toResponseJSON($this->queryParams); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { if ($this->objectUserID) { $title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups"; } else { // For now, only root can do unrestricted group searches if (!$this->permissions->isSuper()) { $this->e403(); } $title = "Groups"; } try { $results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions); } catch (Exception $e) { switch ($e->getCode()) { case Z_ERROR_INVALID_GROUP_TYPE: $this->e400($e->getMessage()); } throw $e; } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $title])); break; case 'json': Zotero_API::multiResponse($options); break; case 'etags': case 'versions': $prop = substr($this->queryParams['format'], 0, -1); // remove 's' $newResults = []; foreach ($results['results'] as $group) { $newResults[$group->id] = $group->{$prop}; } $options['results']['results'] = $newResults; Zotero_API::multiResponse($options, 'versions'); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
private function generateMultiResponse($results, $title = '') { $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title])); break; case 'bib': if ($this->method == 'HEAD') { break; } if (isset($results['results'])) { echo Zotero_Cite::getBibliographyFromCitationServer($results['results'], $this->queryParams); } break; case 'csljson': case 'json': case 'keys': case 'versions': case 'writereport': Zotero_API::multiResponse($options); break; default: if ($this->method == 'HEAD') { break; } $export = Zotero_Translate::doExport($results['results'], $this->queryParams['format']); $this->queryParams['format'] = null; header("Content-Type: " . $export['mimeType']); echo $export['body']; } }
private function generateMultiResponse($results, $title, $fixedValues) { $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title, 'fixedValues' => $fixedValues])); break; case 'json': Zotero_API::multiResponse($options); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } }