401, 'title' => 'Unauthorized', 'detail' => $lang['error-permissiondenied']); echo json_encode($return); exit(); } $return = array(); $action = getval('action', ''); $resource = getval('resource', 0, true); $page = getval('page', 0, true); // Get annotation data if an ID has been provided $annotation_id = getval('annotation_id', 0, true); $annotation = getval('annotation', [], false, 'is_array'); debug(sprintf('[annotations][annotations.php] AJAX request: action = %s | resource = %s | annotation_id = %s', $action, $resource, $annotation_id)); if (0 < $annotation_id) { $annotation = getAnnotation($annotation_id); } if ('get_resource_annotations' == $action) { $return['data'] = getAnnotoriousResourceAnnotations($resource, $page); } // Create new annotation if ('create' == $action && 0 < $resource) { debug('[annotations][annotations.php] Request to create new annotation...'); debug('[annotations][annotations.php] annotation object is ' . json_encode($annotation)); if (0 === count($annotation)) { debug('[annotations][annotations.php][error] No annotation object'); $return['error'] = array( 'status' => 400, 'title' => 'Bad Request', 'detail' => 'ResourceSpace expects an annotation object'); echo json_encode($return); exit(); } $annotation_id = createAnnotation($annotation); debug('[annotations][annotations.php] newly created annotation_id = ' . json_encode($annotation_id)); if (false === $annotation_id) { debug('[annotations][annotations.php][error] No annotation_id!'); $return['error'] = array( 'status' => 500, 'title' => 'Internal Server Error', 'detail' => 'ResourceSpace was not able to create the annotation.'); echo json_encode($return); exit(); } $return['data'] = $annotation_id; } // Update annotation if ('update' == $action && 0 < $resource) { if (0 === count($annotation)) { $return['error'] = array( 'status' => 400, 'title' => 'Bad Request', 'detail' => 'ResourceSpace expects an annotation object'); echo json_encode($return); exit(); } $return['data'] = updateAnnotation($annotation); } // Delete annotation if ('delete' == $action && 0 < $annotation_id && 0 !== count($annotation)) { $return['data'] = deleteAnnotation($annotation); } // Get available fields (white listed) for annotations if ('get_allowed_fields' == $action) { foreach (array_unique($annotate_fields, SORT_NUMERIC) as $annotate_field) { $field_data = get_resource_type_field($annotate_field); // Make sure user has access to this field if (metadata_field_view_access($annotate_field)) { $return['data'][] = array( "ref" => $annotate_field, "title" => i18n_get_translated($field_data['title']), "name" => $field_data['name'], "order_by" => $field_data['order_by'], "type" => $field_data['type'] ); } } if (!isset($return['data'])) { $return['error'] = array( 'status' => 404, 'title' => 'Not Found', 'detail' => '$annotate_fields config option does not have any fields set (i.e. it is empty)'); echo json_encode($return); exit(); } } // Check if this user can add new tags to a field // REQUIRES: check if field is dynamic keyword list and user has bermission to add new fields if ('check_allow_new_tags' == $action) { $resource_type_field = getval('resource_type_field', 0, true); if (0 == $resource_type_field || !in_array($resource_type_field, $annotate_fields)) { $return['data'] = false; echo json_encode($return); exit(); } $field_data = get_resource_type_field($resource_type_field); if (FIELD_TYPE_DYNAMIC_KEYWORDS_LIST == $field_data['type'] && !checkperm("bdk{$resource_type_field}")) { $return['data'] = true; echo json_encode($return); exit(); } $return['data'] = false; echo json_encode($return); exit(); } // If by this point we still don't have a response for the request, // create one now telling client code this is a bad request if (0 === count($return)) { $return['error'] = array( 'status' => 400, 'title' => 'Bad Request', 'detail' => 'The request could not be handled by annotations.php. This is the default response!'); } echo json_encode($return); exit();