clean up code, better error checking, unified http return codes

2024-10-04 15:12:30 +00:00 · 2020-06-19 08:08:23 +02:00 · 2020-06-19 08:08:23 +02:00 · dc210cf59c
commit dc210cf59c
parent 960884cdc2
1 changed files with 213 additions and 117 deletions
--- a/restapi/index.php
+++ b/restapi/index.php
@ -74,6 +74,18 @@ if(USE_PHP_SESSION) {

 require "vendor/autoload.php";

+function __getDocumentData($document) { /* {{{ */
+    $data = array(
+        'type'=>'document',
+        'id'=>(int)$document->getId(),
+        'date'=>date('Y-m-d H:i:s', $document->getDate()),
+        'name'=>$document->getName(),
+        'comment'=>$document->getComment(),
+        'keywords'=>$document->getKeywords()
+    );
+    return $data;
+} /* }}} */
+
 function __getLatestVersionData($lc) { /* {{{ */
    $document = $lc->getDocument();
    $data = array(
@ -86,8 +98,8 @@ function __getLatestVersionData($lc) { /* {{{ */
        'mimetype'=>$lc->getMimeType(),
        'version'=>$lc->getVersion(),
        'version_comment'=>$lc->getComment(),
-        'version_date'=>$lc->getDate(),
-        'size'=>$lc->getFileSize(),
+        'version_date'=>date('Y-m-d H:i:s', $lc->getDate()),
+        'size'=>(int) $lc->getFileSize(),
    );
    $cats = $document->getCategories();
    if($cats) {
@ -114,6 +126,40 @@ function __getLatestVersionData($lc) { /* {{{ */
    return $data;
 } /* }}} */

+function __getDocumentVersionData($lc) { /* {{{ */
+    $data = array(
+        'id'=>(int) $lc->getId(),
+        'version'=>$lc->getVersion(),
+        'date'=>date('Y-m-d H:i:s', $lc->getDate()),
+        'mimetype'=>$lc->getMimeType(),
+        'filetype'=>$lc->getFileType(),
+        'origfilename'=>$lc->getOriginalFileName(),
+        'size'=>(int) $lc->getFileSize(),
+        'comment'=>$lc->getComment(),
+    );
+    return $data;
+} /* }}} */
+
+function __getDocumentFileData($file) { /* {{{ */
+    $data = array(
+        'id'=>(int)$file->getId(),
+        'name'=>$file->getName(),
+        'date'=>$file->getDate(),
+        'mimetype'=>$file->getMimeType(),
+        'comment'=>$file->getComment(),
+    );
+    return $data;
+} /* }}} */
+
+function __getDocumentLinkData($link) { /* {{{ */
+    $data = array(
+        'id'=>(int)$link->getId(),
+        'target'=>__getDocumentData($link->getTarget()),
+        'public'=>(boolean)$link->isPublic(),
+    );
+    return $data;
+} /* }}} */
+
 function __getFolderData($folder) { /* {{{ */
    $data = array(
        'type'=>'folder',
@ -171,6 +217,29 @@ function __getUserData($u) { /* {{{ */
    return $data;
 } /* }}} */

+function __getAttributeDefinitionData($attrdef) { /* {{{ */
+    $data = [
+        'id' => (int)$attrdef->getId(),
+        'name' => $attrdef->getName(),
+        'type'=>(int)$attrdef->getType(),
+        'objtype'=>(int)$attrdef->getObjType(),
+        'min'=>(int)$attrdef->getMinValues(),
+        'max'=>(int)$attrdef->getMaxValues(),
+        'multiple'=>$attrdef->getMultipleValues()?true:false,
+        'valueset'=>$attrdef->getValueSetAsArray(),
+        'regex'=>$attrdef->getRegex()
+    ];
+    return $data;
+} /* }}} */
+
+function __getCategoryData($category) { /* {{{ */
+    $data = [
+        'id'=>(int)$category->getId(),
+        'name'=>$category->getName()
+    ];
+    return $data;
+} /* }}} */
+
 function doLogin($request, $response) { /* {{{ */
    global $dms, $userobj, $session, $settings;

@ -244,7 +313,8 @@ function setFullName($request, $response) { /* {{{ */

    $params = $request->getParsedBody();
    $userobj->setFullName($params['fullname']);
-    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$userobj->getFullName()), 200);
+    $data = __getUserData($userobj);
+    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
 } /* }}} */

 function setEmail($request, $response) { /* {{{ */
@ -257,7 +327,8 @@ function setEmail($request, $response) { /* {{{ */

    $params = $request->getParsedBody();
    $userobj->setEmail($params['email']);
-    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$userid), 200);
+    $data = __getUserData($userobj);
+    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
 } /* }}} */

 function getLockedDocuments($request, $response) { /* {{{ */
@ -284,7 +355,7 @@ function getFolder($request, $response, $args) { /* {{{ */
    $forcebyname = isset($params['forcebyname']) ? $params['forcebyname'] : 0;
    $parent = isset($params['parentid']) ? $dms->getFolder($params['parentid']) : null;

-    if (!isset($args['id']))
+    if (!isset($args['id']) || !$args['id'])
        $folder = $dms->getFolder($settings->_rootFolderID);
    elseif(ctype_digit($args['id']) && empty($forcebyname))
        $folder = $dms->getFolder($args['id']);
@ -296,10 +367,10 @@ function getFolder($request, $response, $args) { /* {{{ */
            $data = __getFolderData($folder);
            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
        } else {
-            return $response->withStatus(404);
+            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
        }
    } else {
-        return $response->withStatus(404);
+        return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404);
    }
 } /* }}} */

@ -313,12 +384,20 @@ function getFolderParent($request, $response, $args) { /* {{{ */
        return $response->withJson(array('success'=>true, 'message'=>'id is root folder', 'data'=>''), 200);
    }
    $folder = $dms->getFolder($id);
-    $parent = $folder->getParent();
-    if($parent) {
-        $rec = __getFolderData($parent);
-        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$rec), 200);
+    if($folder) {
+        $parent = $folder->getParent();
+        if($parent) {
+            if($parent->getAccessMode($userobj) >= M_READ) {
+                $rec = __getFolderData($parent);
+                return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$rec), 200);
+            } else {
+                return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
+            }
+        } else {
+            return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>''), 500);
+        }
    } else {
-        return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>''), 500);
+        return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404);
    }
 } /* }}} */

@ -328,13 +407,20 @@ function getFolderPath($request, $response, $args) { /* {{{ */
        return $response->withJson(array('success'=>true, 'message'=>'id is 0', 'data'=>''), 200);
    }
    $folder = $dms->getFolder($args['id']);
-
-    $path = $folder->getPath();
-    $data = array();
-    foreach($path as $element) {
-        $data[] = array('id'=>$element->getId(), 'name'=>$element->getName());
+    if($folder) {
+        if($folder->getAccessMode($userobj) >= M_READ) {
+            $path = $folder->getPath();
+            $data = array();
+            foreach($path as $element) {
+                $data[] = array('id'=>$element->getId(), 'name'=>$element->getName());
+            }
+            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
+        } else {
+            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
+        }
+    } else {
+        return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404);
    }
-    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
 } /* }}} */

 function getFolderAttributes($request, $response, $args) { /* {{{ */
@ -354,8 +440,10 @@ function getFolderAttributes($request, $response, $args) { /* {{{ */
            }
            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$recs), 200);
        } else {
-            return $response->withStatus(404);
+            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
        }
+    } else {
+        return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404);
    }
 } /* }}} */

@ -433,7 +521,7 @@ function createFolder($request, $response, $args) { /* {{{ */
                /* Check if name already exists in the folder */
                if(!$settings->_enableDuplicateSubFolderNames) {
                    if($parent->hasSubFolderByName($params['name'])) {
-                        return $response->withJson(array('success'=>false, 'message'=>getMLText("subfolder_duplicate_name"), 'data'=>''), 400);
+                        return $response->withJson(array('success'=>false, 'message'=>getMLText("subfolder_duplicate_name"), 'data'=>''), 409);
                    }
                }
                if($folder = $parent->addSubFolder($params['name'], $comment, $userobj, $sequence, $newattrs)) {
@ -484,7 +572,7 @@ function moveFolder($request, $response, $args) { /* {{{ */
                }
            } else {
                if($folder === null)
-                    $status = 400;
+                    $status = 404;
                else
                    $status = 500;
                return $response->withJson(array('success'=>false, 'message'=>'No destination folder', 'data'=>''), $status);
@ -494,7 +582,7 @@ function moveFolder($request, $response, $args) { /* {{{ */
        }
    } else {
        if($mfolder === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No folder', 'data'=>''), $status);
@ -524,7 +612,7 @@ function deleteFolder($request, $response, $args) { /* {{{ */
        }
    } else {
        if($mfolder === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No folder', 'data'=>''), $status);
@ -600,7 +688,7 @@ function uploadDocument($request, $response, $args) { /* {{{ */
            /* Check if name already exists in the folder */
            if(!$settings->_enableDuplicateDocNames) {
                if($mfolder->hasDocumentByName($docname)) {
-                    return $response->withJson(array('success'=>false, 'message'=>getMLText("document_duplicate_name"), 'data'=>''), 400);
+                    return $response->withJson(array('success'=>false, 'message'=>getMLText("document_duplicate_name"), 'data'=>''), 409);
                }
            }
            $temp = $file_info->file;
@ -625,7 +713,7 @@ function uploadDocument($request, $response, $args) { /* {{{ */
        }
    } else {
        if($mfolder === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No folder', 'data'=>''), $status);
@ -686,7 +774,7 @@ function updateDocument($request, $response, $args) { /* {{{ */
            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
        }
    } else {
-        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), 400);
+        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), 404);
    }
 } /* }}} */

@ -722,7 +810,7 @@ function uploadDocumentPut($request, $response, $args) { /* {{{ */
            /* Check if name already exists in the folder */
            if(!$settings->_enableDuplicateDocNames) {
                if($mfolder->hasDocumentByName($docname)) {
-                return $response->withJson(array('success'=>false, 'message'=>getMLText("document_duplicate_name"), 'data'=>''), 400);
+                return $response->withJson(array('success'=>false, 'message'=>getMLText("document_duplicate_name"), 'data'=>''), 409);
                }
            }
            $res = $mfolder->addDocument($docname, '', 0, $userobj, '', array(), $temp, $origfilename ? $origfilename : basename($temp), $fileType, $userfiletype, 0);
@ -739,7 +827,7 @@ function uploadDocumentPut($request, $response, $args) { /* {{{ */
        }
    } else {
        if($mfolder === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No folder', 'data'=>''), $status);
@ -794,7 +882,7 @@ function uploadDocumentFile($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No such document', 'data'=>''), $status);
@ -848,7 +936,7 @@ function getDocument($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -870,7 +958,7 @@ function deleteDocument($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -894,7 +982,7 @@ function moveDocument($request, $response, $args) { /* {{{ */
                }
            } else {
              if($folder === null)
-                  $status=400;
+                  $status=404;
              else
                  $status=500;
                return $response->withJson(array('success'=>false, 'message'=>'No destination folder', 'data'=>''), $status);
@ -904,7 +992,7 @@ function moveDocument($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -949,7 +1037,7 @@ function getDocumentContent($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -966,13 +1054,7 @@ function getDocumentVersions($request, $response, $args) { /* {{{ */
            $recs = array();
            $lcs = $document->getContent();
            foreach($lcs as $lc) {
-                $recs[] = array(
-                    'version'=>$lc->getVersion(),
-                    'date'=>$lc->getDate(),
-                    'mimetype'=>$lc->getMimeType(),
-                    'size'=>$lc->getFileSize(),
-                    'comment'=>$lc->getComment(),
-                );
+                $recs[] = __getDocumentVersionData($lc);
            }
            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$recs), 200);
        } else {
@ -980,7 +1062,7 @@ function getDocumentVersions($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -989,8 +1071,12 @@ function getDocumentVersions($request, $response, $args) { /* {{{ */

 function getDocumentVersion($request, $response, $args) { /* {{{ */
    global $dms, $userobj;
-    $document = $dms->getDocument($args['id']);

+    if(!ctype_digit($args['id']) || !ctype_digit($args['version'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
+    }
+
+    $document = $dms->getDocument($args['id']);
    if($document) {
        if ($document->getAccessMode($userobj) >= M_READ) {
            $lc = $document->getContentByVersion($args['version']);
@ -1018,14 +1104,14 @@ function getDocumentVersion($request, $response, $args) { /* {{{ */

                sendFile($dms->contentDir . $lc->getPath());
            } else {
-              return $response->withJson(array('success'=>false, 'message'=>'No such version', 'data'=>''), 400);
+              return $response->withJson(array('success'=>false, 'message'=>'No such version', 'data'=>''), 404);
            }
        } else {
            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1046,14 +1132,14 @@ function updateDocumentVersion($request, $response, $args) { /* {{{ */
                return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>''), 200);
              }
            } else {
-              return $response->withJson(array('success'=>false, 'message'=>'No such version', 'data'=>''), 400);
+              return $response->withJson(array('success'=>false, 'message'=>'No such version', 'data'=>''), 404);
            }
        } else {
            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1062,6 +1148,10 @@ function updateDocumentVersion($request, $response, $args) { /* {{{ */

 function getDocumentFiles($request, $response, $args) { /* {{{ */
    global $dms, $userobj;
+    if(!ctype_digit($args['id'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
+    }
+
    $document = $dms->getDocument($args['id']);

    if($document) {
@ -1069,13 +1159,7 @@ function getDocumentFiles($request, $response, $args) { /* {{{ */
            $recs = array();
            $files = $document->getDocumentFiles();
            foreach($files as $file) {
-                $recs[] = array(
-                    'id'=>(int)$file->getId(),
-                    'name'=>$file->getName(),
-                    'date'=>$file->getDate(),
-                    'mimetype'=>$file->getMimeType(),
-                    'comment'=>$file->getComment(),
-                );
+                $recs[] = __getDocumentFileData($file);
            }
            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$recs), 200);
        } else {
@ -1083,7 +1167,7 @@ function getDocumentFiles($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1092,35 +1176,42 @@ function getDocumentFiles($request, $response, $args) { /* {{{ */

 function getDocumentFile($request, $response, $args) { /* {{{ */
    global $dms, $userobj;
+    if(!ctype_digit($args['id']) || !ctype_digit($args['fileid'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
+    }
+
    $document = $dms->getDocument($args['id']);

    if($document) {
        if ($document->getAccessMode($userobj) >= M_READ) {
            $lc = $document->getDocumentFile($args['fileid']);
+            if($lc) {
+                $file = $dms->contentDir . $lc->getPath();
+                if(!($fh = @fopen($file, 'rb'))) {
+                    return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>''), 500);
+                }
+                $stream = new \Slim\Http\Stream($fh); // create a stream instance for the response body

-            $file = $dms->contentDir . $lc->getPath();
-            if(!($fh = @fopen($file, 'rb'))) {
-                return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>''), 500);
+                return $response->withHeader('Content-Type', $lc->getMimeType())
+                      ->withHeader('Content-Description', 'File Transfer')
+                      ->withHeader('Content-Transfer-Encoding', 'binary')
+                      ->withHeader('Content-Disposition', 'attachment; filename="' . $document->getName() . $lc->getFileType() . '"')
+                      ->withHeader('Content-Length', filesize($dms->contentDir . $lc->getPath()))
+                      ->withHeader('Expires', '0')
+                      ->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0')
+                      ->withHeader('Pragma', 'no-cache')
+                      ->withBody($stream);
+
+                sendFile($dms->contentDir . $lc->getPath());
+            } else {
+                return $response->withJson(array('success'=>false, 'message'=>'No document file', 'data'=>''), 404);
            }
-            $stream = new \Slim\Http\Stream($fh); // create a stream instance for the response body
-
-            return $response->withHeader('Content-Type', $lc->getMimeType())
-                  ->withHeader('Content-Description', 'File Transfer')
-                  ->withHeader('Content-Transfer-Encoding', 'binary')
-                  ->withHeader('Content-Disposition', 'attachment; filename="' . $document->getName() . $lc->getFileType() . '"')
-                  ->withHeader('Content-Length', filesize($dms->contentDir . $lc->getPath()))
-                  ->withHeader('Expires', '0')
-                  ->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0')
-                  ->withHeader('Pragma', 'no-cache')
-                  ->withBody($stream);
-
-            sendFile($dms->contentDir . $lc->getPath());
        } else {
            return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403);
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1129,6 +1220,10 @@ function getDocumentFile($request, $response, $args) { /* {{{ */

 function getDocumentLinks($request, $response, $args) { /* {{{ */
    global $dms, $userobj;
+    if(!ctype_digit($args['id'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
+    }
+
    $document = $dms->getDocument($args['id']);

    if($document) {
@ -1136,11 +1231,7 @@ function getDocumentLinks($request, $response, $args) { /* {{{ */
            $recs = array();
            $links = $document->getDocumentLinks();
            foreach($links as $link) {
-                $recs[] = array(
-                    'id'=>(int)$link->getId(),
-                    'target'=>$link->getTarget(),
-                    'public'=>$link->isPublic(),
-                );
+                $recs[] = __getDocumentLinkData($link);
            }
            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$recs), 200);
        } else {
@ -1148,7 +1239,7 @@ function getDocumentLinks($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1176,7 +1267,7 @@ function getDocumentAttributes($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1221,7 +1312,7 @@ function getDocumentPreview($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), $status);
@ -1245,9 +1336,9 @@ function removeDocumentCategory($request, $response, $args) { /* {{{ */
        }
    } else {
        if(!$document)
-            return $response->withJson(array('success'=>false, 'message'=>'No such document', 'data'=>''), 400);
+            return $response->withJson(array('success'=>false, 'message'=>'No such document', 'data'=>''), 404);
        if(!$category)
-            return $response->withJson(array('success'=>false, 'message'=>'No such category', 'data'=>''), 400);
+            return $response->withJson(array('success'=>false, 'message'=>'No such category', 'data'=>''), 404);
        return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>''), 500);
    }
 } /* }}} */
@ -1267,7 +1358,7 @@ function removeDocumentCategories($request, $response, $args) { /* {{{ */
        }
    } else {
        if($document === null)
-            $status=400;
+            $status=404;
        else
            $status=500;
        return $response->withJson(array('success'=>false, 'message'=>'No such document', 'data'=>''), $status);
@ -1522,7 +1613,7 @@ function changeUserPassword($request, $response, $args) { /* {{{ */

    $params = $request->getParsedBody();
    if ($params['password'] == null) {
-        return $response->withJson(array('success'=>false, 'message'=>'You must supply a new password', 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'You must supply a new password', 'data'=>''), 400);
    }

    $newPassword = $params['password'];
@ -1564,7 +1655,7 @@ function getUserById($request, $response, $args) { /* {{{ */
        $data = __getUserData($account);
        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
    } else {
-        return $response->withStatus(404);
+        return $response->withJson(array('success'=>false, 'message'=>'No such user', 'data'=>''), 404);
    }
 } /* }}} */

@ -1595,7 +1686,7 @@ function setDisabledUser($request, $response, $args) { /* {{{ */
        $data = __getUserData($account);
        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
    } else {
-        return $response->withStatus(404);
+        return $response->withJson(array('success'=>false, 'message'=>'No such user', 'data'=>''), 404);
    }
 } /* }}} */

@ -1620,16 +1711,20 @@ function createGroup($request, $response) { /* {{{ */
    if($check !== true)
        return $check;
    $params = $request->getParsedBody();
+    if (empty($params['name'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Need a category.', 'data'=>''), 400);
+    }
+
    $groupName = $params['name'];
-    $comment = $params['comment'];
+    $comment = isset($params['comment']) ? $params['comment'] : '';

    $newGroup = $dms->addGroup($groupName, $comment);
    if ($newGroup === false) {
        return $response->withJson(array('success'=>false, 'message'=>'Group could not be created, maybe it already exists', 'data'=>''), 500);
    }

-    $result = array('id'=>(int)$newGroup->getID());
-    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$result), 201);
+//    $result = array('id'=>(int)$newGroup->getID());
+    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getGroupData($newGroup)), 201);
 } /* }}} */

 function getGroup($request, $response, $args) { /* {{{ */
@ -1882,7 +1977,7 @@ function getCategories($request, $response) { /* {{{ */
    }
    $data = [];
    foreach($categories as $category)
-        $data[] = ['id' => (int)$category->getId(), 'name' => $category->getName()];
+        $data[] = __getCategoryData($category);

    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
 } /* }}} */
@ -1891,17 +1986,14 @@ function getCategory($request, $response, $args) { /* {{{ */
    global $dms, $userobj;

    if(!ctype_digit($args['id'])) {
-        return $response->withJson(array('success'=>false, 'message'=>'No such category', 'data'=>''), 400);
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
    }

    $category = $dms->getDocumentCategory($args['id']);
    if($category) {
-        $data = array();
-        $data['id'] = (int)$category->getId();
-        $data['name'] = $category->getName();
-        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
+        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getCategoryData($category)), 200);
    } else {
-        return $response->withStatus(404);
+        return $response->withJson(array('success'=>false, 'message'=>'No such category', 'data'=>''), 404);
    }
 } /* }}} */

@ -1912,16 +2004,16 @@ function createCategory($request, $response) { /* {{{ */
        return $check;

    $params = $request->getParsedBody();
-    if (empty($params['category'])) {
+    if (empty($params['name'])) {
        return $response->withJson(array('success'=>false, 'message'=>'Need a category.', 'data'=>''), 400);
    }

-    $catobj = $dms->getDocumentCategoryByName($params['category']);
+    $catobj = $dms->getDocumentCategoryByName($params['name']);
    if($catobj) {
        return $response->withJson(array('success'=>false, 'message'=>'Category already exists', 'data'=>''), 409);
    } else {
-        if($data = $dms->addDocumentCategory($params['category'])) {
-            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>array('id'=>(int)$data->getID())), 201);
+        if($data = $dms->addDocumentCategory($params['name'])) {
+            return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getCategoryData($data)), 201);
        } else {
            return $response->withJson(array('success'=>false, 'message'=>'Could not add category', 'data'=>''), 500);
        }
@ -1957,30 +2049,32 @@ function changeCategoryName($request, $response, $args) { /* {{{ */
    if($check !== true)
        return $check;

+    if(!ctype_digit($args['id'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
+    }
+
    $params = $request->getParsedBody();
    if (empty($params['name']))
    {
-        return $response->withJson(array('success'=>false, 'message'=>'You must supply a new name', 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'You must supply a new name', 'data'=>''), 400);
    }

    $newname = $params['name'];

-    $category = null;
-    if(ctype_digit($args['id']))
-        $category = $dms->getDocumentCategory($args['id']);
+    $category = $dms->getDocumentCategory($args['id']);

    /**
     * Category not found
     */
    if (!$category) {
-        return $response->withStatus(404);
+        return $response->withJson(array('success'=>false, 'message'=>'No such category', 'data'=>''), 404);
    }

    if (!$category->setName($newname)) {
-        return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>'Could not change name.'), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>'Could not change name.'), 400);
    }

-    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>''), 200);
+    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getCategoryData($category)), 200);
 } /* }}} */

 function getAttributeDefinitions($request, $response) { /* {{{ */
@ -1989,7 +2083,7 @@ function getAttributeDefinitions($request, $response) { /* {{{ */
    $attrdefs = $dms->getAllAttributeDefinitions();
    $data = [];
    foreach($attrdefs as $attrdef)
-        $data[] = ['id' => (int)$attrdef->getId(), 'name' => $attrdef->getName(), 'type'=>(int)$attrdef->getType(), 'objtype'=>(int)$attrdef->getObjType(), 'min'=>(int)$attrdef->getMinValues(), 'max'=>(int)$attrdef->getMaxValues(), 'multiple'=>$attrdef->getMultipleValues()?true:false, 'valueset'=>$attrdef->getValueSetAsArray()];
+        $data[] = __getAttributeDefinitionData($attrdef);

    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
 } /* }}} */
@ -2006,30 +2100,32 @@ function changeAttributeDefinitionName($request, $response, $args) { /* {{{ */
    if($check !== true)
        return $check;

+    if(!ctype_digit($args['id'])) {
+        return $response->withJson(array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''), 400);
+    }
+
    $params = $request->getParsedBody();
    if ($params['name'] == null) {
-        return $response->withJson(array('success'=>false, 'message'=>'You must supply a new name', 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'You must supply a new name', 'data'=>''), 400);
    }

    $newname = $params['name'];

-    $attrdef = null;
-    if(ctype_digit($args['id']))
-        $attrdef = $dms->getAttributeDefinition($args['id']);
+    $attrdef = $dms->getAttributeDefinition($args['id']);

    /**
-     * Category not found
+     * Attribute definition not found
     */
    if (!$attrdef) {
-        return $response->withStatus(404);
+        return $response->withJson(array('success'=>false, 'message'=>'No such attribute defintion', 'data'=>''), 404);
    }

    if (!$attrdef->setName($newname)) {
-        return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>'Could not change name.'), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>'Could not change name.'), 400);
        return;
    }

-    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>''), 200);
+    return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getAttributeDefinitionData($attrdef)), 200);
 } /* }}} */

 function clearFolderAccessList($request, $response, $args) { /* {{{ */
@ -2066,7 +2162,7 @@ $app->options('/{routes:.+}', function ($request, $response, $args) {
 $app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
-        ->withHeader('Access-Control-Allow-Origin', $req->getHeader('Origin'))
+        ->withHeader('Access-Control-Allow-Origin', $req->getHeader('Origin') ? $req->getHeader('Origin') : '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
 });