diff options
author | dkl%redhat.com <> | 2008-05-29 11:17:04 +0200 |
---|---|---|
committer | dkl%redhat.com <> | 2008-05-29 11:17:04 +0200 |
commit | 33e2f4f610bf2ae0b1936dee85186052f3ead9e4 (patch) | |
tree | 984e8126a5f1d5ab3aa42be95636acfefc72d668 | |
parent | 5aba1b12a34c1fde3a99b3db781dbae3f0d1259f (diff) | |
download | bugzilla-33e2f4f610bf2ae0b1936dee85186052f3ead9e4.tar.gz bugzilla-33e2f4f610bf2ae0b1936dee85186052f3ead9e4.tar.xz |
Bug 412725: WebService functions to get information about a User
Patch by Noura Elhawary <nelhawar@redhat.com> - r=mkanat, a=mkanat
-rwxr-xr-x | Bugzilla/WebService/Constants.pm | 2 | ||||
-rwxr-xr-x | Bugzilla/WebService/User.pm | 176 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 10 |
3 files changed, 186 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 42ad43120..09919873c 100755 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -84,6 +84,7 @@ use constant WS_ERROR_CODE => { account_disabled => 301, auth_invalid_email => 302, extern_id_conflict => -303, + auth_failure => 304, # User errors are 500-600. account_exists => 500, @@ -96,6 +97,7 @@ use constant WS_ERROR_CODE => { # This is from strict_isolation, but it also basically means # "invalid user." invalid_user_group => 504, + user_access_by_id_denied => 505, }; # These are the fallback defaults for errors not in ERROR_CODE. diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index d0ce706f0..e4e5f4b9c 100755 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -15,6 +15,7 @@ # Contributor(s): Marc Schumann <wurblzap@gmail.com> # Max Kanat-Alexander <mkanat@bugzilla.org> # Mads Bondo Dydensborg <mbd@dbc.dk> +# Noura Elhawary <nelhawar@redhat.com> package Bugzilla::WebService::User; @@ -119,6 +120,83 @@ sub create { return { id => type('int')->value($user->id) }; } + +# function to return user information by passing either user ids or +# login names or both together: +# $call = $rpc->call( 'User.get', { ids => [1,2,3], +# names => ['testusera@redhat.com', 'testuserb@redhat.com'] }); +sub get { + my ($self, $params) = @_; + + my @user_objects; + @user_objects = map { Bugzilla::User->check($_) } @{ $params->{names} } + if $params->{names}; + + # start filtering to remove duplicate user ids + my %unique_users = map { $_->id => $_ } @user_objects; + @user_objects = values %unique_users; + + my @users; + + # If the user is not logged in: Return an error if they passed any user ids. + # Otherwise, return a limited amount of information based on login names. + if (!Bugzilla->user->id){ + if ($params->{ids}){ + ThrowUserError("user_access_by_id_denied"); + } + @users = map {{ + id => type('int')->value($_->id), + real_name => type('string')->value($_->name), + name => type('string')->value($_->login), + }} @user_objects; + + return { users => \@users }; + } + + my $obj_by_ids; + $obj_by_ids = Bugzilla::User->new_from_list($params->{ids}) if $params->{ids}; + + # obj_by_ids are only visible to the user if he can see + # the otheruser, for non visible otheruser throw an error + foreach my $obj (@$obj_by_ids){ + if (Bugzilla->user->can_see_user($obj)){ + push (@user_objects, $obj) if !$unique_users{$obj->id}; + } + else { + ThrowUserError('auth_failure', {reason => "not_visible", + action => "access", + object => "user", + userid => $obj->id}); + } + } + + if (Bugzilla->user->in_group('editusers')) { + @users = + map {{ + id => type('int')->value($_->id), + real_name => type('string')->value($_->name), + name => type('string')->value($_->login), + email => type('string')->value($_->email), + can_login => type('boolean')->value(!($_->is_disabled)), + email_enabled => type('boolean')->value($_->email_enabled), + login_denied_text => type('string')->value($_->disabledtext), + }} @user_objects; + + } + else { + @users = + map {{ + id => type('int')->value($_->id), + real_name => type('string')->value($_->name), + name => type('string')->value($_->login), + email => type('string')->value($_->email), + can_login => type('boolean')->value(!($_->is_disabled)), + }} @user_objects; + } + + return { users => \@users }; +} + 1; __END__ @@ -310,3 +388,101 @@ password is over ten characters.) =back =back + +=head2 User Info + +=over + +=item C<get> B<UNSTABLE> + +=over + +=item B<Description> + +Gets information about user accounts in Bugzilla. + +=item B<Params> + +At least one of the following two parameters must be specified: + +=over + +=item C<ids> (array) - An array of integers, representing user ids. +Logged-out users cannot pass this parameter to this function. If they try, +they will get an error. Logged-in users will get an error if they specify the +id of a user they cannot see. + +=item C<names> (array) - An array of login names (strings). + +=back + +=item B<Returns> + +A hash containing one item, C<users>, that is an array of +hashes. Each hash describes a user, and has the following items: + +=over + +=item id + +C<int> The unique integer ID that Bugzilla uses to represent this user. +Even if the user's login name changes, this will not change. + +=item real_name + +C<string> The actual name of the user. May be blank. + +=item email + +C<string> The email address of the user. + +=item name + +C<string> The login name of the user. Note that in some situations this is +different than their email. + +=item can_login + +C<boolean> A boolean value to indicate if the user can login into bugzilla. + +=item email_enabled + +C<boolean> A boolean value to indicate if bug-related mail will be sent +to the user or not. + +=item login_denied_text + +C<string> A text field that holds the reason for disabling a user from logging +into bugzilla, if empty then the user account is enabled. Otherwise it is +disabled/closed. + +B<Note>: If you are not logged in to Bugzilla when you call this function, you +will only be returned the C<id>, C<name>, and C<real_name> items. If you are +logged in and not in editusers group, you will only be returned the C<id>, C<name>, +C<real_name>, C<email>, and C<can_login> items. + +=back + +=item B<Errors> + +=over + +=item 51 (Bad Login Name) + +You passed an invalid login name in the "names" array. + +=item 304 (Authorization Required) + +You are logged in, but you are not authorized to see one of the users you +wanted to get information about by user id. + +=item 505 (User Access By Id Denied) + +Logged-out users cannot use the "ids" argument to this function to access +any user information. + +=back + +=back + +=back diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index d58988edf..6c3ed7dbc 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -192,8 +192,9 @@ a sudo session [% ELSIF object == "timetracking_summaries" %] time-tracking summary reports - [% ELSIF object == "user" %] - the user you specified + [% ELSIF object == "user" %] + the user [% IF userid %] with ID '[% userid FILTER html %]' + [% ELSE %]you specified [% END %] [% ELSIF object == "users" %] users [% ELSIF object == "versions" %] @@ -1590,6 +1591,11 @@ [% title = "Illegal User ID" %] User ID '[% userid FILTER html %]' is not valid integer. + [% ELSIF error == "user_access_by_id_denied" %] + [% title = "User Access By Id Denied" %] + Logged-out users cannot use the "ids" argument to this function + to access any user information. + [% ELSE %] [%# Try to find hooked error messages %] |