diff options
author | mkanat%bugzilla.org <> | 2008-06-20 11:03:44 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2008-06-20 11:03:44 +0200 |
commit | 6fed6bcbf8e8a7234bfdd45441bfec22c7de3430 (patch) | |
tree | bfabf9eb97d0837bd324b66762fd29de3e06b34c | |
parent | 120fd9858589152d99050bdaba622d0bac60e84c (diff) | |
download | bugzilla-6fed6bcbf8e8a7234bfdd45441bfec22c7de3430.tar.gz bugzilla-6fed6bcbf8e8a7234bfdd45441bfec22c7de3430.tar.xz |
Bug 432916: Expose usermatchmode via WebServices (User.get match argument)
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
-rwxr-xr-x | Bugzilla/WebService/Constants.pm | 1 | ||||
-rwxr-xr-x | Bugzilla/WebService/User.pm | 62 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 15 |
3 files changed, 64 insertions, 14 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index ed70890da..a43e1f590 100755 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -99,6 +99,7 @@ use constant WS_ERROR_CODE => { # "invalid user." invalid_user_group => 504, user_access_by_id_denied => 505, + user_access_by_match_denied => 505, }; # These are the fallback defaults for errors not in ERROR_CODE. diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 391a799b8..fcc91c2dd 100755 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -145,6 +145,9 @@ sub get { if ($params->{ids}){ ThrowUserError("user_access_by_id_denied"); } + if ($params->{match}) { + ThrowUserError('user_access_by_match_denied'); + } @users = map {filter $params, { id => type('int')->value($_->id), real_name => type('string')->value($_->name), @@ -161,7 +164,10 @@ sub get { # the otheruser, for non visible otheruser throw an error foreach my $obj (@$obj_by_ids) { if (Bugzilla->user->can_see_user($obj)){ - push (@user_objects, $obj) if !$unique_users{$obj->id}; + if (!$unique_users{$obj->id}) { + push (@user_objects, $obj); + $unique_users{$obj->id} = $obj; + } } else { ThrowUserError('auth_failure', {reason => "not_visible", @@ -170,7 +176,22 @@ sub get { userid => $obj->id}); } } - + + # User Matching + my $limit; + if ($params->{'maxusermatches'}) { + $limit = $params->{'maxusermatches'} + 1; + } + foreach my $match_string (@{ $params->{'match'} || [] }) { + my $matched = Bugzilla::User::match($match_string, $limit); + foreach my $user (@$matched) { + if (!$unique_users{$user->id}) { + push(@user_objects, $user); + $unique_users{$user->id} = $user; + } + } + } + if (Bugzilla->user->in_group('editusers')) { @users = map {filter $params, { @@ -404,17 +425,40 @@ Gets information about user accounts in Bugzilla. =item B<Params> -At least one of the following two parameters must be specified: +B<Note>: At least one of C<ids>, C<names>, or C<match> must be specified. + +B<Note>: Users will not be returned more than once, so even if a user +is matched by more than one argument, only one user will be returned. =over -=item C<ids> (array) - An array of integers, representing user ids. +=item C<ids> (array) + +An array of integers, representing user ids. + Logged-out users cannot pass this parameter to this function. If they try, -they will get an error. Logged-in users will get an error if they specify the -id of a user they cannot see. +they will get an error. Logged-in users will get an error if they specify +the id of a user they cannot see. =item C<names> (array) - An array of login names (strings). +=item C<match> (array) + +An array of strings. This works just like "user matching" in +Bugzilla itself. Users will be returned whose real name or login name +contains any one of the specified strings. Users that you cannot see will +not be included in the returned list. + +Some Bugzilla installations have user-matching turned off, in which +case you will only be returned exact matches. + +Most installations have a limit on how many matches are returned for +each string, which defaults to 1000 but can be changed by the Bugzilla +administrator. + +Logged-out users cannot use this argument, and an error will be thrown +if they try. + =item C<include_fields> (array) An array of strings, representing the names of keys in the hashes @@ -505,10 +549,10 @@ You passed an invalid login name in the "names" array. You are logged in, but you are not authorized to see one of the users you wanted to get information about by user id. -=item 505 (User Access By Id Denied) +=item 505 (User Access By Id or User-Matching Denied) -Logged-out users cannot use the "ids" argument to this function to access -any user information. +Logged-out users cannot use the "ids" or "match" arguments to this +function. =back diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 2d5c3b355..804a1913b 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1556,6 +1556,16 @@ for at least one component. For this reason, you cannot delete the account at this time. + [% ELSIF error == "user_access_by_id_denied" %] + [% title = "User Access By Id Denied" %] + Logged-out users cannot use the "ids" argument to this function + to access any user information. + + [% ELSIF error == "user_access_by_match_denied" %] + [% title = "User-Matching Denied" %] + Logged-out users cannot use the "match" argument to this function + to access any user information. + [% ELSIF error == "user_login_required" %] [% title = "Login Name Required" %] [% admindocslinks = {'useradmin.html' => 'User administration'} %] @@ -1596,11 +1606,6 @@ [% title = "Illegal User ID" %] User ID '[% userid FILTER html %]' is not valid integer. - [% ELSIF error == "user_access_by_id_denied" %] - [% title = "User Access By Id Denied" %] - Logged-out users cannot use the "ids" argument to this function - to access any user information. - [% ELSE %] [%# Try to find hooked error messages %] |