summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-11-14 17:25:01 +0100
committerDave Lawrence <dlawrence@mozilla.com>2012-11-14 17:25:01 +0100
commite4e3c1b860c47976dc7314ec26d336caa59bebd0 (patch)
tree5161f7edb5d9b9046d7b98af3d000f37880f389b /Bugzilla/WebService
parent38fa3fab5ae996c6116b55fe87e60ea6b53b2923 (diff)
parent442d6df4683b7219738bb799a3650dd8b9c8431f (diff)
downloadbugzilla-e4e3c1b860c47976dc7314ec26d336caa59bebd0.tar.gz
bugzilla-e4e3c1b860c47976dc7314ec26d336caa59bebd0.tar.xz
merged with bugzilla/4.2
Diffstat (limited to 'Bugzilla/WebService')
-rw-r--r--Bugzilla/WebService/Constants.pm1
-rw-r--r--Bugzilla/WebService/Server.pm4
-rw-r--r--Bugzilla/WebService/User.pm26
-rw-r--r--Bugzilla/WebService/Util.pm2
4 files changed, 25 insertions, 8 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index 59aab9b55..6274c3a78 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -166,6 +166,7 @@ use constant WS_ERROR_CODE => {
group_exists => 801,
empty_group_description => 802,
invalid_regexp => 803,
+ invalid_group_name => 804,
# Errors thrown by the WebService itself. The ones that are negative
# conform to http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm
index feb80e9d0..206f0c657 100644
--- a/Bugzilla/WebService/Server.pm
+++ b/Bugzilla/WebService/Server.pm
@@ -25,7 +25,9 @@ use Scalar::Util qw(blessed);
sub handle_login {
my ($self, $class, $method, $full_method) = @_;
- ThrowCodeError('unknown_method', {method => $full_method}) if !$class;
+ # Throw error if the supplied class does not exist or the method is private
+ ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/);
+
eval "require $class";
ThrowCodeError('unknown_method', {method => $full_method}) if $@;
return if ($class->login_exempt($method)
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index d9fc890f7..758c69aa8 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -242,12 +242,18 @@ sub _filter_users_by_group {
# If no groups are specified, we return all users.
return $users if (!$group_ids and !$group_names);
+ my $user = Bugzilla->user;
+
my @groups = map { Bugzilla::Group->check({ id => $_ }) }
@{ $group_ids || [] };
- my @name_groups = map { Bugzilla::Group->check($_) }
- @{ $group_names || [] };
- push(@groups, @name_groups);
-
+
+ if ($group_names) {
+ foreach my $name (@$group_names) {
+ my $group = Bugzilla::Group->check({ name => $name, _error => 'invalid_group_name' });
+ $user->in_group($group) || ThrowUserError('invalid_group_name', { name => $name });
+ push(@groups, $group);
+ }
+ }
my @in_group = grep { $self->_user_in_any_group($_, \@groups) }
@$users;
@@ -679,10 +685,10 @@ based on your permission to bless each group.
=over
-=item 51 (Bad Login Name or Group Name)
+=item 51 (Bad Login Name or Group ID)
You passed an invalid login name in the "names" array or a bad
-group name/id in the C<groups>/C<group_ids> arguments.
+group ID in the C<group_ids> argument.
=item 304 (Authorization Required)
@@ -694,6 +700,11 @@ wanted to get information about by user id.
Logged-out users cannot use the "ids" or "match" arguments to this
function.
+=item 804 (Invalid Group Name)
+
+You passed a group name in the C<groups> argument which either does not
+exist or you do not belong to it.
+
=back
=item B<History>
@@ -711,6 +722,9 @@ for C<match> has changed to only returning enabled accounts.
=item C<saved_searches> Added in Bugzilla B<4.4>.
+=item Error 804 has been added in Bugzilla 4.0.9 and 4.2.4. It's now
+illegal to pass a group name you don't belong to.
+
=back
=back
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 6d3a37767..feefd47af 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -153,7 +153,7 @@ a hash to L</filter>, C<0> otherwise.
=head2 validate
-This helps in the validation of parameters passed into the WebSerice
+This helps in the validation of parameters passed into the WebService
methods. Currently it converts listed parameters into an array reference
if the client only passed a single scalar value. It modifies the parameters
hash in place so other parameters should be unaltered.