Bug 1184332 - Add Restricted API calls for MozReview

author: Dylan William Hardison <dylan@hardison.net> 2015-08-11 19:31:49 +0200
committer: Dylan William Hardison <dylan@hardison.net> 2015-08-11 19:31:49 +0200
commit: fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63 (patch)
tree: 85d583e196cce1c85a9c985e3f6ce7f39269819b /extensions/MozReview
parent: 589ec37a32d8687d612eedd107748b7afadd07fd (diff)
download: bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.gz
bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.xz
3 files changed, 103 insertions, 22 deletions
diff --git a/extensions/MozReview/Extension.pm b/extensions/MozReview/Extension.pm
index 4e1951ed4..5745cf219 100644
--- a/extensions/MozReview/Extension.pm
+++ b/extensions/MozReview/Extension.pm
@@ -13,10 +13,22 @@ use warnings;
 use parent qw(Bugzilla::Extension);
 
 use Bugzilla::Attachment;
-use Bugzilla::Config::Common;
+use Bugzilla::Error;
+use List::MoreUtils qw( any );
 
 our $VERSION = '0.01';
 
+my @METHOD_WHITELIST = (
+    'User.get',
+    'User.login',
+    'User.valid_login',
+    'Bug.add_comment',
+    'Bug.add_attachment',
+    'Bug.attachments',
+    'Bug.get',
+    'Bug.update_attachment',
+);
+
 sub template_before_process {
     my ($self, $args) = @_;
     my $file = $args->{'file'};
@@ -65,25 +77,32 @@ sub auth_delegation_confirm {
     }
 }
 
-sub config_modify_panels {
+sub config_add_panels {
     my ($self, $args) = @_;
-    push @{ $args->{panels}->{advanced}->{params} }, {
-        name    => 'mozreview_base_url',
-        type    => 't',
-        default => '',
-        checker => \&check_urlbase
-    };
-    push @{ $args->{panels}->{advanced}->{params} }, {
-        name    => 'mozreview_auth_callback_url',
-        type    => 't',
-        default => '',
-        checker => sub {
-            my ($url) = (@_);
-
-            return 'must be an HTTP/HTTPS absolute URL' unless $url =~ m{^https?://};
-            return '';
+    my $modules = $args->{panel_modules};
+    $modules->{MozReview} = "Bugzilla::Extension::MozReview::Config";
+}
+
+sub webservice_before_call {
+    my ($self, $args) = @_;
+    my ($method, $full_method) = ($args->{method}, $args->{full_method});
+    my $mozreview_app_id = Bugzilla->params->{mozreview_app_id};
+    my $user             = Bugzilla->user;
+
+    return unless $mozreview_app_id;
+    return unless $user->authorizer;
+
+    my $getter = $user->authorizer->successful_info_getter()
+      or return;
+
+    return unless $getter->can("app_id") && $getter->app_id;
+
+    my $app_id = $getter->app_id;
+    if ($app_id eq $mozreview_app_id) {
+        unless (any { $full_method eq $_ } @METHOD_WHITELIST) {
+            ThrowCodeError('unknown_method', { method => $full_method });
         }
-    };
+    }
 }
 
 __PACKAGE__->NAME;
diff --git a/extensions/MozReview/lib/Config.pm b/extensions/MozReview/lib/Config.pm
new file mode 100644
index 000000000..ab6b8c7c3
--- /dev/null
+++ b/extensions/MozReview/lib/Config.pm
@@ -0,0 +1,54 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Extension::MozReview::Config;
+
+use strict;
+use warnings;
+
+use Bugzilla::Config::Common;
+
+our $sortkey = 1300;
+
+sub get_param_list {
+    my ($class) = @_;
+
+    my @params = (
+        {
+            name    => 'mozreview_base_url',
+            type    => 't',
+            default => '',
+            checker => \&check_urlbase
+        },
+        {
+            name    => 'mozreview_auth_callback_url',
+            type    => 't',
+            default => '',
+            checker => sub {
+                my ($url) = (@_);
+
+                return 'must be an HTTP/HTTPS absolute URL' unless $url =~ m{^https?://};
+                return '';
+            }
+        },
+        {
+            name => 'mozreview_app_id',
+            type => 't',
+            default => '',
+            checker => sub {
+                my ($app_id) = (@_);
+
+                return 'must be a hex number' unless $app_id =~ /^[[:xdigit:]]+$/;
+                return '';
+            },
+        },
+    );
+
+    return @params;
+}
+
+1;
diff --git a/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl b/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl
index eb08f26eb..4a35555a4 100644
--- a/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl
+++ b/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl
@@ -6,7 +6,15 @@
   # defined by the Mozilla Public License, v. 2.0.
   #%]
 
-[% IF panel.name == "advanced" %]
-  [% panel.param_descs.mozreview_base_url = 'MozReview Base URL' %]
-  [% panel.param_descs.mozreview_auth_callback_url = 'MozReview Auth Delegation URL' %]
-[% END -%]
+[%
+   title = "MozReview"
+   desc = "Configure MozReview"
+%]
+
+[%
+   param_descs = {
+     mozreview_base_url          => 'MozReview Base URL',
+     mozreview_auth_callback_url => 'MozReview Auth Delegation URL',
+     mozreview_app_id            => 'app_id for API Keys delegated to MozReview',
+   }
+%]
author	Dylan William Hardison <dylan@hardison.net>	2015-08-11 19:31:49 +0200
committer	Dylan William Hardison <dylan@hardison.net>	2015-08-11 19:31:49 +0200
commit	fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63 (patch)
tree	85d583e196cce1c85a9c985e3f6ce7f39269819b /extensions/MozReview
parent	589ec37a32d8687d612eedd107748b7afadd07fd (diff)
download	bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.gz bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.xz