diff options
author | Dylan William Hardison <dylan@hardison.net> | 2015-08-11 19:31:49 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-08-11 19:31:49 +0200 |
commit | fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63 (patch) | |
tree | 85d583e196cce1c85a9c985e3f6ce7f39269819b /extensions/MozReview | |
parent | 589ec37a32d8687d612eedd107748b7afadd07fd (diff) | |
download | bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.gz bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.xz |
Bug 1184332 - Add Restricted API calls for MozReview
Diffstat (limited to 'extensions/MozReview')
-rw-r--r-- | extensions/MozReview/Extension.pm | 55 | ||||
-rw-r--r-- | extensions/MozReview/lib/Config.pm | 54 | ||||
-rw-r--r-- | extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl (renamed from extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl) | 16 |
3 files changed, 103 insertions, 22 deletions
diff --git a/extensions/MozReview/Extension.pm b/extensions/MozReview/Extension.pm index 4e1951ed4..5745cf219 100644 --- a/extensions/MozReview/Extension.pm +++ b/extensions/MozReview/Extension.pm @@ -13,10 +13,22 @@ use warnings; use parent qw(Bugzilla::Extension); use Bugzilla::Attachment; -use Bugzilla::Config::Common; +use Bugzilla::Error; +use List::MoreUtils qw( any ); our $VERSION = '0.01'; +my @METHOD_WHITELIST = ( + 'User.get', + 'User.login', + 'User.valid_login', + 'Bug.add_comment', + 'Bug.add_attachment', + 'Bug.attachments', + 'Bug.get', + 'Bug.update_attachment', +); + sub template_before_process { my ($self, $args) = @_; my $file = $args->{'file'}; @@ -65,25 +77,32 @@ sub auth_delegation_confirm { } } -sub config_modify_panels { +sub config_add_panels { my ($self, $args) = @_; - push @{ $args->{panels}->{advanced}->{params} }, { - name => 'mozreview_base_url', - type => 't', - default => '', - checker => \&check_urlbase - }; - push @{ $args->{panels}->{advanced}->{params} }, { - name => 'mozreview_auth_callback_url', - type => 't', - default => '', - checker => sub { - my ($url) = (@_); - - return 'must be an HTTP/HTTPS absolute URL' unless $url =~ m{^https?://}; - return ''; + my $modules = $args->{panel_modules}; + $modules->{MozReview} = "Bugzilla::Extension::MozReview::Config"; +} + +sub webservice_before_call { + my ($self, $args) = @_; + my ($method, $full_method) = ($args->{method}, $args->{full_method}); + my $mozreview_app_id = Bugzilla->params->{mozreview_app_id}; + my $user = Bugzilla->user; + + return unless $mozreview_app_id; + return unless $user->authorizer; + + my $getter = $user->authorizer->successful_info_getter() + or return; + + return unless $getter->can("app_id") && $getter->app_id; + + my $app_id = $getter->app_id; + if ($app_id eq $mozreview_app_id) { + unless (any { $full_method eq $_ } @METHOD_WHITELIST) { + ThrowCodeError('unknown_method', { method => $full_method }); } - }; + } } __PACKAGE__->NAME; diff --git a/extensions/MozReview/lib/Config.pm b/extensions/MozReview/lib/Config.pm new file mode 100644 index 000000000..ab6b8c7c3 --- /dev/null +++ b/extensions/MozReview/lib/Config.pm @@ -0,0 +1,54 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +package Bugzilla::Extension::MozReview::Config; + +use strict; +use warnings; + +use Bugzilla::Config::Common; + +our $sortkey = 1300; + +sub get_param_list { + my ($class) = @_; + + my @params = ( + { + name => 'mozreview_base_url', + type => 't', + default => '', + checker => \&check_urlbase + }, + { + name => 'mozreview_auth_callback_url', + type => 't', + default => '', + checker => sub { + my ($url) = (@_); + + return 'must be an HTTP/HTTPS absolute URL' unless $url =~ m{^https?://}; + return ''; + } + }, + { + name => 'mozreview_app_id', + type => 't', + default => '', + checker => sub { + my ($app_id) = (@_); + + return 'must be a hex number' unless $app_id =~ /^[[:xdigit:]]+$/; + return ''; + }, + }, + ); + + return @params; +} + +1; diff --git a/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl b/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl index eb08f26eb..4a35555a4 100644 --- a/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl +++ b/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl @@ -6,7 +6,15 @@ # defined by the Mozilla Public License, v. 2.0. #%] -[% IF panel.name == "advanced" %] - [% panel.param_descs.mozreview_base_url = 'MozReview Base URL' %] - [% panel.param_descs.mozreview_auth_callback_url = 'MozReview Auth Delegation URL' %] -[% END -%] +[% + title = "MozReview" + desc = "Configure MozReview" +%] + +[% + param_descs = { + mozreview_base_url => 'MozReview Base URL', + mozreview_auth_callback_url => 'MozReview Auth Delegation URL', + mozreview_app_id => 'app_id for API Keys delegated to MozReview', + } +%] |