diff options
author | David Walsh <davidwalsh83@gmail.com> | 2017-08-17 20:46:43 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2017-08-17 20:46:43 +0200 |
commit | 2f81eea6219ce9d5704765a539e7272fd320e628 (patch) | |
tree | 3f0b94bacdc98c4bc39b3e47957922e37e90076b /extensions/PhabBugz/lib | |
parent | e95705a941992f0d9fb59bdc5ec951c4ce204330 (diff) | |
download | bugzilla-2f81eea6219ce9d5704765a539e7272fd320e628.tar.gz bugzilla-2f81eea6219ce9d5704765a539e7272fd320e628.tar.xz |
Bug 1389372 - Add REST API endpoint to validate whether a BMO user ID can see a given BMO bug
Diffstat (limited to 'extensions/PhabBugz/lib')
-rw-r--r-- | extensions/PhabBugz/lib/WebService.pm | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm index 0d88114f6..84561c3db 100644 --- a/extensions/PhabBugz/lib/WebService.pm +++ b/extensions/PhabBugz/lib/WebService.pm @@ -23,6 +23,7 @@ use Bugzilla::User; use Bugzilla::Util qw(correct_urlbase detaint_natural); use Bugzilla::WebService::Constants; +use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Util qw( create_revision_attachment create_private_revision_policy @@ -41,6 +42,7 @@ use constant PUBLIC_METHODS => qw( revision ); + sub revision { my ($self, $params) = @_; @@ -110,8 +112,35 @@ sub revision { }; } +sub check_user_permission_for_bug { + my ($self, $params) = @_; + + my $user = Bugzilla->login(LOGIN_REQUIRED); + + # Ensure PhabBugz is on + ThrowUserError('phabricator_not_enabled') + unless Bugzilla->params->{phabricator_enabled}; + + # Validate that the requesting user's email matches phab-bot + ThrowUserError('phabricator_unauthorized_user') + unless $user->login eq PHAB_AUTOMATION_USER; + + # Validate that a bug id and user id are provided + ThrowUserError('phabricator_invalid_request_params') + unless ($params->{bug_id} && $params->{user_id}); + + # Validate that the user and bug exist + my $target_user = Bugzilla::User->check({ id => $params->{user_id}, cache => 1 }); + + # Send back an object which says { "result": 1|0 } + return { + result => $target_user->can_see_bug($params->{bug_id}) + }; +} + sub rest_resources { return [ + # Revision creation qr{^/phabbugz/revision/([^/]+)$}, { POST => { method => 'revision', @@ -119,6 +148,15 @@ sub rest_resources { return { revision => $_[0] }; } } + }, + # Bug permission checks + qr{^/phabbugz/check_bug/(\d+)/(\d+)$}, { + GET => { + method => 'check_user_permission_for_bug', + params => sub { + return { bug_id => $_[0], user_id => $_[1] }; + } + } } ]; } |