From fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 11 Aug 2015 13:31:49 -0400 Subject: Bug 1184332 - Add Restricted API calls for MozReview --- extensions/MozReview/Extension.pm | 55 +++++++++++++++------- extensions/MozReview/lib/Config.pm | 54 +++++++++++++++++++++ .../en/default/admin/params/mozreview.html.tmpl | 20 ++++++++ .../params/editparams-current_panel.html.tmpl | 12 ----- 4 files changed, 111 insertions(+), 30 deletions(-) create mode 100644 extensions/MozReview/lib/Config.pm create mode 100644 extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl delete mode 100644 extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl (limited to 'extensions/MozReview') diff --git a/extensions/MozReview/Extension.pm b/extensions/MozReview/Extension.pm index 4e1951ed4..5745cf219 100644 --- a/extensions/MozReview/Extension.pm +++ b/extensions/MozReview/Extension.pm @@ -13,10 +13,22 @@ use warnings; use parent qw(Bugzilla::Extension); use Bugzilla::Attachment; -use Bugzilla::Config::Common; +use Bugzilla::Error; +use List::MoreUtils qw( any ); our $VERSION = '0.01'; +my @METHOD_WHITELIST = ( + 'User.get', + 'User.login', + 'User.valid_login', + 'Bug.add_comment', + 'Bug.add_attachment', + 'Bug.attachments', + 'Bug.get', + 'Bug.update_attachment', +); + sub template_before_process { my ($self, $args) = @_; my $file = $args->{'file'}; @@ -65,25 +77,32 @@ sub auth_delegation_confirm { } } -sub config_modify_panels { +sub config_add_panels { my ($self, $args) = @_; - push @{ $args->{panels}->{advanced}->{params} }, { - name => 'mozreview_base_url', - type => 't', - default => '', - checker => \&check_urlbase - }; - push @{ $args->{panels}->{advanced}->{params} }, { - name => 'mozreview_auth_callback_url', - type => 't', - default => '', - checker => sub { - my ($url) = (@_); - - return 'must be an HTTP/HTTPS absolute URL' unless $url =~ m{^https?://}; - return ''; + my $modules = $args->{panel_modules}; + $modules->{MozReview} = "Bugzilla::Extension::MozReview::Config"; +} + +sub webservice_before_call { + my ($self, $args) = @_; + my ($method, $full_method) = ($args->{method}, $args->{full_method}); + my $mozreview_app_id = Bugzilla->params->{mozreview_app_id}; + my $user = Bugzilla->user; + + return unless $mozreview_app_id; + return unless $user->authorizer; + + my $getter = $user->authorizer->successful_info_getter() + or return; + + return unless $getter->can("app_id") && $getter->app_id; + + my $app_id = $getter->app_id; + if ($app_id eq $mozreview_app_id) { + unless (any { $full_method eq $_ } @METHOD_WHITELIST) { + ThrowCodeError('unknown_method', { method => $full_method }); } - }; + } } __PACKAGE__->NAME; diff --git a/extensions/MozReview/lib/Config.pm b/extensions/MozReview/lib/Config.pm new file mode 100644 index 000000000..ab6b8c7c3 --- /dev/null +++ b/extensions/MozReview/lib/Config.pm @@ -0,0 +1,54 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +package Bugzilla::Extension::MozReview::Config; + +use strict; +use warnings; + +use Bugzilla::Config::Common; + +our $sortkey = 1300; + +sub get_param_list { + my ($class) = @_; + + my @params = ( + { + name => 'mozreview_base_url', + type => 't', + default => '', + checker => \&check_urlbase + }, + { + name => 'mozreview_auth_callback_url', + type => 't', + default => '', + checker => sub { + my ($url) = (@_); + + return 'must be an HTTP/HTTPS absolute URL' unless $url =~ m{^https?://}; + return ''; + } + }, + { + name => 'mozreview_app_id', + type => 't', + default => '', + checker => sub { + my ($app_id) = (@_); + + return 'must be a hex number' unless $app_id =~ /^[[:xdigit:]]+$/; + return ''; + }, + }, + ); + + return @params; +} + +1; diff --git a/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl b/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl new file mode 100644 index 000000000..4a35555a4 --- /dev/null +++ b/extensions/MozReview/template/en/default/admin/params/mozreview.html.tmpl @@ -0,0 +1,20 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% + title = "MozReview" + desc = "Configure MozReview" +%] + +[% + param_descs = { + mozreview_base_url => 'MozReview Base URL', + mozreview_auth_callback_url => 'MozReview Auth Delegation URL', + mozreview_app_id => 'app_id for API Keys delegated to MozReview', + } +%] diff --git a/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl b/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl deleted file mode 100644 index eb08f26eb..000000000 --- a/extensions/MozReview/template/en/default/hook/admin/params/editparams-current_panel.html.tmpl +++ /dev/null @@ -1,12 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% IF panel.name == "advanced" %] - [% panel.param_descs.mozreview_base_url = 'MozReview Base URL' %] - [% panel.param_descs.mozreview_auth_callback_url = 'MozReview Auth Delegation URL' %] -[% END -%] -- cgit v1.2.3-24-g4f1b