From 818b908a18de4862f060c64ad12f779ac8480f01 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Fri, 4 Apr 2014 17:31:48 +0000
Subject: Bug 987521 - flag activity api needs to prohibit requests which
 return the entire table r=glob

---
 extensions/Review/lib/WebService.pm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'extensions/Review/lib/WebService.pm')

diff --git a/extensions/Review/lib/WebService.pm b/extensions/Review/lib/WebService.pm
index c39cadd2c..f5530dd49 100644
--- a/extensions/Review/lib/WebService.pm
+++ b/extensions/Review/lib/WebService.pm
@@ -112,6 +112,11 @@ sub flag_activity {
     $match_criteria{LIMIT} = $limit;
     $match_criteria{OFFSET} = $offset if defined $offset;
 
+    # Throw error if no other parameters have been passed other than limit and offset
+    if (!grep(!/^(LIMIT|OFFSET)$/, keys %match_criteria)) {
+        ThrowUserError('flag_activity_parameters_required');
+    }
+
     my $matches = Bugzilla::Extension::Review::FlagStateActivity->match(\%match_criteria);
     my @results = map { $self->_flag_state_activity_to_hash($_, $params) } @$matches;
     return \@results;
-- 
cgit v1.2.3-24-g4f1b