| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| # |
| # This Source Code Form is "Incompatible With Secondary Licenses", as |
| # defined by the Mozilla Public License, v. 2.0. |
| |
| package Bugzilla::WebService::Util; |
| |
| use 5.10.1; |
| use strict; |
| use warnings; |
| |
| use Bugzilla::Flag; |
| use Bugzilla::FlagType; |
| use Bugzilla::Error; |
| |
| use Storable qw(dclone); |
| use List::MoreUtils qw(any none); |
| |
| use parent qw(Exporter); |
| |
| # We have to "require", not "use" this, because otherwise it tries to |
| # use features of Test::More during import(). |
| require Test::Taint; |
| |
| our @EXPORT_OK = qw( |
| extract_flags |
| filter |
| filter_wants |
| taint_data |
| validate |
| translate |
| params_to_objects |
| fix_credentials |
| ); |
| |
| sub extract_flags { |
| my ($flags, $bug, $attachment) = @_; |
| my (@new_flags, @old_flags); |
| |
| my $flag_types = $attachment ? $attachment->flag_types : $bug->flag_types; |
| my $current_flags = $attachment ? $attachment->flags : $bug->flags; |
| |
| # Copy the user provided $flags as we may call extract_flags more than |
| # once when editing multiple bugs or attachments. |
| my $flags_copy = dclone($flags); |
| |
| foreach my $flag (@$flags_copy) { |
| my $id = $flag->{id}; |
| my $type_id = $flag->{type_id}; |
| |
| my $new = delete $flag->{new}; |
| my $name = delete $flag->{name}; |
| |
| if ($id) { |
| my $flag_obj = grep($id == $_->id, @$current_flags); |
| $flag_obj || ThrowUserError('object_does_not_exist', |
| { class => 'Bugzilla::Flag', id => $id }); |
| } |
| elsif ($type_id) { |
| my $type_obj = grep($type_id == $_->id, @$flag_types); |
| $type_obj || ThrowUserError('object_does_not_exist', |
| { class => 'Bugzilla::FlagType', id => $type_id }); |
| if (!$new) { |
| my @flag_matches = grep($type_id == $_->type->id, @$current_flags); |
| @flag_matches > 1 && ThrowUserError('flag_not_unique', |
| { value => $type_id }); |
| if (!@flag_matches) { |
| delete $flag->{id}; |
| } |
| else { |
| delete $flag->{type_id}; |
| $flag->{id} = $flag_matches[0]->id; |
| } |
| } |
| } |
| elsif ($name) { |
| my @type_matches = grep($name eq $_->name, @$flag_types); |
| @type_matches > 1 && ThrowUserError('flag_type_not_unique', |
| { value => $name }); |
| @type_matches || ThrowUserError('object_does_not_exist', |
| { class => 'Bugzilla::FlagType', name => $name }); |
| if ($new) { |
| delete $flag->{id}; |
| $flag->{type_id} = $type_matches[0]->id; |
| } |
| else { |
| my @flag_matches = grep($name eq $_->type->name, @$current_flags); |
| @flag_matches > 1 && ThrowUserError('flag_not_unique', { value => $name }); |
| if (@flag_matches) { |
| $flag->{id} = $flag_matches[0]->id; |
| } |
| else { |
| delete $flag->{id}; |
| $flag->{type_id} = $type_matches[0]->id; |
| } |
| } |
| } |
| |
| if ($flag->{id}) { |
| push(@old_flags, $flag); |
| } |
| else { |
| push(@new_flags, $flag); |
| } |
| } |
| |
| return (\@old_flags, \@new_flags); |
| } |
| |
| sub filter($$;$$) { |
| my ($params, $hash, $types, $prefix) = @_; |
| my %newhash = %$hash; |
| |
| foreach my $key (keys %$hash) { |
| delete $newhash{$key} if !filter_wants($params, $key, $types, $prefix); |
| } |
| |
| return \%newhash; |
| } |
| |
| sub filter_wants($$;$$) { |
| my ($params, $field, $types, $prefix) = @_; |
| |
| # Since this is operation is resource intensive, we will cache the results |
| # This assumes that $params->{*_fields} doesn't change between calls |
| my $cache = Bugzilla->request_cache->{filter_wants} ||= {}; |
| $field = "${prefix}.${field}" if $prefix; |
| |
| if (exists $cache->{$field}) { |
| return $cache->{$field}; |
| } |
| |
| # Mimic old behavior if no types provided |
| my %field_types = map { $_ => 1 } (ref $types ? @$types : ($types || 'default')); |
| |
| my %include = map { $_ => 1 } @{ $params->{'include_fields'} || [] }; |
| my %exclude = map { $_ => 1 } @{ $params->{'exclude_fields'} || [] }; |
| |
| my %include_types; |
| my %exclude_types; |
| |
| # Only return default fields if nothing is specified |
| $include_types{default} = 1 if !%include; |
| |
| # Look for any field types requested |
| foreach my $key (keys %include) { |
| next if $key !~ /^_(.*)$/; |
| $include_types{$1} = 1; |
| delete $include{$key}; |
| } |
| foreach my $key (keys %exclude) { |
| next if $key !~ /^_(.*)$/; |
| $exclude_types{$1} = 1; |
| delete $exclude{$key}; |
| } |
| |
| # Explicit inclusion/exclusion |
| return $cache->{$field} = 0 if $exclude{$field}; |
| return $cache->{$field} = 1 if $include{$field}; |
| |
| # If the user has asked to include all or exclude all |
| return $cache->{$field} = 0 if $exclude_types{'all'}; |
| return $cache->{$field} = 1 if $include_types{'all'}; |
| |
| # If the user has not asked for any fields specifically or if the user has asked |
| # for one or more of the field's types (and not excluded them) |
| foreach my $type (keys %field_types) { |
| return $cache->{$field} = 0 if $exclude_types{$type}; |
| return $cache->{$field} = 1 if $include_types{$type}; |
| } |
| |
| my $wants = 0; |
| if ($prefix) { |
| # Include the field if the parent is include (and this one is not excluded) |
| $wants = 1 if $include{$prefix}; |
| } |
| else { |
| # We want to include this if one of the sub keys is included |
| my $key = $field . '.'; |
| my $len = length($key); |
| $wants = 1 if grep { substr($_, 0, $len) eq $key } keys %include; |
| } |
| |
| return $cache->{$field} = $wants; |
| } |
| |
| sub taint_data { |
| my @params = @_; |
| return if !@params; |
| # Though this is a private function, it hasn't changed since 2004 and |
| # should be safe to use, and prevents us from having to write it ourselves |
| # or require another module to do it. |
| Test::Taint::_deeply_traverse(\&_delete_bad_keys, \@params); |
| Test::Taint::taint_deeply(\@params); |
| } |
| |
| sub _delete_bad_keys { |
| foreach my $item (@_) { |
| next if ref $item ne 'HASH'; |
| foreach my $key (keys %$item) { |
| # Making something a hash key always untaints it, in Perl. |
| # However, we need to validate our argument names in some way. |
| # We know that all hash keys passed in to the WebService will |
| # match \w+, contain '.' or '-', so we delete any key that |
| # doesn't match that. |
| if ($key !~ /^[\w\.\-]+$/) { |
| delete $item->{$key}; |
| } |
| } |
| } |
| return @_; |
| } |
| |
| sub validate { |
| my ($self, $params, @keys) = @_; |
| |
| # If $params is defined but not a reference, then we weren't |
| # sent any parameters at all, and we're getting @keys where |
| # $params should be. |
| return ($self, undef) if (defined $params and !ref $params); |
| |
| my @id_params = qw(ids comment_ids); |
| # If @keys is not empty then we convert any named |
| # parameters that have scalar values to arrayrefs |
| # that match. |
| foreach my $key (@keys) { |
| if (exists $params->{$key}) { |
| $params->{$key} = [ $params->{$key} ] unless ref $params->{$key}; |
| |
| if (any { $key eq $_ } @id_params) { |
| my $ids = $params->{$key}; |
| ThrowCodeError('param_scalar_array_required', { param => $key }) |
| unless ref($ids) eq 'ARRAY' && none { ref $_ } @$ids; |
| } |
| } |
| } |
| |
| return ($self, $params); |
| } |
| |
| sub translate { |
| my ($params, $mapped) = @_; |
| my %changes; |
| while (my ($key,$value) = each (%$params)) { |
| my $new_field = $mapped->{$key} || $key; |
| $changes{$new_field} = $value; |
| } |
| return \%changes; |
| } |
| |
| sub params_to_objects { |
| my ($params, $class) = @_; |
| my (@objects, @objects_by_ids); |
| |
| @objects = map { $class->check($_) } |
| @{ $params->{names} } if $params->{names}; |
| |
| @objects_by_ids = map { $class->check({ id => $_ }) } |
| @{ $params->{ids} } if $params->{ids}; |
| |
| push(@objects, @objects_by_ids); |
| my %seen; |
| @objects = grep { !$seen{$_->id}++ } @objects; |
| return \@objects; |
| } |
| |
| sub fix_credentials { |
| my ($params) = @_; |
| # Allow user to pass in login=foo&password=bar as a convenience |
| # even if not calling GET /login. We also do not delete them as |
| # GET /login requires "login" and "password". |
| if (exists $params->{'login'} && exists $params->{'password'}) { |
| $params->{'Bugzilla_login'} = delete $params->{'login'}; |
| $params->{'Bugzilla_password'} = delete $params->{'password'}; |
| } |
| # Allow user to pass api_key=12345678 as a convenience which becomes |
| # "Bugzilla_api_key" which is what the auth code looks for. |
| if (exists $params->{api_key}) { |
| $params->{Bugzilla_api_key} = delete $params->{api_key}; |
| } |
| # Allow user to pass token=12345678 as a convenience which becomes |
| # "Bugzilla_token" which is what the auth code looks for. |
| if (exists $params->{'token'}) { |
| $params->{'Bugzilla_token'} = delete $params->{'token'}; |
| } |
| |
| # Allow extensions to modify the credential data before login |
| Bugzilla::Hook::process('webservice_fix_credentials', { params => $params }); |
| } |
| |
| __END__ |
| |
| =head1 NAME |
| |
| Bugzilla::WebService::Util - Utility functions used inside of the WebService |
| code. These are B<not> functions that can be called via the WebService. |
| |
| =head1 DESCRIPTION |
| |
| This is somewhat like L<Bugzilla::Util>, but these functions are only used |
| internally in the WebService code. |
| |
| =head1 SYNOPSIS |
| |
| filter({ include_fields => ['id', 'name'], |
| exclude_fields => ['name'] }, $hash); |
| my $wants = filter_wants $params, 'field_name'; |
| validate(@_, 'ids'); |
| |
| =head1 METHODS |
| |
| =head2 filter |
| |
| This helps implement the C<include_fields> and C<exclude_fields> arguments |
| of WebService methods. Given a hash (the second argument to this subroutine), |
| this will remove any keys that are I<not> in C<include_fields> and then remove |
| any keys that I<are> in C<exclude_fields>. |
| |
| An optional third option can be passed that prefixes the field name to allow |
| filtering of data two or more levels deep. |
| |
| For example, if you want to filter out the C<id> key/value in components returned |
| by Product.get, you would use the value C<component.id> in your C<exclude_fields> |
| list. |
| |
| =head2 filter_wants |
| |
| Returns C<1> if a filter would preserve the specified field when passing |
| a hash to L</filter>, C<0> otherwise. |
| |
| =head2 validate |
| |
| This helps in the validation of parameters passed into the WebService |
| methods. Currently it converts listed parameters into an array reference |
| if the client only passed a single scalar value. It modifies the parameters |
| hash in place so other parameters should be unaltered. |
| |
| =head2 translate |
| |
| WebService methods frequently take parameters with different names than |
| the ones that we use internally in Bugzilla. This function takes a hashref |
| that has field names for keys and returns a hashref with those keys renamed |
| according to the mapping passed in with the second parameter (which is also |
| a hashref). |
| |
| =head2 params_to_objects |
| |
| Creates objects of the type passed in as the second parameter, using the |
| parameters passed to a WebService method (the first parameter to this function). |
| Helps make life simpler for WebService methods that internally create objects |
| via both "ids" and "names" fields. Also de-duplicates objects that were loaded |
| by both "ids" and "names". Returns an arrayref of objects. |
| |
| =head2 fix_credentials |
| |
| Allows for certain parameters related to authentication such as Bugzilla_login, |
| Bugzilla_password, and Bugzilla_token to have shorter named equivalents passed in. |
| This function converts the shorter versions to their respective internal names. |
| |
| =head2 extract_flags |
| |
| Subroutine that takes a list of hashes that are potential flag changes for |
| both bugs and attachments. Then breaks the list down into two separate lists |
| based on if the change is to add a new flag or to update an existing flag. |
| |
| =head1 B<Methods in need of POD> |
| |
| =over |
| |
| =item taint_data |
| |
| =back |
