Commit c49af480 authored by dkl%redhat.com's avatar dkl%redhat.com

Bug 473646 - WebService methods should check list parameters for scalars and convert before use

Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
parent 2319f5f6
...@@ -27,7 +27,7 @@ use Bugzilla::Constants; ...@@ -27,7 +27,7 @@ use Bugzilla::Constants;
use Bugzilla::Error; use Bugzilla::Error;
use Bugzilla::Field; use Bugzilla::Field;
use Bugzilla::WebService::Constants; use Bugzilla::WebService::Constants;
use Bugzilla::WebService::Util qw(filter); use Bugzilla::WebService::Util qw(filter validate);
use Bugzilla::Bug; use Bugzilla::Bug;
use Bugzilla::BugMail; use Bugzilla::BugMail;
use Bugzilla::Util qw(trim); use Bugzilla::Util qw(trim);
...@@ -67,7 +67,8 @@ BEGIN { *get_bugs = \&get } ...@@ -67,7 +67,8 @@ BEGIN { *get_bugs = \&get }
########### ###########
sub comments { sub comments {
my ($self, $params) = @_; my ($self, $params) = validate(@_, 'bug_ids', 'comment_ids');
if (!(defined $params->{bug_ids} || defined $params->{comment_ids})) { if (!(defined $params->{bug_ids} || defined $params->{comment_ids})) {
ThrowCodeError('params_required', ThrowCodeError('params_required',
{ function => 'Bug.comments', { function => 'Bug.comments',
...@@ -145,7 +146,8 @@ sub _translate_comment { ...@@ -145,7 +146,8 @@ sub _translate_comment {
} }
sub get { sub get {
my ($self, $params) = @_; my ($self, $params) = validate(@_, 'ids');
my $ids = $params->{ids}; my $ids = $params->{ids};
defined $ids || ThrowCodeError('param_required', { param => 'ids' }); defined $ids || ThrowCodeError('param_required', { param => 'ids' });
...@@ -162,7 +164,7 @@ sub get { ...@@ -162,7 +164,7 @@ sub get {
# it can be called as the following: # it can be called as the following:
# $call = $rpc->call( 'Bug.get_history', { ids => [1,2] }); # $call = $rpc->call( 'Bug.get_history', { ids => [1,2] });
sub get_history { sub get_history {
my ($self, $params) = @_; my ($self, $params) = validate(@_, 'ids');
my $ids = $params->{ids}; my $ids = $params->{ids};
defined $ids || ThrowCodeError('param_required', { param => 'ids' }); defined $ids || ThrowCodeError('param_required', { param => 'ids' });
......
...@@ -21,6 +21,7 @@ use strict; ...@@ -21,6 +21,7 @@ use strict;
use base qw(Bugzilla::WebService); use base qw(Bugzilla::WebService);
use Bugzilla::Product; use Bugzilla::Product;
use Bugzilla::User; use Bugzilla::User;
use Bugzilla::WebService::Util qw(validate);
################################################## ##################################################
# Add aliases here for method name compatibility # # Add aliases here for method name compatibility #
...@@ -45,7 +46,7 @@ sub get_accessible_products { ...@@ -45,7 +46,7 @@ sub get_accessible_products {
# Get a list of actual products, based on list of ids # Get a list of actual products, based on list of ids
sub get { sub get {
my ($self, $params) = @_; my ($self, $params) = validate(@_, 'ids');
# Only products that are in the users accessible products, # Only products that are in the users accessible products,
# can be allowed to be returned # can be allowed to be returned
......
...@@ -28,7 +28,7 @@ use Bugzilla::Error; ...@@ -28,7 +28,7 @@ use Bugzilla::Error;
use Bugzilla::User; use Bugzilla::User;
use Bugzilla::Util qw(trim); use Bugzilla::Util qw(trim);
use Bugzilla::Token; use Bugzilla::Token;
use Bugzilla::WebService::Util qw(filter); use Bugzilla::WebService::Util qw(filter validate);
# Don't need auth to login # Don't need auth to login
use constant LOGIN_EXEMPT => { use constant LOGIN_EXEMPT => {
...@@ -131,7 +131,7 @@ sub create { ...@@ -131,7 +131,7 @@ sub create {
# $call = $rpc->call( 'User.get', { ids => [1,2,3], # $call = $rpc->call( 'User.get', { ids => [1,2,3],
# names => ['testusera@redhat.com', 'testuserb@redhat.com'] }); # names => ['testusera@redhat.com', 'testuserb@redhat.com'] });
sub get { sub get {
my ($self, $params) = @_; my ($self, $params) = validate(@_, 'names', 'ids');
my @user_objects; my @user_objects;
@user_objects = map { Bugzilla::User->check($_) } @{ $params->{names} } @user_objects = map { Bugzilla::User->check($_) } @{ $params->{names} }
......
...@@ -24,7 +24,7 @@ use strict; ...@@ -24,7 +24,7 @@ use strict;
use base qw(Exporter); use base qw(Exporter);
our @EXPORT_OK = qw(filter); our @EXPORT_OK = qw(filter validate);
sub filter ($$) { sub filter ($$) {
my ($params, $hash) = @_; my ($params, $hash) = @_;
...@@ -44,6 +44,23 @@ sub filter ($$) { ...@@ -44,6 +44,23 @@ sub filter ($$) {
return \%newhash; return \%newhash;
} }
sub validate {
my ($self, $params, @keys) = @_;
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
foreach my $key (@keys) {
if (exists $params->{$key}) {
$params->{$key} = ref $params->{$key}
? $params->{$key}
: [ $params->{$key} ];
}
}
return ($self, $params);
}
__END__ __END__
=head1 NAME =head1 NAME
...@@ -61,6 +78,8 @@ internally in the WebService code. ...@@ -61,6 +78,8 @@ internally in the WebService code.
filter({ include_fields => ['id', 'name'], filter({ include_fields => ['id', 'name'],
exclude_fields => ['name'] }, $hash); exclude_fields => ['name'] }, $hash);
validate(@_, 'ids');
=head1 METHODS =head1 METHODS
=over =over
...@@ -72,4 +91,11 @@ of WebService methods. Given a hash (the second argument to this subroutine), ...@@ -72,4 +91,11 @@ of WebService methods. Given a hash (the second argument to this subroutine),
this will remove any keys that are I<not> in C<include_fields> and then remove this will remove any keys that are I<not> in C<include_fields> and then remove
any keys that I<are> in C<exclude_fields>. any keys that I<are> in C<exclude_fields>.
=item C<validate>
This helps in the validation of parameters passed into the WebSerice
methods. Currently it converts listed parameters into an array reference
if the client only passed a single scalar value. It modifies the parameters
hash in place so other parameters should be unaltered.
=back =back
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment