mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
Remove obsolete, policy-violating "owners.query" API method
Summary: See <https://hackerone.com/reports/1584409>. This obsolete API method is technically policy-violating: Owners packages have had policies since D15275. See also T10360. Test Plan: Viewed Conduit API console, no longer saw API method available. Differential Revision: https://secure.phabricator.com/D21850
This commit is contained in:
parent
835cd7f270
commit
3052ed1484
2 changed files with 0 additions and 168 deletions
|
@ -2013,7 +2013,6 @@ phutil_register_library_map(array(
|
|||
'OwnersConduitAPIMethod' => 'applications/owners/conduit/OwnersConduitAPIMethod.php',
|
||||
'OwnersEditConduitAPIMethod' => 'applications/owners/conduit/OwnersEditConduitAPIMethod.php',
|
||||
'OwnersPackageReplyHandler' => 'applications/owners/mail/OwnersPackageReplyHandler.php',
|
||||
'OwnersQueryConduitAPIMethod' => 'applications/owners/conduit/OwnersQueryConduitAPIMethod.php',
|
||||
'OwnersSearchConduitAPIMethod' => 'applications/owners/conduit/OwnersSearchConduitAPIMethod.php',
|
||||
'PHIDConduitAPIMethod' => 'applications/phid/conduit/PHIDConduitAPIMethod.php',
|
||||
'PHIDInfoConduitAPIMethod' => 'applications/phid/conduit/PHIDInfoConduitAPIMethod.php',
|
||||
|
@ -8253,7 +8252,6 @@ phutil_register_library_map(array(
|
|||
'OwnersConduitAPIMethod' => 'ConduitAPIMethod',
|
||||
'OwnersEditConduitAPIMethod' => 'PhabricatorEditEngineAPIMethod',
|
||||
'OwnersPackageReplyHandler' => 'PhabricatorMailReplyHandler',
|
||||
'OwnersQueryConduitAPIMethod' => 'OwnersConduitAPIMethod',
|
||||
'OwnersSearchConduitAPIMethod' => 'PhabricatorSearchEngineAPIMethod',
|
||||
'PHIDConduitAPIMethod' => 'ConduitAPIMethod',
|
||||
'PHIDInfoConduitAPIMethod' => 'PHIDConduitAPIMethod',
|
||||
|
|
|
@ -1,166 +0,0 @@
|
|||
<?php
|
||||
|
||||
final class OwnersQueryConduitAPIMethod extends OwnersConduitAPIMethod {
|
||||
|
||||
public function getAPIMethodName() {
|
||||
return 'owners.query';
|
||||
}
|
||||
|
||||
public function getMethodStatus() {
|
||||
return self::METHOD_STATUS_DEPRECATED;
|
||||
}
|
||||
|
||||
public function getMethodStatusDescription() {
|
||||
return pht('Obsolete; use "owners.search" instead.');
|
||||
}
|
||||
|
||||
|
||||
public function getMethodDescription() {
|
||||
return pht('Query for Owners packages. Obsoleted by "owners.search".');
|
||||
}
|
||||
|
||||
protected function defineParamTypes() {
|
||||
return array(
|
||||
'userOwner' => 'optional string',
|
||||
'projectOwner' => 'optional string',
|
||||
'userAffiliated' => 'optional string',
|
||||
'repositoryCallsign' => 'optional string',
|
||||
'path' => 'optional string',
|
||||
);
|
||||
}
|
||||
|
||||
protected function defineReturnType() {
|
||||
return 'dict<phid -> dict of package info>';
|
||||
}
|
||||
|
||||
protected function defineErrorTypes() {
|
||||
return array(
|
||||
'ERR-INVALID-USAGE' => pht(
|
||||
'Provide one of a single owner phid (user/project), a single '.
|
||||
'affiliated user phid (user), or a repository/path.'),
|
||||
'ERR-INVALID-PARAMETER' => pht('Parameter should be a phid.'),
|
||||
'ERR_REP_NOT_FOUND' => pht('The repository callsign is not recognized.'),
|
||||
);
|
||||
}
|
||||
|
||||
protected static function queryAll() {
|
||||
return id(new PhabricatorOwnersPackage())->loadAll();
|
||||
}
|
||||
|
||||
protected static function queryByOwner($owner) {
|
||||
$is_valid_phid =
|
||||
phid_get_type($owner) == PhabricatorPeopleUserPHIDType::TYPECONST ||
|
||||
phid_get_type($owner) == PhabricatorProjectProjectPHIDType::TYPECONST;
|
||||
|
||||
if (!$is_valid_phid) {
|
||||
throw id(new ConduitException('ERR-INVALID-PARAMETER'))
|
||||
->setErrorDescription(
|
||||
pht(
|
||||
'Expected user/project PHID for owner, got %s.',
|
||||
$owner));
|
||||
}
|
||||
|
||||
$owners = id(new PhabricatorOwnersOwner())->loadAllWhere(
|
||||
'userPHID = %s',
|
||||
$owner);
|
||||
|
||||
$package_ids = mpull($owners, 'getPackageID');
|
||||
$packages = array();
|
||||
foreach ($package_ids as $id) {
|
||||
$packages[] = id(new PhabricatorOwnersPackage())->load($id);
|
||||
}
|
||||
return $packages;
|
||||
}
|
||||
|
||||
private static function queryByPath(
|
||||
PhabricatorUser $viewer,
|
||||
$repo_callsign,
|
||||
$path) {
|
||||
|
||||
$repository = id(new PhabricatorRepositoryQuery())
|
||||
->setViewer($viewer)
|
||||
->withCallsigns(array($repo_callsign))
|
||||
->executeOne();
|
||||
|
||||
if (!$repository) {
|
||||
throw id(new ConduitException('ERR_REP_NOT_FOUND'))
|
||||
->setErrorDescription(
|
||||
pht(
|
||||
'Repository callsign %s not recognized',
|
||||
$repo_callsign));
|
||||
}
|
||||
if ($path == null) {
|
||||
return PhabricatorOwnersPackage::loadPackagesForRepository($repository);
|
||||
} else {
|
||||
return PhabricatorOwnersPackage::loadOwningPackages(
|
||||
$repository, $path);
|
||||
}
|
||||
}
|
||||
|
||||
public static function buildPackageInformationDictionaries($packages) {
|
||||
assert_instances_of($packages, 'PhabricatorOwnersPackage');
|
||||
|
||||
$result = array();
|
||||
foreach ($packages as $package) {
|
||||
$p_owners = $package->loadOwners();
|
||||
$p_paths = $package->loadPaths();
|
||||
|
||||
$owners = array_values(mpull($p_owners, 'getUserPHID'));
|
||||
$paths = array();
|
||||
foreach ($p_paths as $p) {
|
||||
$paths[] = array($p->getRepositoryPHID(), $p->getPath());
|
||||
}
|
||||
|
||||
$result[$package->getPHID()] = array(
|
||||
'phid' => $package->getPHID(),
|
||||
'name' => $package->getName(),
|
||||
'description' => $package->getDescription(),
|
||||
'owners' => $owners,
|
||||
'paths' => $paths,
|
||||
);
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
protected function execute(ConduitAPIRequest $request) {
|
||||
$is_owner_query =
|
||||
($request->getValue('userOwner') ||
|
||||
$request->getValue('projectOwner')) ?
|
||||
1 : 0;
|
||||
|
||||
$is_affiliated_query = $request->getValue('userAffiliated') ? 1 : 0;
|
||||
|
||||
$repo = $request->getValue('repositoryCallsign');
|
||||
$path = $request->getValue('path');
|
||||
$is_path_query = $repo ? 1 : 0;
|
||||
|
||||
if ($is_owner_query + $is_path_query + $is_affiliated_query === 0) {
|
||||
// if no search terms are provided, return everything
|
||||
$packages = self::queryAll();
|
||||
} else if ($is_owner_query + $is_path_query + $is_affiliated_query > 1) {
|
||||
// otherwise, exactly one of these should be provided
|
||||
throw new ConduitException('ERR-INVALID-USAGE');
|
||||
}
|
||||
|
||||
if ($is_affiliated_query) {
|
||||
$query = id(new PhabricatorOwnersPackageQuery())
|
||||
->setViewer($request->getUser());
|
||||
|
||||
$query->withAuthorityPHIDs(array($request->getValue('userAffiliated')));
|
||||
|
||||
$packages = $query->execute();
|
||||
} else if ($is_owner_query) {
|
||||
$owner = nonempty(
|
||||
$request->getValue('userOwner'),
|
||||
$request->getValue('projectOwner'));
|
||||
|
||||
$packages = self::queryByOwner($owner);
|
||||
|
||||
} else if ($is_path_query) {
|
||||
$packages = self::queryByPath($request->getUser(), $repo, $path);
|
||||
}
|
||||
|
||||
return self::buildPackageInformationDictionaries($packages);
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue