1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 00:32:42 +01:00

Remove obsolete, policy-violating "owners.query" API method

Summary: See <https://hackerone.com/reports/1584409>. This obsolete API method is technically policy-violating: Owners packages have had policies since D15275. See also T10360.

Test Plan: Viewed Conduit API console, no longer saw API method available.

Differential Revision: https://secure.phabricator.com/D21850
This commit is contained in:
epriestley 2022-05-31 10:39:18 -07:00
parent 835cd7f270
commit 3052ed1484
2 changed files with 0 additions and 168 deletions

View file

@ -2013,7 +2013,6 @@ phutil_register_library_map(array(
'OwnersConduitAPIMethod' => 'applications/owners/conduit/OwnersConduitAPIMethod.php',
'OwnersEditConduitAPIMethod' => 'applications/owners/conduit/OwnersEditConduitAPIMethod.php',
'OwnersPackageReplyHandler' => 'applications/owners/mail/OwnersPackageReplyHandler.php',
'OwnersQueryConduitAPIMethod' => 'applications/owners/conduit/OwnersQueryConduitAPIMethod.php',
'OwnersSearchConduitAPIMethod' => 'applications/owners/conduit/OwnersSearchConduitAPIMethod.php',
'PHIDConduitAPIMethod' => 'applications/phid/conduit/PHIDConduitAPIMethod.php',
'PHIDInfoConduitAPIMethod' => 'applications/phid/conduit/PHIDInfoConduitAPIMethod.php',
@ -8253,7 +8252,6 @@ phutil_register_library_map(array(
'OwnersConduitAPIMethod' => 'ConduitAPIMethod',
'OwnersEditConduitAPIMethod' => 'PhabricatorEditEngineAPIMethod',
'OwnersPackageReplyHandler' => 'PhabricatorMailReplyHandler',
'OwnersQueryConduitAPIMethod' => 'OwnersConduitAPIMethod',
'OwnersSearchConduitAPIMethod' => 'PhabricatorSearchEngineAPIMethod',
'PHIDConduitAPIMethod' => 'ConduitAPIMethod',
'PHIDInfoConduitAPIMethod' => 'PHIDConduitAPIMethod',

View file

@ -1,166 +0,0 @@
<?php
final class OwnersQueryConduitAPIMethod extends OwnersConduitAPIMethod {
public function getAPIMethodName() {
return 'owners.query';
}
public function getMethodStatus() {
return self::METHOD_STATUS_DEPRECATED;
}
public function getMethodStatusDescription() {
return pht('Obsolete; use "owners.search" instead.');
}
public function getMethodDescription() {
return pht('Query for Owners packages. Obsoleted by "owners.search".');
}
protected function defineParamTypes() {
return array(
'userOwner' => 'optional string',
'projectOwner' => 'optional string',
'userAffiliated' => 'optional string',
'repositoryCallsign' => 'optional string',
'path' => 'optional string',
);
}
protected function defineReturnType() {
return 'dict<phid -> dict of package info>';
}
protected function defineErrorTypes() {
return array(
'ERR-INVALID-USAGE' => pht(
'Provide one of a single owner phid (user/project), a single '.
'affiliated user phid (user), or a repository/path.'),
'ERR-INVALID-PARAMETER' => pht('Parameter should be a phid.'),
'ERR_REP_NOT_FOUND' => pht('The repository callsign is not recognized.'),
);
}
protected static function queryAll() {
return id(new PhabricatorOwnersPackage())->loadAll();
}
protected static function queryByOwner($owner) {
$is_valid_phid =
phid_get_type($owner) == PhabricatorPeopleUserPHIDType::TYPECONST ||
phid_get_type($owner) == PhabricatorProjectProjectPHIDType::TYPECONST;
if (!$is_valid_phid) {
throw id(new ConduitException('ERR-INVALID-PARAMETER'))
->setErrorDescription(
pht(
'Expected user/project PHID for owner, got %s.',
$owner));
}
$owners = id(new PhabricatorOwnersOwner())->loadAllWhere(
'userPHID = %s',
$owner);
$package_ids = mpull($owners, 'getPackageID');
$packages = array();
foreach ($package_ids as $id) {
$packages[] = id(new PhabricatorOwnersPackage())->load($id);
}
return $packages;
}
private static function queryByPath(
PhabricatorUser $viewer,
$repo_callsign,
$path) {
$repository = id(new PhabricatorRepositoryQuery())
->setViewer($viewer)
->withCallsigns(array($repo_callsign))
->executeOne();
if (!$repository) {
throw id(new ConduitException('ERR_REP_NOT_FOUND'))
->setErrorDescription(
pht(
'Repository callsign %s not recognized',
$repo_callsign));
}
if ($path == null) {
return PhabricatorOwnersPackage::loadPackagesForRepository($repository);
} else {
return PhabricatorOwnersPackage::loadOwningPackages(
$repository, $path);
}
}
public static function buildPackageInformationDictionaries($packages) {
assert_instances_of($packages, 'PhabricatorOwnersPackage');
$result = array();
foreach ($packages as $package) {
$p_owners = $package->loadOwners();
$p_paths = $package->loadPaths();
$owners = array_values(mpull($p_owners, 'getUserPHID'));
$paths = array();
foreach ($p_paths as $p) {
$paths[] = array($p->getRepositoryPHID(), $p->getPath());
}
$result[$package->getPHID()] = array(
'phid' => $package->getPHID(),
'name' => $package->getName(),
'description' => $package->getDescription(),
'owners' => $owners,
'paths' => $paths,
);
}
return $result;
}
protected function execute(ConduitAPIRequest $request) {
$is_owner_query =
($request->getValue('userOwner') ||
$request->getValue('projectOwner')) ?
1 : 0;
$is_affiliated_query = $request->getValue('userAffiliated') ? 1 : 0;
$repo = $request->getValue('repositoryCallsign');
$path = $request->getValue('path');
$is_path_query = $repo ? 1 : 0;
if ($is_owner_query + $is_path_query + $is_affiliated_query === 0) {
// if no search terms are provided, return everything
$packages = self::queryAll();
} else if ($is_owner_query + $is_path_query + $is_affiliated_query > 1) {
// otherwise, exactly one of these should be provided
throw new ConduitException('ERR-INVALID-USAGE');
}
if ($is_affiliated_query) {
$query = id(new PhabricatorOwnersPackageQuery())
->setViewer($request->getUser());
$query->withAuthorityPHIDs(array($request->getValue('userAffiliated')));
$packages = $query->execute();
} else if ($is_owner_query) {
$owner = nonempty(
$request->getValue('userOwner'),
$request->getValue('projectOwner'));
$packages = self::queryByOwner($owner);
} else if ($is_path_query) {
$packages = self::queryByPath($request->getUser(), $repo, $path);
}
return self::buildPackageInformationDictionaries($packages);
}
}