Closed Bug 1014345 Opened 10 years ago Closed 10 years ago

Add Group.get RPC call

Categories

(Bugzilla :: WebService, defect)

Product:
Bugzilla
Component:
WebService
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 5.0

People

(Reporter: mail, Assigned: mail)

Details

Attachments

(1 file, 4 obsolete files)

bug1014345-v5.patch
9.78 KB, patch
glob
: review+
Details | Diff | Splinter Review 
We have Group.create and Group.update, but not a Group.get function. Luckily brc having one lying around (author unknown)
Attached patch bug1014345-v1.patch (obsolete) — Splinter Review 
This actually differs a bit from the Red Hat version.
Attachment #8426817 - Flags: review?(glob)
Attached patch bug1014345-v1.patch (obsolete) — Splinter Review 
One whitespace character removed :)
Attachment #8426817 - Attachment is obsolete: true
Attachment #8426817 - Flags: review?(glob)
Attachment #8426818 - Flags: review?(glob)
Comment on attachment 8426818 [details] [diff] [review]
bug1014345-v1.patch

Review of attachment 8426818 [details] [diff] [review]:
-----------------------------------------------------------------

::: Bugzilla/WebService/Group.pm
@@ +132,5 @@
> +
> +    # If the user doesn't have creategroup privilege, make sure they have
> +    # bless privileges on the groups
> +    if (! $creategroups) {
> +    }

this code should either:
1. do something
2. be removed

@@ +181,5 @@
> +        if ($visibleGroups) {
> +            $query .= qq{, user_group_map AS ugm
> +                         WHERE ugm.user_id = profiles.userid
> +                           AND ugm.isbless = 0
> +                           AND ugm.group_id IN ($visibleGroups)

use $dbh->sql_in()

@@ +195,5 @@
> +        $nextCondition = 'AND';
> +    }
> +    if (!$visibleGroups) {
> +        ThrowUserError("auth_failure", {reason  => "not_visible",
> +                                        action  => "access"

you need to pass in an 'object' to the auth_failure error.

this incorrectly throws an error in the following scenario:
- user is not in creategroups
- user has bless access to a single group
- Groups.get is called with membership => 1, but without providing an id and/or name

actual:
"Sorry, there are visibility restrictions on certain user groups, and so you are not authorized to access ."

expected:
returned membership for all groups which the user can bless


also note the error message incorrectly states that "there are visibility restrictions", even if none are in place.

@@ +200,5 @@
> +                      });
> +    }
> +
> +    my $grouplist = join(',',
> +        @{Bugzilla::Group->flatten_group_membership($group->id)});

nit: add a space after @{ and before the closing }

@@ +201,5 @@
> +    }
> +
> +    my $grouplist = join(',',
> +        @{Bugzilla::Group->flatten_group_membership($group->id)});
> +    $query .= " $nextCondition ugm.group_id IN($grouplist) ";

use $dbh->sql_in() here too.

i don't see how it's possible for $nextCondition to be anything other than AND

@@ +475,5 @@
> +
> +If the user is not a member of the "creategroups" group, but they are in the
> +"editusers" group or have bless privileges to the groups they require
> +membership information for, the is_active, is_bug_group and user_regexp values
> +are not supplied.

i'd like to see it clarified that you have to be in the creategroups group _unless_ you're requesting membership information.
Attachment #8426818 - Flags: review?(glob) → review-
Attached patch bug1014345-v3.patch (obsolete) — Splinter Review 

        Attachment #8426818 -
        Attachment is obsolete: true

        Attachment #8429625 -
        Flags: review?(glob)

    
    

    
  
Comment on attachment 8429625 [details] [diff] [review]
bug1014345-v3.patch

Review of attachment 8429625 [details] [diff] [review]:
-----------------------------------------------------------------

calling as an unblessed user (no access to edit any groups or user), i get different results if i ask for group membership or not.

setting membership => 0, i get "Sorry, you aren't a member of the 'creategroups' group, and so you are not authorized to access groups."
setting membership => 1, i don't get an error, instead an empty group array is returned.

the behaviour should be identical in both cases.


otherwise this looks great :)

::: Bugzilla/WebService/Group.pm
@@ +209,5 @@
> +            email_enabled     => $self->type('boolean', $_->email_enabled),
> +            login_denied_text => $self->type('string', $_->disabledtext),
> +        }} @$user_objects;
> +
> +        return \@users;

nit: weird indentation

@@ +466,5 @@
> +that you have bless privileges for will be returned.
> +
> +=over
> +
> +=item C<ids> (array) - An array of integers representing group ids.

these params are formatted different from the other two methods in this file.

        Attachment #8429625 -
        Flags: review?(glob) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        bug1014345-v4.patch (obsolete)
        — Splinter Review
      

    


  

        Attachment #8429625 -
        Attachment is obsolete: true

        Attachment #8435408 -
        Flags: review?(glob)

    
    

    
  
Comment on attachment 8435408 [details] [diff] [review]
bug1014345-v4.patch

Review of attachment 8435408 [details] [diff] [review]:
-----------------------------------------------------------------

the issue with different error messages from the last review hasn't been fixed.
requiring login is great, however i'm not calling the method unauthenticated - it's an authenticated call made by an unblessed user.

        Attachment #8435408 -
        Flags: review?(glob) → review-

    
    

    
  


  

        Attachment #8435408 -
        Attachment is obsolete: true

        Attachment #8444183 -
        Flags: review?(glob)

    
    

    
  
Comment on attachment 8444183 [details] [diff] [review]
bug1014345-v5.patch

Review of attachment 8444183 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob, with fix-on-commit for the error code.

::: Bugzilla/WebService/Constants.pm
@@ +141,4 @@
>      auth_invalid_email           => 302,
>      extern_id_conflict           => -303,
>      auth_failure                 => 304,
> +    group_cannot_view            => 304,

as this is different from an authentication failure (it's a permissions issue), it shouldn't return the same code as auth_failure.

the code should be in the 800-900 range

        Attachment #8444183 -
        Flags: review?(glob) → review+

    
  
Flags: approval+

    
    

    
  
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   2db0429..2cb56fb  master -> master
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED

    
    

    
  
Comment on attachment 8444183 [details] [diff] [review]
bug1014345-v5.patch

>=== modified file 'Bugzilla/WebService/Group.pm'

>+sub get {

>+    my $all_groups = $user->in_group('edituser') || $user->in_group('creategroups');
>+    if (!$all_groups && ! scalar(@{$user->bless_groups})) {

There is no 'edituser' group. It's 'editusers'. Also, it's much cleaner to call $user->can_bless instead of scalar(@{$user->bless_groups}).

    
  
Keywords: relnote

    
    

    
  
(In reply to Frédéric Buclin from comment #11) 
> >+    my $all_groups = $user->in_group('edituser') || $user->in_group('creategroups');
> >+    if (!$all_groups && ! scalar(@{$user->bless_groups})) {
> 
> There is no 'edituser' group. It's 'editusers'. Also, it's much cleaner to
> call $user->can_bless instead of scalar(@{$user->bless_groups}).

To get this fix into 4.5.5 I am trying to push out today, I went ahead and committed the changes needed.

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   a61e957..cf3e8bc  master -> master

dkl

    
    

    
  
Added to relnotes for 5.0rc1.
Keywords: relnote

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: