Closed Bug 709944 Opened 13 years ago Closed 13 years ago

Expose groups of which a user is part

Categories

(Bugzilla :: WebService, enhancement)

Product:
Bugzilla
Component:
WebService
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.4

People

(Reporter: jdm, Assigned: dkl)

References

Details

Attachments

(1 file)

Patch to return groups each user is a member of in User.get (v1)
3.06 KB, patch
glob
: review+
Details | Diff | Splinter Review
For a tool I'm writing which uses the BzAPI, I would to determine if a user is part of the 'default-assignees' group to check if a bug is actually assigned to a user or not. However, that information is not available to the existing API.
Blocks: 709428
Severity: normal → enhancement
OS: Mac OS X → All
Hardware: x86 → All
Currently User.get does not export group information with User.get which could be added. User.get does have the side effect of allowing you to check if someone is *in* a partcular group if you already know the group name. User.get({ names => ['dkl@mozilla.com'], groups => ['canconfirm'] }); It will return a user object if the user is in canconfirm, or an empty list if that user is not in the group. I can look into updating User.get to return group information for each user. It should be filtered properly by include_fields, exclude_fields just like other attributes. dkl
Assignee: webservice → dkl
Status: NEW → ASSIGNED
User.get returns new key called groups which is a list of group hashes each user is a member of. The groups are filtered based on whether the calling user is in editusers or can bless the group. dkl
Attachment #595302 - Flags: review?(glob)
Comment on attachment 595302 [details] [diff] [review] Patch to return groups each user is a member of in User.get (v1) r=glob
Attachment #595302 - Flags: review?(glob) → review+
Flags: approval?
Target Milestone: --- → Bugzilla 4.4
Comment on attachment 595302 [details] [diff] [review] Patch to return groups each user is a member of in User.get (v1) >+sub _group_to_hash { >+ my ($self, $group) = @_; >+ my $item = { >+ id => $self->type('int', $group->id), >+ name => $self->type('string', $group->name), >+ description => $self->type('string', $group->description), >+ }; >+ return $item; >+} Is this really the right way to do it? Wouldn't it make more sense to only return group IDs and let the caller call Group.get (which hasn't been implemented yet) to get more info if needed?
(In reply to Frédéric Buclin from comment #4) > Comment on attachment 595302 [details] [diff] [review] > Patch to return groups each user is a member of in User.get (v1) > > >+sub _group_to_hash { > >+ my ($self, $group) = @_; > >+ my $item = { > >+ id => $self->type('int', $group->id), > >+ name => $self->type('string', $group->name), > >+ description => $self->type('string', $group->description), > >+ }; > >+ return $item; > >+} > > Is this really the right way to do it? Wouldn't it make more sense to only > return group IDs and let the caller call Group.get (which hasn't been > implemented yet) to get more info if needed? Well that would create another separate call for each group returned especially if there are many. I can imagine the client really just wants the group names when they request the information so giving them that at the same time as the id I feel is harmless for now. Especially as Group.get is not yet implemented and people have asked about getting groups for a user sooner rather than later. Also name and description are already loaded even if we just return the id so there is no extra performance hit to do so. dkl
Flags: approval? → approval+
Keywords: relnote
Apologize that these were two separate checkins. I updated the release notes as well. trunk: Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/trunk modified template/en/default/pages/release-notes.html.tmpl Committed revision 8121. Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/trunk modified Bugzilla/WebService/User.pm Committed revision 8122. dkl
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Keywords: relnote
Resolution: --- → FIXED
Dkl & Glob, thanks for these commits. They're going to be really helpful ya'll.
(In reply to David Lawrence [:dkl] from comment #6) > Committing to: > bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/trunk > modified template/en/default/pages/release-notes.html.tmpl > Committed revision 8121. Please backout this change. We cannot add anything about 4.4 before 4.4rc1 is released. You added notes to the 4.2 release notes!
Keywords: relnote
Don't we have a thing that we don't reveal group names to people who are not members of that group, for security reasons - or have we dropped that? If we have that, doesn't this patch break that constraint? Gerv
(In reply to Gervase Markham [:gerv] from comment #9) > Don't we have a thing that we don't reveal group names to people who are not > members of that group, for security reasons - or have we dropped that? > > If we have that, doesn't this patch break that constraint? the patch has > next unless ($user->in_group('editusers') || $user->can_bless($group->id)); which should restrict the group membership visibility.
Flags: testcase?
Added to the relnotes for 4.4.
Keywords: relnote
Blocks: 808300
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/qa/4.4/ modified t/webservice_user_get.t Committed revision 240.
Flags: testcase? → testcase+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: