Bug 1389372 - Add REST API endpoint to validate whether a BMO user ID can see a given...

diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm
index 0d88114f6c80b9bb3c6a74b89cefa4e5218ccc38..84561c3dbb336c763b69ba84e8181a8e076a3abd 100644 (file)
--- a/extensions/PhabBugz/lib/WebService.pm
+++ b/extensions/PhabBugz/lib/WebService.pm
@@ -23,6 +23,7 @@ use Bugzilla::User;
 use Bugzilla::Util qw(correct_urlbase detaint_natural);
 use Bugzilla::WebService::Constants;
 
+use Bugzilla::Extension::PhabBugz::Constants;
 use Bugzilla::Extension::PhabBugz::Util qw(
     create_revision_attachment
     create_private_revision_policy
@@ -41,6 +42,7 @@ use constant PUBLIC_METHODS => qw(
     revision
 );
 
+
 sub revision {
     my ($self, $params) = @_;
 
@@ -110,8 +112,35 @@ sub revision {
     };
 }
 
+sub check_user_permission_for_bug {
+    my ($self, $params) = @_;
+
+    my $user = Bugzilla->login(LOGIN_REQUIRED);
+
+    # Ensure PhabBugz is on
+    ThrowUserError('phabricator_not_enabled')
+        unless Bugzilla->params->{phabricator_enabled};
+
+    # Validate that the requesting user's email matches phab-bot
+    ThrowUserError('phabricator_unauthorized_user')
+        unless $user->login eq PHAB_AUTOMATION_USER;
+
+    # Validate that a bug id and user id are provided
+    ThrowUserError('phabricator_invalid_request_params')
+        unless ($params->{bug_id} && $params->{user_id});
+
+    # Validate that the user and bug exist
+    my $target_user = Bugzilla::User->check({ id => $params->{user_id}, cache => 1 });
+
+    # Send back an object which says { "result": 1|0 }
+    return {
+        result => $target_user->can_see_bug($params->{bug_id})
+    };
+}
+
 sub rest_resources {
     return [
+        # Revision creation
         qr{^/phabbugz/revision/([^/]+)$}, {
             POST => {
                 method => 'revision',
@@ -119,6 +148,15 @@ sub rest_resources {
                     return { revision => $_[0] };
                 }
             }
+        },
+        # Bug permission checks
+        qr{^/phabbugz/check_bug/(\d+)/(\d+)$}, {
+            GET => {
+                method => 'check_user_permission_for_bug',
+                params => sub {
+                    return { bug_id => $_[0], user_id => $_[1] };
+                }
+            }
         }
     ];
 }

diff --git a/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl
index 60cd089232623b93f30ab16c34b8babe40dffb09..1457e352553224544a5c859c22d54fd6dbd6012e 100644 (file)
--- a/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl
+++ b/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -18,8 +18,22 @@
   [% title = "Invalid Phabricator Sync Groups" %]
   You must provide a comma delimited list of security groups
   to sync with Phabricator.
+
 [% ELSIF error == "invalid_phabricator_revision_id" %]
   [% title = "Invalid Phabricator Revision ID" %]
   You must provide a valid Phabricator revision ID.
 
+[% ELSIF error == "phabricator_not_enabled" %]
+  [% title = "Phabricator Support Not Enabled" %]
+  The Phabricator to Bugzilla library, PhabBugz,
+  is not enabled in Bugzilla.
+
+[% ELSIF error == "phabricator_invalid_request_params" %]
+  [% title = "Incomplete Information Provided by Phabricator" %]
+  The parameters 'user_id' and '[% terms.bug %]_id' must be provided.
+
+[% ELSIF error == "phabricator_unauthorized_user" %]
+  [% title = "Unauthorized User" %]
+  You do not have permission to use this endpoint.
+
 [% END %]