recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Remove obsolete, policy-violating "owners.query" API method

Summary: See <https://hackerone.com/reports/1584409>. This obsolete API method is technically policy-violating: Owners packages have had policies since D15275. See also T10360.

Test Plan: Viewed Conduit API console, no longer saw API method available.

Differential Revision: https://secure.phabricator.com/D21850

epriestley 3052ed14 835cd7f2

-168
-2
src/__phutil_library_map__.php
··· 2013 2013 'OwnersConduitAPIMethod' => 'applications/owners/conduit/OwnersConduitAPIMethod.php', 2014 2014 'OwnersEditConduitAPIMethod' => 'applications/owners/conduit/OwnersEditConduitAPIMethod.php', 2015 2015 'OwnersPackageReplyHandler' => 'applications/owners/mail/OwnersPackageReplyHandler.php', 2016 - 'OwnersQueryConduitAPIMethod' => 'applications/owners/conduit/OwnersQueryConduitAPIMethod.php', 2017 2016 'OwnersSearchConduitAPIMethod' => 'applications/owners/conduit/OwnersSearchConduitAPIMethod.php', 2018 2017 'PHIDConduitAPIMethod' => 'applications/phid/conduit/PHIDConduitAPIMethod.php', 2019 2018 'PHIDInfoConduitAPIMethod' => 'applications/phid/conduit/PHIDInfoConduitAPIMethod.php', ··· 8253 8252 'OwnersConduitAPIMethod' => 'ConduitAPIMethod', 8254 8253 'OwnersEditConduitAPIMethod' => 'PhabricatorEditEngineAPIMethod', 8255 8254 'OwnersPackageReplyHandler' => 'PhabricatorMailReplyHandler', 8256 - 'OwnersQueryConduitAPIMethod' => 'OwnersConduitAPIMethod', 8257 8255 'OwnersSearchConduitAPIMethod' => 'PhabricatorSearchEngineAPIMethod', 8258 8256 'PHIDConduitAPIMethod' => 'ConduitAPIMethod', 8259 8257 'PHIDInfoConduitAPIMethod' => 'PHIDConduitAPIMethod',
-166
src/applications/owners/conduit/OwnersQueryConduitAPIMethod.php
··· 1 - <?php 2 - 3 - final class OwnersQueryConduitAPIMethod extends OwnersConduitAPIMethod { 4 - 5 - public function getAPIMethodName() { 6 - return 'owners.query'; 7 - } 8 - 9 - public function getMethodStatus() { 10 - return self::METHOD_STATUS_DEPRECATED; 11 - } 12 - 13 - public function getMethodStatusDescription() { 14 - return pht('Obsolete; use "owners.search" instead.'); 15 - } 16 - 17 - 18 - public function getMethodDescription() { 19 - return pht('Query for Owners packages. Obsoleted by "owners.search".'); 20 - } 21 - 22 - protected function defineParamTypes() { 23 - return array( 24 - 'userOwner' => 'optional string', 25 - 'projectOwner' => 'optional string', 26 - 'userAffiliated' => 'optional string', 27 - 'repositoryCallsign' => 'optional string', 28 - 'path' => 'optional string', 29 - ); 30 - } 31 - 32 - protected function defineReturnType() { 33 - return 'dict<phid -> dict of package info>'; 34 - } 35 - 36 - protected function defineErrorTypes() { 37 - return array( 38 - 'ERR-INVALID-USAGE' => pht( 39 - 'Provide one of a single owner phid (user/project), a single '. 40 - 'affiliated user phid (user), or a repository/path.'), 41 - 'ERR-INVALID-PARAMETER' => pht('Parameter should be a phid.'), 42 - 'ERR_REP_NOT_FOUND' => pht('The repository callsign is not recognized.'), 43 - ); 44 - } 45 - 46 - protected static function queryAll() { 47 - return id(new PhabricatorOwnersPackage())->loadAll(); 48 - } 49 - 50 - protected static function queryByOwner($owner) { 51 - $is_valid_phid = 52 - phid_get_type($owner) == PhabricatorPeopleUserPHIDType::TYPECONST || 53 - phid_get_type($owner) == PhabricatorProjectProjectPHIDType::TYPECONST; 54 - 55 - if (!$is_valid_phid) { 56 - throw id(new ConduitException('ERR-INVALID-PARAMETER')) 57 - ->setErrorDescription( 58 - pht( 59 - 'Expected user/project PHID for owner, got %s.', 60 - $owner)); 61 - } 62 - 63 - $owners = id(new PhabricatorOwnersOwner())->loadAllWhere( 64 - 'userPHID = %s', 65 - $owner); 66 - 67 - $package_ids = mpull($owners, 'getPackageID'); 68 - $packages = array(); 69 - foreach ($package_ids as $id) { 70 - $packages[] = id(new PhabricatorOwnersPackage())->load($id); 71 - } 72 - return $packages; 73 - } 74 - 75 - private static function queryByPath( 76 - PhabricatorUser $viewer, 77 - $repo_callsign, 78 - $path) { 79 - 80 - $repository = id(new PhabricatorRepositoryQuery()) 81 - ->setViewer($viewer) 82 - ->withCallsigns(array($repo_callsign)) 83 - ->executeOne(); 84 - 85 - if (!$repository) { 86 - throw id(new ConduitException('ERR_REP_NOT_FOUND')) 87 - ->setErrorDescription( 88 - pht( 89 - 'Repository callsign %s not recognized', 90 - $repo_callsign)); 91 - } 92 - if ($path == null) { 93 - return PhabricatorOwnersPackage::loadPackagesForRepository($repository); 94 - } else { 95 - return PhabricatorOwnersPackage::loadOwningPackages( 96 - $repository, $path); 97 - } 98 - } 99 - 100 - public static function buildPackageInformationDictionaries($packages) { 101 - assert_instances_of($packages, 'PhabricatorOwnersPackage'); 102 - 103 - $result = array(); 104 - foreach ($packages as $package) { 105 - $p_owners = $package->loadOwners(); 106 - $p_paths = $package->loadPaths(); 107 - 108 - $owners = array_values(mpull($p_owners, 'getUserPHID')); 109 - $paths = array(); 110 - foreach ($p_paths as $p) { 111 - $paths[] = array($p->getRepositoryPHID(), $p->getPath()); 112 - } 113 - 114 - $result[$package->getPHID()] = array( 115 - 'phid' => $package->getPHID(), 116 - 'name' => $package->getName(), 117 - 'description' => $package->getDescription(), 118 - 'owners' => $owners, 119 - 'paths' => $paths, 120 - ); 121 - } 122 - return $result; 123 - } 124 - 125 - protected function execute(ConduitAPIRequest $request) { 126 - $is_owner_query = 127 - ($request->getValue('userOwner') || 128 - $request->getValue('projectOwner')) ? 129 - 1 : 0; 130 - 131 - $is_affiliated_query = $request->getValue('userAffiliated') ? 1 : 0; 132 - 133 - $repo = $request->getValue('repositoryCallsign'); 134 - $path = $request->getValue('path'); 135 - $is_path_query = $repo ? 1 : 0; 136 - 137 - if ($is_owner_query + $is_path_query + $is_affiliated_query === 0) { 138 - // if no search terms are provided, return everything 139 - $packages = self::queryAll(); 140 - } else if ($is_owner_query + $is_path_query + $is_affiliated_query > 1) { 141 - // otherwise, exactly one of these should be provided 142 - throw new ConduitException('ERR-INVALID-USAGE'); 143 - } 144 - 145 - if ($is_affiliated_query) { 146 - $query = id(new PhabricatorOwnersPackageQuery()) 147 - ->setViewer($request->getUser()); 148 - 149 - $query->withAuthorityPHIDs(array($request->getValue('userAffiliated'))); 150 - 151 - $packages = $query->execute(); 152 - } else if ($is_owner_query) { 153 - $owner = nonempty( 154 - $request->getValue('userOwner'), 155 - $request->getValue('projectOwner')); 156 - 157 - $packages = self::queryByOwner($owner); 158 - 159 - } else if ($is_path_query) { 160 - $packages = self::queryByPath($request->getUser(), $repo, $path); 161 - } 162 - 163 - return self::buildPackageInformationDictionaries($packages); 164 - } 165 - 166 - }