Update Conduit Maniphest CRUD API(s) to not accept crud

+48

src/applications/conduit/method/maniphest/base/ConduitAPI_maniphest_Method.php

··· 21 21 */ 22 22 abstract class ConduitAPI_maniphest_Method extends ConduitAPIMethod { 23 23 24 + public function defineErrorTypes() { 25 + return array( 26 + 'ERR-INVALID-PARAMETER' => 'Missing or malformed parameter.' 27 + ); 28 + } 29 + 24 30 protected function buildTaskInfoDictionary(ManiphestTask $task) { 25 31 $results = $this->buildTaskInfoDictionaries(array($task)); 26 32 return idx($results, $task->getPHID()); ··· 88 94 89 95 $status = $request->getValue('status'); 90 96 if ($status !== null) { 97 + $valid_statuses = ManiphestTaskStatus::getTaskStatusMap(); 98 + if (!isset($valid_statuses[$status])) { 99 + throw id(new ConduitException('ERR-INVALID-PARAMETER')) 100 + ->setErrorDescription('Status set to invalid value.'); 101 + } 91 102 $changes[ManiphestTransactionType::TYPE_STATUS] = $status; 92 103 } 93 104 } 94 105 95 106 $priority = $request->getValue('priority'); 96 107 if ($priority !== null) { 108 + $valid_priorities = ManiphestTaskPriority::getTaskPriorityMap(); 109 + if (!isset($valid_priorities[$priority])) { 110 + throw id(new ConduitException('ERR-INVALID-PARAMETER')) 111 + ->setErrorDescription('Priority set to invalid value.'); 112 + } 97 113 $changes[ManiphestTransactionType::TYPE_PRIORITY] = $priority; 98 114 } 99 115 100 116 $owner_phid = $request->getValue('ownerPHID'); 101 117 if ($owner_phid !== null) { 118 + $this->validatePHIDList(array($owner_phid), 119 + PhabricatorPHIDConstants::PHID_TYPE_USER, 120 + 'ownerPHID'); 102 121 $changes[ManiphestTransactionType::TYPE_OWNER] = $owner_phid; 103 122 } 104 123 105 124 $ccs = $request->getValue('ccPHIDs'); 106 125 if ($ccs !== null) { 126 + $this->validatePHIDList($ccs, 127 + PhabricatorPHIDConstants::PHID_TYPE_USER, 128 + 'ccPHIDS'); 107 129 $changes[ManiphestTransactionType::TYPE_CCS] = $ccs; 108 130 } 109 131 110 132 $project_phids = $request->getValue('projectPHIDs'); 111 133 if ($project_phids !== null) { 134 + $this->validatePHIDList($project_phids, 135 + PhabricatorPHIDConstants::PHID_TYPE_PROJ, 136 + 'projectPHIDS'); 112 137 $changes[ManiphestTransactionType::TYPE_PROJECTS] = $project_phids; 113 138 } 114 139 115 140 $file_phids = $request->getValue('filePHIDs'); 116 141 if ($file_phids !== null) { 142 + $this->validatePHIDList($file_phids, 143 + PhabricatorPHIDConstants::PHID_TYPE_FILE, 144 + 'filePHIDS'); 117 145 $file_map = array_fill_keys($file_phids, true); 118 146 $attached = $task->getAttached(); 119 147 $attached[PhabricatorPHIDConstants::PHID_TYPE_FILE] = $file_map; ··· 221 249 } 222 250 223 251 return $result; 252 + } 253 + 254 + /** 255 + * Note this is a temporary stop gap since its easy to make malformed Tasks. 256 + * Long-term, the values set in @{method:defineParamTypes} will be used to 257 + * validate data implicitly within the larger Conduit application. 258 + * 259 + * TODO -- remove this in favor of generalized Conduit hotness 260 + */ 261 + private function validatePHIDList(array $phid_list, $phid_type, $field) { 262 + $phid_groups = phid_group_by_type($phid_list); 263 + unset($phid_groups[$phid_type]); 264 + if (!empty($phid_groups)) { 265 + throw id(new ConduitException('ERR-INVALID-PARAMETER')) 266 + ->setErrorDescription( 267 + 'One or more PHIDs were invalid for '.$field.'.' 268 + ); 269 + } 270 + 271 + return true; 224 272 } 225 273 226 274 }

+2

src/applications/conduit/method/maniphest/base/__init__.php

··· 7 7 8 8 9 9 phutil_require_module('phabricator', 'applications/conduit/method/base'); 10 + phutil_require_module('phabricator', 'applications/conduit/protocol/exception'); 10 11 phutil_require_module('phabricator', 'applications/maniphest/constants/priority'); 11 12 phutil_require_module('phabricator', 'applications/maniphest/constants/status'); 12 13 phutil_require_module('phabricator', 'applications/maniphest/constants/transactiontype'); ··· 15 16 phutil_require_module('phabricator', 'applications/maniphest/storage/transaction'); 16 17 phutil_require_module('phabricator', 'applications/metamta/contentsource/source'); 17 18 phutil_require_module('phabricator', 'applications/phid/constants'); 19 + phutil_require_module('phabricator', 'applications/phid/utils'); 18 20 phutil_require_module('phabricator', 'infrastructure/env'); 19 21 phutil_require_module('phabricator', 'infrastructure/events/constant/type'); 20 22 phutil_require_module('phabricator', 'infrastructure/events/event');

+1

src/applications/conduit/method/maniphest/createtask/ConduitAPI_maniphest_createtask_Method.php

··· 36 36 37 37 public function defineErrorTypes() { 38 38 return array( 39 + 'ERR-INVALID-PARAMETER' => 'Missing or malformed parameter.' 39 40 ); 40 41 } 41 42

+7 -6

src/applications/conduit/method/maniphest/update/ConduitAPI_maniphest_update_Method.php

··· 26 26 return "Update an existing Maniphest task."; 27 27 } 28 28 29 + public function defineErrorTypes() { 30 + return array( 31 + 'ERR-BAD-TASK' => 'No such maniphest task exists.', 32 + 'ERR-INVALID-PARAMETER' => 'Missing or malformed parameter.' 33 + ); 34 + } 35 + 29 36 public function defineParamTypes() { 30 37 return $this->getTaskFields($is_new = false); 31 38 } 32 39 33 40 public function defineReturnType() { 34 41 return 'nonempty dict'; 35 - } 36 - 37 - public function defineErrorTypes() { 38 - return array( 39 - 'ERR-BAD-TASK' => 'No such task exists.', 40 - ); 41 42 } 42 43 43 44 protected function execute(ConduitAPIRequest $request) {

Configure Feed

Configure Feed