[Bps-public-commit] rt-extension-rest2 branch, add-validation-methods, created. 1.09-16-gff638a4
? sunnavy
sunnavy at bestpractical.com
Thu Feb 11 09:54:21 EST 2021
The branch, add-validation-methods has been created
at ff638a47de5aafa2fb8ac7346ffb194f3a6d355b (commit)
- Log -----------------------------------------------------------------
commit ff638a47de5aafa2fb8ac7346ffb194f3a6d355b
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Fri Feb 5 15:47:36 2021 -0500
Add explicit validation methods for tickets
Define validation methods for ticket create, update,
and message via correspond/comment. This provides a cleaner
way to override and add custom validation. This refactor
does not add any new validation itself.
diff --git a/lib/RT/Extension/REST2/Resource/Message.pm b/lib/RT/Extension/REST2/Resource/Message.pm
index 2d39e33..e8d9266 100644
--- a/lib/RT/Extension/REST2/Resource/Message.pm
+++ b/lib/RT/Extension/REST2/Resource/Message.pm
@@ -116,6 +116,17 @@ sub add_message {
Subject => $args{Subject},
);
+ # Check for any bad input data before making updates
+ my ($ok, $errmsg, $return_code) = $self->validate_input(\%args);
+ if (!$ok) {
+ if ( $return_code ) {
+ return error_as_json($self->response, \$return_code, $errmsg);
+ }
+ else {
+ return error_as_json($self->response, \400, $errmsg);
+ }
+ }
+
# Process attachments
foreach my $attachment (@{$args{Attachments}}) {
$MIME->attach(
@@ -216,6 +227,15 @@ sub create_path {
return "/transaction/$id";
}
+sub validate_input {
+ my $self = shift;
+ my $args = shift;
+
+ # Add CF and other pre-update validation here
+
+ return (1, 'Validation passed');
+}
+
__PACKAGE__->meta->make_immutable;
1;
diff --git a/lib/RT/Extension/REST2/Resource/Ticket.pm b/lib/RT/Extension/REST2/Resource/Ticket.pm
index f8cf37a..1502ab6 100644
--- a/lib/RT/Extension/REST2/Resource/Ticket.pm
+++ b/lib/RT/Extension/REST2/Resource/Ticket.pm
@@ -12,7 +12,8 @@ with (
=> { -alias => { hypermedia_links => '_default_hypermedia_links' } },
'RT::Extension::REST2::Resource::Record::Deletable',
'RT::Extension::REST2::Resource::Record::Writable'
- => { -alias => { create_record => '_create_record' } },
+ => { -alias => { create_record => '_create_record',
+ update_record => '_update_record'} },
);
sub dispatch_rules {
@@ -30,18 +31,11 @@ sub create_record {
my $self = shift;
my $data = shift;
- return (\400, "Could not create ticket. Queue not set") if !$data->{Queue};
-
- my $queue = RT::Queue->new(RT->SystemUser);
- $queue->Load($data->{Queue});
-
- return (\400, "Unable to find queue") if !$queue->Id;
-
- return (\403, $self->record->loc("No permission to create tickets in the queue '[_1]'", $queue->Name))
- unless $self->record->CurrentUser->HasRight(
- Right => 'CreateTicket',
- Object => $queue,
- ) and $queue->Disabled != 1;
+ # Check for any bad input data before creating a ticket
+ my ($ok, $msg, $return_code) = $self->validate_input(Data => $data, Action => 'create');
+ if (!$ok) {
+ return (\$return_code, $msg);
+ }
if ( defined $data->{Content} ) {
$data->{MIMEObj} = HTML::Mason::Commands::MakeMIMEEntity(
@@ -52,10 +46,25 @@ sub create_record {
);
}
- my ($ok, $txn, $msg) = $self->_create_record($data);
+ my ($txn);
+ ($ok, $txn, $msg) = $self->_create_record($data);
return ($ok, $msg);
}
+sub update_record {
+ my $self = shift;
+ my $data = shift;
+
+ my ($ok, $msg, $return_code) = $self->validate_input(Data => $data, Action => 'update');
+
+ # XXX TODO: refactor update_resource to accept return_code in response
+ if (!$ok) {
+ return (0, $msg);
+ }
+
+ return $self->_update_record($data);
+}
+
sub forbidden {
my $self = shift;
return 0 unless $self->record->id;
@@ -123,6 +132,36 @@ sub hypermedia_links {
return $links;
}
+sub validate_input {
+ my $self = shift;
+ my %args = ( Data => '',
+ Action => '',
+ @_ );
+ my $data = $args{'Data'};
+
+ if ( $args{'Action'} eq 'create' ) {
+ return (0, "Could not create ticket. Queue not set", 400) if !$data->{Queue};
+
+ my $queue = RT::Queue->new(RT->SystemUser);
+ $queue->Load($data->{Queue});
+
+ return (0, "Unable to find queue", 400) if !$queue->Id;
+
+ return (0, $self->record->loc("No permission to create tickets in the queue '[_1]'", $queue->Name), 403)
+ unless $self->record->CurrentUser->HasRight(
+ Right => 'CreateTicket',
+ Object => $queue,
+ ) and $queue->Disabled != 1;
+ }
+
+ if ( $args{'Action'} eq 'update' ) {
+ # Add pre-update input validation
+ }
+
+ return (1, "Validation passed");
+}
+
+
__PACKAGE__->meta->make_immutable;
1;
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list