[Rt-devel] Patch to add NoAuth/RSS and replace RSS feeds in search query with NoAuth/RSS with security key.
Jesse Vincent
jesse at bestpractical.com
Tue Oct 20 14:50:14 EDT 2009
Shane,
Thanks very much for the first draft of this patch.
To get something like this in core, I'ld like to see:
1) reuse of the code we're currently using in the iCalendar feeds.
You'll want to extract the token validation code from there into a new
mason component and then call it from both places.
2) A compatiblity wrapper in place of the old template so that old
feed links don't break
3) At least basic tests to ensure that we're generating reasonable
links to the new UI from RT's ticket lists and that the new feeds
aren't vulnerable to hostile users manipulating links.
Best,
Jesse
On Mon, Oct 19, 2009 at 04:46:27PM -0800, Shane Spencer wrote:
> Results.rdf should probably be removed, or the code from both
> Results.rdf and NoAuth/RSS should be consolidated into a common file.
>
> The new default is to offer NoAuth/RSS from the ResultViews
>
> - Shane
> From b1d9b8aecfa88f020b47a608462f1c89b01fc32a Mon Sep 17 00:00:00 2001
> From: Shane R. Spencer <spencersr at buckaroo.data.anc01.sateo.com>
> Date: Mon, 19 Oct 2009 16:15:43 -0800
> Subject: [PATCH] Add NoAuth/RSS and update ResultViews to offer NoAuth use key for RSS feeds
>
> ---
> share/html/NoAuth/RSS/dhandler | 130 ++++++++++++++++++++++++++++++++++++++++
> 1 files changed, 130 insertions(+), 0 deletions(-)
> create mode 100644 share/html/NoAuth/RSS/dhandler
>
> diff --git a/share/html/NoAuth/RSS/dhandler b/share/html/NoAuth/RSS/dhandler
> new file mode 100644
> index 0000000..b4f95bc
> --- /dev/null
> +++ b/share/html/NoAuth/RSS/dhandler
> @@ -0,0 +1,130 @@
> +%# BEGIN BPS TAGGED BLOCK {{{
> +%#
> +%# COPYRIGHT:
> +%#
> +%# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC
> +%# <jesse at bestpractical.com>
> +%#
> +%# (Except where explicitly superseded by other copyright notices)
> +%#
> +%#
> +%# LICENSE:
> +%#
> +%# This work is made available to you under the terms of Version 2 of
> +%# the GNU General Public License. A copy of that license should have
> +%# been provided with this software, but in any event can be snarfed
> +%# from www.gnu.org.
> +%#
> +%# This work is distributed in the hope that it will be useful, but
> +%# WITHOUT ANY WARRANTY; without even the implied warranty of
> +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +%# General Public License for more details.
> +%#
> +%# You should have received a copy of the GNU General Public License
> +%# along with this program; if not, write to the Free Software
> +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +%# 02110-1301 or visit their web page on the internet at
> +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
> +%#
> +%#
> +%# CONTRIBUTION SUBMISSION POLICY:
> +%#
> +%# (The following paragraph is not intended to limit the rights granted
> +%# to you to modify and distribute this software under the terms of
> +%# the GNU General Public License and is only of importance to you if
> +%# you choose to contribute your changes and enhancements to the
> +%# community by submitting them to Best Practical Solutions, LLC.)
> +%#
> +%# By intentionally submitting any modifications, corrections or
> +%# derivatives to this work, or any other work intended for use with
> +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
> +%# you are the copyright holder for those contributions and you grant
> +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
> +%# royalty-free, perpetual, license to use, copy, create derivative
> +%# works based on those contributions, and sublicense and distribute
> +%# those contributions and any derivatives thereof.
> +%#
> +%# END BPS TAGGED BLOCK }}}
> +<%init>
> +use Encode ();
> +
> +my $path = $m->dhandler_arg;
> +
> +my $notfound = sub {
> + $r->headers_out->{'Status'} = '404 Not Found';
> + $m->clear_and_abort;
> +};
> +
> +$notfound->() unless $path =~ m!^([^/]+)/([^/]+)/(.*)(\.(rdf|rss))?!;
> +
> +my ($name, $auth, $search) = ($1, $2, $3);
> +# Unescape parts
> +$_ =~ s/\%([0-9a-z]{2})/chr(hex($1))/gei for $name, $search;
> +# convert to perl strings
> +$_ = Encode::decode_utf8( $_ ) for $name, $search;
> +
> +my $user = RT::User->new( $RT::SystemUser );
> +$user->Load( $name );
> +$notfound->() unless $user->id;
> +
> +$notfound->() unless $user->ValidateAuthString( $auth, $search );
> +
> +my $cu = RT::CurrentUser->new;
> +$cu->Load($user);
> +my $tickets = RT::Tickets->new( $cu );
> +$tickets->FromSQL($search);
> +
> +if ($OrderBy =~ /\|/) {
> + # Multiple Sorts
> + my @OrderBy = split /\|/,$OrderBy;
> + my @Order = split /\|/,$Order;
> + $tickets->OrderByCols(
> + map { { FIELD => $OrderBy[$_], ORDER => $Order[$_] } } ( 0
> + .. $#OrderBy ) );;
> +} else {
> + $tickets->OrderBy(FIELD => $OrderBy, ORDER => $Order);
> +}
> +
> +$r->content_type('application/rss+xml');
> +
> +# create an RSS 1.0 file (http://purl.org/rss/1.0/)
> +use XML::RSS;
> +my $rss = new XML::RSS (version => '1.0');
> +$rss->channel(
> + title => RT->Config->Get('rtname').": Search" . $ARGS{'Query'},
> + link => RT->Config->Get('WebURL'),
> + description => "",
> + dc => {
> + },
> + generator => "RT v" . $RT::VERSION,
> + syn => {
> + updatePeriod => "hourly",
> + updateFrequency => "1",
> + updateBase => "1901-01-01T00:00+00:00",
> + },
> +);
> +
> +
> +while ( my $Ticket = $tickets->Next()) {
> + my $creator_str = $m->scomp('/Elements/ShowUser', User => $Ticket->CreatorObj);
> + $creator_str =~ s/[\r\n]//g;
> + $rss->add_item(
> + title => $Ticket->Subject || loc('No Subject'),
> + link => RT->Config->Get('WebURL')."Ticket/Display.html?id=".$Ticket->id,
> + description => $Ticket->Transactions->First->Content,
> + dc => { creator => $creator_str,
> + date => $Ticket->CreatedObj->RFC2822,
> + },
> + guid => $Ticket->Queue . '_' . $Ticket->id,
> + );
> +}
> +
> +$m->clear_buffer;
> +$m->out($rss->as_string);
> +$m->abort();
> +</%init>
> +<%ARGS>
> +$OrderBy => 'Created'
> +$Order => 'ASC'
> +</%ARGS>
> +
> --
> 1.5.6.5
>
> _______________________________________________
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel
--
More information about the Rt-devel
mailing list