[usit-rt.git] / share / html / REST / 1.0 / dhandler

%# BEGIN BPS TAGGED BLOCK {{{
%#
%# COPYRIGHT:
%#
%# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
%#                                          <sales@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
%#
%#
%# LICENSE:
%#
%# This work is made available to you under the terms of Version 2 of
%# the GNU General Public License. A copy of that license should have
%# been provided with this software, but in any event can be snarfed
%# from www.gnu.org.
%#
%# This work is distributed in the hope that it will be useful, but
%# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%# General Public License for more details.
%#
%# You should have received a copy of the GNU General Public License
%# along with this program; if not, write to the Free Software
%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
%# 02110-1301 or visit their web page on the internet at
%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
%#
%#
%# CONTRIBUTION SUBMISSION POLICY:
%#
%# (The following paragraph is not intended to limit the rights granted
%# to you to modify and distribute this software under the terms of
%# the GNU General Public License and is only of importance to you if
%# you choose to contribute your changes and enhancements to the
%# community by submitting them to Best Practical Solutions, LLC.)
%#
%# By intentionally submitting any modifications, corrections or
%# derivatives to this work, or any other work intended for use with
%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
%# you are the copyright holder for those contributions and you grant
%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
%# royalty-free, perpetual, license to use, copy, create derivative
%# works based on those contributions, and sublicense and distribute
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
%# REST/1.0/dhandler
%#
<%ARGS>
@id => ()
$fields => undef
$format => undef
$content => undef
</%ARGS>
<%INIT>
use RT::Interface::REST;

my $output = "";
my $status = "200 Ok";
my $object = $m->dhandler_arg;

my $name   = qr{[\w.-]+};
my $list   = '(?:(?:\d+-)?\d+,)*(?:\d+-)?\d+';
my $label   = '[^,\\/]+';
my $field  = RT::Interface::REST->field_spec;
my $labels = "(?:$label,)*$label";

# We must handle requests such as the following:
#
# 1. http://.../REST/1.0/show (with a list of object specifications).
# 2. http://.../REST/1.0/edit (with a self-contained list of forms).
# 3. http://.../REST/1.0/ticket/show (implicit type specification).
#    http://.../REST/1.0/ticket/edit
# 4. http://.../REST/1.0/ticket/nn (all possibly with a single form).
#    http://.../REST/1.0/ticket/nn/history
#    http://.../REST/1.0/ticket/nn/comment
#    http://.../REST/1.0/ticket/nn/attachment/1
#
# Objects are specified by their type, and either a unique numeric ID,
# or a unique name (e.g. ticket/1, queue/foo). Multiple objects of the
# same type may be specified by a comma-separated list of identifiers
# (e.g., user/ams,rai or ticket/1-3,5-7).
#
# Ultimately, we want a list of object specifications to operate upon.
# The URLs in (4) provide enough information to identify an object. We
# will assemble submitted information into that format in other cases.
#
my (@objects, $forms);
my $utype;

if ($object eq 'show' ||                                # $REST/show
    (($utype) = ($object =~ m{^($name)/show$})))        # $REST/ticket/show
{
    # We'll convert type/range specifications ("ticket/1-3,7-9/history")
    # into a list of singular object specifications ("ticket/1/history").
    # If the URL specifies a type, we'll accept only that one.
    foreach my $id (@id) {
        $id =~ s|^(?:$utype/)?|$utype/| if $utype;
        if (my ($type, $oids, $extra) =
            ($id =~ m#^($name)/($list|$labels)(?:(/.*))?$#o))
        {
            $extra ||= '';
            my ($attr, $args) = $extra =~ m{^(?:/($name)(?:/(.*))?)?$}o;
            my $tids;
            if ($attr and $attr eq 'history' and $args) {
                ($tids) = $args =~ m#id/(\d.*)#o;
            }
            # expand transaction and attachment range specifications
            # (if applicable)
            foreach my $oid (expand_list($oids)) {
                if ($tids) {
                    push(@objects, "$type/$oid/$attr/id/$_") for expand_list($tids);
                } else {
                    push(@objects, "$type/$oid$extra");
                }
            }
        }
        else {
            $status = "400 Bad Request";
            $output = "Invalid object ID specified: '$id'";
            goto OUTPUT;
        }
    }
}
elsif ($object eq 'edit' ||                             # $REST/edit
    (($utype) = ($object =~ m{^($name)/edit$})))        # $REST/ticket/edit
{
    # We'll make sure each of the submitted forms is syntactically valid
    # and sufficiently identifies an object to operate upon, then add to
    # the object list as above.
    my @output;

    $forms = form_parse($content);
    foreach my $form (@$forms) {
        my ($c, $o, $k, $e) = @$form;

        if ($e) {
            push @output, [ "# Syntax error.", $o, $k, $e ];
        }
        else {
            my ($type, $id);

            # Look for matching types in the ID, form, and URL.
            $type = $utype || $k->{id};
            $type =~ s|^([^/]+)/\d+$|$1| if !$utype;
            $type =~ s|^(?:$utype)?|$utype/| if $utype;
            $type =~ s|/$|| if $type;

            if (exists $k->{id}) {
                $id = $k->{id};
                $id =~ s|^(?:$type/)?|$type/| if $type;

                if ($id =~ m#^$name/(?:$label|\d+)(?:/.*)?#o) {
                    push @objects, $id;
                }
                else {
                    push @output, [ "# Invalid object ID: '$id'", $o, $k, $e ];
                }
            }
            else {
                push @output, [ "# No object ID specified.", $o, $k, $e ];
            }
        }
    }
    # If we saw any errors at this stage, we won't process any part of
    # the submitted data.
    if (@output) {
        unshift @output, [ "# Please resubmit with errors corrected." ];
        $status = "409 Syntax Error";
        $output = form_compose(\@output);
        goto OUTPUT;
    }
}
else {
    # We'll assume that this is in the correct format already. Otherwise
    # it will be caught by the loop below.
    push @objects, $object;

    if ($content) {
        $forms = form_parse($content);

        if (@$forms > 1) {
            $status = "400 Bad Request";
            $output = "You may submit only one form to this object.";
            goto OUTPUT;
        }

        my ($c, $o, $k, $e) = @{ $forms->[0] };
        if ($e) {
            $status = "409 Syntax Error";
            $output = form_compose([ ["# Syntax error.", $o, $k, $e] ]);
            goto OUTPUT;
        }
    }
}

# Make sure we have something to do.
unless (@objects) {
    $status = "400 Bad Request";
    $output = "No objects specified.";
    goto OUTPUT;
}

# Parse and validate any field specifications.
my (%fields, @fields);
if ($fields) {
    unless ($fields =~ /^(?:$field,)*$field$/) {
        $status = "400 Bad Request";
        $output = "Invalid field specification: $fields";
        goto OUTPUT;
    }
    @fields = map lc, split /\s*,\s*/, $fields;
    @fields{@fields} = ();
    unless (exists $fields{id}) {
        unshift @fields, "id";
        $fields{id} = ();
    }

    # canonicalize cf-foo to cf.{foo}
    for my $field (@fields) {
        if ($field =~ /^(c(?:ustom)?f(?:ield)?)-(.+)/) {
            $fields{"cf.{$2}"} = delete $fields{"$1-$2"};

            # overwrite the element in @fields
            $field = "cf.{$2}";
        }
    }
}

my (@comments, @output);

foreach $object (@objects) {
    my ($handler, $type, $id, $attr, $args);
    my ($c, $o, $k, $e) = ("", ["id"], {id => $object}, 0);

    my $i = 0;
    if ($object =~ m{^($name)/(\d+|$label)(?:/($name)(?:/(.*))?)?$}o ||
        $object =~ m{^($name)/(new)$}o)
    {
        ($type, $id, $attr, $args) = ($1, $2, ($3 || 'default'), $4);
        $handler = "Forms/$type/$attr";

        unless ($m->comp_exists($handler)) {
            $args = defined $args ? "$attr/$args" : $attr;
            $handler = "Forms/$type/default";

            unless ($m->comp_exists($handler)) {
                $i = 2;
                $c = "# Unknown object type: $type";
            }
        }
        elsif ($id ne 'new' && $id !~ /^\d+$/) {
            my $ns = "Forms/$type/ns";

            # Can we resolve named objects?
            unless ($m->comp_exists($ns)) {
                $i = 3;
                $c = "# Objects of type $type must be specified by numeric id.";
            }
            else {
                my ($n, $s) = $m->comp("Forms/$type/ns", id => $id);
                if ($n <= 0) { $i = 4; $c = "# $s"; }
                else         { $i = 0; $id = $n;    }
            }
        }
        else {
            $i = 0;
        }
    }
    else {
        $i = 1;
        $c = "# Invalid object specification: '$object'";
    }

    if ($i != 0) {
        if ($content) {
            (undef, $o, $k, $e) = @{ shift @$forms };
        }
        push @output, [ $c, $o, $k ];
        next;
    }

    unless ($content) {
        my $d = $m->comp($handler, id => $id, args => $args, format => $format, fields => \%fields);
        my ($c, $o, $k, $e) = @$d;

        if (!$e && @$o && keys %fields) {
            my %lk = map { lc $_ => $_ } keys %$k;
            @$o = map { $lk{$_} } @fields;
            foreach my $key (keys %$k) {
                delete $k->{$key} unless exists $fields{lc $key};
            }
        }
        push(@output, [ $c, $o, $k ]) if ($c || @$o || keys %$k);
    }
    else {
        my ($c, $o, $k, $e) = @{ shift @$forms };
        my $d = $m->comp($handler, id => $id, args => $args, format => $format,
                         changes => $k);
        ($c, $o, $k, $e) = @$d;

        # We won't pass $e through to compose, trusting instead that the
        # handler added suitable comments for the user.
        if ($e) {
            if (@$o) {
                $status = "409 Syntax Error";
            } 
            else {
                $status = "400 Bad Request";
            }
            push @output, [ $c, $o, $k ];
        }
        else {
            push @comments, $c;
        }
    }
}

unshift(@output, [ join "\n", @comments ]) if @comments;
$output = form_compose(\@output);

OUTPUT:
$m->out("RT/".$RT::VERSION ." ".$status ."\n\n$output\n") if ($output || $status !~ /^200/);
return;
</%INIT>
Commit	Line	Data
84fb5b46 MKG	1	%# BEGIN BPS TAGGED BLOCK {{{
	2	%#
	3	%# COPYRIGHT:
	4	%#
320f0092	5	%# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
84fb5b46 MKG	6	%# <sales@bestpractical.com>
	7	%#
	8	%# (Except where explicitly superseded by other copyright notices)
	9	%#
	10	%#
	11	%# LICENSE:
	12	%#
	13	%# This work is made available to you under the terms of Version 2 of
	14	%# the GNU General Public License. A copy of that license should have
	15	%# been provided with this software, but in any event can be snarfed
	16	%# from www.gnu.org.
	17	%#
	18	%# This work is distributed in the hope that it will be useful, but
	19	%# WITHOUT ANY WARRANTY; without even the implied warranty of
	20	%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	21	%# General Public License for more details.
	22	%#
	23	%# You should have received a copy of the GNU General Public License
	24	%# along with this program; if not, write to the Free Software
	25	%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	26	%# 02110-1301 or visit their web page on the internet at
	27	%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
	28	%#
	29	%#
	30	%# CONTRIBUTION SUBMISSION POLICY:
	31	%#
	32	%# (The following paragraph is not intended to limit the rights granted
	33	%# to you to modify and distribute this software under the terms of
	34	%# the GNU General Public License and is only of importance to you if
	35	%# you choose to contribute your changes and enhancements to the
	36	%# community by submitting them to Best Practical Solutions, LLC.)
	37	%#
	38	%# By intentionally submitting any modifications, corrections or
	39	%# derivatives to this work, or any other work intended for use with
	40	%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
	41	%# you are the copyright holder for those contributions and you grant
	42	%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
	43	%# royalty-free, perpetual, license to use, copy, create derivative
	44	%# works based on those contributions, and sublicense and distribute
	45	%# those contributions and any derivatives thereof.
	46	%#
	47	%# END BPS TAGGED BLOCK }}}
	48	%# REST/1.0/dhandler
	49	%#
	50	<%ARGS>
	51	@id => ()
	52	$fields => undef
	53	$format => undef
	54	$content => undef
	55	</%ARGS>
	56	<%INIT>
	57	use RT::Interface::REST;
	58
	59	my $output = "";
	60	my $status = "200 Ok";
	61	my $object = $m->dhandler_arg;
	62
	63	my $name = qr{[\w.-]+};
	64	my $list = '(?:(?:\d+-)?\d+,)*(?:\d+-)?\d+';
403d7b0b	65	my $label = '[^,\\/]+';
84fb5b46 MKG	66	my $field = RT::Interface::REST->field_spec;
	67	my $labels = "(?:$label,)*$label";
	68
	69	# We must handle requests such as the following:
	70	#
	71	# 1. http://.../REST/1.0/show (with a list of object specifications).
	72	# 2. http://.../REST/1.0/edit (with a self-contained list of forms).
	73	# 3. http://.../REST/1.0/ticket/show (implicit type specification).
	74	# http://.../REST/1.0/ticket/edit
	75	# 4. http://.../REST/1.0/ticket/nn (all possibly with a single form).
	76	# http://.../REST/1.0/ticket/nn/history
	77	# http://.../REST/1.0/ticket/nn/comment
	78	# http://.../REST/1.0/ticket/nn/attachment/1
	79	#
	80	# Objects are specified by their type, and either a unique numeric ID,
	81	# or a unique name (e.g. ticket/1, queue/foo). Multiple objects of the
	82	# same type may be specified by a comma-separated list of identifiers
	83	# (e.g., user/ams,rai or ticket/1-3,5-7).
	84	#
	85	# Ultimately, we want a list of object specifications to operate upon.
	86	# The URLs in (4) provide enough information to identify an object. We
	87	# will assemble submitted information into that format in other cases.
	88	#
	89	my (@objects, $forms);
	90	my $utype;
	91
	92	if ($object eq 'show' \|\| # $REST/show
	93	(($utype) = ($object =~ m{^($name)/show$}))) # $REST/ticket/show
	94	{
	95	# We'll convert type/range specifications ("ticket/1-3,7-9/history")
	96	# into a list of singular object specifications ("ticket/1/history").
	97	# If the URL specifies a type, we'll accept only that one.
	98	foreach my $id (@id) {
	99	$id =~ s\|^(?:$utype/)?\|$utype/\| if $utype;
	100	if (my ($type, $oids, $extra) =
	101	($id =~ m#^($name)/($list\|$labels)(?:(/.*))?$#o))
	102	{
af59614d MKG	103	$extra \|\|= '';
	104	my ($attr, $args) = $extra =~ m{^(?:/($name)(?:/(.*))?)?$}o;
	105	my $tids;
	106	if ($attr and $attr eq 'history' and $args) {
	107	($tids) = $args =~ m#id/(\d.*)#o;
	108	}
	109	# expand transaction and attachment range specifications
	110	# (if applicable)
	111	foreach my $oid (expand_list($oids)) {
	112	if ($tids) {
	113	push(@objects, "$type/$oid/$attr/id/$_") for expand_list($tids);
	114	} else {
	115	push(@objects, "$type/$oid$extra");
	116	}
	117	}
	118	}
84fb5b46 MKG	119	else {
	120	$status = "400 Bad Request";
	121	$output = "Invalid object ID specified: '$id'";
	122	goto OUTPUT;
	123	}
	124	}
	125	}
	126	elsif ($object eq 'edit' \|\| # $REST/edit
	127	(($utype) = ($object =~ m{^($name)/edit$}))) # $REST/ticket/edit
	128	{
	129	# We'll make sure each of the submitted forms is syntactically valid
	130	# and sufficiently identifies an object to operate upon, then add to
	131	# the object list as above.
	132	my @output;
	133
	134	$forms = form_parse($content);
	135	foreach my $form (@$forms) {
	136	my ($c, $o, $k, $e) = @$form;
	137
	138	if ($e) {
	139	push @output, [ "# Syntax error.", $o, $k, $e ];
	140	}
	141	else {
	142	my ($type, $id);
	143
	144	# Look for matching types in the ID, form, and URL.
	145	$type = $utype \|\| $k->{id};
	146	$type =~ s\|^([^/]+)/\d+$\|$1\| if !$utype;
	147	$type =~ s\|^(?:$utype)?\|$utype/\| if $utype;
	148	$type =~ s\|/$\|\| if $type;
	149
	150	if (exists $k->{id}) {
	151	$id = $k->{id};
	152	$id =~ s\|^(?:$type/)?\|$type/\| if $type;
	153
	154	if ($id =~ m#^$name/(?:$label\|\d+)(?:/.*)?#o) {
	155	push @objects, $id;
	156	}
	157	else {
	158	push @output, [ "# Invalid object ID: '$id'", $o, $k, $e ];
	159	}
	160	}
	161	else {
	162	push @output, [ "# No object ID specified.", $o, $k, $e ];
	163	}
	164	}
	165	}
	166	# If we saw any errors at this stage, we won't process any part of
	167	# the submitted data.
	168	if (@output) {
	169	unshift @output, [ "# Please resubmit with errors corrected." ];
	170	$status = "409 Syntax Error";
	171	$output = form_compose(\@output);
	172	goto OUTPUT;
	173	}
	174	}
	175	else {
	176	# We'll assume that this is in the correct format already. Otherwise
	177	# it will be caught by the loop below.
	178	push @objects, $object;
	179
	180	if ($content) {
	181	$forms = form_parse($content);
	182
183	if (@$forms > 1) {
184	$status = "400 Bad Request";
185	$output = "You may submit only one form to this object.";
186	goto OUTPUT;
187	}
188
189	my ($c, $o, $k, $e) = @{ $forms->[0] };
190	if ($e) {
191	$status = "409 Syntax Error";
192	$output = form_compose([ ["# Syntax error.", $o, $k, $e] ]);
193	goto OUTPUT;
194	}
195	}
196	}
197
198	# Make sure we have something to do.
199	unless (@objects) {
200	$status = "400 Bad Request";
201	$output = "No objects specified.";
202	goto OUTPUT;
203	}
204
205	# Parse and validate any field specifications.
206	my (%fields, @fields);
207	if ($fields) {
208	unless ($fields =~ /^(?:$field,)*$field$/) {
209	$status = "400 Bad Request";
210	$output = "Invalid field specification: $fields";
211	goto OUTPUT;
212	}
213	@fields = map lc, split /\s,\s/, $fields;
214	@fields{@fields} = ();
215	unless (exists $fields{id}) {
216	unshift @fields, "id";
217	$fields{id} = ();
218	}
219
220	# canonicalize cf-foo to cf.{foo}
221	for my $field (@fields) {
222	if ($field =~ /^(c(?:ustom)?f(?:ield)?)-(.+)/) {
223	$fields{"cf.{$2}"} = delete $fields{"$1-$2"};
224
225	# overwrite the element in @fields
226	$field = "cf.{$2}";
227	}
228	}
229	}
230
231	my (@comments, @output);
232
233	foreach $object (@objects) {
234	my ($handler, $type, $id, $attr, $args);
235	my ($c, $o, $k, $e) = ("", ["id"], {id => $object}, 0);
236
237	my $i = 0;
238	if ($object =~ m{^($name)/(\d+\|$label)(?:/($name)(?:/(.*))?)?$}o \|\|
239	$object =~ m{^($name)/(new)$}o)
240	{
241	($type, $id, $attr, $args) = ($1, $2, ($3 \|\| 'default'), $4);
242	$handler = "Forms/$type/$attr";
243
244	unless ($m->comp_exists($handler)) {
403d7b0b	245	$args = defined $args ? "$attr/$args" : $attr;
84fb5b46 MKG	246	$handler = "Forms/$type/default";
	247
	248	unless ($m->comp_exists($handler)) {
	249	$i = 2;
	250	$c = "# Unknown object type: $type";
	251	}
	252	}
	253	elsif ($id ne 'new' && $id !~ /^\d+$/) {
	254	my $ns = "Forms/$type/ns";
	255
	256	# Can we resolve named objects?
	257	unless ($m->comp_exists($ns)) {
	258	$i = 3;
	259	$c = "# Objects of type $type must be specified by numeric id.";
	260	}
	261	else {
	262	my ($n, $s) = $m->comp("Forms/$type/ns", id => $id);
	263	if ($n <= 0) { $i = 4; $c = "# $s"; }
	264	else { $i = 0; $id = $n; }
	265	}
	266	}
	267	else {
	268	$i = 0;
	269	}
	270	}
	271	else {
	272	$i = 1;
	273	$c = "# Invalid object specification: '$object'";
	274	}
	275
	276	if ($i != 0) {
	277	if ($content) {
	278	(undef, $o, $k, $e) = @{ shift @$forms };
	279	}
	280	push @output, [ $c, $o, $k ];
	281	next;
	282	}
	283
	284	unless ($content) {
	285	my $d = $m->comp($handler, id => $id, args => $args, format => $format, fields => \%fields);
	286	my ($c, $o, $k, $e) = @$d;
	287
	288	if (!$e && @$o && keys %fields) {
	289	my %lk = map { lc $_ => $_ } keys %$k;
	290	@$o = map { $lk{$_} } @fields;
	291	foreach my $key (keys %$k) {
	292	delete $k->{$key} unless exists $fields{lc $key};
	293	}
	294	}
	295	push(@output, [ $c, $o, $k ]) if ($c \|\| @$o \|\| keys %$k);
	296	}
	297	else {
	298	my ($c, $o, $k, $e) = @{ shift @$forms };
	299	my $d = $m->comp($handler, id => $id, args => $args, format => $format,
	300	changes => $k);
	301	($c, $o, $k, $e) = @$d;
	302
	303	# We won't pass $e through to compose, trusting instead that the
	304	# handler added suitable comments for the user.
	305	if ($e) {
	306	if (@$o) {
	307	$status = "409 Syntax Error";
	308	}
	309	else {
310	$status = "400 Bad Request";
311	}
312	push @output, [ $c, $o, $k ];
313	}
314	else {
315	push @comments, $c;
316	}
317	}
318	}
319
320	unshift(@output, [ join "\n", @comments ]) if @comments;
321	$output = form_compose(\@output);
322
323	OUTPUT:
324	$m->out("RT/".$RT::VERSION ." ".$status ."\n\n$output\n") if ($output \|\| $status !~ /^200/);
325	return;
326	</%INIT>