From 038ad70fb31b787509c30c6499f3fab77356005a Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 14 Oct 2016 14:23:20 +0100 Subject: [PATCH] Bug 17445: Just some refactoring The idea is to make the code more readable moving the code to its own subroutine Signed-off-by: Josef Moravec Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall --- Koha/REST/V1.pm | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/Koha/REST/V1.pm b/Koha/REST/V1.pm index 35d2bfbf0f..4fa0df3a7c 100644 --- a/Koha/REST/V1.pm +++ b/Koha/REST/V1.pm @@ -91,14 +91,8 @@ sub authenticate_api_request { ) if $cookie and $action_spec->{'x-koha-authorization'}; } - # Check for malformed query parameters - my @errors; - my %valid_parameters = map { $_->{name} => 1 if $_->{in} eq 'query' } @{$action_spec->{parameters}}; - my $existing_params = $c->req->query_params->to_hash; - for my $param ( keys %{$existing_params} ) { - push @errors, { path => "/query/".$param, message => 'Malformed query string' } unless exists $valid_parameters{$param}; - } - return $c->render_swagger({},\@errors,400) if @errors; + my @errors = validate_parameters( $c, $action_spec ); + return $c->render_swagger({}, \@errors, 400) if @errors; return $next->($c) unless $action_spec->{'x-koha-authorization'}; unless ($user) { @@ -107,9 +101,11 @@ sub authenticate_api_request { my $authorization = $action_spec->{'x-koha-authorization'}; my $permissions = $authorization->{'permissions'}; - return $next->($c) if C4::Auth::haspermission($user->userid, $permissions); - return $next->($c) if allow_owner($c, $authorization, $user); - return $next->($c) if allow_guarantor($c, $authorization, $user); + if ( C4::Auth::haspermission($user->userid, $permissions) + or allow_owner($c, $authorization, $user) + or allow_guarantor($c, $authorization, $user) ) { + return $next->($c) + } return $c->render_swagger( { error => "Authorization failure. Missing required permission(s).", required_permissions => $permissions }, @@ -118,6 +114,20 @@ sub authenticate_api_request { ); } +sub validate_parameters { + my ( $c, $action_spec ) = @_; + + # Check for malformed query parameters + my @errors; + my %valid_parameters = map { ( $_->{in} eq 'query' ) ? ( $_->{name} => 1 ) : () } @{ $action_spec->{parameters} }; + my $existing_params = $c->req->query_params->to_hash; + for my $param ( keys %{$existing_params} ) { + push @errors, { path => "/query/" . $param, message => 'Malformed query string' } unless exists $valid_parameters{$param}; + } + return @errors; +} + + =head3 allow_owner Allows access to object for its owner. -- 2.39.5