From 8e1265c45ddfc53d4bcbfc51e25b297e3592daf4 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Thu, 14 Apr 2022 13:47:06 +0100 Subject: [PATCH] Bug 30536: Remove validation overhead With the introduction of proper validation of collection headers in OpenAPI we no longer need to do our own validation here. This patch removes the early validation of x-koha-embed headers in preference to letting OpenAPI do it once and only once instead. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Marcel de Rooy Signed-off-by: Fridolin Somers --- Koha/REST/Plugin/Query.pm | 29 +++++------------------------ Koha/REST/V1/Auth.pm | 2 +- 2 files changed, 6 insertions(+), 25 deletions(-) diff --git a/Koha/REST/Plugin/Query.pm b/Koha/REST/Plugin/Query.pm index f14fa6fdc9..a8e2380264 100644 --- a/Koha/REST/Plugin/Query.pm +++ b/Koha/REST/Plugin/Query.pm @@ -145,7 +145,6 @@ Generates the DBIC prefetch attribute based on embedded relations, and merges in my $attributes = $args->{attributes}; my $result_set = $args->{result_set}; my $embed = $c->stash('koha.embed'); - return unless defined $embed; my @prefetches; @@ -229,41 +228,23 @@ Merges parameters from $q_params into $filtered_params. =head3 stash_embed - $c->stash_embed( $c->match->endpoint->pattern->defaults->{'openapi.op_spec'} ); + $c->stash_embed( ); =cut $app->helper( 'stash_embed' => sub { - my ( $c, $args ) = @_; - - my $spec = $args->{spec} // {}; - - my $embed_spec; - for my $param (@{$spec->{parameters}}) { - next unless $param->{name} eq 'x-koha-embed'; - $embed_spec = $param->{items}->{enum}; - } + my ( $c ) = @_; my $embed_header = $c->req->headers->header('x-koha-embed'); - - Koha::Exceptions::BadParameter->throw("Embedding objects is not allowed on this endpoint.") - if $embed_header and !defined $embed_spec; - - if ( $embed_header ) { + if ($embed_header) { my $THE_embed = {}; foreach my $embed_req ( split /\s*,\s*/, $embed_header ) { - my $matches = grep {lc $_ eq lc $embed_req} @{ $embed_spec }; - - Koha::Exceptions::BadParameter->throw( - error => 'Embeding '.$embed_req. ' is not authorised. Check your x-koha-embed headers or remove it.' - ) unless $matches; - - _merge_embed( _parse_embed($embed_req), $THE_embed); + _merge_embed( _parse_embed($embed_req), $THE_embed ); } $c->stash( 'koha.embed' => $THE_embed ) - if $THE_embed; + if $THE_embed; } return $c; diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 7bbf97fc05..d535770f6e 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -157,7 +157,7 @@ sub authenticate_api_request { # TODO: remove the latter 'openapi.op_spec' if minimum version is bumped to at least 1.17. my $spec = $c->openapi->spec || $c->match->endpoint->pattern->defaults->{'openapi.op_spec'}; - $c->stash_embed({ spec => $spec }); + $c->stash_embed(); $c->stash_overrides(); my $cookie_auth = 0; -- 2.39.5