From eff216747b8faa05b825edb899f588db93a7cc02 Mon Sep 17 00:00:00 2001 From: Agustin Moyano Date: Thu, 23 Jan 2020 01:50:29 -0300 Subject: [PATCH] Bug 24487: Don't apply matching criteria to path parameters This patch separates query parameters from path parameters, and uses exact matching for the later. To test: 1. Apply this patch 2. prove t/Koha/REST/Plugin/Query.t t/db_dependent/Koha/REST/Plugin/Objects.t SUCCESS => tests ok 3. Sign off Signed-off-by: Tomas Cohen Arazi Signed-off-by: Martin Renvoize Signed-off-by: Kyle M Hall Signed-off-by: Joy Nelson --- Koha/REST/Plugin/Objects.pm | 12 +++++++++++- Koha/REST/Plugin/Query.pm | 9 +++++++-- t/Koha/REST/Plugin/Query.t | 37 ++++++++++++++++--------------------- 3 files changed, 34 insertions(+), 24 deletions(-) diff --git a/Koha/REST/Plugin/Objects.pm b/Koha/REST/Plugin/Objects.pm index 3d314a784e..2952d8cd66 100644 --- a/Koha/REST/Plugin/Objects.pm +++ b/Koha/REST/Plugin/Objects.pm @@ -54,7 +54,7 @@ sub register { my $attributes = {}; # Extract reserved params - my ( $filtered_params, $reserved_params ) = $c->extract_reserved_params($args); + my ( $filtered_params, $reserved_params, $path_params ) = $c->extract_reserved_params($args); # Merge sorting into query attributes $c->dbic_merge_sorting( @@ -82,6 +82,16 @@ sub register { $filtered_params = $c->build_query_params( $filtered_params, $reserved_params ); } + if ( defined $path_params ) { + + # Apply the mapping function to the passed params + $filtered_params //= {}; + $path_params = $to_model->($path_params); + foreach my $param (keys %{$path_params}) { + $filtered_params->{$param} = $path_params->{$param}; + } + } + # Perform search my $objects = $objects_set->search( $filtered_params, $attributes ); diff --git a/Koha/REST/Plugin/Query.pm b/Koha/REST/Plugin/Query.pm index 14b3f5997e..71654123e9 100644 --- a/Koha/REST/Plugin/Query.pm +++ b/Koha/REST/Plugin/Query.pm @@ -53,19 +53,24 @@ Generates the DBIC query from the query parameters. my $reserved_params; my $filtered_params; + my $path_params; my $reserved_words = _reserved_words(); + my @query_param_names = keys %{$c->req->params->to_hash}; foreach my $param ( keys %{$params} ) { if ( grep { $param eq $_ } @{$reserved_words} ) { $reserved_params->{$param} = $params->{$param}; } - else { + elsif ( grep { $param eq $_ } @query_param_names ) { $filtered_params->{$param} = $params->{$param}; } + else { + $path_params->{$param} = $params->{$param}; + } } - return ( $filtered_params, $reserved_params ); + return ( $filtered_params, $reserved_params, $path_params ); } ); diff --git a/t/Koha/REST/Plugin/Query.t b/t/Koha/REST/Plugin/Query.t index 2fc027c149..9c13d9f985 100644 --- a/t/Koha/REST/Plugin/Query.t +++ b/t/Koha/REST/Plugin/Query.t @@ -32,13 +32,7 @@ get '/empty' => sub { get '/query' => sub { my $c = shift; - my $input = { - _page => 2, - _per_page => 3, - firstname => 'Manuel', - surname => 'Cohen Arazi' - }; - my ( $filtered_params, $reserved_params ) = $c->extract_reserved_params($input); + my ( $filtered_params, $reserved_params ) = $c->extract_reserved_params($c->req->params->to_hash); $c->render( json => { filtered_params => $filtered_params, @@ -48,21 +42,17 @@ get '/query' => sub { ); }; -get '/query_full' => sub { +get '/query_full/:id/:subid' => sub { my $c = shift; - my $input = { - _match => 'exact', - _order_by => 'blah', - _page => 2, - _per_page => 3, - firstname => 'Manuel', - surname => 'Cohen Arazi' - }; - my ( $filtered_params, $reserved_params ) = $c->extract_reserved_params($input); + my $params = $c->req->params->to_hash; + $params->{id} = $c->stash->{id}; + $params->{subid} = $c->stash->{subid}; + my ( $filtered_params, $reserved_params, $path_params ) = $c->extract_reserved_params($params); $c->render( json => { filtered_params => $filtered_params, - reserved_params => $reserved_params + reserved_params => $reserved_params, + path_params => $path_params }, status => 200 ); @@ -136,16 +126,16 @@ use Test::Mojo; subtest 'extract_reserved_params() tests' => sub { - plan tests => 8; + plan tests => 9; my $t = Test::Mojo->new; - $t->get_ok('/query')->status_is(200) + $t->get_ok('/query?_page=2&_per_page=3&firstname=Manuel&surname=Cohen%20Arazi')->status_is(200) ->json_is( '/filtered_params' => { firstname => 'Manuel', surname => 'Cohen Arazi' } ) ->json_is( '/reserved_params' => { _page => 2, _per_page => 3 } ); - $t->get_ok('/query_full')->status_is(200) + $t->get_ok('/query_full/with/path?_match=exact&_order_by=blah&_page=2&_per_page=3&firstname=Manuel&surname=Cohen%20Arazi')->status_is(200) ->json_is( '/filtered_params' => { firstname => 'Manuel', @@ -157,6 +147,11 @@ subtest 'extract_reserved_params() tests' => sub { _per_page => 3, _match => 'exact', _order_by => 'blah' + } ) + ->json_is( + '/path_params' => { + id => 'with', + subid => 'path' } ); }; -- 2.39.5