<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">Hi Marc,</span><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">Thanks for your quick reply.</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">I had a look at the links you suggested, thanks for them.</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969);
"><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">In my extension/Extension.pm file I try to get the logged in user and there is no problem, the logged in user & encrypted password can be found.</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">The problem I face is at the callback stage. Eg. The user types 3 characters into the field and that triggers the Javascript to issue a callback to the web service. </div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">At
the callback time I try to do the find (in my extension/lib/WebService.pm file) but the logged in user is undefined. </div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">I can't help thinking I'm missing something blindingly obvious! Do I need to pass in credentials when calling the webservice, so that the user can first be logged in here then the details I need can be found? That can be done but I don't want to be writing the user id and encrypted password to the page, or depending on a browser cookie. </div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255,
255, 255, 0.917969); ">I don't know what the proper 'bugzilla' methodology/workflow of using the web service is.</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">Anyway I am rambling on! If you could offer me further guidance it would be greatly appreciated.</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">Thanks,</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255,
255, 0.917969); ">---</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); ">Steven</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; background-color: rgba(255, 255, 255, 0.917969); "><br><br><div class="gmail_quote">On 5 June 2012 17:15, Marc Schumann <span dir="ltr"><<a href="mailto:wurblzap@gmail.com" target="_blank" style="color: rgb(17, 85, 204); ">wurblzap@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; ">Steven,<br><br>use Bugzilla->user to find out whether the user is logged in (see <a
href="http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla.html" target="_blank" style="color: rgb(17, 85, 204); ">http://www.bugzilla.org/docs/<wbr>tip/en/html/api/Bugzilla.html</a>)<wbr>.<br>Check out <a href="http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/User.html" target="_blank" style="color: rgb(17, 85, 204); ">http://www.bugzilla.org/docs/<wbr>tip/en/html/api/Bugzilla/User.<wbr>html</a>, too -- there are some can_see_* methods which may be of use to you.<br><br>Further reading is at <a href="http://www.bugzilla.org/docs/tip/en/html/api/" target="_blank" style="color: rgb(17, 85, 204); ">http://www.bugzilla.org/docs/<wbr>tip/en/html/api/</a>.<br><br> Good luck<font color="#888888"><br> Marc</font><div><br><br><div class="gmail_quote">2012/6/5 Steven Tierney <span dir="ltr"><<a href="mailto:steven_tierney@yahoo.co.uk" target="_blank" style="color: rgb(17, 85, 204);
">steven_tierney@yahoo.co.uk</a>></span><br><blockquote class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; ">Hi,<br><br>I have developed a new extension for Bugzilla. It uses the web service to access previously entered bug information in order to suggest autocomplete data for custom fields. Using jQuery, it's fully configurable through Bugzilla web pages accessible from within the Administration area.<br><br>There are security implications here because it will potentially expose bug data which might otherwise be secure. For that reason I need advice on how to verify in the web service that<br>1. a user is logged in and,<br>2. is cleared to access bug data.<br><br>I did check the Bugzilla source files but, not being very used to coding in Perl and not knowing how security
'works' in Bugzilla, I don't know where to start!<br><br>I wonder if anyone can point me towards some documentation or give advice / code snippets that may help.<br><br>The validation has to happen in the Webservice.pm file of the extension.<br><br><br>Thanks in advance!</blockquote></div></div></blockquote></div></div></div> </div></body></html>