From e8d909c11faeb5a4f84f39ef50e0eaf8ea65046d Mon Sep 17 00:00:00 2001
From: Dominik Csapak <d.csapak@proxmox.com>
Date: Mon, 9 Mar 2020 12:18:16 +0100
Subject: [PATCH] api/quarantine: add safer endpoint for user white/blacklist
 address deletion

having the entry as part of the url causes many problems since it can
contain special characters like '/.,' etc., and that can break API
call path-to-method resolution.

Passing it as parameter makes it easier for callers (frontends) and
safer for backend to use

Note that the new api calls overwrites the parameter pattern with '',
so no formatting limits for the entries

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ Thomas: improved commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/PMG/API2/Quarantine.pm | 54 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/src/PMG/API2/Quarantine.pm b/src/PMG/API2/Quarantine.pm
index 5cb0f8e..272dfdb 100644
--- a/src/PMG/API2/Quarantine.pm
+++ b/src/PMG/API2/Quarantine.pm
@@ -275,6 +275,33 @@ __PACKAGE__->register_method ({
 	return undef;
     }});
 
+__PACKAGE__->register_method ({
+    name => 'whitelist_delete_base',
+    path => 'whitelist',
+    method => 'DELETE',
+    description => "Delete user whitelist entries.",
+    permissions => { check => [ 'admin', 'qmanager', 'audit', 'quser'] },
+    protected => 1,
+    parameters => {
+	additionalProperties => 0,
+	properties => {
+	    pmail => $pmail_param_type,
+	    address => get_standard_option('pmg-whiteblacklist-entry-list', {
+		pattern => '',
+		description => "The address you want to remove.",
+	    }),
+	},
+    },
+    returns => { type => 'null' },
+    code => sub {
+	my ($param) = @_;
+
+	my $addresses = [split(',', $param->{address})];
+	$read_or_modify_user_bw_list->('WL', $param, $addresses, 1);
+
+	return undef;
+    }});
+
 __PACKAGE__->register_method ({
     name => 'whitelist_delete',
     path => 'whitelist/{address}',
@@ -356,6 +383,33 @@ __PACKAGE__->register_method ({
 	return undef;
     }});
 
+__PACKAGE__->register_method ({
+    name => 'blacklist_delete_base',
+    path => 'blacklist',
+    method => 'DELETE',
+    description => "Delete user blacklist entries.",
+    permissions => { check => [ 'admin', 'qmanager', 'audit', 'quser'] },
+    protected => 1,
+    parameters => {
+	additionalProperties => 0,
+	properties => {
+	    pmail => $pmail_param_type,
+	    address => get_standard_option('pmg-whiteblacklist-entry-list', {
+		pattern => '',
+		description => "The address you want to remove.",
+	    }),
+	},
+    },
+    returns => { type => 'null' },
+    code => sub {
+	my ($param) = @_;
+
+	my $addresses = [split(',', $param->{address})];
+	$read_or_modify_user_bw_list->('BL', $param, $addresses, 1);
+
+	return undef;
+    }});
+
 __PACKAGE__->register_method ({
     name => 'blacklist_delete',
     path => 'blacklist/{address}',
-- 
2.39.5