hlapi config values

Author: cconard96

CHANGELOG.md

@@ -29,8 +29,11 @@ The present file will list all changes made to the project; according to the
 ## [11.0.1] 2025-10-09
 
 ### Added
+- High-Level API endpoints for configuration settings `/Setup/Config/{context}/{name}`.
 
 ### Changed
+- Added High-Level API version 2.1. Make sure you are pinning your requests to a specific version (Ex: `/api.php/v2.0`) if needed to exclude endpoints/properties added in later versions. See version pinning in the getting started documentation `/api.php/getting-started`.
+- High-Level API responses for not found routes now correctly return a body including the standard error properties (status, title, detail). This is not controlled by the API version.
 
 ### Deprecated
 

src/Glpi/Api/HL/Controller/SetupController.php

@@ -37,6 +37,7 @@
 
 use AuthLDAP;
 use CommonDBTM;
+use Config;
 use Glpi\Api\HL\Doc as Doc;
 use Glpi\Api\HL\Middleware\ResultFormatterMiddleware;
 use Glpi\Api\HL\ResourceAccessor;
@@ -104,6 +105,21 @@ public static function getRawKnownSchemas(): array
                     ],
                 ],
             ],
+            'Config' => [
+                'x-version-introduced' => '2.1',
+                'x-itemtype' => Config::class,
+                'type' => Doc\Schema::TYPE_OBJECT,
+                'properties' => [
+                    'id' => [
+                        'type' => Doc\Schema::TYPE_INTEGER,
+                        'format' => Doc\Schema::FORMAT_INTEGER_INT64,
+                        'readOnly' => true,
+                    ],
+                    'context' => ['type' => Doc\Schema::TYPE_STRING],
+                    'name' => ['type' => Doc\Schema::TYPE_STRING],
+                    'value' => ['type' => Doc\Schema::TYPE_STRING],
+                ],
+            ],
         ];
     }
 
@@ -118,6 +134,7 @@ public static function getSetupTypes(bool $types_only = true): array
         if ($types === null) {
             $types = [
                 'LDAPDirectory' => AuthLDAP::getTypeName(1),
+                // Do not add Config here as it is handled specially
             ];
         }
         return $types_only ? array_keys($types) : $types;
@@ -212,4 +229,86 @@ public function deleteItem(Request $request): Response
         $itemtype = $request->getAttribute('itemtype');
         return ResourceAccessor::deleteBySchema($this->getKnownSchema($itemtype, $this->getAPIVersion($request)), $request->getAttributes(), $request->getParameters());
     }
+
+    private function isUndisclosedConfig(string $context, string $name): bool
+    {
+        $f = ['context' => $context, 'name' => $name, 'value' => 'dummy'];
+        Config::unsetUndisclosedFields($f);
+        return !array_key_exists('value', $f);
+    }
+
+    #[Route(path: '/Config/{context}/{name}', methods: ['PATCH'], requirements: [
+        'context' => '\w+',
+        'name' => '\w+',
+    ], middlewares: [ResultFormatterMiddleware::class])]
+    #[RouteVersion(introduced: '2.1')]
+    #[Doc\UpdateRoute(schema_name: 'Config')]
+    public function setConfigValue(Request $request): Response
+    {
+        // Skip using ResourceAccessor given the particularities of Config
+        if (!Config::canUpdate()) {
+            return AbstractController::getAccessDeniedErrorResponse();
+        }
+        $context = $request->getAttribute('context');
+        $name = $request->getAttribute('name');
+        $value = $request->getParameter('value');
+        Config::setConfigurationValues($context, [$name => $value]);
+        // Return the updated config
+        if ($this->isUndisclosedConfig($context, $name)) {
+            // If the field is undisclosed, only return a 204 to indicate success without revealing the value
+            return new JSONResponse(null, 204);
+        }
+        return new JSONResponse([
+            'context' => $context,
+            'name'    => $name,
+            'value'   => Config::getConfigurationValue($context, $name),
+        ]);
+    }
+
+    #[Route(path: '/Config/{context}/{name}', methods: ['GET'], requirements: [
+        'context' => '\w+',
+        'name' => '\w+',
+    ], middlewares: [ResultFormatterMiddleware::class])]
+    #[RouteVersion(introduced: '2.1')]
+    #[Doc\GetRoute(schema_name: 'Config')]
+    public function getConfigValue(Request $request): Response
+    {
+        // Skip using ResourceAccessor given the particularities of Config
+        $context = $request->getAttribute('context');
+        $name = $request->getAttribute('name');
+        $config = new Config();
+        if (!$config->getFromDBByCrit(['context' => $context, 'name'    => $name,])) {
+            return AbstractController::getNotFoundErrorResponse();
+        }
+        if ($this->isUndisclosedConfig($context, $name) || !$config->can($config->getID(), READ)) {
+            return AbstractController::getAccessDeniedErrorResponse();
+        }
+        return new JSONResponse([
+            'context' => $context,
+            'name'    => $name,
+            'value'   => Config::getConfigurationValue($context, $name),
+        ]);
+    }
+
+    #[Route(path: '/Config/{context}/{name}', methods: ['DELETE'], requirements: [
+        'context' => '\w+',
+        'name' => '\w+',
+    ])]
+    #[RouteVersion(introduced: '2.1')]
+    #[Doc\DeleteRoute(schema_name: 'Config')]
+    public function deleteConfigValue(Request $request): Response
+    {
+        // Skip using ResourceAccessor given the particularities of Config
+        if (!Config::canUpdate()) {
+            return AbstractController::getAccessDeniedErrorResponse();
+        }
+        $context = $request->getAttribute('context');
+        $name = $request->getAttribute('name');
+        $config = new Config();
+        if (!$config->getFromDBByCrit(['context' => $context, 'name' => $name])) {
+            return AbstractController::getNotFoundErrorResponse();
+        }
+        Config::deleteConfigurationValues($context, [$name]);
+        return new JSONResponse(null, 204);
+    }
 }

tests/functional/Glpi/Api/HL/Controller/SetupControllerTest.php

@@ -35,6 +35,7 @@
 namespace tests\units\Glpi\Api\HL\Controller;
 
 use AuthLDAP;
+use Config;
 use Glpi\Api\HL\Middleware\InternalAuthMiddleware;
 use Glpi\Http\Request;
 
@@ -156,4 +157,129 @@ public function testCRUDNoRights()
                 });
         });
     }
+
+    public function testCRUDConfigValues()
+    {
+        $this->loginWeb();
+
+        $this->api->getRouter()->registerAuthMiddleware(new InternalAuthMiddleware());
+        // Can get a config value
+        $this->api->call(new Request('GET', '/Setup/Config/core/priority_1'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->isOK()
+                ->jsonContent(function ($content) {
+                    $this->assertEquals('priority_1', $content['name']);
+                    $this->assertEquals('core', $content['context']);
+                    $this->assertEquals('#fff2f2', $content['value']);
+                });
+        });
+
+        // Get an undisclosable config value
+        Config::setConfigurationValues('core', ['smtp_passwd' => 'test']);
+        $this->api->call(new Request('GET', '/Setup/Config/core/smtp_passwd'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response->isAccessDenied();
+        });
+
+        // Not existing config value
+        $this->api->call(new Request('GET', '/Setup/Config/core/notrealconfig'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response->isNotFoundError();
+        });
+
+        // Can update a config value
+        $request = new Request('PATCH', '/Setup/Config/core/priority_1');
+        $request->setParameter('value', '#ffffff');
+        $this->api->call($request, function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->isOK()
+                ->jsonContent(function ($content) {
+                    $this->assertEquals('priority_1', $content['name']);
+                    $this->assertEquals('core', $content['context']);
+                    $this->assertEquals('#ffffff', $content['value']);
+                });
+        });
+        $this->api->call(new Request('GET', '/Setup/Config/core/priority_1'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->isOK()
+                ->jsonContent(function ($content) {
+                    $this->assertEquals('priority_1', $content['name']);
+                    $this->assertEquals('core', $content['context']);
+                    $this->assertEquals('#ffffff', $content['value']);
+                });
+        });
+
+        // Can update an undisclosable config value
+        $request = new Request('PATCH', '/Setup/Config/core/smtp_passwd');
+        $request->setParameter('value', 'newtest');
+        $this->api->call($request, function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->status(static fn ($status) => $status === 204);
+        });
+
+        // Can delete a config value
+        $this->api->call(new Request('DELETE', '/Setup/Config/core/priority_1'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->status(static fn ($status) => $status === 204);
+        });
+        $this->api->call(new Request('GET', '/Setup/Config/core/priority_1'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response->isNotFoundError();
+        });
+
+        // Can delete an undisclosable config value
+        $this->api->call(new Request('DELETE', '/Setup/Config/core/smtp_passwd'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->status(static fn ($status) => $status === 204);
+        });
+
+        // Cannot get an undisclosable config value using GraphQL
+        //FIXME: There are currently no restrictions in GraphQL to avoid fetching undisclosable config values
+        $request = new Request('POST', '/GraphQL', [], 'query { Config(filter: "context==core;name==smtp_passwd") { context, name, value } }');
+        $this->api->call($request, function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->isOK()
+                ->jsonContent(function ($content) {
+                    $this->assertArrayHasKey('data', $content);
+                    $this->assertArrayHasKey('Config', $content['data']);
+                    $this->assertEmpty($content['data']['Config']);
+                });
+        });
+    }
+
+    public function testConfigNotIn2_0()
+    {
+        $this->login();
+
+        $v2_api = $this->api->withVersion('2.0.0');
+        $v2_api->call(new Request('GET', '/Setup/Config/core/test'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response->isNotFoundError();
+        });
+        $v2_api->call(new Request('PATCH', '/Setup/Config/core/test'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response->isNotFoundError();
+        });
+        $v2_api->call(new Request('DELETE', '/Setup/Config/core/test'), function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response->isNotFoundError();
+        });
+
+        $request = new Request('POST', '/GraphQL', [], 'query { Config(filter: "context==core;name==test") { context, name, value } }');
+        $v2_api->call($request, function ($call) {
+            /** @var \HLAPICallAsserter $call */
+            $call->response
+                ->isOK()
+                ->jsonContent(function ($content) {
+                    $this->assertArrayHasKey('errors', $content);
+                });
+        });
+    }
 }