Leverage If-None-Match when deleting issues

If client attempts to delete an issue that doesn’t exist or that was modified since issue was retrieved,
then fail with error `412 Precondition failed`.

Fixes #23650

api/rest/restcore/issues_rest.php

@@ -142,14 +142,31 @@ function rest_issue_add( \Slim\Http\Request $p_request, \Slim\Http\Response $p_r
 function rest_issue_delete( \Slim\Http\Request $p_request, \Slim\Http\Response $p_response, array $p_args ) {
 	$t_issue_id = isset( $p_args['id'] ) ? $p_args['id'] : $p_request->getParam( 'id' );
 
+	# Calculate etag for issue.  This will work even if issue doesn't exist.
+	$t_etag = bug_hash( $t_issue_id );
+
+	if( $p_request->hasHeader( HEADER_IF_NONE_MATCH ) ) {
+		$t_match_etag = $p_request->getHeaderLine( HEADER_IF_NONE_MATCH );
+		if( $t_etag != $t_match_etag ) {
+			return $p_response->withStatus( HTTP_STATUS_PRECONDITION_FAILED, 'Precondition Failed' )
+				->withHeader( HEADER_ETAG, $t_etag );
+		}
+	}
+
+	if( !bug_exists( $t_issue_id ) ) {
+		return $p_response->withStatus( HTTP_STATUS_NOT_FOUND, 'Issue not found' )
+			->withHeader( HEADER_ETAG, $t_etag );
+	}
+
 	# Username and password below are ignored, since middleware already done the auth.
 	$t_result = mc_issue_delete( /* username */ '', /* password */ '', $t_issue_id );
 
 	if( ApiObjectFactory::isFault( $t_result ) ) {
 		return $p_response->withStatus( $t_result->status_code, $t_result->fault_string );
 	}
 
-	return $p_response->withStatus( HTTP_STATUS_NO_CONTENT );
+	return $p_response->withStatus( HTTP_STATUS_NO_CONTENT )
+		->withHeader( HEADER_ETAG, bug_hash( $t_issue_id ) );
 }
 
 /**

core/constant_inc.php

@@ -671,6 +671,7 @@
 define( 'HTTP_STATUS_FORBIDDEN', 403 );
 define( 'HTTP_STATUS_NOT_FOUND', 404 );
 define( 'HTTP_STATUS_CONFLICT', 409 );
+define( 'HTTP_STATUS_PRECONDITION_FAILED', 412 );
 define( 'HTTP_STATUS_INTERNAL_SERVER_ERROR', 500 );
 define( 'HTTP_STATUS_UNAVAILABLE', 503 );