Launchpad itself

PROPRIETARY specifications break meeting listings

Bug #1051029 reported by Aaron Bentley
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Aaron Bentley

Bug Description

If a meeting has a PROPRIETARY specification associated with it, the entire page can only be viewed by users with access to that specification. Everyone else gets a Forbidden/Not allowed here page.

Related branches

lp:~abentley/launchpad/hide-sprint-blueprints
j.c.sackett (community): Approve
Diff: 1182 lines (+193/-119)
29 files modified
lib/lp/app/browser/root.py (+1/-1)
lib/lp/blueprints/browser/specification.py (+4/-4)
lib/lp/blueprints/browser/specificationtarget.py (+7/-6)
lib/lp/blueprints/browser/sprint.py (+2/-2)
lib/lp/blueprints/browser/tests/test_sprint.py (+13/-0)
lib/lp/blueprints/doc/specification.txt (+2/-2)
lib/lp/blueprints/doc/sprint.txt (+6/-6)
lib/lp/blueprints/interfaces/specification.py (+1/-1)
lib/lp/blueprints/interfaces/specificationtarget.py (+2/-1)
lib/lp/blueprints/model/specification.py (+10/-6)
lib/lp/blueprints/model/sprint.py (+14/-7)
lib/lp/blueprints/model/tests/test_sprint.py (+47/-14)
lib/lp/blueprints/templates/person-specworkload.pt (+1/-1)
lib/lp/blueprints/vocabularies/specification.py (+2/-1)
lib/lp/registry/browser/person.py (+5/-2)
lib/lp/registry/doc/distribution.txt (+8/-8)
lib/lp/registry/doc/distroseries.txt (+9/-9)
lib/lp/registry/doc/person-account.txt (+1/-1)
lib/lp/registry/doc/person.txt (+9/-9)
lib/lp/registry/doc/product.txt (+4/-4)
lib/lp/registry/doc/productseries.txt (+10/-10)
lib/lp/registry/doc/projectgroup.txt (+14/-12)
lib/lp/registry/model/distribution.py (+1/-1)
lib/lp/registry/model/distroseries.py (+1/-1)
lib/lp/registry/model/person.py (+1/-1)
lib/lp/registry/model/product.py (+1/-1)
lib/lp/registry/model/productseries.py (+1/-1)
lib/lp/registry/model/projectgroup.py (+4/-3)
lib/lp/testing/factory.py (+12/-4)
Curtis Hovey (sinzui)
tags: added: privacy regression specifications sprints
Changed in launchpad:
importance: High → Critical
tags: added: private-projects
Revision history for this message
Aaron Bentley (abentley) wrote :

I don't consider this a regression since it only occurs when you take advantage of new functionality by marking a spec proprietary.

Revision history for this message
Curtis Hovey (sinzui) wrote :

Private bugs and private branches to not forbid me from listing bugs and branches. The private blueprints that I cannot see must be excluded to ensure I can still see the list. 403 are also critical issues. Launchpad must not be making links that will 403.

Revision history for this message
Aaron Bentley (abentley) wrote :

I agree that it should be fixed. https://dev.launchpad.net/BugTriage doesn't mention anything about 403 that I can see, so it may need updating. As it stands, I don't think this is critical, since there are workarounds. It would be a regression if proprietary specifications had worked in meeting listings before, but it never has, so it's not a regression.

Revision history for this message
Curtis Hovey (sinzui) wrote :

Maybe the wording of this bug is wrong. I interpret this bug to mean I cannot see the listing: eg. Linaro sets a proprietary blueprint's sprint to uds-r, then the Ubuntu community can no longer see their blueprints at their sprint when they visit
    https://launchpad.net/sprints/uds-r

That is an regression. If this bug is not about this scenario, then I agree the tag is wrong.

Revision history for this message
Curtis Hovey (sinzui) wrote :

This is a regression. I accepted a public blueprint at https://blueprints.qastaging.launchpad.net/sprints/next-uds, then changed the blueprint to private. Now the sprint's community cannot access the page.

Revision history for this message
Aaron Bentley (abentley) wrote :

I don't consider it a regression if something breaks because you used new functionality.

Revision history for this message
Curtis Hovey (sinzui) wrote :

Regressions are often caused because users use new functionality. That we have 7 such bugs in the regression listing right now. All regressions are ultimately caused by new features or bug fixes that step on other rules.

Consider that I set this condition up by approving a public blueprint for a sprint. It broke when "another" party set the blueprint to private. The other party can still see the listing and is not aware that the sprint organisers and attendee's cannot see the listing.

Aaron Bentley (abentley)
Changed in launchpad:
assignee: nobody → Aaron Bentley (abentley)
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r16057 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/16057>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Revision history for this message
Curtis Hovey (sinzui) wrote :

Thanks Aaron, this certainly fixes the sprint case that I setup on qastaging.

Curtis Hovey (sinzui)
tags: added: qa-ok
removed: qa-needstesting
Deryck Hodge (deryck)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.