Launchpad itself

Product.userCanView doesn't consider team memberships

Bug #1061933 reported by William Grant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Abel Deuring

Bug Description

Product.userCanView does this:

738 + grants_for_user = getUtility(IAccessPolicyGrantSource).find(
739 + [(policy, user)])

This only finds grants for the user directly, not anything through team memberships. AccessPolicy* provide access to the raw models, with SharingService providing high-level APIs. SharingService.checkPillarAccess might be what you want.

Related branches

lp:~adeuring/launchpad/bug-1067736
Deryck Hodge (community): Approve
Diff: 88 lines (+20/-24)
3 files modified
lib/lp/app/browser/tests/test_launchpad.py (+0/-3)
lib/lp/registry/model/product.py (+10/-18)
lib/lp/registry/tests/test_product.py (+10/-3)
Curtis Hovey (sinzui)
tags: removed: disclosure
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r16203 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/16203>.

Changed in launchpad:
assignee: nobody → Abel Deuring (adeuring)
tags: added: qa-needstesting
Changed in launchpad:
status: Triaged → Fix Committed
Abel Deuring (adeuring)
tags: added: qa-ok
removed: qa-needstesting
Abel Deuring (adeuring)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.