Launchpad itself

ubuntu-sru either have too much or too little permission as queue admins

Bug #648611 reported by William Grant on 2010-09-27

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	High	Colin Watson

Bug Description

Queue admin permissions should be able to be granted with pocket and upload status granularity. For example, ubuntu-sru should be able to accept uploads from UNAPPROVED in the Proposed pocket, but not from NEW or other pockets.

Tags:

Related branches

lp:~cjwatson/launchpad/pocket-queue-admin

Merged into lp:launchpad at revision 15774

Steve Kowalik (community): Approve (code) on 2012-08-08

lp:~cjwatson/launchpad/db-pocket-queue-admin

Merged into lp:launchpad/db-devel at revision 11779

Stuart Bishop (community): Approve (db) on 2012-07-19

Robert Collins: Pending (db) requested 2012-07-19

lp:~cjwatson/launchpad/fix-pocket-queue-admin-series

Merged into lp:launchpad at revision 15826

Abel Deuring (community): Approve (code) on 2012-08-17

William Grant (wgrant) on 2010-09-27

Changed in soyuz:
assignee:	nobody → William Grant (wgrant)

Revision history for this message

Colin Watson (cjwatson) wrote on 2010-09-27:

Yes please. (Same goes for ubuntu-release for UNAPPROVED in the Release pocket during frozen periods.)

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2010-09-27: Re: [Bug 648611] [NEW] Queue admin permissions need pocket and status granularity

So, the queue page is going to get even more popular. I guess we need to fix
the timeouts :/

Revision history for this message

Colin Watson (cjwatson) wrote on 2010-09-27: Re: [Bug 648611] [NEW] Queue admin permissions need pocket and status granularity

Beats it all having to go through manual requests to a small number of
privileged (and busy) human beings ...

Jelmer Vernooij (jelmer) on 2010-11-05

Changed in soyuz:
status:	New → Confirmed
status:	Confirmed → New

Julian Edwards (julian-edwards) on 2010-11-08

Changed in soyuz:
status:	New → Triaged
importance:	Undecided → High
tags:	added: queue-page

William Grant (wgrant) on 2011-03-10

Changed in launchpad:
assignee:	William Grant (wgrant) → nobody

Kate Stewart (kate.stewart) on 2011-09-20

tags:

added: rls-mgr-o-tracking

Revision history for this message

Evan Broder (broder) wrote on 2011-11-18: Re: Queue admin permissions need pocket and status granularity

This is already loosely covered by the description of the bug, but I wanted to mention another concrete example that came up during today's technical board meeting. Namely, members of ubuntu-backporters should be able to accept packages uploaded to the backports pocket from the UNAPPROVED queue.

Robert Collins (lifeless) on 2012-01-05

summary:

- Queue admin permissions need pocket and status granularity
+ ubuntu-sru either have too much or too little permission as queue admins

Revision history for this message

Colin Watson (cjwatson) wrote on 2012-01-11:

This is probably related to bug 914779, but is not quite the same (queue admin vs. upload).

Colin Watson (cjwatson) on 2012-07-16

Changed in launchpad:
status:	Triaged → In Progress
assignee:	nobody → Colin Watson (cjwatson)

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2012-07-23:

Fixed in db-stable r11779 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-stable/revision/11779>.

tags:	added: qa-needstesting
Changed in launchpad:
status:	In Progress → Fix Committed

Revision history for this message

William Grant (wgrant) wrote on 2012-07-23:

From staging:

2012-07-23 06:47:27 INFO 2209-27-1 applied just now in 0.1 seconds

Changed in launchpad:
status:	Fix Committed → In Progress
tags:	added: qa-ok removed: qa-needstesting

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2012-08-08:

Fixed in stable r15774 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/15774>.

tags:	added: qa-needstesting removed: qa-ok
Changed in launchpad:
status:	In Progress → Fix Committed

Revision history for this message

Colin Watson (cjwatson) wrote on 2012-08-09:

Ordinary pocket queue admin permissions work fine. Per-series ones are broken because the query in ArchivePermission.checkAuthenticated has insufficient parentheses in this case. Fortunately the only thing that calls it in a way that breaks is newPocketQueueAdmin, and since there are no ArchivePermission rows with distroseries NOT NULL at this point, the failure modes are either a timeout (as shown on dogfood) or possibly the ability to create duplicate per-series pocket queue admin permissions.

Since this is a new facility that only Ubuntu is likely to use in the near future and that we'll only be using in very controlled ways to start with, I think we're OK to roll this out for the sake of the pieces that work, as long as I fix the rest of it ASAP.

Changed in launchpad:
status:	Fix Committed → In Progress
tags:	added: qa-ok removed: qa-needstesting

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2012-08-19:

#10

Fixed in stable r15826 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/15826>.

Changed in launchpad:
status:	In Progress → Fix Committed

Colin Watson (cjwatson) on 2012-08-19

tags:

added: qa-needstesting
removed: qa-ok

Colin Watson (cjwatson) on 2012-08-20

tags:

added: qa-ok
removed: qa-needstesting

Curtis Hovey (sinzui) on 2012-08-23

Changed in launchpad:
status:	Fix Committed → Fix Released

Revision history for this message

Colin Watson (cjwatson) wrote on 2012-08-23:

#11

I've added the previously-discussed permissions now.

  $ for series in hardy lucid natty oneiric precise; do for pocket in proposed updates; do edit-acl -p ubuntu-sru -S $series --pocket $pocket -t admin add; done; done
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in hardy
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in hardy
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in lucid
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in lucid
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in natty
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in natty
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in oneiric
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in oneiric
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in precise
  Added:
  Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in precise
  $ for pocket in release proposed; do edit-acl -p ubuntu-release -S quantal --pocket $pocket -t admin add; done
  Added:
  Queue Administration Rights for ubuntu-release: archive 'primary', pocket 'Release' in quantal
  Added:
  Queue Administration Rights for ubuntu-release: archive 'primary', pocket 'Proposed' in quantal

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.