Launchpad itself

Changing upload/queue admin permissions is broken

Bug #828894 reported by Julian Edwards
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Julian Edwards

Bug Description

There are a number of problems in this area:
1. Adding or deleting per-package uploader, component uploader and queue admin permissions require you to be the owner of the main_archive for a distro (for Ubuntu that's ubuntu-archive)
2. Adding or deleting a packageset uploader requires you to be an admin or a member of ubuntu-techboard (hard-coded!)

This is bad because someone who makes a new derived distro cannot change permissions. What we need is:

 * Adding or deleting any permissions tied to the distro owner, which can be easily changed. It's already techboard for Ubuntu and Colin says it's fine to move the operations in #1 above to this new person.

Related branches

lp:~julian-edwards/launchpad/perms-for-changing-uploaders--bug-828894
Curtis Hovey (community): Approve (code)
Diff: 478 lines (+144/-131)
7 files modified
lib/canonical/launchpad/security.py (+16/-9)
lib/lp/soyuz/configure.zcml (+1/-25)
lib/lp/soyuz/doc/archivepermission.txt (+3/-40)
lib/lp/soyuz/interfaces/archive.py (+41/-41)
lib/lp/soyuz/interfaces/archivepermission.py (+9/-0)
lib/lp/soyuz/stories/webservice/xx-archive.txt (+67/-11)
lib/lp/soyuz/tests/test_archive.py (+7/-5)
Revision history for this message
Julian Edwards (julian-edwards) wrote :

This is part caused by the insane declaration for IArchivePermissionSet in soyuz/configure.zxcl and part by the security adapter EditArchivePermissionSet (which is currently used for packageset changes as above).

Changed in launchpad:
status: New → Triaged
importance: Undecided → High
tags: added: derivation
Julian Edwards (julian-edwards)
Changed in launchpad:
status: Triaged → In Progress
assignee: nobody → Julian Edwards (julian-edwards)
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r13755 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/13755>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Revision history for this message
William Grant (wgrant) wrote :

newPackagesetUploader and deletePackagesetUploader are on IArchiveView, so anyone can grant themselves privileges.

Rolling back.

tags: added: bad-commit-13755 qa-bad
removed: qa-needstesting
Revision history for this message
William Grant (wgrant) wrote :

Reverted in r13773.

Changed in launchpad:
status: Fix Committed → In Progress
Revision history for this message
Julian Edwards (julian-edwards) wrote :

GAH.

Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r13797 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/13797>.

tags: added: qa-needstesting
removed: qa-bad
Changed in launchpad:
status: In Progress → Fix Committed
Julian Edwards (julian-edwards)
tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.