Merge lp:~adeuring/launchpad/product-lp-limitedview into lp:launchpad
Status: | Merged |
---|---|
Approved by: | Abel Deuring |
Approved revision: | no longer in the source branch. |
Merged at revision: | 16239 |
Proposed branch: | lp:~adeuring/launchpad/product-lp-limitedview |
Merge into: | lp:launchpad |
Diff against target: |
273 lines (+108/-22) 6 files modified
lib/lp/registry/configure.zcml (+4/-1) lib/lp/registry/interfaces/product.py (+23/-17) lib/lp/registry/interfaces/sharingservice.py (+3/-0) lib/lp/registry/services/sharingservice.py (+13/-3) lib/lp/registry/tests/test_product.py (+53/-1) lib/lp/security.py (+12/-0) |
To merge this branch: | bzr merge lp:~adeuring/launchpad/product-lp-limitedview |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Francesco Banconi (community) | Approve | ||
Review via email: mp+133046@code.launchpad.net |
Commit message
split IProductLimitedView into IProductView and IProductLimited
Description of the change
This branch splits the existing interface IProductLimitedView into
IProductView and IProductLimited
permission lauchpad.View, and IProductLimitedView requires the
permission launchpad.
We want to make it possible to use artifact grants on bugs/branches/
blueprints for prioprietary/
can see the artifacts but not all details about the product.
Even a call of canonical_
artifact.
to see target.name, as well as several other attributes. I don't know
yet which attributes or even how many attributes need to be moved from
IProductView to IProductLimited
quite a few. Doing this all in one branch has the risk of a
"diff length explosion", so I started with just one attribute.
The new security adapter LimitedViewProduct allows access
not only for people with grants on the product itself, but it also
checks if the current user has any artifact grants related to the
product.
The new check is implementd in SharingService.
which is just a modified variant of the existing method
getSharedArtifa
a user may access, the former method just checks, if the user has
any artifact grants. The common SQL query is generated in the new
method getArtifactGran
test:
bin/test -vvt lp.registry.
bin/test -vvt lp.registry.
no lint
This branch looks good Abel, some minors follow.
28 +class IProductLimited View(Interface) :
29 + """Attributes that must be visible for person with artifact grants
30 + on bugs, branches or specifications for the product,
31 + """
The docstring ends with a comma.
203 + def test_access_ LimitedView_ proprietary_ product( self):
Feel free to ignore this suggestion if you want: maybe this test could be
splitted in two parts: test unauthorized users and then test users with
access grant on something.