Merge lp:~adeuring/launchpad/webservice-access-to-private-bug-attamchments into lp:launchpad
Status: | Merged |
---|---|
Approved by: | Abel Deuring |
Approved revision: | no longer in the source branch. |
Merged at revision: | 12212 |
Proposed branch: | lp:~adeuring/launchpad/webservice-access-to-private-bug-attamchments |
Merge into: | lp:launchpad |
Diff against target: |
85 lines (+14/-33) 2 files modified
lib/lp/bugs/browser/tests/test_bugattachment_file_access.py (+12/-8) lib/lp/testing/_webservice.py (+2/-25) |
To merge this branch: | bzr merge lp:~adeuring/launchpad/webservice-access-to-private-bug-attamchments |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Leonard Richardson (community) | Approve | ||
Graham Binns (community) | code | Approve | |
Review via email: mp+45022@code.launchpad.net |
Commit message
[r=gmb,
Description of the change
This branch gives webservice clients access to restricted Librarian
files, and it removes a workaround giving machines in the DC direct
access to Librarian files.
Basically, this branch reverts r11506 which introduced the class
RestrictedLibra
The URL returned by this class for private Librarian files contained
an "unofficial" domain name (lplibrarian.
preventing access for machines outside of the DC.
This hack was needed because
- we wanted to use the restricted Librarian for attachments
of private bugs
- we did not want to use the app servers as proxies to access
potentially huge attachments
- the new token based access control to Librarian files was not
yet ready
- The apport retracers needed these files.
Details of the change:
lib/canonical/
lint removal; some typos fixed.
lib/canonical/
lib/canonical/
A new method createToken() for the class LibraryFileAlia
This method generates an access token for an LFA. This method requires
the permission Launchpad.View, thus ensuring that only those persons
having the "right permission" can acces the file.
The other cahnges of the interface file are lint removal.
lib/canonical/
The now obsoete class RestrictedLibra
the property alias_url now returns a URL with an access token for
restricted Librarian files, by calling
LibraryFileAl
lib/canonical/
A "security guard" for the view permission of LibraryFileAlia
lib/canonical/
A test for the view permission of LFAWithParent.
lib/canonical/
The View permission declaration for LFAWithParent.
lib/canonical/
Removed the declarations for the deleted class
RestrictedLib
lib/lp/
Tests for accessing Librarian files via the webservice. The test for
restricted files is a bit convoluted because our test environment
cannot resolve the host names (1234.restricte
ensures that the URL has the correct hostname, that it contains
the "right" path and that the access token is provided.
lib/lp/
The field IBugAttachment.data is now again oy type Bytes instead of
RestrictedBytes.
lib/lp/
Deleted the test of the download URL of private bug attachments.
lib/lp/
Removed the obsolete class RestrictedBytes
test: ./bin/test -vvt test_bugattachm
no lint
Hi Abel,
We discussed on IRC the refactoring that I mentioned below; I've also
got a couple of nitpicks. Otherwise this is r=me.
243 +class ViewLibraryFile AliasWithParent (AuthorizationB ase):
244 + permission = 'launchpad.View'
This needs a docstring.
382 + def test_anon_ access_ to_public_ bug_attachment( self): for_anonymous( ) will
383 + # Attachments of public bugs can be accessed by anonymous users.
384 + #
385 + # Need to endInteraction() because launchpadlib_
The empty comment line looks a little odd. I think you can remove the
'#' and just leave the blank line for separation in this case.
403 + # The attachment contains a link to a HostedBytes resource; _browser. _connection. follow_ redirects = False _browser. get( t.data. _wadl_resource. _url, return_ response= True) l(303, response.status) response[ 'location' ]) l('https' , parsed_url.scheme) \.restricted\ .localhost: 58000$' , parsed_url.netloc) t(None, mo) r'^/\d+ /foo\.txt$ ', parsed_url.path) t(None, mo) parsed_ url.query) l(['token' ], params.keys())
404 + # accessing this link results normally in a redirect to a
405 + # Librarian URL. We cannot simply access these Librarian URLS
406 + # for restricted Librarian files because the host name used in
407 + # the URLs is different for each file, and our test envireonment
408 + # does not support wildcard DNS. So let's disable the redirection
409 + # mechanism in our client's HTTP connection and inspect the
410 + # the Librarian URL.
411 + launchpad.
412 + response, content = launchpad.
413 + ws_bugattachmen
414 + self.assertEqua
415 + parsed_url = urlparse(
416 + self.assertEqua
417 + mo = re.search(
418 + r'^i\d+
419 + self.assertIsNo
420 + mo = re.search(
421 + self.assertIsNo
422 + params = parse_qs(
423 + self.assertEqua
I know we don't use this elsewhere at the moment, but it may be worth
worth refactoring it out into either a method on the TestCase or a
standalone function so that it can be reused later if necessary.