Merge lp:~adiroiban/launchpad/bug-340662-take-2 into lp:launchpad/db-devel
| Status: | Merged | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Approved by: | Brad Crittenden on 2010-01-20 | ||||||||
| Approved revision: | not available | ||||||||
| Merged at revision: | not available | ||||||||
| Proposed branch: | lp:~adiroiban/launchpad/bug-340662-take-2 | ||||||||
| Merge into: | lp:launchpad/db-devel | ||||||||
| Diff against target: |
275 lines (+72/-52) 5 files modified
lib/canonical/launchpad/security.py (+3/-28) lib/lp/translations/browser/configure.zcml (+2/-2) lib/lp/translations/browser/potemplate.py (+9/-8) lib/lp/translations/configure.zcml (+2/-2) lib/lp/translations/stories/standalone/xx-potemplate-edit.txt (+56/-12) |
||||||||
| To merge this branch: | bzr merge lp:~adiroiban/launchpad/bug-340662-take-2 | ||||||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Brad Crittenden (community) | code | 2010-01-18 | Approve on 2010-01-20 |
|
Review via email:
|
|||
Commit Message
Remove "name" field from POTemplate edit view. On POTemplateSubset url traversal, check permission on POFile. Remove EditPOTemplateS
| Adi Roiban (adiroiban) wrote : | # |
| Brad Crittenden (bac) wrote : | # |
Hi Adi,
Thanks for this branch.
As noted in IRC, there is an import violation that is clearly not your fault but needs to be fixed before landing this branch. Thanks for agreeing to look into it.
Also, when attempting the demo you describe in the MP I get an unauthorized error changing any field b/c date_last_updated requires launchpad.
| Adi Roiban (adiroiban) wrote : | # |
Hi,
Thanks for the review.
The permission problem should be fixed now and test extended to check all fields.
Not sure if there will be branch for fixing the import problem. I will leave the import problem as a final commit.
| Brad Crittenden (bac) wrote : | # |
Hi Adi,
Thanks again for your changes. Your use of removeSecurityProxy was a bit flawed, though, so date_last_updated was not being changed. This flaw also exposes a hole in the testing as there is not test to ensure the value actually got changed.
If you apply the following change it will work:
=== modified file 'lib/lp/
--- lib/lp/
+++ lib/lp/
@@ -533,9 +533,8 @@
# We only update date_last_updated when translation_domain field
# is changed because is the only significative change that,
# somehow, affects the content of the potemplate.
- UTC = pytz.timezone(
- date_last_updated = removeSecurityP
- date_last_updated = datetime.
+ naked_context = removeSecurityP
+ naked_context.
Also, while you're there could you fix the preceding comment so that it reads:
We only change date_last_updated when the translation_domain field is changed because it is the only relevant field we care about regarding the date of last update.
In your test it would be great to grab the value of date_last_updated before and after the change and show that new > old. It's kind of messy in a story test but should be ok.
Please post a diff when you're done and I'll have a final look at it.
| Adi Roiban (adiroiban) wrote : | # |
Hi,
Here is the diff. Hope everything is OK now.
=== modified file 'lib/lp/
--- lib/lp/
+++ lib/lp/
@@ -530,12 +530,12 @@
if old_translation
- # We only update date_last_updated when translation_domain field
- # is changed because is the only significative change that,
- # somehow, affects the content of the potemplate.
+ # We only change date_last_updated when the translation_domain
+ # field is changed because it is the only relevant field we
+ # care about regarding the date of last update.
UTC = pytz.timezone(
- date_last_updated = removeSecurityP
- date_last_updated = datetime.
+ naked_context = removeSecurityP
+ naked_context.
@property
def cancel_url(self):
=== modified file 'lib/lp/
--- lib/lp/
+++ lib/lp/
@@ -90,6 +90,22 @@
>>> browser.
'evolution-2.2'
+We remember the 'last_update_date' in order to check if it was changed
+after updating the template.
+
+ >>> from zope.component import getUtility
+ >>> from canonical.
+ >>> from lp.translations
+ >>> from lp.registry.
+ >>> login('<email address hidden>')
+ >>> evolution = getUtility(
+ >>> evolution_trunk = evolution.
+ >>> hoary_subset = POTemplateSubse
+ >>> evolution_template = hoary_subset.
+ ... 'evolution-2.2')
+ >>> previous_
+ >>> logout()
+
The visible fields can be changed and saved.
>>> browser.
@@ -120,3 +136,6 @@
'name12'
>>> browser.
'foo'
+ >>> previous_
+ True
+
| Brad Crittenden (bac) wrote : | # |
Adi it looks very good now. Thanks for the fixes.
One tiny thing: remove the UTC = line and just use 'pytz.UTC' instead, as shown in my previous comment. pytz is nice enough to export a pre-defined UTC constant so we should use it rather than looking it up again.
| Adi Roiban (adiroiban) wrote : | # |
Here is the diff after running the syntactic check for modified files.
=== modified file 'lib/canonical/
--- lib/canonical/
+++ lib/canonical/
@@ -469,7 +469,7 @@
return (user.inTeam(
- ['owner','drafter', 'assignee', 'approver']) or
+ ['owner', 'drafter', 'assignee', 'approver']) or
@@ -530,6 +530,7 @@
return True
return user.isOwner(
+
class AdminMilestoneB
permission = 'launchpad.Admin'
usedfor = IMilestone
@@ -574,7 +575,7 @@
def checkAuthentica
"""Is the user a privileged team member or Launchpad staff?
-
+
Return true when the user is a member of Launchpad admins,
registry experts, team admins, or the team owners.
"""
@@ -1431,7 +1432,6 @@
# This code MUST match the logic in IBuildSet.
# otherwise users are likely to get 403 errors, or worse.
-
def checkAuthentica
"""Private restricts to admins and archive members."""
if not self.obj.
=== modified file 'lib/lp/
--- lib/lp/
+++ lib/lp/
@@ -391,9 +391,9 @@
-
+
<!-- Potemplate Portlets -->
-
+
=== modified file 'lib/lp/
--- lib/lp/
+++ lib/lp/
@@ -533,9 +533,8 @@
# We only change date_last_updated when the translation_domain
# field is changed because it is the only relevant field we
# care about regarding the date of last update.
- UTC = pytz.timezone(
- naked_context.
+ naked_context.
@property
def cancel_url(self):
=== modified file 'lib/lp/
--- lib/lp/
+++ lib/lp/
@@ -415,7 +415,7 @@
- name productseries distroseries sourcepackagename
+ name productseries distroseries sourcepackagename
= Bug #340662 and #507498=
This branch should fix the issues raised in this MP
https:/
== Proposed fix ==
Remove "name" field from PoTemplate edit page.
In the PoTemplateSubset URL traversal code, check permissions for the POTemplate and not for the context.
== Pre-implementation notes ==
Danilo asked to remove the "name" field from the edit page since it is to fragile to be edited by project owners.
Henning suggest that permission checking for POTemplateSubset URL traversal can be done for POTemplate and in this way we can remove the EditPOTemplateS
== Implementation details ==
Nothing special here.
== Tests ==
lp-test -t templates
== Demo and Q/A ==
As a product owner (ex. <email address hidden>) for a project (ex. evolution) go to a template page for that project
https:/
You should see the „Change details” that links to the +edit page
From this page you should be able to change template name, domain name, path, details, priority, owner and „accept translation”.
Change some values and then save them.
From the series +template page you will see „Edit” links for each template, including disabled templates:
https:/
Disabling a template, it should still be in the list (with a red background) and you can still edit it.
= Launchpad lint =
Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.
Linting changed files:
lib/canonical
lib/lp/
lib/lp/
lib/lp/