Merge lp:~adiroiban/launchpad/bug-340662 into lp:launchpad
- bug-340662
- Merge into devel
Proposed by
Adi Roiban
Status: | Merged |
---|---|
Merged at revision: | not available |
Proposed branch: | lp:~adiroiban/launchpad/bug-340662 |
Merge into: | lp:launchpad |
Diff against target: |
222 lines (+63/-24) 6 files modified
lib/canonical/launchpad/security.py (+26/-1) lib/lp/translations/browser/potemplate.py (+3/-2) lib/lp/translations/configure.zcml (+8/-2) lib/lp/translations/stories/productseries/xx-productseries-templates.txt (+21/-8) lib/lp/translations/stories/standalone/xx-potemplate-edit.txt (+4/-10) lib/lp/translations/templates/object-templates.pt (+1/-1) |
To merge this branch: | bzr merge lp:~adiroiban/launchpad/bug-340662 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Данило Шеган (community) | Disapprove | ||
Eleanor Berger (community) | Approve | ||
Review via email:
|
Commit message
Description of the change
To post a comment you must log in.
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Adi Roiban (adiroiban) wrote : | # |
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Eleanor Berger (intellectronica) : | # |
review:
Approve
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Данило Шеган (danilo) wrote : | # |
There are a bunch of problems with this branch. One is that there was no pre-implementation call/chat; eg. we should definitely not have allowed template name to be modified by everyone. That can cause serious system inconsistencies especially with message sharing.
Next, there are other serious problems with EditPOTemplateS
Adi, can I ask you please to prepare a branch to back out the template name from the list of launchpad.Edit editable attributes?
review:
Disapprove
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'lib/canonical/launchpad/security.py' | |||
2 | --- lib/canonical/launchpad/security.py 2009-12-24 13:33:41 +0000 | |||
3 | +++ lib/canonical/launchpad/security.py 2009-12-29 18:24:17 +0000 | |||
4 | @@ -1164,6 +1164,8 @@ | |||
5 | 1164 | self, user) | 1164 | self, user) |
6 | 1165 | 1165 | ||
7 | 1166 | 1166 | ||
8 | 1167 | # Please keep EditPOTemplateSubset in sync with this, unless you | ||
9 | 1168 | # know exactly what you are doing. | ||
10 | 1167 | class EditPOTemplateDetails(AdminPOTemplateDetails, EditByOwnersOrAdmins): | 1169 | class EditPOTemplateDetails(AdminPOTemplateDetails, EditByOwnersOrAdmins): |
11 | 1168 | permission = 'launchpad.Edit' | 1170 | permission = 'launchpad.Edit' |
12 | 1169 | usedfor = IPOTemplate | 1171 | usedfor = IPOTemplate |
13 | @@ -1645,7 +1647,7 @@ | |||
14 | 1645 | user.inTeam(celebs.bazaar_experts)) | 1647 | user.inTeam(celebs.bazaar_experts)) |
15 | 1646 | 1648 | ||
16 | 1647 | 1649 | ||
18 | 1648 | # Please keep this in sync with AdminPOTemplateDetails. Note that | 1650 | # Please keep this in sync with AdminPOTemplateDetails. Note that |
19 | 1649 | # this permission controls access to browsing into individual | 1651 | # this permission controls access to browsing into individual |
20 | 1650 | # potemplates, but it's on a different object (POTemplateSubset) | 1652 | # potemplates, but it's on a different object (POTemplateSubset) |
21 | 1651 | # from AdminPOTemplateDetails, even though it looks almost identical | 1653 | # from AdminPOTemplateDetails, even though it looks almost identical |
22 | @@ -1672,6 +1674,29 @@ | |||
23 | 1672 | return OnlyRosettaExpertsAndAdmins.checkAuthenticated(self, user) | 1674 | return OnlyRosettaExpertsAndAdmins.checkAuthenticated(self, user) |
24 | 1673 | 1675 | ||
25 | 1674 | 1676 | ||
26 | 1677 | # Please keep EditPOTemplate in sync with this, unless you | ||
27 | 1678 | # know exactly what you are doing. Note that this permission controls | ||
28 | 1679 | # access to browsing into individual potemplates, but it's on a different | ||
29 | 1680 | # object (POTemplateSubset) from EditPOTemplateDetails, | ||
30 | 1681 | # even though it looks almost identical | ||
31 | 1682 | class EditPOTemplateSubset(AuthorizationBase): | ||
32 | 1683 | permission = 'launchpad.Edit' | ||
33 | 1684 | usedfor = IPOTemplateSubset | ||
34 | 1685 | |||
35 | 1686 | def checkAuthenticated(self, user): | ||
36 | 1687 | """Allow anyone with admin rights; owners, product owners and | ||
37 | 1688 | distribution owners; and for distros, translation group owners. | ||
38 | 1689 | """ | ||
39 | 1690 | if (self.obj.productseries is not None and | ||
40 | 1691 | user.inTeam(self.obj.productseries.product.owner)): | ||
41 | 1692 | # The user is the owner of the product. | ||
42 | 1693 | return True | ||
43 | 1694 | |||
44 | 1695 | return ( | ||
45 | 1696 | AdminPOTemplateSubset(self.obj).checkAuthenticated(user) or | ||
46 | 1697 | EditByOwnersOrAdmins(self.obj).checkAuthenticated(user)) | ||
47 | 1698 | |||
48 | 1699 | |||
49 | 1675 | class AdminDistroSeriesTranslations(AuthorizationBase): | 1700 | class AdminDistroSeriesTranslations(AuthorizationBase): |
50 | 1676 | permission = 'launchpad.TranslationsAdmin' | 1701 | permission = 'launchpad.TranslationsAdmin' |
51 | 1677 | usedfor = IDistroSeries | 1702 | usedfor = IDistroSeries |
52 | 1678 | 1703 | ||
53 | === modified file 'lib/lp/translations/browser/potemplate.py' | |||
54 | --- lib/lp/translations/browser/potemplate.py 2009-12-22 10:28:45 +0000 | |||
55 | +++ lib/lp/translations/browser/potemplate.py 2009-12-29 18:24:17 +0000 | |||
56 | @@ -512,7 +512,8 @@ | |||
57 | 512 | """View class that lets you edit a POTemplate object.""" | 512 | """View class that lets you edit a POTemplate object.""" |
58 | 513 | 513 | ||
59 | 514 | schema = IPOTemplate | 514 | schema = IPOTemplate |
61 | 515 | field_names = ['description', 'priority', 'owner'] | 515 | field_names = ['name', 'translation_domain', 'description', 'priority', |
62 | 516 | 'path', 'owner', 'iscurrent'] | ||
63 | 516 | label = 'Edit translation template details' | 517 | label = 'Edit translation template details' |
64 | 517 | page_title = 'Edit details' | 518 | page_title = 'Edit details' |
65 | 518 | 519 | ||
66 | @@ -712,7 +713,7 @@ | |||
67 | 712 | raise AssertionError('Unknown context for %s' % potemplate.title) | 713 | raise AssertionError('Unknown context for %s' % potemplate.title) |
68 | 713 | 714 | ||
69 | 714 | if ((official_rosetta and potemplate.iscurrent) or | 715 | if ((official_rosetta and potemplate.iscurrent) or |
71 | 715 | check_permission('launchpad.TranslationsAdmin', self.context)): | 716 | check_permission('launchpad.Edit', self.context)): |
72 | 716 | # The target is using officially Launchpad Translations and the | 717 | # The target is using officially Launchpad Translations and the |
73 | 717 | # template is available to be translated, or the user is a is a | 718 | # template is available to be translated, or the user is a is a |
74 | 718 | # Launchpad administrator in which case we show everything. | 719 | # Launchpad administrator in which case we show everything. |
75 | 719 | 720 | ||
76 | === modified file 'lib/lp/translations/configure.zcml' | |||
77 | --- lib/lp/translations/configure.zcml 2009-12-10 14:25:16 +0000 | |||
78 | +++ lib/lp/translations/configure.zcml 2009-12-29 18:24:17 +0000 | |||
79 | @@ -409,10 +409,16 @@ | |||
80 | 409 | interface="lp.translations.interfaces.potemplate.IPOTemplate"/> | 409 | interface="lp.translations.interfaces.potemplate.IPOTemplate"/> |
81 | 410 | <require | 410 | <require |
82 | 411 | permission="launchpad.Edit" | 411 | permission="launchpad.Edit" |
84 | 412 | set_attributes="owner priority description"/> | 412 | set_attributes=" |
85 | 413 | owner priority description translation_domain path | ||
86 | 414 | iscurrent name"/> | ||
87 | 413 | <require | 415 | <require |
88 | 414 | permission="launchpad.TranslationsAdmin" | 416 | permission="launchpad.TranslationsAdmin" |
90 | 415 | set_attributes="name translation_domain productseries distroseries sourcepackagename sourcepackageversion binarypackagename languagepack path header iscurrent from_sourcepackagename date_last_updated source_file source_file_format"/> | 417 | set_attributes=" |
91 | 418 | productseries distroseries sourcepackagename | ||
92 | 419 | sourcepackageversion binarypackagename languagepack | ||
93 | 420 | source_file_format source_file date_last_updated | ||
94 | 421 | from_sourcepackagename header"/> | ||
95 | 416 | </class> | 422 | </class> |
96 | 417 | <adapter | 423 | <adapter |
97 | 418 | provides="canonical.launchpad.webapp.interfaces.IBreadcrumb" | 424 | provides="canonical.launchpad.webapp.interfaces.IBreadcrumb" |
98 | 419 | 425 | ||
99 | === modified file 'lib/lp/translations/stories/productseries/xx-productseries-templates.txt' | |||
100 | --- lib/lp/translations/stories/productseries/xx-productseries-templates.txt 2009-11-30 18:18:08 +0000 | |||
101 | +++ lib/lp/translations/stories/productseries/xx-productseries-templates.txt 2009-12-29 18:24:17 +0000 | |||
102 | @@ -1,5 +1,3 @@ | |||
103 | 1 | |||
104 | 2 | |||
105 | 3 | Templates view for ProductSeries | 1 | Templates view for ProductSeries |
106 | 4 | ================================ | 2 | ================================ |
107 | 5 | 3 | ||
108 | @@ -21,8 +19,11 @@ | |||
109 | 21 | >>> evolution_trunk = evolution.getSeries('trunk') | 19 | >>> evolution_trunk = evolution.getSeries('trunk') |
110 | 22 | >>> template = factory.makePOTemplate(productseries=evolution_trunk, | 20 | >>> template = factory.makePOTemplate(productseries=evolution_trunk, |
111 | 23 | ... name='at-the-top') | 21 | ... name='at-the-top') |
112 | 22 | >>> template = factory.makePOTemplate(productseries=evolution_trunk, | ||
113 | 23 | ... name='disabled') | ||
114 | 24 | >>> template.iscurrent = False | ||
115 | 24 | >>> logout() | 25 | >>> logout() |
117 | 25 | 26 | >>> owner_browser = setupBrowser('Basic test@canonical.com:test') | |
118 | 26 | 27 | ||
119 | 27 | Getting there | 28 | Getting there |
120 | 28 | ------------- | 29 | ------------- |
121 | @@ -41,6 +42,7 @@ | |||
122 | 41 | ------------------- | 42 | ------------------- |
123 | 42 | 43 | ||
124 | 43 | The page shows a table of all templates and links to their subpages. | 44 | The page shows a table of all templates and links to their subpages. |
125 | 45 | Users will not see disabled templates. | ||
126 | 44 | 46 | ||
127 | 45 | >>> table = find_tag_by_id(user_browser.contents, 'templates_table') | 47 | >>> table = find_tag_by_id(user_browser.contents, 'templates_table') |
128 | 46 | >>> print extract_text(table) | 48 | >>> print extract_text(table) |
129 | @@ -58,6 +60,7 @@ | |||
130 | 58 | >>> print extract_text(table) | 60 | >>> print extract_text(table) |
131 | 59 | Template name Last update Actions | 61 | Template name Last update Actions |
132 | 60 | at-the-top ... Edit Upload Download Administer | 62 | at-the-top ... Edit Upload Download Administer |
133 | 63 | disabled (inactive) ... Edit Upload Download Administer | ||
134 | 61 | evolution-2.2 2005-08-25 Edit Upload Download Administer | 64 | evolution-2.2 2005-08-25 Edit Upload Download Administer |
135 | 62 | evolution-2.2-test 2006-12-13 Edit Upload Download Administer | 65 | evolution-2.2-test 2006-12-13 Edit Upload Download Administer |
136 | 63 | 66 | ||
137 | @@ -72,11 +75,21 @@ | |||
138 | 72 | >>> print admin_browser.url | 75 | >>> print admin_browser.url |
139 | 73 | http://translations.launchpad.dev/evolution/trunk/+pots/evolution-2.2 | 76 | http://translations.launchpad.dev/evolution/trunk/+pots/evolution-2.2 |
140 | 74 | 77 | ||
141 | 78 | Clicking on 'Admin' will take the user to the page to administer the template. | ||
142 | 79 | Likewise for the other links for each template. | ||
143 | 80 | |||
144 | 81 | >>> admin_browser.open( | ||
145 | 82 | ... 'http://translations.launchpad.dev/evolution/trunk/+templates') | ||
146 | 83 | >>> admin_browser.getLink('Admin', index=0).click() | ||
147 | 84 | >>> print admin_browser.url | ||
148 | 85 | http://translations.launchpad.dev/evolution/trunk/+pots/at-the-top/+admin | ||
149 | 86 | |||
150 | 75 | Clicking on 'Edit' will take the user to the page to edit the template | 87 | Clicking on 'Edit' will take the user to the page to edit the template |
152 | 76 | details. Likewise for the other links for each template. | 88 | details, even if the translation of the templates are not active. |
153 | 77 | 89 | ||
155 | 78 | >>> admin_browser.open( | 90 | >>> owner_browser.open( |
156 | 79 | ... 'http://translations.launchpad.dev/evolution/trunk/+templates') | 91 | ... 'http://translations.launchpad.dev/evolution/trunk/+templates') |
160 | 80 | >>> admin_browser.getLink('Edit').click() | 92 | >>> owner_browser.getLink('Edit', index=1).click() |
161 | 81 | >>> print admin_browser.url | 93 | >>> print owner_browser.url |
162 | 82 | http://translations.launchpad.dev/evolution/trunk/+pots/at-the-top/+edit | 94 | http://translations.launchpad.dev/evolution/trunk/+pots/disabled/+edit |
163 | 95 | |||
164 | 83 | 96 | ||
165 | === modified file 'lib/lp/translations/stories/standalone/xx-potemplate-edit.txt' | |||
166 | --- lib/lp/translations/stories/standalone/xx-potemplate-edit.txt 2009-09-17 10:22:14 +0000 | |||
167 | +++ lib/lp/translations/stories/standalone/xx-potemplate-edit.txt 2009-12-29 18:24:17 +0000 | |||
168 | @@ -20,7 +20,7 @@ | |||
169 | 20 | Traceback (most recent call last): | 20 | Traceback (most recent call last): |
170 | 21 | ... | 21 | ... |
171 | 22 | LinkNotFoundError | 22 | LinkNotFoundError |
173 | 23 | 23 | ||
174 | 24 | 24 | ||
175 | 25 | On the other hand, Rosetta expert (Jordi) can reach the POTemplate edit | 25 | On the other hand, Rosetta expert (Jordi) can reach the POTemplate edit |
176 | 26 | page. | 26 | page. |
177 | @@ -43,9 +43,7 @@ | |||
178 | 43 | We should be sure that the edit form get only the non admin fields. | 43 | We should be sure that the edit form get only the non admin fields. |
179 | 44 | 44 | ||
180 | 45 | >>> browser.getControl(name='field.name').value | 45 | >>> browser.getControl(name='field.name').value |
184 | 46 | Traceback (most recent call last): | 46 | 'evolution-2.2' |
182 | 47 | ... | ||
183 | 48 | LookupError:... | ||
185 | 49 | >>> browser.getControl(name='field.description').value | 47 | >>> browser.getControl(name='field.description').value |
186 | 50 | 'Template for evolution in hoary' | 48 | 'Template for evolution in hoary' |
187 | 51 | >>> browser.getControl(name='field.header').value | 49 | >>> browser.getControl(name='field.header').value |
188 | @@ -53,9 +51,7 @@ | |||
189 | 53 | ... | 51 | ... |
190 | 54 | LookupError:... | 52 | LookupError:... |
191 | 55 | >>> browser.getControl(name='field.iscurrent').value | 53 | >>> browser.getControl(name='field.iscurrent').value |
195 | 56 | Traceback (most recent call last): | 54 | True |
193 | 57 | ... | ||
194 | 58 | LookupError:... | ||
196 | 59 | >>> browser.getControl(name='field.owner').value | 55 | >>> browser.getControl(name='field.owner').value |
197 | 60 | 'rosetta-admins' | 56 | 'rosetta-admins' |
198 | 61 | >>> browser.getControl(name='field.productseries').value | 57 | >>> browser.getControl(name='field.productseries').value |
199 | @@ -83,9 +79,7 @@ | |||
200 | 83 | ... | 79 | ... |
201 | 84 | LookupError:... | 80 | LookupError:... |
202 | 85 | >>> browser.getControl(name='field.path').value | 81 | >>> browser.getControl(name='field.path').value |
206 | 86 | Traceback (most recent call last): | 82 | 'po/evolution-2.2.pot' |
204 | 87 | ... | ||
205 | 88 | LookupError:... | ||
207 | 89 | 83 | ||
208 | 90 | And that we are able to POST it. | 84 | And that we are able to POST it. |
209 | 91 | 85 | ||
210 | 92 | 86 | ||
211 | === modified file 'lib/lp/translations/templates/object-templates.pt' | |||
212 | --- lib/lp/translations/templates/object-templates.pt 2009-12-10 12:46:11 +0000 | |||
213 | +++ lib/lp/translations/templates/object-templates.pt 2009-12-29 18:24:17 +0000 | |||
214 | @@ -84,7 +84,7 @@ | |||
215 | 84 | <tbody> | 84 | <tbody> |
216 | 85 | <tal:templates repeat="template view/iter_templates"> | 85 | <tal:templates repeat="template view/iter_templates"> |
217 | 86 | <tal:not-current condition="not: template/iscurrent"> | 86 | <tal:not-current condition="not: template/iscurrent"> |
219 | 87 | <tal:admin condition="template/required:launchpad.TranslationsAdmin"> | 87 | <tal:admin condition="template/required:launchpad.Edit"> |
220 | 88 | <tr class="template_row inactive-template"> | 88 | <tr class="template_row inactive-template"> |
221 | 89 | <td tal:condition="view/is_distroseries" | 89 | <td tal:condition="view/is_distroseries" |
222 | 90 | tal:content="template/sourcepackagename/name" | 90 | tal:content="template/sourcepackagename/name" |
= Bug 340662=
At the moment, "change details" link on POTemplates has very limited options.
We should move at least translation domain, path and "accept translations" from "Admin" to "Change details" form.
== Proposed fix ==
Add template name, translation domain, path and iscurrent (accept translations) to the +edit page for potemplate and potemplates subset.
== Pre-implementation notes ==
There are no pre-implementation notes.
== Implementation details ==
launchpad.Edit for POTemplate and POTemplateSubset is a subset of launchpad. TranslationsAdm in To allow access to disabled templates for product owner or translations admins the URL traversal permission check was changed to launchpad.Edit.
Other users have no access to disabled templates
== Tests == templates
lp-test -t productseries-
== Demo and Q/A == /translations. launchpad. dev/evolution/ trunk/+ pots/evolution- 2.2/
As a product owner (ex. <email address hidden>) for a project (ex. evolution) go to a template page for that project
https:/
You should see the „Change details” that links to the +edit page
From this page you should be able to change template name, domain name, path, details, priority, owner and „accept translation”.
Change some values and then save them.
From the series +template page you will see „Edit” links for each template, including disabled templates: /translations. launchpad. dev/evolution/ trunk/+ templates
https:/
Disabling a template it should still be in the list (with a red background) and you can still edit it.
= Launchpad lint =
Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.
Linting changed files: /launchpad/ security. py translations/ configure. zcml translations/ browser/ potemplate. py translations/ stories/ productseries/ xx-productserie s-templates. txt translations/ stories/ standalone/ xx-potemplate- edit.txt translations/ templates/ object- templates. pt
lib/canonical
lib/lp/
lib/lp/
lib/lp/
lib/lp/
lib/lp/