Launchpad itself

Merge lp:~allenap/launchpad/fix-permissions-bug-547063 into lp:launchpad/db-devel

  1. fix-permissions-bug-547063
  2. Merge into db-devel
Proposed by Gavin Panella
Status: Merged
Approved by: Gavin Panella
Approved revision: no longer in the source branch.
Merged at revision: not available
Proposed branch: lp:~allenap/launchpad/fix-permissions-bug-547063
Merge into: lp:launchpad/db-devel
Diff against target: 170 lines (+50/-10)
6 files modified
lib/lp/bugs/configure.zcml (+2/-2)
lib/lp/bugs/doc/bug-branch.txt (+28/-4)
lib/lp/code/browser/tests/test_branchlisting.py (+5/-1)
lib/lp/code/model/tests/test_branch.py (+1/-0)
lib/lp/code/model/tests/test_branchmergeproposals.py (+5/-0)
lib/lp/code/windmill/tests/test_branch_popupdiff.py (+9/-3)
To merge this branch: bzr merge lp:~allenap/launchpad/fix-permissions-bug-547063
Reviewer Review Type Date Requested Status
Deryck Hodge (community) release-critical Approve
Abel Deuring (community) code Approve
Review via email: mp+22369@code.launchpad.net

Commit message

Fix permissions so that only users who can modify the bug can link or unlink branches.

Description of the change

Fixes the permissions for Bug.linkBranch and Bug.unlinkBranch so that only users who have permissions to modify the bug can link or unlink branches.

To post a comment you must log in.
Revision history for this message
Abel Deuring (adeuring) :
review: Approve (code)
Revision history for this message
Deryck Hodge (deryck) :
review: Approve (release-critical)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/bugs/configure.zcml'
2--- lib/lp/bugs/configure.zcml 2010-03-26 13:48:53 +0000
3+++ lib/lp/bugs/configure.zcml 2010-03-30 10:36:33 +0000
4@@ -583,8 +583,6 @@
5 getDirectSubscribers
6 getDirectSubscriptions
7 getIndirectSubscribers
8- linkBranch
9- unlinkBranch
10 mentoring_offers
11 canMentor
12 isMentor
13@@ -690,6 +688,8 @@
14 markAsDuplicate
15 linkHWSubmission
16 unlinkHWSubmission
17+ linkBranch
18+ unlinkBranch
19 linkAttachment"
20 set_attributes="
21 activity initial_message
22
23=== modified file 'lib/lp/bugs/doc/bug-branch.txt'
24--- lib/lp/bugs/doc/bug-branch.txt 2009-08-13 15:12:16 +0000
25+++ lib/lp/bugs/doc/bug-branch.txt 2010-03-30 10:36:33 +0000
26@@ -66,14 +66,12 @@
27 >>> branch = getUtility(IBranchLookup).get(1)
28 >>> bug_branch_three = bug.linkBranch(branch, user)
29
30-
31-If we make the bug private, no-priv won't be allowed to edit neither the
32-bug nor the BugBranch.
33+If we make the bug private, no-priv won't be allowed to edit either
34+the bug or the BugBranch.
35
36 >>> login('foo.bar@canonical.com')
37 >>> bug.setPrivate(True, getUtility(ILaunchBag).user)
38 True
39-
40 >>> login('no-priv@canonical.com')
41
42 >>> bug.description = 'Yet another description.'
43@@ -81,9 +79,35 @@
44 ...
45 Unauthorized:...
46
47+ >>> bug.unlinkBranch(branch, getUtility(ILaunchBag).user)
48+ Traceback (most recent call last):
49+ ...
50+ Unauthorized:...
51+
52+ >>> another_branch = factory.makeAnyBranch()
53+ >>> bug.linkBranch(another_branch, getUtility(ILaunchBag).user)
54+ Traceback (most recent call last):
55+ ...
56+ Unauthorized:...
57+
58 >>> login('foo.bar@canonical.com')
59 >>> bug.setPrivate(False, getUtility(ILaunchBag).user)
60 True
61+
62+Likewise, anonymous users cannot link or unlink branches.
63+
64+ >>> login(ANONYMOUS)
65+
66+ >>> bug.unlinkBranch(branch, getUtility(ILaunchBag).user)
67+ Traceback (most recent call last):
68+ ...
69+ Unauthorized:...
70+
71+ >>> bug.linkBranch(another_branch, getUtility(ILaunchBag).user)
72+ Traceback (most recent call last):
73+ ...
74+ Unauthorized:...
75+
76 >>> login('no-priv@canonical.com')
77
78 You can unlink a branch from a bug using unlinkBranch().
79
80=== modified file 'lib/lp/code/browser/tests/test_branchlisting.py'
81--- lib/lp/code/browser/tests/test_branchlisting.py 2009-11-06 21:06:38 +0000
82+++ lib/lp/code/browser/tests/test_branchlisting.py 2010-03-30 10:36:33 +0000
83@@ -26,7 +26,8 @@
84 from lp.registry.model.person import Owner
85 from lp.registry.model.product import Product
86 from lp.registry.interfaces.pocket import PackagePublishingPocket
87-from lp.testing import TestCase, TestCaseWithFactory, time_counter
88+from lp.testing import (
89+ TestCase, TestCaseWithFactory, login_person, time_counter)
90 from lp.testing.views import create_initialized_view
91 from canonical.launchpad.webapp import canonical_url
92 from canonical.launchpad.webapp.servers import LaunchpadTestRequest
93@@ -98,6 +99,9 @@
94
95 def setUp(self):
96 TestCaseWithFactory.setUp(self)
97+ self.user = self.factory.makePerson()
98+ login_person(self.user)
99+
100 self.barney = self.factory.makePerson(name='barney')
101 self.bambam = self.factory.makeProduct(name='bambam')
102
103
104=== modified file 'lib/lp/code/model/tests/test_branch.py'
105--- lib/lp/code/model/tests/test_branch.py 2010-03-18 17:49:21 +0000
106+++ lib/lp/code/model/tests/test_branch.py 2010-03-30 10:36:33 +0000
107@@ -1732,6 +1732,7 @@
108 def setUp(self):
109 TestCaseWithFactory.setUp(self)
110 self.user = self.factory.makePerson()
111+ login_person(self.user)
112
113 def test_bug_link(self):
114 # Branches can be linked to bugs through the Branch interface.
115
116=== modified file 'lib/lp/code/model/tests/test_branchmergeproposals.py'
117--- lib/lp/code/model/tests/test_branchmergeproposals.py 2010-03-04 16:44:23 +0000
118+++ lib/lp/code/model/tests/test_branchmergeproposals.py 2010-03-30 10:36:33 +0000
119@@ -1146,6 +1146,11 @@
120
121 layer = DatabaseFunctionalLayer
122
123+ def setUp(self):
124+ TestCaseWithFactory.setUp(self)
125+ self.user = self.factory.makePerson()
126+ login_person(self.user)
127+
128 def test_related_bugs_includes_source_bugs(self):
129 """related_bugs includes bugs linked to the source branch."""
130 bmp = self.factory.makeBranchMergeProposal()
131
132=== modified file 'lib/lp/code/windmill/tests/test_branch_popupdiff.py'
133--- lib/lp/code/windmill/tests/test_branch_popupdiff.py 2010-02-01 18:37:00 +0000
134+++ lib/lp/code/windmill/tests/test_branch_popupdiff.py 2010-03-30 10:36:33 +0000
135@@ -12,11 +12,12 @@
136 import windmill
137
138 from canonical.launchpad.windmill.testing.constants import PAGE_LOAD
139-from canonical.launchpad.windmill.testing.lpuser import login_person
140+from canonical.launchpad.windmill.testing.lpuser import (
141+ login_person as windmill_login_person)
142 from lp.bugs.windmill.testing import BugsWindmillLayer
143 from lp.code.tests.helpers import make_erics_fooix_project
144 from lp.code.windmill.testing import CodeWindmillLayer
145-from lp.testing import WindmillTestCase
146+from lp.testing import WindmillTestCase, login_person
147
148
149 POPUP_DIFF = (
150@@ -81,6 +82,11 @@
151 layer = BugsWindmillLayer
152 name = "Bug popup diffs"
153
154+ def setUp(self):
155+ WindmillTestCase.setUp(self)
156+ self.user = self.factory.makePerson()
157+ login_person(self.user)
158+
159 def test_bug_popup_diff(self):
160 """Test bug page diff popups."""
161 client = self.client
162@@ -114,7 +120,7 @@
163 bug = self.factory.makeBug(product=objs['fooix'])
164 transaction.commit()
165
166- login_person(objs['eric'], "test", client)
167+ windmill_login_person(objs['eric'], "test", client)
168
169 start_url = (windmill.settings['TEST_URL'] + 'bugs/%d' % bug.id)
170 client.open(url=start_url)

Subscribers

People subscribed via source and target branches

to status/vote changes: