Launchpad itself

Merge lp:~blr/launchpad/bug-1474592-check-branch-accessibility into lp:launchpad

  1. bug-1474592-check-branch-accessibility
  2. Merge into devel
Proposed by Kit Randel
Status: Merged
Merged at revision: 17631
Proposed branch: lp:~blr/launchpad/bug-1474592-check-branch-accessibility
Merge into: lp:launchpad
Diff against target: 125 lines (+54/-17)
4 files modified
lib/lp/registry/browser/product.py (+12/-14)
lib/lp/registry/browser/productseries.py (+2/-1)
lib/lp/registry/browser/tests/test_product.py (+19/-1)
lib/lp/registry/browser/tests/test_productseries_views.py (+21/-1)
To merge this branch: bzr merge lp:~blr/launchpad/bug-1474592-check-branch-accessibility
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+264787@code.launchpad.net

Commit message

Ensure logged in user has launchpad.View permissions on branch/repo before rendering golang-import meta.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)
Revision history for this message
Kit Randel (blr) wrote :

Inline comment/self review.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'lib/lp/registry/browser/product.py'
--- lib/lp/registry/browser/product.py 2015-07-09 20:06:17 +0000
+++ lib/lp/registry/browser/product.py 2015-07-15 05:08:58 +0000
@@ -1030,24 +1030,22 @@
1030 if self.context.vcs == VCSType.GIT:1030 if self.context.vcs == VCSType.GIT:
1031 repo = getUtility(IGitRepositorySet).getDefaultRepository(1031 repo = getUtility(IGitRepositorySet).getDefaultRepository(
1032 self.context)1032 self.context)
1033 if repo:1033 if check_permission('launchpad.View', repo):
1034 return "{hostname}/{product} git {git_https_url}".format(1034 return "{hostname}/{product} git {git_https_url}".format(
1035 hostname=config.vhost.mainsite.hostname,1035 hostname=config.vhost.mainsite.hostname,
1036 product=self.context.name,1036 product=self.context.name,
1037 git_https_url=repo.git_https_url)1037 git_https_url=repo.git_https_url)
1038 else:1038 elif self.context.vcs == VCSType.BZR:
1039 return None1039 branch = self.context.development_focus.branch
1040 elif (self.context.vcs == VCSType.BZR and1040 if check_permission('launchpad.View', branch):
1041 self.context.development_focus.branch):1041 return (
1042 return (1042 "{hostname}/{product} bzr "
1043 "{hostname}/{product} bzr "1043 "{root_url}{branch}").format(
1044 "{root_url}{branch}").format(1044 hostname=config.vhost.mainsite.hostname,
1045 hostname=config.vhost.mainsite.hostname,1045 root_url=allvhosts.configs['mainsite'].rooturl,
1046 root_url=allvhosts.configs['mainsite'].rooturl,1046 product=self.context.name,
1047 product=self.context.name,1047 branch=branch.unique_name)
1048 branch=self.context.development_focus.branch.unique_name)1048 return None
1049 else:
1050 return None
10511049
1052 def browserLanguages(self):1050 def browserLanguages(self):
1053 return browser_languages(self.request)1051 return browser_languages(self.request)
10541052
=== modified file 'lib/lp/registry/browser/productseries.py'
--- lib/lp/registry/browser/productseries.py 2015-07-08 16:05:11 +0000
+++ lib/lp/registry/browser/productseries.py 2015-07-15 05:08:58 +0000
@@ -385,7 +385,8 @@
385 """Meta string for golang remote import path.385 """Meta string for golang remote import path.
386 See: https://golang.org/cmd/go/#hdr-Remote_import_paths386 See: https://golang.org/cmd/go/#hdr-Remote_import_paths
387 """387 """
388 if self.context.product.vcs == VCSType.BZR and self.context.branch:388 if (self.context.product.vcs == VCSType.BZR and
389 self.user_branch_visible):
389 return (390 return (
390 "{hostname}/{product}/{series} bzr {root_url}{branch}").format(391 "{hostname}/{product}/{series} bzr {root_url}{branch}").format(
391 hostname=config.vhost.mainsite.hostname,392 hostname=config.vhost.mainsite.hostname,
392393
=== modified file 'lib/lp/registry/browser/tests/test_product.py'
--- lib/lp/registry/browser/tests/test_product.py 2015-07-07 22:33:29 +0000
+++ lib/lp/registry/browser/tests/test_product.py 2015-07-15 05:08:58 +0000
@@ -24,7 +24,6 @@
24from lp.app.browser.lazrjs import vocabulary_to_choice_edit_items24from lp.app.browser.lazrjs import vocabulary_to_choice_edit_items
25from lp.app.enums import (25from lp.app.enums import (
26 InformationType,26 InformationType,
27 PROPRIETARY_INFORMATION_TYPES,
28 ServiceUsage,27 ServiceUsage,
29 )28 )
30from lp.code.interfaces.gitrepository import IGitRepositorySet29from lp.code.interfaces.gitrepository import IGitRepositorySet
@@ -369,6 +368,25 @@
369 repo.target.vcs = VCSType.GIT368 repo.target.vcs = VCSType.GIT
370 self.assertIsNone(view.golang_import_spec)369 self.assertIsNone(view.golang_import_spec)
371370
371 def test_golang_meta_no_permissions(self):
372 # ensure golang meta import path is not rendered if user does
373 # not have launchpad.View permissions on branch.
374 simple_user = self.factory.makePerson()
375 owner = self.factory.makePerson()
376 product = self.factory.makeProduct(owner=owner)
377 branch = self.factory.makeBranch(
378 owner=owner, information_type=InformationType.PRIVATESECURITY)
379
380 with person_logged_in(owner):
381 product.development_focus.branch = branch
382 product.vcs = VCSType.BZR
383 view = create_initialized_view(product, '+index')
384 self.assertIsNot(None, view.golang_import_spec)
385
386 with person_logged_in(simple_user):
387 view = create_initialized_view(product, '+index')
388 self.assertIsNone(view.golang_import_spec)
389
372 def test_show_programming_languages_without_languages(self):390 def test_show_programming_languages_without_languages(self):
373 # show_programming_languages is false when there are no programming391 # show_programming_languages is false when there are no programming
374 # languages set.392 # languages set.
375393
=== modified file 'lib/lp/registry/browser/tests/test_productseries_views.py'
--- lib/lp/registry/browser/tests/test_productseries_views.py 2015-07-07 04:20:30 +0000
+++ lib/lp/registry/browser/tests/test_productseries_views.py 2015-07-15 05:08:58 +0000
@@ -70,7 +70,27 @@
70 with person_logged_in(series.product.owner):70 with person_logged_in(series.product.owner):
71 series.product.vcs = VCSType.BZR71 series.product.vcs = VCSType.BZR
7272
73 self.assertEqual(None, view.golang_import_spec)73 self.assertIsNone(view.golang_import_spec)
74
75 def test_golang_meta_no_permissions(self):
76 # ensure golang meta import path is not rendered if user does
77 # not have launchpad.View permissions on branch.
78 owner = self.factory.makePerson()
79 simple_user = self.factory.makePerson()
80 product = self.factory.makeProduct(owner=owner)
81 series = self.factory.makeProductSeries(owner=owner, product=product)
82 branch = self.factory.makeBranch(
83 owner=owner, information_type=InformationType.PRIVATESECURITY)
84
85 with person_logged_in(owner):
86 series.branch = branch
87 series.product.vcs = VCSType.BZR
88 view = create_initialized_view(series, '+index')
89 self.assertIsNot(None, view.golang_import_spec)
90
91 with person_logged_in(simple_user):
92 view = create_initialized_view(series, '+index')
93 self.assertIsNone(view.golang_import_spec)
7494
75 def test_information_type_public(self):95 def test_information_type_public(self):
76 # A ProductSeries view should include its information_type,96 # A ProductSeries view should include its information_type,