Launchpad itself

Merge ~cjwatson/launchpad:fix-webhook-visibility-check into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. fix-webhook-visibility-check
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 66452d12be5f00052c264c48dece6222dcfc3fd4
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:fix-webhook-visibility-check
Merge into: launchpad:master
Diff against target: 61 lines (+8/-10)
2 files modified
database/schema/security.cfg (+1/-0)
lib/lp/services/webhooks/model.py (+7/-10)
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+377653@code.launchpad.net

Commit message

Handle DelegatedAuthorization in webhook visibility check

Description of the change

WebhookSet._checkVisibility needs to do a visibility check for the webhook owner, and it previously did this by looking up the relevant security adapter and calling checkAuthentication on it directly. However, this doesn't work for DelegatedAuthorization adapters, since they return an iterator rather than a boolean. Call iter_authorization instead.

This doesn't make any difference right now, but it will matter once there are webhooks for objects that have DelegatedAuthorization-based security adapters.

To post a comment you must log in.
~cjwatson/launchpad:fix-webhook-visibility-check updated
66452d1... by Colin Watson

Grant request-daily-builds SELECT on account

The new approach in WebhookSet._checkVisibility requires that anything
that might dispatch webhooks should have access to the account table in
order to construct a principal. This is fairly harmless, so grant it to
request-daily-builds.

Reported by Ioana Lasc.

Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/database/schema/security.cfg b/database/schema/security.cfg
2index 06da0d4..b5d6071 100644
3--- a/database/schema/security.cfg
4+++ b/database/schema/security.cfg
5@@ -801,6 +801,7 @@ type=user
6
7 [request-daily-builds]
8 groups=script
9+public.account = SELECT
10 public.archive = SELECT
11 public.archivepermission = SELECT
12 public.branch = SELECT
13diff --git a/lib/lp/services/webhooks/model.py b/lib/lp/services/webhooks/model.py
14index 5aa1723..0c38e8e 100644
15--- a/lib/lp/services/webhooks/model.py
16+++ b/lib/lp/services/webhooks/model.py
17@@ -34,10 +34,7 @@ from storm.properties import (
18 from storm.references import Reference
19 from storm.store import Store
20 import transaction
21-from zope.component import (
22- getAdapter,
23- getUtility,
24- )
25+from zope.component import getUtility
26 from zope.interface import (
27 implementer,
28 provider,
29@@ -45,8 +42,6 @@ from zope.interface import (
30 from zope.security.proxy import removeSecurityProxy
31
32 from lp.app import versioninfo
33-from lp.app.interfaces.security import IAuthorization
34-from lp.registry.interfaces.role import IPersonRoles
35 from lp.registry.model.person import Person
36 from lp.services.config import config
37 from lp.services.database.bulk import load_related
38@@ -65,6 +60,8 @@ from lp.services.job.model.job import (
39 )
40 from lp.services.job.runner import BaseRunnableJob
41 from lp.services.scripts import log
42+from lp.services.webapp.authorization import iter_authorization
43+from lp.services.webapp.interfaces import IPlacelessAuthUtility
44 from lp.services.webhooks.interfaces import (
45 IWebhook,
46 IWebhookClient,
47@@ -234,10 +231,10 @@ class WebhookSet:
48 :return: True if the context is visible to the webhook owner,
49 otherwise False.
50 """
51- roles = IPersonRoles(user)
52- authz = getAdapter(
53- removeSecurityProxy(context), IAuthorization, "launchpad.View")
54- return authz.checkAuthenticated(roles)
55+ authutil = getUtility(IPlacelessAuthUtility)
56+ return all(iter_authorization(
57+ removeSecurityProxy(context), "launchpad.View",
58+ authutil.getPrincipal(user.accountID), {}))
59
60 def trigger(self, target, event_type, payload, context=None):
61 if context is None:

Subscribers

People subscribed via source and target branches

to status/vote changes: