Launchpad itself

Merge ~cjwatson/launchpad:fix-webhook-visibility-check into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. fix-webhook-visibility-check
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 66452d12be5f00052c264c48dece6222dcfc3fd4
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:fix-webhook-visibility-check
Merge into: launchpad:master
Diff against target: 61 lines (+8/-10)
2 files modified
database/schema/security.cfg (+1/-0)
lib/lp/services/webhooks/model.py (+7/-10)
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+377653@code.launchpad.net

Commit message

Handle DelegatedAuthorization in webhook visibility check

Description of the change

WebhookSet._checkVisibility needs to do a visibility check for the webhook owner, and it previously did this by looking up the relevant security adapter and calling checkAuthentication on it directly. However, this doesn't work for DelegatedAuthorization adapters, since they return an iterator rather than a boolean. Call iter_authorization instead.

This doesn't make any difference right now, but it will matter once there are webhooks for objects that have DelegatedAuthorization-based security adapters.

To post a comment you must log in.
~cjwatson/launchpad:fix-webhook-visibility-check updated
66452d1... by Colin Watson

Grant request-daily-builds SELECT on account

The new approach in WebhookSet._checkVisibility requires that anything
that might dispatch webhooks should have access to the account table in
order to construct a principal. This is fairly harmless, so grant it to
request-daily-builds.

Reported by Ioana Lasc.

Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index 06da0d4..b5d6071 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -801,6 +801,7 @@ type=user
801801
802[request-daily-builds]802[request-daily-builds]
803groups=script803groups=script
804public.account = SELECT
804public.archive = SELECT805public.archive = SELECT
805public.archivepermission = SELECT806public.archivepermission = SELECT
806public.branch = SELECT807public.branch = SELECT
diff --git a/lib/lp/services/webhooks/model.py b/lib/lp/services/webhooks/model.py
index 5aa1723..0c38e8e 100644
--- a/lib/lp/services/webhooks/model.py
+++ b/lib/lp/services/webhooks/model.py
@@ -34,10 +34,7 @@ from storm.properties import (
34from storm.references import Reference34from storm.references import Reference
35from storm.store import Store35from storm.store import Store
36import transaction36import transaction
37from zope.component import (37from zope.component import getUtility
38 getAdapter,
39 getUtility,
40 )
41from zope.interface import (38from zope.interface import (
42 implementer,39 implementer,
43 provider,40 provider,
@@ -45,8 +42,6 @@ from zope.interface import (
45from zope.security.proxy import removeSecurityProxy42from zope.security.proxy import removeSecurityProxy
4643
47from lp.app import versioninfo44from lp.app import versioninfo
48from lp.app.interfaces.security import IAuthorization
49from lp.registry.interfaces.role import IPersonRoles
50from lp.registry.model.person import Person45from lp.registry.model.person import Person
51from lp.services.config import config46from lp.services.config import config
52from lp.services.database.bulk import load_related47from lp.services.database.bulk import load_related
@@ -65,6 +60,8 @@ from lp.services.job.model.job import (
65 )60 )
66from lp.services.job.runner import BaseRunnableJob61from lp.services.job.runner import BaseRunnableJob
67from lp.services.scripts import log62from lp.services.scripts import log
63from lp.services.webapp.authorization import iter_authorization
64from lp.services.webapp.interfaces import IPlacelessAuthUtility
68from lp.services.webhooks.interfaces import (65from lp.services.webhooks.interfaces import (
69 IWebhook,66 IWebhook,
70 IWebhookClient,67 IWebhookClient,
@@ -234,10 +231,10 @@ class WebhookSet:
234 :return: True if the context is visible to the webhook owner,231 :return: True if the context is visible to the webhook owner,
235 otherwise False.232 otherwise False.
236 """233 """
237 roles = IPersonRoles(user)234 authutil = getUtility(IPlacelessAuthUtility)
238 authz = getAdapter(235 return all(iter_authorization(
239 removeSecurityProxy(context), IAuthorization, "launchpad.View")236 removeSecurityProxy(context), "launchpad.View",
240 return authz.checkAuthenticated(roles)237 authutil.getPrincipal(user.accountID), {}))
241238
242 def trigger(self, target, event_type, payload, context=None):239 def trigger(self, target, event_type, payload, context=None):
243 if context is None:240 if context is None:

Subscribers

People subscribed via source and target branches

to status/vote changes: