Launchpad itself

Merge ~cjwatson/launchpad:stricter-blueprint-edit-permissions into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. stricter-blueprint-edit-permissions
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Thiago F. Pappacena
Approved revision: 9deb8d97d6535cd0a8b08e8e7c731f41c0d88635
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:stricter-blueprint-edit-permissions
Merge into: launchpad:master
Diff against target: 44 lines (+4/-4)
2 files modified
lib/lp/blueprints/configure.zcml (+2/-2)
lib/lp/blueprints/tests/test_specification.py (+2/-2)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Thiago F. Pappacena (community) Approve
Review via email: mp+377869@code.launchpad.net

Commit message

Restrict some blueprint edit operations a bit more

Description of the change

AnyAllowedPerson is too open for things that are hard to revert. We should design better per-target permissions for this at some point, but for now at least restrict it to AnyLegitimatePerson to discourage drive-by vandalism.

Compare https://code.launchpad.net/~cjwatson/launchpad/stricter-bug-edit-permissions/+merge/365131.

To post a comment you must log in.
Revision history for this message
Thiago F. Pappacena (pappacena) wrote :

LGTM

review: Approve
Revision history for this message
Ioana Lasc (ilasc) wrote :

Looks good.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/blueprints/configure.zcml b/lib/lp/blueprints/configure.zcml
2index 368c5ee..6279e87 100644
3--- a/lib/lp/blueprints/configure.zcml
4+++ b/lib/lp/blueprints/configure.zcml
5@@ -179,7 +179,7 @@
6 specification may only be changed by people who may also view
7 the specification. -->
8 <require
9- permission="launchpad.AnyAllowedPerson"
10+ permission="launchpad.AnyLegitimatePerson"
11 set_attributes="whiteboard"/>
12 <!-- NB: goals and goalstatus are not to be set directly, it should
13 only be set through the proposeGoal / acceptBy / declineBy
14@@ -201,7 +201,7 @@
15 permission="launchpad.LimitedView"
16 attributes="bugs"/>
17 <require
18- permission="launchpad.AnyAllowedPerson"
19+ permission="launchpad.AnyLegitimatePerson"
20 attributes="linkBug
21 unlinkBug
22 setWorkItems"/>
23diff --git a/lib/lp/blueprints/tests/test_specification.py b/lib/lp/blueprints/tests/test_specification.py
24index 3272b38..8de08c9 100644
25--- a/lib/lp/blueprints/tests/test_specification.py
26+++ b/lib/lp/blueprints/tests/test_specification.py
27@@ -192,7 +192,7 @@ class SpecificationTests(TestCaseWithFactory):
28 'setDefinitionStatus', 'setImplementationStatus', 'setTarget',
29 'transitionToInformationType', 'updateWorkItems')),
30 'launchpad.Driver': set(('acceptBy', 'declineBy')),
31- 'launchpad.AnyAllowedPerson': set((
32+ 'launchpad.AnyLegitimatePerson': set((
33 'unlinkBug', 'linkBug', 'setWorkItems')),
34 }
35 specification = self.factory.makeSpecification()
36@@ -203,7 +203,7 @@ class SpecificationTests(TestCaseWithFactory):
37 def test_set_permissions(self):
38 expected_get_permissions = {
39 'launchpad.Admin': set(('direction_approved', 'priority')),
40- 'launchpad.AnyAllowedPerson': set(('whiteboard', )),
41+ 'launchpad.AnyLegitimatePerson': set(('whiteboard', )),
42 'launchpad.Edit': set((
43 'approver', 'assignee', 'definition_status', 'distribution',
44 'drafter', 'implementation_status', 'man_days', 'milestone',

Subscribers

People subscribed via source and target branches

to status/vote changes: