Launchpad itself

Merge ~cjwatson/launchpad:db-fix-doc-running into launchpad:db-devel

  1. Git
  2. lp:~cjwatson/launchpad
  3. db-fix-doc-running
  4. Merge into db-devel
Proposed by Colin Watson
Status: Merged
Approved by: Ioana Lasc
Approved revision: d08d8bc71bd34f6b50d6f96a2de347e8adadb847
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:db-fix-doc-running
Merge into: launchpad:db-devel
Diff against target: 115 lines (+37/-27)
2 files modified
doc/index.rst (+2/-1)
doc/security.rst (+35/-26)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Review via email: mp+412488@code.launchpad.net

Commit message

Manually merge from master to fix TestSphinxDocumentation

To post a comment you must log in.
Revision history for this message
Ioana Lasc (ilasc) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/doc/index.rst b/doc/index.rst
2index 1677578..2fa2b59 100644
3--- a/doc/index.rst
4+++ b/doc/index.rst
5@@ -47,7 +47,9 @@ Technical
6 .. toctree::
7 :maxdepth: 1
8
9+ running-details
10 pip
11+ security
12
13 Possibly out-of-date
14 --------------------
15@@ -55,7 +57,6 @@ Possibly out-of-date
16 .. toctree::
17 :maxdepth: 1
18
19- security
20 email
21
22 Other
23diff --git a/doc/security.rst b/doc/security.rst
24index 0ff5d6a..c80dba8 100644
25--- a/doc/security.rst
26+++ b/doc/security.rst
27@@ -10,20 +10,24 @@ This document is about security policy in Launchpad.
28 Defining Permissions in Launchpad
29 ---------------------------------
30
31-**NOTE: A new permission should only be defined if absolutely necessary, and
32-it should be considered thoroughly in a code review.**
33+.. note::
34
35-Occassionally, you'll find yourself in a situation where the existing
36-permissions in Launchpad aren't enough for what you want. For example, as I
37-was writing this document I needed a permission I could attach to things to
38-provide policy for who can view a thing. That is, I wanted a permission called
39-launchpad.View.
40-A new permission (see the NOTE above) is defined in Launchpad in the file
41-lib/canonical/launchpad/permissions.zcml. So, to define the permission
42-launchpad.View, we'd add a line like this to that file:
43+ A new permission should only be defined if absolutely necessary, and it
44+ should be considered thoroughly in a code review.
45
46- <permission id="launchpad.View" title="Viewing something"
47- access_level="read" />
48+Occasionally, you'll find yourself in a situation where the existing
49+permissions in Launchpad aren't enough for what you want. For example, when
50+privacy support was first being added to Launchpad, it required a permission
51+to provide policy for who can view a thing, called ``launchpad.View``.
52+
53+A new permission (see the note above) is defined in Launchpad in the file
54+``lib/lp/permissions.zcml``. So, to define the permission
55+``launchpad.View``, we'd add a line like this to that file:
56+
57+.. code-block:: xml
58+
59+ <permission
60+ id="launchpad.View" title="Viewing something" access_level="read" />
61
62
63 Defining Authorization Policies for Permissions
64@@ -36,25 +40,29 @@ interface.
65 In Launchpad, an authorization policy is expressed through a security adapter.
66 To define a security adapter for a given permission on an interface:
67
68-1. Define the adapter in lib/canonical/launchpad/security.py. Here's a simple
69-example of an adapter that authorizes only an object owner for the
70-launchpad.Edit permission on objects that implement the IHasOwner interface::
71+1. Define the adapter in ``lib/lp/security.py``. Here's a simple example of
72+ an adapter that authorizes only an object owner for the
73+ ``launchpad.Edit`` permission on objects that implement the ``IHasOwner``
74+ interface:
75+
76+.. code-block:: python
77
78 class EditByOwner(AuthorizationBase):
79 permission = 'launchpad.Edit'
80 usedfor = IHasOwner
81
82- def checkAuthenticated(self, person):
83+ def checkAuthenticated(self, user):
84 """Authorize the object owner."""
85- if person.id == self.obj.owner.id:
86- return True
87+ return user.isOwner(self.obj)
88+
89+Read the ``IAuthorization`` interface to ensure that you've defined the
90+adapter appropriately.
91
92-Read the IAuthorization interface to ensure that you've defined the adapter
93-appropriately.
94+2. Declare the permission on a given interface in a ZCML file. So, for the
95+ above adapter, here's how it might be hooked up to ``IProduct``, where
96+ ``IProduct`` is protected with the ``launchpad.Edit`` permission:
97
98-2. Declare the permission on a given interface in a zcml file. So, for the
99-above adapter, here's how it's hooked up to IProduct, where IProduct is
100-protected with the launchpad.Edit permission::
101+.. code-block:: xml
102
103 <class
104 class="lp.registry.model.product.Product">
105@@ -68,6 +76,7 @@ protected with the launchpad.Edit permission::
106 set_attributes="commercial_subscription description"/>
107 </class>
108
109-In this example, the EditByOwner adapter's checkAuthenticated method will be
110-called to determine if the currently authenticated user is authorized to
111-access whatever is protected by launchpad.Edit on an IProduct.
112+In this example, the ``EditByOwner`` adapter's ``checkAuthenticated`` method
113+will be called to determine if the currently authenticated user is
114+authorized to access whatever is protected by ``launchpad.Edit`` on an
115+``IProduct``.

Subscribers

People subscribed via source and target branches

to status/vote changes: