Merge lp:~cjwatson/launchpad/copy-allows-queue-admin into lp:launchpad
Status: | Merged |
---|---|
Approved by: | Colin Watson |
Approved revision: | no longer in the source branch. |
Merged at revision: | 15712 |
Proposed branch: | lp:~cjwatson/launchpad/copy-allows-queue-admin |
Merge into: | lp:launchpad |
Diff against target: |
218 lines (+114/-26) 5 files modified
lib/lp/security.py (+2/-13) lib/lp/soyuz/interfaces/archive.py (+5/-4) lib/lp/soyuz/model/archive.py (+13/-3) lib/lp/soyuz/scripts/packagecopier.py (+11/-5) lib/lp/soyuz/tests/test_archive.py (+83/-1) |
To merge this branch: | bzr merge lp:~cjwatson/launchpad/copy-allows-queue-admin |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Benji York (community) | code | Approve | |
Review via email: mp+116731@code.launchpad.net |
Commit message
Allow queue admins to copy packages.
Description of the change
== Summary ==
Bug 1006917: people with queue admin permissions cannot necessarily copy packages; they require upload permissions too. This makes it hard to wean various automated scripts run by ubuntu-archive off direct database access and onto the API, because they have to be given blanket upload access, which makes me feel dirty. If nothing else, certain types of mistakes are harder to make when the permissions are narrower.
== Proposed fix ==
Many of the kinds of things we do with queue admin permissions are associated with copies (e.g. releasing stable updates), so it makes at least a degree of sense to allow those with queue admin permissions to copy packages. We trust all such people in Ubuntu anyway, and I don't think anyone else relies on queue admin permissions.
To attempt to minimise duplication, I beefed up Archive.
== LOC Rationale ==
+88, but this is one of the remaining pieces needed to remove copy-package.py (once this or a similar branch lands, I'll be able to propose a fix for bug 1006871, which is the other piece needed for us to remove our last known reliance on it); and in any case this is more than offset by the -179 in https:/
== Tests ==
bin/test -vvct archive.txt -t test_archiveper
== Demo and Q/A ==
Try copying packages in each of the following cases:
* person with appropriate upload permissions (yes)
* person with appropriate queue admin permissions (yes)
* person with queue admin permissions, but only to the wrong component (no)
* person with neither type of permission (no)
== Lint ==
Just a pre-existing false positive due to pocketlint not understanding property setters:
./lib/lp/
346: redefinition of function 'private' from line 342
The branch looks good.