Launchpad itself

Merge lp:~cprov/launchpad/bug-409208-ppa-search-permissions into lp:launchpad

  1. bug-409208-ppa-search-permissions
  2. Merge into devel
Proposed by Celso Providelo
Status: Merged
Merged at revision: not available
Proposed branch: lp:~cprov/launchpad/bug-409208-ppa-search-permissions
Merge into: lp:launchpad
Diff against target: None lines
To merge this branch: bzr merge lp:~cprov/launchpad/bug-409208-ppa-search-permissions
Reviewer Review Type Date Requested Status
Michael Nelson (community) Approve
Review via email: mp+10077@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Celso Providelo (cprov) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

= Summary =

This branch fixes https://bugs.edge.launchpad.net/bugs/409208, when disabled PPAs were leaking in the PPA search results.

Since https://bugs.edge.launchpad.net/bugs/367796 (devel r9015) only owners can view disabled PPAs.

== Proposed fix ==

The fix it trivial, simply filters out disabled PPAs from the search results

== Tests ==

./bin/test -vv -t package-cache.txt

== Demo and Q/A ==

1. As foo.bar disable Celso PPA (~cprov/+archive/+ppa)

2. Yet as 'foo.bar' search for PPAs matching 'cprov' in ubuntu/+ppas, you will be able to see it.

3. As anonymous or 'no-priv' repeat the search and you will get nothing.

= Launchpad lint =

Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.

Linting changed files:
  lib/lp/soyuz/doc/package-cache.txt
  lib/lp/registry/model/distribution.py
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqDdNAACgkQ7KBXuXyZSjDNlACdFMQBI9HNQIiM2YOR/o86o2EW
G48AoIjaXSKjgC5djvyXpL+kRt9dciSo
=oBIT
-----END PGP SIGNATURE-----

Revision history for this message
Michael Nelson (michael.nelson) wrote :

Great work Celso! The doc test changes document the nuance very well.

My only thought was whether it is worth a comment above the switchDbUser just letting the reader know why it is necessary (for permission on TeamParticipation?).

Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/registry/model/distribution.py'
2--- lib/lp/registry/model/distribution.py 2009-08-03 13:00:37 +0000
3+++ lib/lp/registry/model/distribution.py 2009-08-13 01:58:22 +0000
4@@ -1228,7 +1228,7 @@
5 if user is not None:
6 if not user.inTeam(getUtility(ILaunchpadCelebrities).admin):
7 clauses.append("""
8- (Archive.private = FALSE OR
9+ ((Archive.private = FALSE AND Archive.enabled = TRUE) OR
10 Archive.owner = %s OR
11 %s IN (SELECT TeamParticipation.person
12 FROM TeamParticipation
13@@ -1237,7 +1237,8 @@
14 )
15 """ % sqlvalues(user, user, user))
16 else:
17- clauses.append("Archive.private = FALSE")
18+ clauses.append(
19+ "Archive.private = FALSE AND Archive.enabled = TRUE")
20
21
22 query = ' AND '.join(clauses)
23
24=== modified file 'lib/lp/soyuz/doc/package-cache.txt'
25--- lib/lp/soyuz/doc/package-cache.txt 2009-08-03 13:00:37 +0000
26+++ lib/lp/soyuz/doc/package-cache.txt 2009-08-13 01:58:22 +0000
27@@ -715,6 +715,9 @@
28 ... archive.sources_cached, source_caches.count())
29 ... print '%d binaries cached [%d]' % (
30 ... archive.binaries_cached, binary_caches.count())
31+ >>> def print_search_results(text, user=None):
32+ ... for ppa in ubuntu.searchPPAs(text, user=user):
33+ ... print ppa.displayname
34
35 >>> rebuild_caches(cprov.archive)
36
37@@ -722,19 +725,55 @@
38 3 sources cached [3]
39 2 binaries cached [2]
40
41-When Celso's PPA gets disabled and the indexes rebuilt, the cache
42-records are removed.
43+ >>> print_search_results('pmount')
44+ PPA for Celso Providelo
45+
46+When Celso's PPA gets disabled, the indexes remain in the DB.
47
48 >>> cprov.archive.enabled = False
49
50+ >>> print_caches(cprov.archive)
51+ 3 sources cached [3]
52+ 2 binaries cached [2]
53+
54+However the disabled PPA is not included in search results for
55+anonymous requests or requests from users with no view permission to
56+Celso's PPA.
57+
58+ >>> commit()
59+ >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
60+
61+ >>> print_search_results('pmount')
62+
63+ >>> no_priv = getUtility(IPersonSet).getByName('no-priv')
64+ >>> print_search_results('pmount', user=no_priv)
65+
66+Only the owner of the PPA can still find it until the changes are
67+removed.
68+
69+ >>> print_search_results('pmount', user=cprov)
70+ PPA for Celso Providelo
71+
72+When indexes rebuilt the cache records are removed and not even the
73+owner is able to find the disabled PPA.
74+
75+ >>> LaunchpadZopelessLayer.switchDbUser(test_dbuser)
76 >>> rebuild_caches(cprov.archive)
77
78 >>> print_caches(cprov.archive)
79 0 sources cached [0]
80 0 binaries cached [0]
81
82+ >>> commit()
83+ >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
84+
85+ >>> print_search_results('pmount', user=cprov)
86+
87+ >>> LaunchpadZopelessLayer.switchDbUser(test_dbuser)
88+
89 If by any chance, the disabled PPA gets re-enabled, the cache records
90-will be re-created when the indexes are rebuilt.
91+will be re-created when the indexes are rebuilt and the ppa becomes
92+publicly searchable again.
93
94 >>> cprov.archive.enabled = True
95
96@@ -744,3 +783,5 @@
97 3 sources cached [3]
98 2 binaries cached [2]
99
100+ >>> print_search_results('cprov')
101+ PPA for Celso Providelo