Launchpad itself

Merge lp:~edwin-grubbs/launchpad/bug-451208-subscribing-reveals-email into lp:launchpad

bug-451208-subscribing-reveals-email
Merge into devel

Proposed by Edwin Grubbs on 2010-01-12

Status:

Merged

Merged at revision:

not available

Proposed branch:

lp:~edwin-grubbs/launchpad/bug-451208-subscribing-reveals-email

Merge into:

lp:launchpad

Diff against target:

1808 lines (+788/-258)

16 files modified

lib/canonical/launchpad/browser/vocabulary.py (+5/-1)
lib/canonical/launchpad/doc/vocabularies.txt (+8/-5)
lib/canonical/launchpad/doc/vocabulary-json.txt (+20/-0)
lib/canonical/launchpad/vocabularies/configure.zcml (+297/-86)
lib/canonical/launchpad/vocabularies/dbobjects.py (+5/-3)
lib/canonical/launchpad/webapp/configure.zcml (+1/-0)
lib/canonical/launchpad/webapp/metazcml.py (+7/-2)
lib/canonical/launchpad/zcml/binaryandsourcepackagename.zcml (+13/-2)
lib/lp/answers/configure.zcml (+9/-2)
lib/lp/answers/doc/faq-vocabulary.txt (+2/-1)
lib/lp/registry/doc/vocabularies.txt (+57/-56)
lib/lp/registry/vocabularies.zcml (+304/-95)
lib/lp/services/tests/test_vocabularies.py (+37/-0)
lib/lp/services/worlddata/vocabularies.zcml (+5/-2)
lib/lp/soyuz/configure.zcml (+16/-2)
lib/lp/soyuz/interfaces/binarypackagename.py (+2/-1)

To merge this branch:

bzr merge lp:~edwin-grubbs/launchpad/bug-451208-subscribing-reveals-email

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Guilherme Salgado (community)	code	2010-01-12	Approve on 2010-01-18
Canonical Launchpad Engineering	code	2010-01-12	Pending
Review via email: mp+17261@code.launchpad.net

Edwin Grubbs (edwin-grubbs) wrote on 2010-01-12:

Summary
-------

Registered all the Launchpad vocabularies with <securedutility>
instead of <utility> so that it will not be possible to get
a db object without a security proxy.

This required an <allow> block on each utility to allow
access to the __call__ method on the vocabulary class (IVocabularyFactory).

The vocabulary objects required a <class> directive with
<allow interface=IHugeVocabulary>.

Some vocabulary factories were actually functions, such as
BugNominatableSeriesVocabulary, which would actually return either
BugNominatableProductSeriesVocabulary or BugNominatableDistroSeriesVocabulary
objects.

Implementation details
----------------------

New tests:
lib/lp/services/tests/test_vocabularies.py
lib/canonical/launchpad/doc/vocabulary-json.txt

Indicate in the picker widget when email address is hidden.
lib/canonical/launchpad/browser/vocabulary.py

Some vocabularies need to get the IBinaryAndSourcePackageName.id
attribute from objects that were passed in from widgets, so they
are already security proxied.
lib/lp/soyuz/interfaces/binarypackagename.py

Fixed tests that broke since they were accessing methods that
should not be exposed through the security proxy.
    lib/canonical/launchpad/doc/vocabularies.txt
    lib/lp/answers/doc/faq-vocabulary.txt
    lib/lp/registry/doc/vocabularies.txt

Since vocabularies must be registered with a name parameter,
the <securedutility> directive needed to be updated to pass
this along to the underlying <utility>.
lib/canonical/launchpad/webapp/metazcml.py

Added BugNominatableDistroSeriesVocabulary and
BugNominatableProductSeriesVocabulary to __all__.
lib/canonical/launchpad/vocabularies/dbobjects.py

ICountableIterator defines a __getitem__ method that provides
the __getslice__ functionality.
lib/canonical/launchpad/webapp/configure.zcml

Somewhat interesting zcml changes:
lib/canonical/launchpad/zcml/binaryandsourcepackagename.zcml
lib/lp/soyuz/configure.zcml

The changes for SimpleVocabulary, SimpleTerm, and
BugNominatable*SeriesVocabulary are the only parts of note among the
many changes in this file.
lib/canonical/launchpad/vocabularies/configure.zcml

TimezoneNameVocabulary is just a function that returns a
SimpleVocabulary, so it doesn't need any <class> directives.
lib/lp/services/worlddata/vocabularies.zcml

Uninteresting bulk changes to use <securedutility>:
lib/lp/answers/configure.zcml
lib/lp/registry/vocabularies.zcml

Tests
-----

./bin/test -vv -t 'test_vocabularies|vocabulary-json.txt'

Demo and Q/A
------------

* Open https://launchpad.dev/people/+requestmerge
  * Click on "Choose" to bring up the picker.
  * Search for "name12".
  * The email address should be hidden.

Guilherme Salgado (salgado) wrote on 2010-01-15:

Download full text (9.1 KiB)

> === modified file 'lib/canonical/launchpad/webapp/configure.zcml'
> --- lib/canonical/launchpad/webapp/configure.zcml 2009-11-18 00:22:41 +0000
> +++ lib/canonical/launchpad/webapp/configure.zcml 2010-01-12 22:36:26 +0000
> @@ -809,6 +809,7 @@
>
> <class class="canonical.launchpad.webapp.vocabulary.CountableIterator">
> <allow interface="canonical.launchpad.webapp.vocabulary.ICountableIterator" />
> + <allow attributes="__getslice__"/>

Wouldn't it make sense to add __getslice__ to CountableIterator?

> </class>
>
> <class class="canonical.launchpad.webapp.vocabulary.BatchedCountableIterator">
>
> === modified file 'lib/lp/registry/doc/vocabularies.txt'
> --- lib/lp/registry/doc/vocabularies.txt 2009-12-24 01:41:54 +0000
> +++ lib/lp/registry/doc/vocabularies.txt 2010-01-12 22:36:26 +0000
> @@ -20,7 +20,9 @@
> The active mailing lists vocabulary matches and returns only those mailing
> lists which are active.
>
> - >>> list_vocabulary = vocabulary_registry.get(None, 'ActiveMailingList')
> + >>> from zope.security.proxy import removeSecurityProxy
> + >>> list_vocabulary = removeSecurityProxy(
> + ... vocabulary_registry.get(None, 'ActiveMailingList'))
> >>> from canonical.launchpad.webapp.testing import verifyObject
> >>> from canonical.launchpad.webapp.vocabulary import IHugeVocabulary
> >>> verifyObject(IHugeVocabulary, list_vocabulary)
> @@ -203,6 +205,7 @@
> u'The Hoary Hedgehog Release'
>
> >>> def getTerms(vocab, search_text):
> + ... vocab = removeSecurityProxy(vocab)
> ... [vocab.toTerm(item) for item in vocab.search(search_text)]
>
> >>> getTerms(distroseries_vocabulary, 'woody')
> @@ -508,7 +511,8 @@
>
> The list of selectable projects. The results are ordered by displayname.
>
> - >>> project_vocabulary = vocabulary_registry.get(None, "Project")
> + >>> project_vocabulary = removeSecurityProxy(
> + ... vocabulary_registry.get(None, "Project"))

I think we wought to have a wrapper around vocabulary_registry.get() to remove
the security proxy of the vocab before returning. Something like

def get_naked_vocab(context, name):
return removeSecurityProxy(vocab_registry.get(context, name))

That way we don't have to repeat the removeSecurityProxy() call in all the
places we call vocabulary_registry.get.

> >>> project_vocabulary.displayname
> 'Select a project group'
>
> @@ -542,7 +546,8 @@
>
> The list of selectable products. Results are ordered by displayname.
>
> - >>> product_vocabulary = vocabulary_registry.get(None, "Product")
> + >>> product_vocabulary = removeSecurityProxy(
> + ... vocabulary_registry.get(None, "Product"))
> >>> product_vocabulary.displayname
> 'Select a project'
>
> @@ -583,8 +588,8 @@
>
> The list of selectable products releases.
>
> - >>> productrelease_vocabulary = vocabulary_registry.get(None,
> - ... "ProductRelease")
> + >>> productrelease_vocabulary = removeSecurityProxy(
> + ... vocabulary_registry.get(None, "ProductRelease"))
> >>> productrelease_vocabular...

review: Needs Fixing (code)

Edwin Grubbs (edwin-grubbs) wrote on 2010-01-15:

Download full text (30.9 KiB)

> > === modified file 'lib/canonical/launchpad/webapp/configure.zcml'
> > --- lib/canonical/launchpad/webapp/configure.zcml 2009-11-18 00:22:41
> +0000
> > +++ lib/canonical/launchpad/webapp/configure.zcml 2010-01-12 22:36:26
> +0000
> > @@ -809,6 +809,7 @@
> >
> > <class class="canonical.launchpad.webapp.vocabulary.CountableIterator">
> > <allow
> interface="canonical.launchpad.webapp.vocabulary.ICountableIterator" />
> > + <allow attributes="__getslice__"/>
>
> Wouldn't it make sense to add __getslice__ to CountableIterator?

Gary had recommended that I add __getslice__ to the zcml instead of the interface
since this is a security concern and not a method that implementors of ICountableIterator
need to create.

> > </class>
> >
> > <class
> class="canonical.launchpad.webapp.vocabulary.BatchedCountableIterator">
> >
> > === modified file 'lib/lp/registry/doc/vocabularies.txt'
> > --- lib/lp/registry/doc/vocabularies.txt 2009-12-24 01:41:54 +0000
> > +++ lib/lp/registry/doc/vocabularies.txt 2010-01-12 22:36:26 +0000
> > @@ -20,7 +20,9 @@
> > The active mailing lists vocabulary matches and returns only those mailing
> > lists which are active.
> >
> > - >>> list_vocabulary = vocabulary_registry.get(None,
> 'ActiveMailingList')
> > + >>> from zope.security.proxy import removeSecurityProxy
> > + >>> list_vocabulary = removeSecurityProxy(
> > + ... vocabulary_registry.get(None, 'ActiveMailingList'))
> > >>> from canonical.launchpad.webapp.testing import verifyObject
> > >>> from canonical.launchpad.webapp.vocabulary import IHugeVocabulary
> > >>> verifyObject(IHugeVocabulary, list_vocabulary)
> > @@ -203,6 +205,7 @@
> > u'The Hoary Hedgehog Release'
> >
> > >>> def getTerms(vocab, search_text):
> > + ... vocab = removeSecurityProxy(vocab)
> > ... [vocab.toTerm(item) for item in vocab.search(search_text)]
> >
> > >>> getTerms(distroseries_vocabulary, 'woody')
> > @@ -508,7 +511,8 @@
> >
> > The list of selectable projects. The results are ordered by displayname.
> >
> > - >>> project_vocabulary = vocabulary_registry.get(None, "Project")
> > + >>> project_vocabulary = removeSecurityProxy(
> > + ... vocabulary_registry.get(None, "Project"))
>
> I think we wought to have a wrapper around vocabulary_registry.get() to remove
> the security proxy of the vocab before returning. Something like
>
> def get_naked_vocab(context, name):
> return removeSecurityProxy(vocab_registry.get(context, name))
>
> That way we don't have to repeat the removeSecurityProxy() call in all the
> places we call vocabulary_registry.get.

Done.

> > >>> project_vocabulary.displayname
> > 'Select a project group'
> >
> > @@ -542,7 +546,8 @@
> >
> > The list of selectable products. Results are ordered by displayname.
> >
> > - >>> product_vocabulary = vocabulary_registry.get(None, "Product")
> > + >>> product_vocabulary = removeSecurityProxy(
> > + ... vocabulary_registry.get(None, "Product"))
> > >>> product_vocabulary.displayname
> > 'Select a project'
> >
> > @@ -583,8 +588,8 @@
> >
> > The list of sel...

Guilherme Salgado (salgado) wrote on 2010-01-18:

Just add a comment explaining why we need the "vocab.__module__[:5] != 'zope.'" check in the test and it's good to go. Nice work!

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to status/vote changes:

Tzaddi

Tzaddi Belding

Launchpad itself

Merge lp:~edwin-grubbs/launchpad/bug-451208-subscribing-reveals-email into lp:launchpad

Commit Message

Description of the Change

Preview Diff

Subscribers

 === modified file 'lib/canonical/launchpad/browser/vocabulary.py'
 --- lib/canonical/launchpad/browser/vocabulary.py	2010-01-11 17:47:52 +0000
 +++ lib/canonical/launchpad/browser/vocabulary.py	2010-01-18 21:51:20 +0000
@@ -23,6 +23,7 @@
  from zope.component.interfaces import ComponentLookupError
  from zope.interface import Attribute, implements, Interface
  from zope.app.form.interfaces import MissingInputError
++from zope.security.interfaces import Unauthorized
  from lazr.restful.interfaces import IWebServiceClientRequest
@@ -83,7 +84,10 @@
      """Adapts IPerson to IPickerEntry."""
      extra = default_pickerentry_adapter(person)
      if person.preferredemail is not None:
--        extra.description = person.preferredemail.email
++        try:
++            extra.description = person.preferredemail.email
++        except Unauthorized:
++            extra.description = '<email address hidden>'
      return extra
  @implementer(IPickerEntry)
 === modified file 'lib/canonical/launchpad/doc/vocabularies.txt'
 --- lib/canonical/launchpad/doc/vocabularies.txt	2009-10-26 18:40:04 +0000
 +++ lib/canonical/launchpad/doc/vocabularies.txt	2010-01-18 21:51:20 +0000
@@ -43,7 +43,11 @@
  vocabulary registry.
      >>> from zope.schema.vocabulary import getVocabularyRegistry
++    >>> from zope.security.proxy import removeSecurityProxy
      >>> vocabulary_registry = getVocabularyRegistry()
++    >>> def get_naked_vocab(context, name):
++    ...     return removeSecurityProxy(
++    ...         vocabulary_registry.get(context, name))
      >>> product_vocabulary = vocabulary_registry.get(None, "Product")
      >>> product_vocabulary.displayname
      'Select a project'
@@ -56,7 +60,7 @@
  All the distributions that use Malone as their main bug tracker.
--    >>> using_malone_vocabulary = vocabulary_registry.get(
++    >>> using_malone_vocabulary = get_naked_vocab(
      ...     None, 'DistributionUsingMalone')
      >>> len(using_malone_vocabulary)
@@ -358,7 +362,7 @@
  concerned).
      # Just use None as the context.
--    >>> branch_vocabulary = vocabulary_registry.get(None, "Branch")
++    >>> branch_vocabulary = get_naked_vocab(None, "Branch")
      >>> def print_vocab_branches(vocab, search):
      ...     for term in vocab.searchForTerms(search):
      ...         print term.value.unique_name
@@ -639,8 +643,7 @@
  that matches the search string. The string is matched against the name,
  or fallbacks to a full text search.
--    >>> vocab = vocabulary_registry.get(
--    ...     spec_a, "SpecificationDepCandidates")
++    >>> vocab = get_naked_vocab(spec_a, "SpecificationDepCandidates")
      >>> list(vocab.search('spec-b')) == [spec_b]
      True
      >>> list(vocab.search('third')) == [spec_c]
@@ -664,7 +667,7 @@
      >>> from canonical.launchpad.webapp.testing import verifyObject
      >>> from canonical.launchpad.webapp.vocabulary import IHugeVocabulary
--    >>> vocabulary = vocabulary_registry.get(None, 'PPA')
++    >>> vocabulary = get_naked_vocab(None, 'PPA')
      >>> verifyObject(IHugeVocabulary, vocabulary)
      True
 === modified file 'lib/canonical/launchpad/doc/vocabulary-json.txt'
 --- lib/canonical/launchpad/doc/vocabulary-json.txt	2009-07-28 13:48:07 +0000
 +++ lib/canonical/launchpad/doc/vocabulary-json.txt	2010-01-18 21:51:20 +0000
@@ -121,3 +121,23 @@
          ],
          "total_size": 1
+     }
++
++Hidden email addresses should also be hidden when IPerson objects are
++retrieved through vocabularies.
++
++    >>> form = dict(name='ValidPersonOrTeam', search_text='name12',
++    ...             start='0', batch='1')
++    >>> view = create_vocabulary_view(form)
++    >>> print_json(view())
++    {
++        "entries": [
++            {
++                "api_uri": "/~name12",
++                "css": "sprite person",
++                "description": "<email address hidden>",
++                "title": "Sample Person",
++                "value": "name12"
++            }
++        ],
++        "total_size": 1
++    }
 === modified file 'lib/canonical/launchpad/vocabularies/configure.zcml'
 --- lib/canonical/launchpad/vocabularies/configure.zcml	2009-10-26 18:40:04 +0000
 +++ lib/canonical/launchpad/vocabularies/configure.zcml	2010-01-18 21:51:20 +0000
@@ -4,177 +4,388 @@
  <configure xmlns="http://namespaces.zope.org/zope">
--  <utility
++  <class class="zope.schema.vocabulary.SimpleVocabulary">
++    <allow interface="zope.schema.interfaces.IVocabularyTokenized"/>
++  </class>
++
++  <class class="zope.schema.vocabulary.SimpleTerm">
++    <allow interface="zope.schema.interfaces.ITitledTokenizedTerm"/>
++  </class>
++
++  <securedutility
      name="Branch"
      component="canonical.launchpad.vocabularies.BranchVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.BranchVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="HostedBranchRestrictedOnOwner"
      component="canonical.launchpad.vocabularies.HostedBranchRestrictedOnOwnerVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.HostedBranchRestrictedOnOwnerVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="BranchRestrictedOnProduct"
      component="canonical.launchpad.vocabularies.BranchRestrictedOnProductVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.BranchRestrictedOnProductVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="Bug"
      component="canonical.launchpad.vocabularies.BugVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.BugVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="BugNominatableSeries"
      component="canonical.launchpad.vocabularies.BugNominatableSeriesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.BugNominatableProductSeriesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++  <class class="canonical.launchpad.vocabularies.BugNominatableDistroSeriesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="BugTracker"
      component="canonical.launchpad.vocabularies.BugTrackerVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.BugTrackerVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="BugWatch"
      component="canonical.launchpad.vocabularies.BugWatchVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.BugWatchVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
        name="Component"
        component="canonical.launchpad.vocabularies.ComponentVocabulary"
        provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.ComponentVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
        name="CountryName"
        component="canonical.launchpad.vocabularies.CountryNameVocabulary"
        provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.CountryNameVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="DistributionUsingMalone"
      component="canonical.launchpad.vocabularies.DistributionUsingMaloneVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.DistributionUsingMaloneVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="FilteredDeltaLanguagePack"
      component="canonical.launchpad.vocabularies.FilteredDeltaLanguagePackVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--   <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.FilteredDeltaLanguagePackVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++   <securedutility
      name="FilteredDistroArchSeries"
      component="canonical.launchpad.vocabularies.FilteredDistroArchSeriesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++     <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++   </securedutility>
++
++   <class class="canonical.launchpad.vocabularies.FilteredDistroArchSeriesVocabulary">
++     <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++   </class>
++
++
++  <securedutility
      name="FilteredFullLanguagePack"
      component="canonical.launchpad.vocabularies.FilteredFullLanguagePackVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.FilteredFullLanguagePackVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="FilteredLanguagePack"
      component="canonical.launchpad.vocabularies.FilteredLanguagePackVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.FilteredLanguagePackVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="FutureSprint"
      component="canonical.launchpad.vocabularies.FutureSprintVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.FutureSprintVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="Language"
      component="canonical.launchpad.vocabularies.LanguageVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.LanguageVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="TranslatableLanguage"
      component="canonical.launchpad.vocabularies.TranslatableLanguageVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.TranslatableLanguageVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="PackageRelease"
      component="canonical.launchpad.vocabularies.PackageReleaseVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.PackageReleaseVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="PPA"
      component="canonical.launchpad.vocabularies.PPAVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.PPAVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ProjectProductsUsingMalone"
      component="canonical.launchpad.vocabularies.project_products_using_malone_vocabulary_factory"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++
++  <securedutility
      name="Specification"
      component="canonical.launchpad.vocabularies.SpecificationVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.SpecificationVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="SpecificationDependencies"
      component="canonical.launchpad.vocabularies.SpecificationDependenciesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.SpecificationDependenciesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="SpecificationDepCandidates"
      component="canonical.launchpad.vocabularies.SpecificationDepCandidatesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.SpecificationDepCandidatesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="Sprint"
      component="canonical.launchpad.vocabularies.SprintVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.SprintVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="TranslationGroup"
      component="canonical.launchpad.vocabularies.TranslationGroupVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.TranslationGroupVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="TranslationMessage"
      component="canonical.launchpad.vocabularies.TranslationMessageVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.TranslationMessageVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="TranslationTemplate"
      component="canonical.launchpad.vocabularies.TranslationTemplateVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.TranslationTemplateVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="Processor"
      component="canonical.launchpad.vocabularies.ProcessorVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.ProcessorVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ProcessorFamily"
      component="canonical.launchpad.vocabularies.ProcessorFamilyVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="canonical.launchpad.vocabularies.ProcessorFamilyVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
  </configure>
 === modified file 'lib/canonical/launchpad/vocabularies/dbobjects.py'
 --- lib/canonical/launchpad/vocabularies/dbobjects.py	2009-10-26 18:40:04 +0000
 +++ lib/canonical/launchpad/vocabularies/dbobjects.py	2010-01-18 21:51:20 +0000
@@ -10,9 +10,10 @@
  __metaclass__ = type
  __all__ = [
--    'HostedBranchRestrictedOnOwnerVocabulary',
      'BranchRestrictedOnProductVocabulary',
      'BranchVocabulary',
++    'BugNominatableDistroSeriesVocabulary',
++    'BugNominatableProductSeriesVocabulary',
      'BugNominatableSeriesVocabulary',
      'BugTrackerVocabulary',
      'BugVocabulary',
@@ -25,11 +26,13 @@
      'FilteredFullLanguagePackVocabulary',
      'FilteredLanguagePackVocabulary',
      'FutureSprintVocabulary',
++    'HostedBranchRestrictedOnOwnerVocabulary',
      'LanguageVocabulary',
++    'PackageReleaseVocabulary',
      'PPAVocabulary',
--    'PackageReleaseVocabulary',
      'ProcessorFamilyVocabulary',
      'ProcessorVocabulary',
++    'project_products_using_malone_vocabulary_factory',
      'SpecificationDepCandidatesVocabulary',
      'SpecificationDependenciesVocabulary',
      'SpecificationVocabulary',
@@ -39,7 +42,6 @@
      'TranslationMessageVocabulary',
      'TranslationTemplateVocabulary',
      'WebBugTrackerVocabulary',
--    'project_products_using_malone_vocabulary_factory',
+     ]
  import cgi
 === modified file 'lib/canonical/launchpad/webapp/configure.zcml'
 --- lib/canonical/launchpad/webapp/configure.zcml	2010-01-13 13:23:20 +0000
 +++ lib/canonical/launchpad/webapp/configure.zcml	2010-01-18 21:51:20 +0000
@@ -815,6 +815,7 @@
      <class class="canonical.launchpad.webapp.vocabulary.CountableIterator">
        <allow interface="canonical.launchpad.webapp.vocabulary.ICountableIterator" />
++      <allow attributes="__getslice__"/>
      </class>
      <class class="canonical.launchpad.webapp.vocabulary.BatchedCountableIterator">
 === modified file 'lib/canonical/launchpad/webapp/metazcml.py'
 --- lib/canonical/launchpad/webapp/metazcml.py	2009-10-21 13:11:48 +0000
 +++ lib/canonical/launchpad/webapp/metazcml.py	2010-01-18 21:51:20 +0000
@@ -75,6 +75,8 @@
      component = GlobalObject(title=u'component', required=False)
++    name = TextLine(title=u"Name", required=False)
++
  class PermissionCollectingContext:
@@ -97,7 +99,8 @@
  class SecuredUtilityDirective:
--    def __init__(self, _context, provides, class_=None, component=None):
++    def __init__(self, _context, provides, class_=None, component=None,
++                 name=''):
          if class_ is not None:
              assert component is None, "Both class and component specified"
              self.component = class_()
@@ -107,6 +110,7 @@
              self.component = component
          self._context = _context
          self.provides = provides
++        self.name = name
          self.permission_collector = PermissionCollectingContext()
          self.contentdirective = ClassDirective(
              self.permission_collector, class_)
@@ -127,7 +131,8 @@
              self.permission_collector.set_permissions
+             )
          component = ProxyFactory(self.component, checker=checker)
--        utility(self._context, self.provides, component=component)
++        utility(self._context, self.provides, component=component,
++                name=self.name)
          return ()
 === modified file 'lib/canonical/launchpad/zcml/binaryandsourcepackagename.zcml'
 --- lib/canonical/launchpad/zcml/binaryandsourcepackagename.zcml	2009-07-13 18:15:02 +0000
 +++ lib/canonical/launchpad/zcml/binaryandsourcepackagename.zcml	2010-01-18 21:51:20 +0000
@@ -15,11 +15,22 @@
          <allow interface="canonical.launchpad.interfaces.IBinaryAndSourcePackageName" />
      </class>
--    <utility
++    <class class="canonical.launchpad.database.binaryandsourcepackagename.BinaryAndSourcePackageNameIterator">
++        <allow interface="canonical.launchpad.webapp.vocabulary.ICountableIterator" />
++    </class>
++
++    <securedutility
        name="BinaryAndSourcePackageName"
        component="canonical.launchpad.database.binaryandsourcepackagename.BinaryAndSourcePackageNameVocabulary"
        provides="zope.schema.interfaces.IVocabularyFactory"
--      />
++      >
++      <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++    </securedutility>
++
++    <class class="canonical.launchpad.database.binaryandsourcepackagename.BinaryAndSourcePackageNameVocabulary">
++      <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++    </class>
++
    </facet>
  </configure>
 === modified file 'lib/lp/answers/configure.zcml'
 --- lib/lp/answers/configure.zcml	2009-09-22 18:45:02 +0000
 +++ lib/lp/answers/configure.zcml	2010-01-18 21:51:20 +0000
@@ -221,11 +221,18 @@
      <allow interface=".interfaces.faq.IFAQSet" />
    </securedutility>
--  <utility
++  <securedutility
      name="FAQ"
      component=".vocabulary.FAQVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class=".vocabulary.FAQVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
    <lp:help-folder
        folder="help" type="canonical.launchpad.layers.AnswersLayer" />
 === modified file 'lib/lp/answers/doc/faq-vocabulary.txt'
 --- lib/lp/answers/doc/faq-vocabulary.txt	2009-04-17 10:32:16 +0000
 +++ lib/lp/answers/doc/faq-vocabulary.txt	2010-01-18 21:51:20 +0000
@@ -73,9 +73,10 @@
  The searchForTerms() method returns a CountableIterator of terms that
  are similar to the query:
++    >>> from zope.security import proxy
      >>> from canonical.launchpad.webapp.vocabulary import CountableIterator
      >>> terms = vocabulary.searchForTerms('Problem showing SVG')
--    >>> isinstance(terms, CountableIterator)
++    >>> proxy.isinstance(terms, CountableIterator)
      True
      >>> terms.count()
 === modified file 'lib/lp/registry/doc/vocabularies.txt'
 --- lib/lp/registry/doc/vocabularies.txt	2009-12-24 01:41:54 +0000
 +++ lib/lp/registry/doc/vocabularies.txt	2010-01-18 21:51:20 +0000
@@ -11,8 +11,12 @@
      >>> launchbag.clear()
      >>> from zope.schema.vocabulary import getVocabularyRegistry
++    >>> from zope.security.proxy import removeSecurityProxy
      >>> vocabulary_registry = getVocabularyRegistry()
--    >>> product_vocabulary = vocabulary_registry.get(None, "Product")
++    >>> def get_naked_vocab(context, name):
++    ...     return removeSecurityProxy(
++    ...         vocabulary_registry.get(context, name))
++    >>> product_vocabulary = get_naked_vocab(None, "Product")
  == ActiveMailingList ==
@@ -20,7 +24,7 @@
  The active mailing lists vocabulary matches and returns only those mailing
  lists which are active.
--    >>> list_vocabulary = vocabulary_registry.get(None, 'ActiveMailingList')
++    >>> list_vocabulary = get_naked_vocab(None, 'ActiveMailingList')
      >>> from canonical.launchpad.webapp.testing import verifyObject
      >>> from canonical.launchpad.webapp.vocabulary import IHugeVocabulary
      >>> verifyObject(IHugeVocabulary, list_vocabulary)
@@ -181,7 +185,7 @@
  Reflects the available distribution series.  Results are ordered by
  `name`
--    >>> distroseries_vocabulary = vocabulary_registry.get(
++    >>> distroseries_vocabulary = get_naked_vocab(
      ...     None,"DistroSeries")
      >>> for term in distroseries_vocabulary:
      ...     print "%30s %s" % (term.token, term.title)
@@ -225,7 +229,7 @@
  All the teams the person is an active member of.
      >>> foo_bar = person_set.getByEmail('foo.bar@canonical.com')
--    >>> person_active_membership = vocabulary_registry.get(
++    >>> person_active_membership = get_naked_vocab(
      ...     foo_bar, 'PersonActiveMembership')
      >>> len(person_active_membership)
@@ -320,7 +324,7 @@
      [u'hwdb-team', u'landscape-developers', u'launchpad-users', u'name18',
       u'name20']
--    >>> sample_person_teams_vocabulary = vocabulary_registry.get(
++    >>> sample_person_teams_vocabulary = get_naked_vocab(
      ...     sample_person, 'PersonTeamParticipations')
      >>> for term in sample_person_teams_vocabulary:
@@ -343,13 +347,13 @@
  to the current context. If no context is given, or if the context does
  not have any milestones, a MilestoneVocabulary is empty...
--    >>> milestones = vocabulary_registry.get(None, 'Milestone')
++    >>> milestones = get_naked_vocab(None, 'Milestone')
      >>> len(milestones)
      >>> from canonical.launchpad.interfaces import IMaloneApplication
      >>> malone = getUtility(IMaloneApplication)
--    >>> milestones = vocabulary_registry.get(malone, 'Milestone')
++    >>> milestones = get_naked_vocab(malone, 'Milestone')
      >>> len(milestones)
@@ -358,7 +362,7 @@
  milestones from RelevantMilestonesMixin.getMilestoneWidgetValues()
  but we need the big default vocabulary for form input validation.
--    >>> all_milestones = vocabulary_registry.get(sample_person, 'Milestone')
++    >>> all_milestones = get_naked_vocab(sample_person, 'Milestone')
      >>> len(all_milestones)
      >>> for term in all_milestones:
@@ -371,7 +375,7 @@
  vocabulary.
      >>> firefox = product_set.getByName('firefox')
--    >>> firefox_milestones = vocabulary_registry.get(firefox, 'Milestone')
++    >>> firefox_milestones = get_naked_vocab(firefox, 'Milestone')
      >>> for term in firefox_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
      firefox: 1.0
@@ -382,7 +386,7 @@
      >>> firefox_trunk = firefox.getSeries('trunk')
      >>> firefox_milestone = factory.makeMilestone(
      ...     product=firefox, name='firefox-milestone-no-series')
--    >>> firefox_trunk_milestones = vocabulary_registry.get(firefox_trunk,
++    >>> firefox_trunk_milestones = get_naked_vocab(firefox_trunk,
      ...                                                    'Milestone')
      >>> for term in firefox_trunk_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
@@ -397,7 +401,7 @@
      >>> firefox_task = bug_one.bugtasks[0]
      >>> firefox_task.bugtargetdisplayname
      u'Mozilla Firefox'
--    >>> firefox_task_milestones = vocabulary_registry.get(
++    >>> firefox_task_milestones = get_naked_vocab(
      ...     firefox_task, 'Milestone')
      >>> for term in firefox_task_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
@@ -408,7 +412,7 @@
      >>> debian_woody_task = bug_two.bugtasks[-1]
      >>> debian_woody_task.bugtargetdisplayname
      u'mozilla-firefox (Debian Woody)'
--    >>> debian_woody_milestones = vocabulary_registry.get(
++    >>> debian_woody_milestones = get_naked_vocab(
      ...     debian_woody_task, 'Milestone')
      >>> debian_woody = debian_woody_task.distroseries
      >>> len(debian_woody_milestones)
@@ -420,7 +424,7 @@
      >>> milestone = debian_woody.milestones[0]
      >>> milestone.active = False
      >>> flush_database_updates()
--    >>> len(vocabulary_registry.get(debian_woody_task, 'Milestone'))
++    >>> len(get_naked_vocab(debian_woody_task, 'Milestone'))
  If the milestone was used in a bugtask before it was marked inactive, though,
@@ -428,7 +432,7 @@
      >>> debian_woody_task.milestone = milestone
      >>> flush_database_updates()
--    >>> len(vocabulary_registry.get(debian_woody_task, 'Milestone'))
++    >>> len(get_naked_vocab(debian_woody_task, 'Milestone'))
  This is true for inactive milestones used in bugtasks for products and
@@ -436,7 +440,7 @@
      >>> product_bugtask = factory.makeBugTask(target=firefox)
      >>> product_bugtask.milestone = firefox_milestone
--    >>> product_target_milestones = vocabulary_registry.get(
++    >>> product_target_milestones = get_naked_vocab(
      ...     product_bugtask, 'Milestone')
      >>> for term in product_target_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
@@ -444,7 +448,7 @@
      firefox: firefox-milestone-no-series
      >>> firefox_milestone.active = False
--    >>> product_target_milestones = vocabulary_registry.get(
++    >>> product_target_milestones = get_naked_vocab(
      ...     product_bugtask, 'Milestone')
      >>> for term in product_target_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
@@ -453,7 +457,7 @@
      >>> productseries_bugtask = factory.makeBugTask(target=firefox_trunk)
      >>> productseries_bugtask.milestone = firefox_milestone
--    >>> productseries_target_milestones = vocabulary_registry.get(
++    >>> productseries_target_milestones = get_naked_vocab(
      ...     productseries_bugtask, 'Milestone')
      >>> for term in productseries_target_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
@@ -464,7 +468,7 @@
  target are in the vocabulary.
      >>> canvas_spec = firefox.getSpecification('canvas')
--    >>> spec_target_milestones = vocabulary_registry.get(
++    >>> spec_target_milestones = get_naked_vocab(
      ...     canvas_spec, 'Milestone')
      >>> for term in spec_target_milestones:
      ...     print "%s: %s" % (term.value.target.name, term.value.name)
@@ -481,10 +485,10 @@
      u'1.0'
      >>> one_dot_o.active = False
--    >>> firefox_milestones = vocabulary_registry.get(firefox, 'Milestone')
++    >>> firefox_milestones = get_naked_vocab(firefox, 'Milestone')
      >>> len(firefox_milestones)
--    >>> firefox_task_milestones = vocabulary_registry.get(
++    >>> firefox_task_milestones = get_naked_vocab(
      ...     firefox_task, 'Milestone')
      >>> len(firefox_task_milestones)
@@ -495,7 +499,7 @@
  All the products in a project.
      >>> mozilla_project = getUtility(IProjectSet).getByName('mozilla')
--    >>> mozilla_products_vocabulary = vocabulary_registry.get(
++    >>> mozilla_products_vocabulary = get_naked_vocab(
      ...     mozilla_project,'ProjectProducts')
      >>> for term in mozilla_products_vocabulary:
@@ -508,7 +512,7 @@
  The list of selectable projects. The results are ordered by displayname.
--    >>> project_vocabulary = vocabulary_registry.get(None, "Project")
++    >>> project_vocabulary = get_naked_vocab(None, "Project")
      >>> project_vocabulary.displayname
      'Select a project group'
@@ -542,7 +546,7 @@
  The list of selectable products. Results are ordered by displayname.
--    >>> product_vocabulary = vocabulary_registry.get(None, "Product")
++    >>> product_vocabulary = get_naked_vocab(None, "Product")
      >>> product_vocabulary.displayname
      'Select a project'
@@ -583,8 +587,7 @@
  The list of selectable products releases.
--    >>> productrelease_vocabulary = vocabulary_registry.get(None,
--    ...                                                     "ProductRelease")
++    >>> productrelease_vocabulary = get_naked_vocab(None, "ProductRelease")
      >>> productrelease_vocabulary.displayname
      'Select a Product Release'
@@ -603,7 +606,7 @@
  All non-merged people with at least one email address. This vocabulary is
  meant to be used only in the people merge form.
--    >>> vocab = vocabulary_registry.get(None, "PersonAccountToMerge")
++    >>> vocab = get_naked_vocab(None, "PersonAccountToMerge")
      >>> vocab.displayname
      'Select a Person to Merge'
@@ -668,7 +671,6 @@
      True
      # Here we cheat because IPerson.merged is a readonly attribute.
--    >>> from zope.security.proxy import removeSecurityProxy
      >>> naked_cprov = removeSecurityProxy(cprov)
      >>> naked_cprov.merged = 1
      >>> naked_cprov.syncUpdate()
@@ -693,7 +695,7 @@
  The set of non-merged people.
--    >>> vocab = vocabulary_registry.get(None, "AdminMergeablePerson")
++    >>> vocab = get_naked_vocab(None, "AdminMergeablePerson")
      >>> vocab.displayname
      'Select a Person to Merge'
@@ -712,7 +714,7 @@
  All non-merged people and teams.
--    >>> vocab = vocabulary_registry.get(None, "NonMergedPeopleAndTeams")
++    >>> vocab = get_naked_vocab(None, "NonMergedPeopleAndTeams")
      >>> vocab.displayname
      'Select a Person or Team'
@@ -746,7 +748,7 @@
  None).  It also includes all public teams and private teams the
  user has permission to view.
--    >>> vocab = vocabulary_registry.get(None, "ValidPersonOrTeam")
++    >>> vocab = get_naked_vocab(None, "ValidPersonOrTeam")
      >>> vocab.displayname
      'Select a Person or Team'
@@ -794,7 +796,7 @@
  A PRIVATE team is displayed when the logged in user is a member of the team.
      >>> commercial = person_set.getByEmail('commercial-member@canonical.com')
--    >>> vocab = vocabulary_registry.get(commercial, "ValidPersonOrTeam")
++    >>> vocab = get_naked_vocab(commercial, "ValidPersonOrTeam")
      >>> login('commercial-member@canonical.com')
      >>> priv_team = factory.makeTeam(
      ...     name='private-team',
@@ -861,7 +863,7 @@
  one of its email addresses.
      >>> login('foo.bar@canonical.com')
--    >>> vocab = vocabulary_registry.get(None, "ValidPersonOrTeam")
++    >>> vocab = get_naked_vocab(None, "ValidPersonOrTeam")
      >>> sorted(person.name for person in vocab.search('support'))
      [u'ubuntu-team']
@@ -932,7 +934,7 @@
  All valid persons and teams are also valid owners.
      >>> login(ANONYMOUS)
--    >>> vocab = vocabulary_registry.get(None, "ValidOwner")
++    >>> vocab = get_naked_vocab(None, "ValidOwner")
      >>> vocab.displayname
      'Select a Person or Team'
@@ -955,7 +957,7 @@
  except that its terms are limited only to teams.  No non-team Persons will be
  returned.
--    >>> vocab = vocabulary_registry.get(None, 'ValidTeam')
++    >>> vocab = get_naked_vocab(None, 'ValidTeam')
      >>> vocab.displayname
      'Select a Team'
      >>> sorted((team.displayname, team.teamowner.displayname)
@@ -1062,21 +1064,21 @@
  ValidTeamMember needs a context:
--    >>> vocab = vocabulary_registry.get(None, "ValidTeamMember")
++    >>> vocab = get_naked_vocab(None, "ValidTeamMember")
      Traceback (most recent call last):
      ...
      AssertionError: ...
  ValidTeamMember's context must implement ITeam:
--    >>> vocab = vocabulary_registry.get(person, "ValidTeamMember")
++    >>> vocab = get_naked_vocab(person, "ValidTeamMember")
      Traceback (most recent call last):
      ...
      AssertionError: ...
  'name16' is a valid member for 'ubuntu-team':
--    >>> vocab = vocabulary_registry.get(team, "ValidTeamMember")
++    >>> vocab = get_naked_vocab(team, "ValidTeamMember")
      >>> vocab.displayname
      'Select a Person or Team'
@@ -1108,25 +1110,25 @@
  ValidTeamOwner needs a context.
--    >>> vocab = vocabulary_registry.get(None, "ValidTeamOwner")
++    >>> vocab = get_naked_vocab(None, "ValidTeamOwner")
      Traceback (most recent call last):
      ...
      AssertionError: ...
  ValidTeamOwner's context must provide IPerson or IPersonSet.
--    >>> vocabulary_registry.get(team, "ValidTeamOwner")
--    <...ValidTeamOwnerVocabulary...
--    >>> vocabulary_registry.get(person_set, "ValidTeamOwner")
--    <...ValidTeamOwnerVocabulary...
--    >>> vocabulary_registry.get(firefox, "ValidTeamOwner")
++    >>> get_naked_vocab(team, "ValidTeamOwner")
++    <...ValidTeamOwnerVocabulary...
++    >>> get_naked_vocab(person_set, "ValidTeamOwner")
++    <...ValidTeamOwnerVocabulary...
++    >>> get_naked_vocab(firefox, "ValidTeamOwner")
      Traceback (most recent call last):
      ...
      AssertionError: ...
  'ubuntu-team' is not a valid owner for itself.
--    >>> vocab = vocabulary_registry.get(team, "ValidTeamOwner")
++    >>> vocab = get_naked_vocab(team, "ValidTeamOwner")
      >>> vocab.displayname
      'Select a Person or Team'
@@ -1147,7 +1149,7 @@
  All 'valid' persons who are not a team.
--    >>> vocab = vocabulary_registry.get(None, "ValidPerson")
++    >>> vocab = get_naked_vocab(None, "ValidPerson")
      >>> vocab.displayname
      'Select a Person'
      >>> people = vocab.search(None)
@@ -1172,8 +1174,7 @@
      >>> carlos = getUtility(IPersonSet).getByName('carlos')
      >>> carlos_team = factory.makeTeam(
      ...     owner=carlos, name='carlos-team')
--    >>> person_or_team_vocab = vocabulary_registry.get(
--    ...     None, "ValidPersonOrTeam")
++    >>> person_or_team_vocab = get_naked_vocab(None, "ValidPersonOrTeam")
      >>> carlos_people_or_team = person_or_team_vocab.search('carlos')
      >>> # The people or team search yields our one Carlos person and
      >>> # the new team.
@@ -1196,7 +1197,7 @@
  All products and distributions. Note that the value type is
  heterogeneous.
--    >>> vocab = vocabulary_registry.get(None, "DistributionOrProduct")
++    >>> vocab = get_naked_vocab(None, "DistributionOrProduct")
      >>> for term in vocab:
      ...     if 'Ubuntu' in term.title:
      ...         print term.title, '- class', term.value.__class__.__name__
@@ -1236,12 +1237,12 @@
      True
      >>> tomcat.active = False
      >>> flush_database_updates()
--    >>> vocab = vocabulary_registry.get(None, "DistributionOrProduct")
++    >>> vocab = get_naked_vocab(None, "DistributionOrProduct")
      >>> tomcat in vocab
      False
      >>> tomcat.active = True
      >>> flush_database_updates()
--    >>> vocab = vocabulary_registry.get(None, "DistributionOrProduct")
++    >>> vocab = get_naked_vocab(None, "DistributionOrProduct")
      >>> tomcat in vocab
      True
@@ -1257,7 +1258,7 @@
  All products, projects and distributions. Note that the value type is
  heterogeneous.
--    >>> vocab = vocabulary_registry.get(None, "DistributionOrProductOrProject")
++    >>> vocab = get_naked_vocab(None, "DistributionOrProductOrProject")
      >>> for term in vocab:
      ...     if 'Ubuntu' in term.title:
      ...         print term.title, '- class', term.value.__class__.__name__
@@ -1297,7 +1298,7 @@
      >>> apache in vocab
      False
--    >>> vocab = vocabulary_registry.get(None, "DistributionOrProductOrProject")
++    >>> vocab = get_naked_vocab(None, "DistributionOrProductOrProject")
      >>> for term in vocab:
      ...     if 'Apache' in term.title:
      ...         print term.title, '- class', term.value.__class__.__name__
@@ -1307,7 +1308,7 @@
      >>> product_set.getByName('tomcat').active = True
      >>> getUtility(IProjectSet).getByName('apache').active = True
      >>> flush_database_updates()
--    >>> vocab = vocabulary_registry.get(None, "DistributionOrProductOrProject")
++    >>> vocab = get_naked_vocab(None, "DistributionOrProductOrProject")
      >>> for term in vocab:
      ...     if 'Apache' in term.title:
      ...         print term.title, '- class', term.value.__class__.__name__
@@ -1325,7 +1326,7 @@
  DistributionOrProductOrProjectVocabulary (defined using the
  _clauseTables).
--    >>> featured_project_vocabulary = vocabulary_registry.get(
++    >>> featured_project_vocabulary = get_naked_vocab(
      ...     None, 'FeaturedProject')
      >>> len(featured_project_vocabulary)
@@ -1376,7 +1377,7 @@
      >>> check_permission('launchpad.Commercial', bac)
      False
--    >>> comm_proj_vocab = vocabulary_registry.get(bac, "CommercialProjects")
++    >>> comm_proj_vocab = get_naked_vocab(bac, "CommercialProjects")
      >>> print comm_proj_vocab.displayname
      Select a commercial project
@@ -1404,7 +1405,7 @@
      >>> check_permission('launchpad.ProjectReview', product_set)
      True
--    >>> comm_proj_vocab = vocabulary_registry.get(registry_member, "CommercialProjects")
++    >>> comm_proj_vocab = get_naked_vocab(registry_member, "CommercialProjects")
      >>> print comm_proj_vocab.displayname
      Select a commercial project
 === modified file 'lib/lp/registry/vocabularies.zcml'
 --- lib/lp/registry/vocabularies.zcml	2009-07-29 03:29:24 +0000
 +++ lib/lp/registry/vocabularies.zcml	2010-01-18 21:51:20 +0000
@@ -3,195 +3,404 @@
  -->
  <configure xmlns="http://namespaces.zope.org/zope">
--  <utility
++  <securedutility
      name="Distribution"
      component="lp.registry.vocabularies.DistributionVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.DistributionVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="DistroSeries"
      component="lp.registry.vocabularies.DistroSeriesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.DistroSeriesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="FeaturedProject"
      component="lp.registry.vocabularies.FeaturedProjectVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.FeaturedProjectVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="FilteredDistroSeries"
      component="lp.registry.vocabularies.FilteredDistroSeriesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.FilteredDistroSeriesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="FilteredProductSeries"
      component="lp.registry.vocabularies.FilteredProductSeriesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.FilteredProductSeriesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="KarmaCategory"
      component="lp.registry.vocabularies.KarmaCategoryVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.KarmaCategoryVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="Milestone"
      component="lp.registry.vocabularies.MilestoneVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.MilestoneVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="NonMergedPeopleAndTeams"
      component="lp.registry.vocabularies.NonMergedPeopleAndTeamsVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.NonMergedPeopleAndTeamsVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="AdminMergeablePerson"
      component="lp.registry.vocabularies.AdminMergeablePersonVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.AdminMergeablePersonVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="PersonAccountToMerge"
      component="lp.registry.vocabularies.PersonAccountToMergeVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.PersonAccountToMergeVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="PersonActiveMembership"
      component="lp.registry.vocabularies.PersonActiveMembershipVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.PersonActiveMembershipVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="PersonTeamParticipations"
      component="lp.registry.vocabularies.person_team_participations_vocabulary_factory"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++
++  <securedutility
      name="Product"
      component="lp.registry.vocabularies.ProductVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ProductVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ProductRelease"
      component="lp.registry.vocabularies.ProductReleaseVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ProductReleaseVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ProductSeries"
      component="lp.registry.vocabularies.ProductSeriesVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ProductSeriesVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="Project"
      component="lp.registry.vocabularies.ProjectVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ProjectVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ProjectProducts"
      component="lp.registry.vocabularies.project_products_vocabulary_factory"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++
++  <securedutility
      name="CommercialProjects"
      component="lp.registry.vocabularies.CommercialProjectsVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.CommercialProjectsVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="UserTeamsParticipation"
      component="lp.registry.vocabularies.UserTeamsParticipationVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.UserTeamsParticipationVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="UserTeamsParticipationPlusSelf"
      component="lp.registry.vocabularies.UserTeamsParticipationPlusSelfVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.UserTeamsParticipationPlusSelfVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ActiveMailingList"
      component="lp.registry.vocabularies.ActiveMailingListVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ActiveMailingListVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ValidPersonOrTeam"
      component="lp.registry.vocabularies.ValidPersonOrTeamVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ValidPersonOrTeamVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ValidAssignee"
      component="lp.registry.vocabularies.ValidPersonOrTeamVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++
++  <securedutility
      name="ValidMaintainer"
      component="lp.registry.vocabularies.ValidPersonOrTeamVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++
++  <securedutility
      name="ValidOwner"
      component="lp.registry.vocabularies.ValidPersonOrTeamVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++
++  <securedutility
      name="ValidTeam"
      component="lp.registry.vocabularies.ValidTeamVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ValidTeamVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ValidPerson"
      component="lp.registry.vocabularies.ValidPersonVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ValidPersonVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ValidTeamMember"
      component="lp.registry.vocabularies.ValidTeamMemberVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ValidTeamMemberVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="ValidTeamOwner"
      component="lp.registry.vocabularies.ValidTeamOwnerVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.ValidTeamOwnerVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="DistributionOrProduct"
      component="lp.registry.vocabularies.DistributionOrProductVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.DistributionOrProductVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="DistributionOrProductOrProject"
      component="lp.registry.vocabularies.DistributionOrProductOrProjectVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
--
--  <utility
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.DistributionOrProductOrProjectVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <securedutility
      name="SourcePackageName"
      component="lp.registry.vocabularies.SourcePackageNameVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
++  <class class="lp.registry.vocabularies.SourcePackageNameVocabulary">
++    <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++  </class>
++
++
++  <class class="lp.registry.vocabularies.SourcePackageNameIterator">
++    <allow interface="canonical.launchpad.webapp.vocabulary.ICountableIterator"/>
++  </class>
++
  </configure>
 === added file 'lib/lp/services/tests/test_vocabularies.py'
 --- lib/lp/services/tests/test_vocabularies.py	1970-01-01 00:00:00 +0000
 +++ lib/lp/services/tests/test_vocabularies.py	2010-01-18 21:51:20 +0000
@@ -0,0 +1,37 @@
++# Copyright 2010 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""Test registered vocabularies."""
++
++__metaclass__ = type
++__all__ = []
++
++import unittest
++
++from zope.component import getUtilitiesFor
++from zope.proxy import isProxy
++from zope.schema.interfaces import IVocabularyFactory
++from zope.security._proxy import _Proxy
++
++from canonical.testing.layers import FunctionalLayer
++from lp.testing import TestCase
++
++
++class TestVocabularies(TestCase):
++    layer = FunctionalLayer
++
++    def test_security_proxy(self):
++        """Our vocabularies should be registered with <securedutility>."""
++        vocabularies = getUtilitiesFor(IVocabularyFactory)
++        for name, vocab in vocabularies:
++            # If the vocabulary is not in a security proxy, check
++            # whether it is a vocabulary defined by zope, which are
++            # not registered with <securedutility> and can be ignored.
++            if not isProxy(vocab) and vocab.__module__[:5] != 'zope.':
++                raise AssertionError(
++                    '%s.%s vocabulary is not wrapped in a security proxy.' % (
++                    vocab.__module__, name))
++
++
++def test_suite():
++    return unittest.TestLoader().loadTestsFromName(__name__)
 === modified file 'lib/lp/services/worlddata/vocabularies.zcml'
 --- lib/lp/services/worlddata/vocabularies.zcml	2009-07-13 18:15:02 +0000
 +++ lib/lp/services/worlddata/vocabularies.zcml	2010-01-18 21:51:20 +0000
@@ -3,9 +3,12 @@
  -->
  <configure xmlns="http://namespaces.zope.org/zope">
--  <utility
++  <securedutility
      name="TimezoneName"
      component="lp.services.worlddata.vocabularies.TimezoneNameVocabulary"
      provides="zope.schema.interfaces.IVocabularyFactory"
--    />
++    >
++    <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++  </securedutility>
++
  </configure>
 === modified file 'lib/lp/soyuz/configure.zcml'
 --- lib/lp/soyuz/configure.zcml	2010-01-14 03:39:27 +0000
 +++ lib/lp/soyuz/configure.zcml	2010-01-18 21:51:20 +0000
@@ -260,10 +260,24 @@
              <allow
                  interface="lp.soyuz.interfaces.binarypackagename.IBinaryPackageName"/>
          </class>
--        <utility
++        <securedutility
              name="BinaryPackageName"
              component="lp.soyuz.model.binarypackagename.BinaryPackageNameVocabulary"
--            provides="zope.schema.interfaces.IVocabularyFactory"/>
++            provides="zope.schema.interfaces.IVocabularyFactory">
++          <allow interface="zope.schema.interfaces.IVocabularyFactory"/>
++        </securedutility>
++
++        <class class="lp.soyuz.model.binarypackagename.BinaryPackageNameVocabulary">
++          <allow interface="canonical.launchpad.webapp.vocabulary.IHugeVocabulary"/>
++        </class>
++
++        <!-- BinaryPackagenameIterator -->
++
++        <class
++            class="lp.soyuz.model.binarypackagename.BinaryPackageNameIterator">
++            <allow
++                interface="canonical.launchpad.webapp.vocabulary.ICountableIterator"/>
++        </class>
          <!-- BinaryPackageNameSet -->
 === modified file 'lib/lp/soyuz/interfaces/binarypackagename.py'
 --- lib/lp/soyuz/interfaces/binarypackagename.py	2009-06-25 04:06:00 +0000
 +++ lib/lp/soyuz/interfaces/binarypackagename.py	2010-01-18 21:51:20 +0000
@@ -84,6 +84,7 @@
      to report a bug in.
      """
++    id = Int(title=_('ID'), required=True, readonly=True)
++
      name = TextLine(title=_('Binary or Source package name'),
                      required=True, constraint=name_validator)
--