Launchpad itself

Merge lp:~gary/launchpad/bug548-db-3 into lp:launchpad/db-devel

bug548-db-3
Merge into db-devel

Proposed by Gary Poster on 2011-02-04

Status:	Merged
Approved by:	Brad Crittenden on 2011-02-04
Approved revision:	no longer in the source branch.
Merged at revision:	10177
Proposed branch:	lp:~gary/launchpad/bug548-db-3
Merge into:	lp:launchpad/db-devel
Prerequisite:	lp:~wgrant/launchpad/bug548-db-2-tests
Diff against target:	1057 lines (+693/-128) 5 files modified lib/canonical/widgets/__init__.py (+12/-0) lib/contrib/oauth.py (+529/-0) lib/lp/bugs/doc/bugnotification-sending.txt (+91/-118) lib/lp/registry/model/person.py (+55/-8) lib/lp/scripts/garbo.py (+6/-2)
To merge this branch:	bzr merge lp:~gary/launchpad/bug548-db-3
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Brad Crittenden (community)	code	2011-02-04	Approve on 2011-02-04
Review via email: mp+48651@code.launchpad.net

Commit message

[r=bac][ui=none][no-qa] Add "selfgenerated_bugnotifications" as a global option for people so that we can work on bug 548. Only in the DB at this time, since the actual implementation is not yet done.

Description of the change

This branch fixes the remaining test failures from wgrant's branch (fixing most of the failures) of my previous branches. It also reinstates the use of a test helper for one file (bugnotification-sending.txt) that wgrant reverted because I believe it is an improvement and I don't see a reason to lose it. He probably reverted it because it was unnecessary to get the tests to pass, which is absolutely true. These changes have already been reviewed and approved (https://code.launchpad.net/~gary/launchpad/bug548-db-2-tests/+merge/48570).

This branch had to fix three sorts of test failures. First, I had hoped that we would be able to make the person-specific settings simply not implemented for teams. This proved to be untenable: at least two automated interface-based functions (verifyObject from zope.interface and lazr.lifecycle's snapshot functionality) crashed and burned by this behavior. Therefore, I opted to make the attributes readonly for teams, using the defaults from the interfaces. I had a mid-implementation call with Danilo about how to tackle that. I want to do what you see here, rather than a __getattr__/__setattr__ approach or a manual approach. I don't think that the __getattr__/__setattr__ approach is potentially better than this, but I was somehwhat tempted by the manual approach. My arguments against it were these.

- This way keeps you from having to repeat yourself (again) by explicitly listing the attribute names.
- We expect to add many more attributes to this settings bag, and setting up each one manually in a readonly version would be a drag.
- We expect to add a team-based settings bag, and repeating things there would be even more of a drag.

Danilo thought that my preferred approach was acceptable, so I proceeded.

The second test failure was in garbo, cleaning up people. This was simply addressed by teaching it about the new person settings table (that it is safe to ignore it when trying to determine whether a person is still linked).

The last test failure was that ImmutableVisibilityError was being raised because Person.visibilityConsistencyWarning needed to be taught to ignore person settings too.

My goal is to get this landed asap to try and make it into PQM. I'd prefer having to make "I'll fix that next" promises if possible, rather than significantly holding up the branch, but I will understand if you are not comfortable with that.

Thank you

Gary

Revision history for this message

Gary Poster (gary) wrote on 2011-02-04:

Lines 1 - 396 have been reviewed before, though comments/requests/suggestions are welcome.

Revision history for this message

Gary Poster (gary) wrote on 2011-02-04:

- The widgets bits are spurious diff artifacts and are not pertinent to or part of my change.
- I pushed a revert to a comment change in garbo.py to re-correct some grammar.
- I lied. lines 299-319 of the current diff have not been reviewed. They reflect the change making the selfgenerated_bugnotifcation attribute readonly for teams, rather than completely not implemented for them. :-( sorry

Revision history for this message

Brad Crittenden (bac) wrote on 2011-02-04:

Thanks for the great explanation to a particularly dense piece of code. It is understandable now.

The changes look good. Please do figure out the odd appearance of extra files before sending this up.

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Celso Providelo

Colin Watson

Gary Poster

Launchpad code reviewers from Canonical

Mantavya Gajjar (Open ERP)

Stuart Bishop

William Grant

to status/vote changes:

Tomi Karjalainen

 === added directory 'lib/canonical/widgets'
 === added file 'lib/canonical/widgets/__init__.py'
 --- lib/canonical/widgets/__init__.py	1970-01-01 00:00:00 +0000
 +++ lib/canonical/widgets/__init__.py	2011-02-02 21:39:04 +0000
@@ -0,0 +1,12 @@
++# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++# This is a stub to keep canonical.shipit operational. this module
++# can delete when shipit is independent.
++
++from lp.app.widgets.itemswidgets import (
++    CheckBoxMatrixWidget,
++    LabeledMultiCheckBoxWidget,
++    )
++
++
 === added file 'lib/contrib/oauth.py'
 --- lib/contrib/oauth.py	1970-01-01 00:00:00 +0000
 +++ lib/contrib/oauth.py	2011-02-04 14:41:18 +0000
@@ -0,0 +1,529 @@
++# pylint: disable-msg=C0301,E0602,E0211,E0213,W0105,W0231,W0702
++
++import cgi
++import urllib
++import time
++import random
++import urlparse
++import hmac
++import base64
++
++VERSION = '1.0' # Hi Blaine!
++HTTP_METHOD = 'GET'
++SIGNATURE_METHOD = 'PLAINTEXT'
++
++# Generic exception class
++class OAuthError(RuntimeError):
++    def __init__(self, message='OAuth error occured'):
++        self.message = message
++
++# optional WWW-Authenticate header (401 error)
++def build_authenticate_header(realm=''):
++    return {'WWW-Authenticate': 'OAuth realm="%s"' % realm}
++
++# url escape
++def escape(s):
++    # escape '/' too
++    return urllib.quote(s, safe='~')
++
++# util function: current timestamp
++# seconds since epoch (UTC)
++def generate_timestamp():
++    return int(time.time())
++
++# util function: nonce
++# pseudorandom number
++def generate_nonce(length=8):
++    return ''.join(str(random.randint(0, 9)) for i in range(length))
++
++# OAuthConsumer is a data type that represents the identity of the Consumer
++# via its shared secret with the Service Provider.
++class OAuthConsumer(object):
++    key = None
++    secret = None
++
++    def __init__(self, key, secret):
++        self.key = key
++        self.secret = secret
++
++# OAuthToken is a data type that represents an End User via either an access
++# or request token.
++class OAuthToken(object):
++    # access tokens and request tokens
++    key = None
++    secret = None
++
++    '''
++    key = the token
++    secret = the token secret
++    '''
++    def __init__(self, key, secret):
++        self.key = key
++        self.secret = secret
++
++    def to_string(self):
++        return urllib.urlencode({'oauth_token': self.key, 'oauth_token_secret': self.secret})
++
++    # return a token from something like:
++    # oauth_token_secret=digg&oauth_token=digg
++    @staticmethod
++    def from_string(s):
++        params = cgi.parse_qs(s, keep_blank_values=False)
++        key = params['oauth_token'][0]
++        secret = params['oauth_token_secret'][0]
++        return OAuthToken(key, secret)
++
++    def __str__(self):
++        return self.to_string()
++
++# OAuthRequest represents the request and can be serialized
++class OAuthRequest(object):
++    '''
++    OAuth parameters:
++        - oauth_consumer_key
++        - oauth_token
++        - oauth_signature_method
++        - oauth_signature
++        - oauth_timestamp
++        - oauth_nonce
++        - oauth_version
++        ... any additional parameters, as defined by the Service Provider.
++    '''
++    parameters = None # oauth parameters
++    http_method = HTTP_METHOD
++    http_url = None
++    version = VERSION
++
++    def __init__(self, http_method=HTTP_METHOD, http_url=None, parameters=None):
++        self.http_method = http_method
++        self.http_url = http_url
++        self.parameters = parameters or {}
++
++    def set_parameter(self, parameter, value):
++        self.parameters[parameter] = value
++
++    def get_parameter(self, parameter):
++        try:
++            return self.parameters[parameter]
++        except:
++            raise OAuthError('Parameter not found: %s' % parameter)
++
++    def _get_timestamp_nonce(self):
++        return self.get_parameter('oauth_timestamp'), self.get_parameter('oauth_nonce')
++
++    # get any non-oauth parameters
++    def get_nonoauth_parameters(self):
++        parameters = {}
++        for k, v in self.parameters.iteritems():
++            # ignore oauth parameters
++            if k.find('oauth_') < 0:
++                parameters[k] = v
++        return parameters
++
++    # serialize as a header for an HTTPAuth request
++    def to_header(self, realm=''):
++        auth_header = 'OAuth realm="%s"' % realm
++        # add the oauth parameters
++        if self.parameters:
++            for k, v in self.parameters.iteritems():
++                auth_header += ', %s="%s"' % (k, v)
++        return {'Authorization': auth_header}
++
++    # serialize as post data for a POST request
++    def to_postdata(self):
++        return '&'.join('%s=%s' % (escape(str(k)), escape(str(v))) for k, v in self.parameters.iteritems())
++
++    # serialize as a url for a GET request
++    def to_url(self):
++        return '%s?%s' % (self.get_normalized_http_url(), self.to_postdata())
++
++    # return a string that consists of all the parameters that need to be signed
++    def get_normalized_parameters(self):
++        params = self.parameters
++        try:
++            # exclude the signature if it exists
++            del params['oauth_signature']
++        except:
++            pass
++        key_values = params.items()
++        # sort lexicographically, first after key, then after value
++        key_values.sort()
++        # combine key value pairs in string and escape
++        return '&'.join('%s=%s' % (escape(str(k)), escape(str(v))) for k, v in key_values)
++
++    # just uppercases the http method
++    def get_normalized_http_method(self):
++        return self.http_method.upper()
++
++    # parses the url and rebuilds it to be scheme://host/path
++    def get_normalized_http_url(self):
++        parts = urlparse.urlparse(self.http_url)
++        url_string = '%s://%s%s' % (parts[0], parts[1], parts[2]) # scheme, netloc, path
++        return url_string
++
++    # set the signature parameter to the result of build_signature
++    def sign_request(self, signature_method, consumer, token):
++        # set the signature method
++        self.set_parameter('oauth_signature_method', signature_method.get_name())
++        # set the signature
++        self.set_parameter('oauth_signature', self.build_signature(signature_method, consumer, token))
++
++    def build_signature(self, signature_method, consumer, token):
++        # call the build signature method within the signature method
++        return signature_method.build_signature(self, consumer, token)
++
++    @staticmethod
++    def from_request(http_method, http_url, headers=None, postdata=None, parameters=None):
++
++        # let the library user override things however they'd like, if they know
++        # which parameters to use then go for it, for example XMLRPC might want to
++        # do this
++        if parameters is not None:
++            return OAuthRequest(http_method, http_url, parameters)
++
++        # from the headers
++        if headers is not None:
++            try:
++                auth_header = headers['Authorization']
++                # check that the authorization header is OAuth
++                auth_header.index('OAuth')
++                # get the parameters from the header
++                parameters = OAuthRequest._split_header(auth_header)
++                return OAuthRequest(http_method, http_url, parameters)
++            except:
++                raise OAuthError('Unable to parse OAuth parameters from Authorization header.')
++
++        # from the parameter string (post body)
++        if http_method == 'POST' and postdata is not None:
++            parameters = OAuthRequest._split_url_string(postdata)
++
++        # from the url string
++        elif http_method == 'GET':
++            param_str = urlparse.urlparse(http_url).query
++            parameters = OAuthRequest._split_url_string(param_str)
++
++        if parameters:
++            return OAuthRequest(http_method, http_url, parameters)
++
++        raise OAuthError('Missing all OAuth parameters. OAuth parameters must be in the headers, post body, or url.')
++
++    @staticmethod
++    def from_consumer_and_token(oauth_consumer, token=None, http_method=HTTP_METHOD, http_url=None, parameters=None):
++        if not parameters:
++            parameters = {}
++
++        defaults = {
++            'oauth_consumer_key': oauth_consumer.key,
++            'oauth_timestamp': generate_timestamp(),
++            'oauth_nonce': generate_nonce(),
++            'oauth_version': OAuthRequest.version,
++        }
++
++        defaults.update(parameters)
++        parameters = defaults
++
++        if token:
++            parameters['oauth_token'] = token.key
++
++        return OAuthRequest(http_method, http_url, parameters)
++
++    @staticmethod
++    def from_token_and_callback(token, callback=None, http_method=HTTP_METHOD, http_url=None, parameters=None):
++        if not parameters:
++            parameters = {}
++
++        parameters['oauth_token'] = token.key
++
++        if callback:
++            parameters['oauth_callback'] = escape(callback)
++
++        return OAuthRequest(http_method, http_url, parameters)
++
++    # util function: turn Authorization: header into parameters, has to do some unescaping
++    @staticmethod
++    def _split_header(header):
++        params = {}
++        header = header.lstrip()
++        if not header.startswith('OAuth '):
++            raise ValueError("not an OAuth header: %r" % header)
++        header = header[6:]
++        parts = header.split(',')
++        for param in parts:
++            # remove whitespace
++            param = param.strip()
++            # split key-value
++            param_parts = param.split('=', 1)
++            if param_parts[0] == 'realm':
++                # Realm header is not an OAuth parameter according to rfc5849
++                # section 3.4.1.3.1.
++                continue
++            # remove quotes and unescape the value
++            params[param_parts[0]] = urllib.unquote(param_parts[1].strip('\"'))
++        return params
++
++    # util function: turn url string into parameters, has to do some unescaping
++    @staticmethod
++    def _split_url_string(param_str):
++        parameters = cgi.parse_qs(param_str, keep_blank_values=False)
++        for k, v in parameters.iteritems():
++            parameters[k] = urllib.unquote(v[0])
++        return parameters
++
++# OAuthServer is a worker to check a requests validity against a data store
++class OAuthServer(object):
++    timestamp_threshold = 300 # in seconds, five minutes
++    version = VERSION
++    signature_methods = None
++    data_store = None
++
++    def __init__(self, data_store=None, signature_methods=None):
++        self.data_store = data_store
++        self.signature_methods = signature_methods or {}
++
++    def set_data_store(self, oauth_data_store):
++        self.data_store = oauth_data_store
++
++    def get_data_store(self):
++        return self.data_store
++
++    def add_signature_method(self, signature_method):
++        self.signature_methods[signature_method.get_name()] = signature_method
++        return self.signature_methods
++
++    # process a request_token request
++    # returns the request token on success
++    def fetch_request_token(self, oauth_request):
++        try:
++            # get the request token for authorization
++            token = self._get_token(oauth_request, 'request')
++        except:
++            # no token required for the initial token request
++            version = self._get_version(oauth_request)
++            consumer = self._get_consumer(oauth_request)
++            self._check_signature(oauth_request, consumer, None)
++            # fetch a new token
++            token = self.data_store.fetch_request_token(consumer)
++        return token
++
++    # process an access_token request
++    # returns the access token on success
++    def fetch_access_token(self, oauth_request):
++        version = self._get_version(oauth_request)
++        consumer = self._get_consumer(oauth_request)
++        # get the request token
++        token = self._get_token(oauth_request, 'request')
++        self._check_signature(oauth_request, consumer, token)
++        new_token = self.data_store.fetch_access_token(consumer, token)
++        return new_token
++
++    # verify an api call, checks all the parameters
++    def verify_request(self, oauth_request):
++        # -> consumer and token
++        version = self._get_version(oauth_request)
++        consumer = self._get_consumer(oauth_request)
++        # get the access token
++        token = self._get_token(oauth_request, 'access')
++        self._check_signature(oauth_request, consumer, token)
++        parameters = oauth_request.get_nonoauth_parameters()
++        return consumer, token, parameters
++
++    # authorize a request token
++    def authorize_token(self, token, user):
++        return self.data_store.authorize_request_token(token, user)
++
++    # get the callback url
++    def get_callback(self, oauth_request):
++        return oauth_request.get_parameter('oauth_callback')
++
++    # optional support for the authenticate header
++    def build_authenticate_header(self, realm=''):
++        return {'WWW-Authenticate': 'OAuth realm="%s"' % realm}
++
++    # verify the correct version request for this server
++    def _get_version(self, oauth_request):
++        try:
++            version = oauth_request.get_parameter('oauth_version')
++        except:
++            version = VERSION
++        if version and version != self.version:
++            raise OAuthError('OAuth version %s not supported' % str(version))
++        return version
++
++    # figure out the signature with some defaults
++    def _get_signature_method(self, oauth_request):
++        try:
++            signature_method = oauth_request.get_parameter('oauth_signature_method')
++        except:
++            signature_method = SIGNATURE_METHOD
++        try:
++            # get the signature method object
++            signature_method = self.signature_methods[signature_method]
++        except:
++            signature_method_names = ', '.join(self.signature_methods.keys())
++            raise OAuthError('Signature method %s not supported try one of the following: %s' % (signature_method, signature_method_names))
++
++        return signature_method
++
++    def _get_consumer(self, oauth_request):
++        consumer_key = oauth_request.get_parameter('oauth_consumer_key')
++        if not consumer_key:
++            raise OAuthError('Invalid consumer key')
++        consumer = self.data_store.lookup_consumer(consumer_key)
++        if not consumer:
++            raise OAuthError('Invalid consumer')
++        return consumer
++
++    # try to find the token for the provided request token key
++    def _get_token(self, oauth_request, token_type='access'):
++        token_field = oauth_request.get_parameter('oauth_token')
++        token = self.data_store.lookup_token(token_type, token_field)
++        if not token:
++            raise OAuthError('Invalid %s token: %s' % (token_type, token_field))
++        return token
++
++    def _check_signature(self, oauth_request, consumer, token):
++        timestamp, nonce = oauth_request._get_timestamp_nonce()
++        self._check_timestamp(timestamp)
++        self._check_nonce(consumer, token, nonce)
++        signature_method = self._get_signature_method(oauth_request)
++        try:
++            signature = oauth_request.get_parameter('oauth_signature')
++        except:
++            raise OAuthError('Missing signature')
++        # attempt to construct the same signature
++        built = signature_method.build_signature(oauth_request, consumer, token)
++        if signature != built:
++            key, base = signature_method.build_signature_base_string(oauth_request, consumer, token)
++            raise OAuthError('Signature does not match. Expected: %s Got: %s Expected signature base string: %s' % (built, signature, base))
++
++    def _check_timestamp(self, timestamp):
++        # verify that timestamp is recentish
++        timestamp = int(timestamp)
++        now = int(time.time())
++        lapsed = now - timestamp
++        if lapsed > self.timestamp_threshold:
++            raise OAuthError('Expired timestamp: given %d and now %s has a greater difference than threshold %d' % (timestamp, now, self.timestamp_threshold))
++
++    def _check_nonce(self, consumer, token, nonce):
++        # verify that the nonce is uniqueish
++        try:
++            self.data_store.lookup_nonce(consumer, token, nonce)
++            raise OAuthError('Nonce already used: %s' % str(nonce))
++        except:
++            pass
++
++# OAuthClient is a worker to attempt to execute a request
++class OAuthClient(object):
++    consumer = None
++    token = None
++
++    def __init__(self, oauth_consumer, oauth_token):
++        self.consumer = oauth_consumer
++        self.token = oauth_token
++
++    def get_consumer(self):
++        return self.consumer
++
++    def get_token(self):
++        return self.token
++
++    def fetch_request_token(self, oauth_request):
++        # -> OAuthToken
++        raise NotImplementedError
++
++    def fetch_access_token(self, oauth_request):
++        # -> OAuthToken
++        raise NotImplementedError
++
++    def access_resource(self, oauth_request):
++        # -> some protected resource
++        raise NotImplementedError
++
++# OAuthDataStore is a database abstraction used to lookup consumers and tokens
++class OAuthDataStore(object):
++
++    def lookup_consumer(self, key):
++        # -> OAuthConsumer
++        raise NotImplementedError
++
++    def lookup_token(self, oauth_consumer, token_type, token_token):
++        # -> OAuthToken
++        raise NotImplementedError
++
++    def lookup_nonce(self, oauth_consumer, oauth_token, nonce, timestamp):
++        # -> OAuthToken
++        raise NotImplementedError
++
++    def fetch_request_token(self, oauth_consumer):
++        # -> OAuthToken
++        raise NotImplementedError
++
++    def fetch_access_token(self, oauth_consumer, oauth_token):
++        # -> OAuthToken
++        raise NotImplementedError
++
++    def authorize_request_token(self, oauth_token, user):
++        # -> OAuthToken
++        raise NotImplementedError
++
++# OAuthSignatureMethod is a strategy class that implements a signature method
++class OAuthSignatureMethod(object):
++    def get_name():
++        # -> str
++        raise NotImplementedError
++
++    def build_signature_base_string(oauth_request, oauth_consumer, oauth_token):
++        # -> str key, str raw
++        raise NotImplementedError
++
++    def build_signature(oauth_request, oauth_consumer, oauth_token):
++        # -> str
++        raise NotImplementedError
++
++class OAuthSignatureMethod_HMAC_SHA1(OAuthSignatureMethod):
++
++    def get_name(self):
++        return 'HMAC-SHA1'
++
++    def build_signature_base_string(self, oauth_request, consumer, token):
++        sig = (
++            escape(oauth_request.get_normalized_http_method()),
++            escape(oauth_request.get_normalized_http_url()),
++            escape(oauth_request.get_normalized_parameters()),
++        )
++
++        key = '%s&' % escape(consumer.secret)
++        if token:
++            key += escape(token.secret)
++        raw = '&'.join(sig)
++        return key, raw
++
++    def build_signature(self, oauth_request, consumer, token):
++        # build the base signature string
++        key, raw = self.build_signature_base_string(oauth_request, consumer, token)
++
++        # hmac object
++        try:
++            import hashlib # 2.5
++            hashed = hmac.new(key, raw, hashlib.sha1)
++        except:
++            import sha # deprecated
++            hashed = hmac.new(key, raw, sha)
++
++        # calculate the digest base 64
++        return base64.b64encode(hashed.digest())
++
++class OAuthSignatureMethod_PLAINTEXT(OAuthSignatureMethod):
++
++    def get_name(self):
++        return 'PLAINTEXT'
++
++    def build_signature_base_string(self, oauth_request, consumer, token):
++        # concatenate the consumer key and secret
++        sig = escape(consumer.secret)
++        if token:
++            sig = '&'.join((sig, escape(token.secret)))
++        return sig
++
++    def build_signature(self, oauth_request, consumer, token):
++        return self.build_signature_base_string(oauth_request, consumer, token)
 === modified file 'lib/lp/bugs/doc/bugnotification-sending.txt'
 --- lib/lp/bugs/doc/bugnotification-sending.txt	2011-02-04 20:32:01 +0000
 +++ lib/lp/bugs/doc/bugnotification-sending.txt	2011-02-04 20:32:11 +0000
@@ -30,20 +30,9 @@
      ...     print email_notification.get_payload(decode=True)
      ...     print "-" * 70
--We'll also define some helper functions to help us with database users.
--
--    >>> from canonical.config import config
--    >>> from canonical.database.sqlbase import commit
--    >>> from canonical.testing.layers import LaunchpadZopelessLayer
--
--    >>> def switch_db_to_launchpad():
--    ...     commit()
--    ...     LaunchpadZopelessLayer.switchDbUser('launchpad')
--
--    >>> def switch_db_to_bugnotification():
--    ...     commit()
--    ...     LaunchpadZopelessLayer.switchDbUser(
--    ...         config.malone.bugnotification_dbuser)
++We'll also import a helper function to help us with database users.
++
++    >>> from lp.testing.dbuser import lp_dbuser
  You'll note that we are printing out an X-Launchpad-Message-Rationale
  header. This header is a simple string that allows people to filter
@@ -356,16 +345,13 @@
      ...     print member.preferredemail.email
      marilize@hbd.com
--    >>> switch_db_to_launchpad()
--    >>> bug_one.subscribe(shipit_admins, shipit_admins)
--    <...>
--
--    >>> comment = getUtility(IMessageSet).fromText(
--    ...     'subject', 'a comment.', sample_person,
--    ...     datecreated=ten_minutes_ago)
--    >>> bug_one.addCommentNotification(comment)
--
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     ignored = bug_one.subscribe(shipit_admins, shipit_admins)
++    ...     comment = getUtility(IMessageSet).fromText(
++    ...         'subject', 'a comment.', sample_person,
++    ...         datecreated=ten_minutes_ago)
++    ...     bug_one.addCommentNotification(comment)
++
      >>> pending_notifications = getUtility(
      ...     IBugNotificationSet).getNotificationsToSend()
      >>> len(pending_notifications)
@@ -398,17 +384,15 @@
      >>> params = CreateBugParams(
      ...     msg=description, owner=sample_person, title='new bug')
--    >>> switch_db_to_launchpad()
--    >>> new_bug = ubuntu.createBug(params)
--    >>> switch_db_to_bugnotification()
--    >>> flush_notifications()
++    >>> with lp_dbuser():
++    ...     new_bug = ubuntu.createBug(params)
  If a bug is a duplicate of another bug, a marker gets inserted at the
  top of the email:
--    >>> switch_db_to_launchpad()
--    >>> new_bug.markAsDuplicate(bug_one)
--    >>> switch_db_to_bugnotification()
++    >>> flush_notifications()
++    >>> with lp_dbuser():
++    ...     new_bug.markAsDuplicate(bug_one)
      >>> comment = getUtility(IMessageSet).fromText(
      ...     'subject', 'a comment.', sample_person,
      ...     datecreated=ten_minutes_ago)
@@ -474,12 +458,11 @@
      ...     'Zero-day on Frobulator', 'Woah.', sample_person,
      ...     datecreated=ten_minutes_ago)
--    >>> switch_db_to_launchpad()
--    >>> sec_vuln_bug = ubuntu.createBug(CreateBugParams(
++    >>> with lp_dbuser():
++    ...     sec_vuln_bug = ubuntu.createBug(CreateBugParams(
      ...         msg=sec_vuln_description, owner=sample_person,
      ...         title='Zero-day on Frobulator',
      ...         security_related=True, private=True))
--    >>> switch_db_to_bugnotification()
      >>> sec_vuln_bug.security_related
      True
@@ -730,10 +713,8 @@
  The tags will be space-separated to allow the list to be wrapped if it
  gets over-long.
--    >>> switch_db_to_launchpad()
--    >>> bug_three.tags = [u'layout-test', u'another-tag', u'yet-another']
--
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     bug_three.tags = [u'layout-test', u'another-tag', u'yet-another']
      >>> bug_three = getUtility(IBugSet).get(3)
      >>> for message in trigger_and_get_email_messages(bug_three):
@@ -743,15 +724,13 @@
  If we remove the tags from the bug, the X-Launchpad-Bug-Tags header
  won't be included.
--    >>> switch_db_to_launchpad()
--    >>> bug_three.tags = []
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     bug_three.tags = []
      >>> bug_three = getUtility(IBugSet).get(3)
      >>> for message in trigger_and_get_email_messages(bug_three):
      ...     message.get_all('X-Launchpad-Bug-Tags')
--    >>> switch_db_to_launchpad()
      >>> #bug_three.unsubscribe(sample_person, sample_person)
@@ -771,7 +750,8 @@
  Predictably, private bugs are sent with a slightly different header:
--    >>> bug_three.setPrivate(True, sample_person)
++    >>> with lp_dbuser():
++    ...     bug_three.setPrivate(True, sample_person)
      True
      >>> bug_three.private
      True
@@ -799,7 +779,8 @@
  The presence of the security flag on a bug is, surprise, denoted by a
  simple "yes":
--    >>> bug_three.setSecurityRelated(True)
++    >>> with lp_dbuser():
++    ...     bug_three.setSecurityRelated(True)
      True
      >>> bug_three.security_related
      True
@@ -824,9 +805,9 @@
      >>> foo_bar = getUtility(IPersonSet).getByEmail('foo.bar@canonical.com')
      >>> from lp.bugs.interfaces.bugmessage import IBugMessageSet
--    >>> getUtility(IBugMessageSet).createMessage(
--    ...     'Hungry', bug_three, foo_bar, "Make me a sandwich.")
--    <BugMessage ...>
++    >>> with lp_dbuser():
++    ...     ignored = getUtility(IBugMessageSet).createMessage(
++    ...         'Hungry', bug_three, foo_bar, "Make me a sandwich.")
      >>> for message in trigger_and_get_email_messages(bug_three):
      ...     print message.get('X-Launchpad-Bug-Commenters')
@@ -835,9 +816,9 @@
  It only lists each user once, no matter how many comments they've
  made.
--    >>> getUtility(IBugMessageSet).createMessage(
--    ...     'Hungry', bug_three, foo_bar, "Make me a sandwich.")
--    <BugMessage ...>
++    >>> with lp_dbuser():
++    ...     ignored = getUtility(IBugMessageSet).createMessage(
++    ...         'Hungry', bug_three, foo_bar, "Make me a sandwich.")
      >>> for message in trigger_and_get_email_messages(bug_three):
      ...     print message.get('X-Launchpad-Bug-Commenters')
@@ -868,63 +849,58 @@
  Concise Person does not. We'll also create teams and give them members
  with different verbose_bugnotifications settings.
--    >>> switch_db_to_launchpad()
--    >>> bug = factory.makeBug(
--    ...     product=factory.makeProduct(title='Foo'),
--    ...     title='In the beginning, the universe was created. This '
--    ...         'has made a lot of people very angry and has been '
--    ...         'widely regarded as a bad move',
--    ...     description="This is a long description of the bug, which "
--    ...         "will be automatically wrapped by the BugNotification "
--    ...         "machinery. Ain't technology great?")
--
--    >>> verbose_person = factory.makePerson(
--    ...     displayname='Verbose Person', email='verbose@example.com')
--    >>> verbose_person.verbose_bugnotifications = True
--    >>> bug.subscribe(verbose_person, verbose_person)
--    <lp.bugs.model.bugsubscription.BugSubscription ...>
--
--    >>> concise_person = factory.makePerson(
--    ...     displayname='Concise Person', email='concise@example.com')
--    >>> concise_person.verbose_bugnotifications = False
--    >>> bug.subscribe(concise_person, concise_person)
--    <lp.bugs.model.bugsubscription.BugSubscription ...>
++    >>> with lp_dbuser():
++    ...     bug = factory.makeBug(
++    ...         product=factory.makeProduct(title='Foo'),
++    ...         title='In the beginning, the universe was created. This '
++    ...             'has made a lot of people very angry and has been '
++    ...             'widely regarded as a bad move',
++    ...         description="This is a long description of the bug, which "
++    ...             "will be automatically wrapped by the BugNotification "
++    ...             "machinery. Ain't technology great?")
++    ...     verbose_person = factory.makePerson(
++    ...         displayname='Verbose Person', email='verbose@example.com')
++    ...     verbose_person.verbose_bugnotifications = True
++    ...     ignored = bug.subscribe(verbose_person, verbose_person)
++    ...     concise_person = factory.makePerson(
++    ...         displayname='Concise Person', email='concise@example.com')
++    ...     concise_person.verbose_bugnotifications = False
++    ...     ignored = bug.subscribe(concise_person, concise_person)
  Concise Team doesn't want verbose notifications, while Concise Team
  Person, a member, does.
--    >>> concise_team = factory.makeTeam(
--    ...     name='conciseteam', displayname='Concise Team')
--    >>> concise_team.verbose_bugnotifications = False
--    >>> concise_team_person = factory.makePerson(
--    ...     displayname='Concise Team Person',
--    ...     email='conciseteam@example.com')
--    >>> concise_team_person.verbose_bugnotifications = True
--    >>> ignored = concise_team.addMember(
--    ...     concise_team_person, concise_team_person)
--    >>> bug.subscribe(concise_team, concise_team_person)
--    <lp.bugs.model.bugsubscription.BugSubscription ...>
++    >>> with lp_dbuser():
++    ...     concise_team = factory.makeTeam(
++    ...         name='conciseteam', displayname='Concise Team')
++    ...     concise_team.verbose_bugnotifications = False
++    ...     concise_team_person = factory.makePerson(
++    ...         displayname='Concise Team Person',
++    ...         email='conciseteam@example.com')
++    ...     concise_team_person.verbose_bugnotifications = True
++    ...     ignored = concise_team.addMember(
++    ...         concise_team_person, concise_team_person)
++    ...     ignored = bug.subscribe(concise_team, concise_team_person)
  Verbose Team wants verbose notifications, while Verbose Team Person, a
  member, does not.
--    >>> verbose_team = factory.makeTeam(
--    ...     name='verboseteam', displayname='Verbose Team')
--    >>> verbose_team.verbose_bugnotifications = True
--    >>> verbose_team_person = factory.makePerson(
--    ...     displayname='Verbose Team Person',
--    ...     email='verboseteam@example.com')
--    >>> verbose_team_person.verbose_bugnotifications = False
--    >>> ignored = verbose_team.addMember(
--    ...     verbose_team_person, verbose_team_person)
--    >>> bug.subscribe(verbose_team, verbose_team_person)
--    <lp.bugs.model.bugsubscription.BugSubscription ...>
++    >>> with lp_dbuser():
++    ...     verbose_team = factory.makeTeam(
++    ...         name='verboseteam', displayname='Verbose Team')
++    ...     verbose_team.verbose_bugnotifications = True
++    ...     verbose_team_person = factory.makePerson(
++    ...         displayname='Verbose Team Person',
++    ...         email='verboseteam@example.com')
++    ...     verbose_team_person.verbose_bugnotifications = False
++    ...     ignored = verbose_team.addMember(
++    ...         verbose_team_person, verbose_team_person)
++    ...     ignored = bug.subscribe(verbose_team, verbose_team_person)
  We'll expire all existing notifications since we're not interested in
  them:
--    >>> switch_db_to_bugnotification()
      >>> notifications = getUtility(
      ...     IBugNotificationSet).getNotificationsToSend()
      >>> len(notifications)
@@ -1103,19 +1079,22 @@
  People (not teams) will have the choice to receive notifications from actions
  they generated.  For now, everyone receives these notifications whether they
--want them or not.  However, we can show that the attribute exists for now.
++want them or not.
--    >>> flush_notifications()
--    >>> switch_db_to_launchpad()
      >>> verbose_person.selfgenerated_bugnotifications
      True
++    >>> with lp_dbuser():
++    ...     verbose_person.selfgenerated_bugnotifications = False
--Teams do not implement this attribute.
++Teams provide this attribute read-only.
      >>> verbose_team.selfgenerated_bugnotifications
++    True
++    >>> with lp_dbuser():
++    ...     verbose_team.selfgenerated_bugnotifications = False
      Traceback (most recent call last):
      ...
--    NotImplementedError: Teams do not support this attribute.
++    NotImplementedError: Teams do not support changing this attribute.
  Notification Recipients
  -----------------------
@@ -1125,16 +1104,14 @@
  notification level of the subscription.
      >>> flush_notifications()
--    >>> switch_db_to_launchpad()
      >>> from lp.bugs.enum import BugNotificationLevel
      >>> from lp.registry.interfaces.product import IProductSet
      >>> firefox = getUtility(IProductSet).getByName('firefox')
      >>> mr_no_privs = getUtility(IPersonSet).getByName('no-priv')
--    >>> subscription_no_priv = firefox.addBugSubscription(
--    ...     mr_no_privs, mr_no_privs)
--
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     subscription_no_priv = firefox.addBugSubscription(
++    ...         mr_no_privs, mr_no_privs)
  The notifications generated by addCommentNotification() are sent only to
  structural subscribers with no filters, or with the notification level
@@ -1200,10 +1177,9 @@
      >>> flush_notifications()
--    >>> switch_db_to_launchpad()
--    >>> filter = subscription_no_priv.newBugFilter()
--    >>> filter.bug_notification_level = BugNotificationLevel.COMMENTS
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     filter = subscription_no_priv.newBugFilter()
++    ...     filter.bug_notification_level = BugNotificationLevel.COMMENTS
      >>> comment = getUtility(IMessageSet).fromText(
      ...     'subject', 'another comment.', sample_person,
@@ -1261,9 +1237,8 @@
  no comment notifications.
      >>> flush_notifications()
--    >>> switch_db_to_launchpad()
--    >>> filter.bug_notification_level = BugNotificationLevel.METADATA
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     filter.bug_notification_level = BugNotificationLevel.METADATA
      >>> comment = getUtility(IMessageSet).fromText(
      ...     'subject', 'no comment for no-priv.', sample_person,
@@ -1373,9 +1348,8 @@
  no notifications created by addChangeNotification().
      >>> flush_notifications()
--    >>> switch_db_to_launchpad()
--    >>> filter.bug_notification_level = BugNotificationLevel.LIFECYCLE
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     filter.bug_notification_level = BugNotificationLevel.LIFECYCLE
      >>> bug_one.addChangeNotification('** Summary changed to: something.',
      ...     sample_person, when=ten_minutes_ago)
@@ -1433,10 +1407,9 @@
  after all.
      >>> flush_notifications()
--    >>> switch_db_to_launchpad()
--    >>> filter2 = subscription_no_priv.newBugFilter()
--    >>> filter2.bug_notification_level = BugNotificationLevel.METADATA
--    >>> switch_db_to_bugnotification()
++    >>> with lp_dbuser():
++    ...     filter2 = subscription_no_priv.newBugFilter()
++    ...     filter2.bug_notification_level = BugNotificationLevel.METADATA
      >>> bug_one.addChangeNotification('** Summary changed to: whatever.',
      ...     sample_person, when=ten_minutes_ago)
 === modified file 'lib/lp/registry/model/person.py'
 --- lib/lp/registry/model/person.py	2011-02-04 20:32:01 +0000
 +++ lib/lp/registry/model/person.py	2011-02-04 20:32:11 +0000
@@ -37,7 +37,6 @@
  import weakref
  from lazr.delegates import delegates
--from lazr.restful.fields import Reference
  import pytz
  from sqlobject import (
      BoolCol,
@@ -84,6 +83,7 @@
  from zope.event import notify
  from zope.interface import (
      alsoProvides,
++    classImplements,
      implementer,
      implements,
+     )
@@ -361,6 +361,7 @@
  class PersonSettings(Storm):
++    "The relatively rarely used settings for person (not a team)."
      implements(IPersonSettings)
@@ -372,6 +373,53 @@
      selfgenerated_bugnotifications = BoolCol(notNull=True, default=True)
++def readonly_settings(message, interface):
++    """Make an object that disallows writes to values on the interface.
++
++    When you write, the message is raised in a NotImplementedError.
++    """
++    # We will make a class that has properties for each field on the
++    # interface (we expect every name on the interface to correspond to a
++    # zope.schema field).  Each property will have a getter that will
++    # return the interface default for that name; and it will have a
++    # setter that will raise a hopefully helpful error message
++    # explaining why writing is not allowed.
++    # This is the setter we are going to use for every property.
++    def unwritable(self, value):
++        raise NotImplementedError(message)
++    # This will become the dict of the class.
++    data = {}
++    # The interface.names() method returns the names on the interface.  If
++    # "all" is True, then you will also get the names on base
++    # interfaces.  That is unlikely to be needed here, but would be the
++    # expected behavior if it were.
++    for name in interface.names(all=True):
++        # This next line is a work-around for a classic problem of
++        # closures in a loop. Closures are bound (indirectly) to frame
++        # locals, which are a mutable collection. Therefore, if we
++        # naively make closures for each different value within a loop,
++        # each closure will be bound to the value as it is at the *end
++        # of the loop*. That's usually not what we want. To prevent
++        # this, we make a helper function (which has its own locals)
++        # that returns the actual closure we want.
++        closure_maker = lambda result: lambda self: result
++        # Now we make a property with the name-specific getter and the generic
++        # setter, and put it in the dictionary of the class we are making.
++        data[name] = property(
++            closure_maker(interface[name].default), unwritable)
++    # Now we have all the attributes we want.  We will make the class...
++    cls = type('Unwritable' + interface.__name__, (), data)
++    # ...specify that the class implements the interface that we are working
++    # with...
++    classImplements(cls, interface)
++    # ...and return an instance.  We should only need one, since it is
++    # read-only.
++    return cls()
++
++_readonly_person_settings = readonly_settings(
++    'Teams do not support changing this attribute.', IPersonSettings)
++
++
  class Person(
      SQLBase, HasBugsBase, HasSpecificationsMixin, HasTranslationImportsMixin,
      HasBranchesMixin, HasMergeProposalsMixin, HasRequestedReviewsMixin):
@@ -391,13 +439,11 @@
      @cachedproperty
      def _person_settings(self):
          if self.is_team:
--            # Hopefully no-one ever encounters this.  If someone does,
--            # that means that the code is trying to look at
--            # person-specific attributes on a team, and we should warn
--            # about that explicitly to give a hint about what is wrong
--            # (rather than merely returning None).
--            raise NotImplementedError(
--                'Teams do not support this attribute.')
++            # Teams need to provide these attributes for reading in order for
++            # things like snapshots to work, but they are not actually
++            # pertinent to teams, so they are not actually implemented for
++            # writes.
++            return _readonly_person_settings
          else:
              # This is a person.
              return IStore(PersonSettings).find(
@@ -2112,6 +2158,7 @@
              ('logintoken', 'requester'),
              ('personlanguage', 'person'),
              ('personlocation', 'person'),
++            ('personsettings', 'person'),
              ('persontransferjob', 'minor_person'),
              ('persontransferjob', 'major_person'),
              ('signedcodeofconduct', 'owner'),
 === modified file 'lib/lp/scripts/garbo.py'
 --- lib/lp/scripts/garbo.py	2011-01-31 09:24:13 +0000
 +++ lib/lp/scripts/garbo.py	2011-02-04 20:32:11 +0000
@@ -432,9 +432,12 @@
                  postgresql.listReferences(cursor(), 'person', 'id')):
              # Skip things that don't link to Person.id or that link to it from
              # TeamParticipation or EmailAddress, as all Person entries will be
--            # linked to from these tables.
++            # linked to from these tables.  Similarly, PersonSettings can
++            # simply be deleted if it exists, because it has a 1 (or 0) to 1
++            # relationship with Person.
              if (to_table != 'person' or to_column != 'id'
--                or from_table in ('teamparticipation', 'emailaddress')):
++                or from_table in ('teamparticipation', 'emailaddress',
++                                  'personsettings')):
                  continue
              self.log.debug(
                  "Populating LinkedPeople from %s.%s"
@@ -510,6 +513,7 @@
                  UPDATE EmailAddress SET person=NULL
                  WHERE person IN (%s)
                  """ % people_ids)
++            # This cascade deletes any PersonSettings records.
              self.store.execute("""
                  DELETE FROM Person
                  WHERE id IN (%s)