Merge lp:~henninge/launchpad/devel-764406-security-adapters into lp:launchpad
Status: | Merged |
---|---|
Approved by: | Henning Eggers |
Approved revision: | no longer in the source branch. |
Merged at revision: | 12867 |
Proposed branch: | lp:~henninge/launchpad/devel-764406-security-adapters |
Merge into: | lp:launchpad |
Diff against target: | 0 lines |
To merge this branch: | bzr merge lp:~henninge/launchpad/devel-764406-security-adapters |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Benji York (community) | code | Approve | |
Review via email: mp+58109@code.launchpad.net |
Commit message
[r=benji][bug=764406] Removed check_permission from security.py.
Description of the change
= Summary =
The problem is explained in the bug 764406.
The threat may be more of a theoretical nature. Nevertheless, this fix
makes sure that checkAuthenticated really does what it proclaims: it
checks permissions for the given authenticated user and not a user it
figures out on its own.
== Proposed fix ==
Add a method on Authorization base to forward checkAuthenticated requests
to another security adapter.
== Pre-implementation notes ==
Robert seems to be agreeing that this needs to be fixed. ;-)
== Implementation details ==
I copied the use of check_permissio
implementation of check_permission because arbitrary strings might be
passed into the the forwarding methods.
== Tests ==
I replaced check_permission in a few security adapters but to be sure
only the whole test suite will be enough. ;-)
== Demo and Q/A ==
Similar: Check that LP is still working.
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
lib/canonical
As you say, the main test will be whether or not the full test suite passes, but otherwise this looks good.