Merge lp:~jcsackett/launchpad/private-bugs-without-supervision into lp:launchpad
- private-bugs-without-supervision
- Merge into devel
Proposed by
j.c.sackett
| Status: | Merged | ||||
|---|---|---|---|---|---|
| Approved by: | Curtis Hovey | ||||
| Approved revision: | no longer in the source branch. | ||||
| Merged at revision: | 15113 | ||||
| Proposed branch: | lp:~jcsackett/launchpad/private-bugs-without-supervision | ||||
| Merge into: | lp:launchpad | ||||
| Diff against target: |
725 lines (+103/-296) 9 files modified
lib/lp/bugs/doc/bugnotification-sending.txt (+6/-1) lib/lp/bugs/doc/bugsubscription.txt (+11/-27) lib/lp/bugs/doc/initial-bug-contacts.txt (+1/-15) lib/lp/bugs/doc/security-teams.txt (+1/-38) lib/lp/bugs/model/bug.py (+31/-97) lib/lp/bugs/model/tests/test_bug.py (+40/-108) lib/lp/bugs/tests/test_bug_mirror_access_triggers.py (+6/-2) lib/lp/bugs/tests/test_bugvisibility.py (+7/-1) lib/lp/services/features/flags.py (+0/-7) |
||||
| To merge this branch: | bzr merge lp:~jcsackett/launchpad/private-bugs-without-supervision | ||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Curtis Hovey (community) | code | Approve | |
|
Review via email:
|
|||
This proposal supersedes a proposal from 2012-04-11.
Commit message
Fixes subscription problems when transitioning a bug to non-public information types. Also removes the unused reconcileSubscr
Description of the change
Summary
=======
The constantly changing setup of subscription and privacy rules led to a
regression, wherein a person marking a bug private would lose access to the
bug, preventing privacy from happening. Because we put the subscriber
reconcilation behind a feature flag and didn't activate it, the absence of a
bug supervisor prevents marking bugs private.
This branch ensures that:
* The bug reporter stays attached
* The bug assignee stays attached
* The bug supervisor is attached if it exists
* The pillar maintainer is attached if the supervisor doesn't exist
Preimp
======
Spoke with Curtis Hovey
Implementation
==============
The reconcileSubscr
removed as the implementation is now out of date and is unlikely to ever be
enabled. The flag and flag related checks are also removed.
The no f_flag fallback has been cleaned up; it now ensures the bug
supervisor/
subscriptions.
A *number* of tests have been updated; they relied on the feature flag being
set, and weren't valid as they were. In some cases entire tests have been
removed, as they were testing for behavior that never existed without the flag,
which was never enabled anywhere.
Tests
=====
bin/test -vvct test_bug.
QA
==
Look at the setup in the bug; that should work.
Lint
====
Checking for conflicts and issues in changed files.
Linting changed files:
lib/lp/
lib/lp/
lib/lp/
To post a comment you must log in.
Revision history for this message
| Curtis Hovey (sinzui) wrote : Posted in a previous version of this proposal | # |
review:
Needs Fixing
(code)
Revision history for this message
| j.c.sackett (jcsackett) wrote : Posted in a previous version of this proposal | # |
> This branch reproduces the situation that drove William to put it behind the
> feature flag to kill it. Let's not repeat this mistake again.
>
> These rules cannot apply to Ubuntu. it's bug supervisor does not get automatic
> access to private bugs, this is why we spent an extra three months to create 3
> sharing policies instead of one, Ubuntu is not like any other project in Lp.
> Ubuntu's maintainer does not get access to private or security bugs. recall
> the success criteria for sharing is that that maintainer (or us) can setup
> Ubuntu so that ubuntu-security is the only party that can see embargoed
> security bugs, and apport is the only party that can see user data bugs.
That's a little perplexing; if look at the deleted clause starting on line 19, you can see that the supervisor is already being given access to USERDATA bugs. So if that was the mistake, it was not resolved by the feature flag. I can certainly make the check for Ubuntu, but I want to be clear that it's an additional change from the current behavior (not that there's anything wrong with that).
> There is, or was, code that checked that the project has .private_bugs or
> .hasCurrentComm
> bugs. I am not certain we want check these attributes. Maybe we should just
> check if the pillar is not Ubuntu -- I do not think any other project took
> advantage of Lp defects to create policies different from what is documented.
I'm going to vote for "was". Or, possibly, that check is only being done on bug creation. I think just adding a check for the pillar being Ubuntu is sufficient--we already special case that, so it doesn't feel too wrong to make that check.
I will update the code so that if the pillar is Ubuntu, the bug supervisor is not given access to USERDATA bugs.
Revision history for this message
| Curtis Hovey (sinzui) wrote : Posted in a previous version of this proposal | # |
We discusses this on IRC. The issue is that while we think the rules for Ubuntu are wrong at this moment, Ubuntu has not reported any issue with changing bugs to private, only projects have this issue. Maybe this is not an issue because apport does not using this path through the code. We will talk with the purple squad to resolve this.
review:
Needs Information
(code)
Revision history for this message
| Curtis Hovey (sinzui) wrote : Posted in a previous version of this proposal | # |
We discussed this and believe your change is correct. This is good to land.
review:
Approve
(code)
Revision history for this message
| j.c.sackett (jcsackett) wrote : | # |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here's a clean diff of just what's changed since the previously
approved MP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://
iQEcBAEBAgAGBQJ
sBgMsDUKeDKcrvZ
7zlcok4eNYQP2UM
vqGy59tJMZx3FwB
wk1aq20sRzfhKZx
hvjjds4/
=RZ+X
-----END PGP SIGNATURE-----
| 1 | === modified file 'lib/lp/bugs/doc/bugnotification-sending.txt' | |||
| 2 | --- lib/lp/bugs/doc/bugnotification-sending.txt 2012-04-17 17:59:54 +0000 | |||
| 3 | +++ lib/lp/bugs/doc/bugnotification-sending.txt 2012-04-17 18:01:41 +0000 | |||
| 4 | @@ -756,9 +756,10 @@ | |||
| 5 | 756 | 756 | ||
| 6 | 757 | >>> for message in trigger_and_get_email_messages(bug_three): | 757 | >>> for message in trigger_and_get_email_messages(bug_three): |
| 7 | 758 | ... print message['To'], message.get_all('X-Launchpad-Bug-Private') | 758 | ... print message['To'], message.get_all('X-Launchpad-Bug-Private') |
| 8 | 759 | foo.bar@canonical.com ['yes'] | ||
| 9 | 760 | mark@example.com ['yes'] | ||
| 10 | 759 | test@canonical.com ['yes'] | 761 | test@canonical.com ['yes'] |
| 11 | 760 | 762 | ||
| 12 | 761 | |||
| 13 | 762 | The X-Launchpad-Bug-Security-Vulnerability header | 763 | The X-Launchpad-Bug-Security-Vulnerability header |
| 14 | 763 | ------------------------------------------------- | 764 | ------------------------------------------------- |
| 15 | 764 | 765 | ||
| 16 | @@ -772,6 +773,8 @@ | |||
| 17 | 772 | >>> for message in trigger_and_get_email_messages(bug_three): | 773 | >>> for message in trigger_and_get_email_messages(bug_three): |
| 18 | 773 | ... print message['To'], ( | 774 | ... print message['To'], ( |
| 19 | 774 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) | 775 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) |
| 20 | 776 | foo.bar@canonical.com ['no'] | ||
| 21 | 777 | mark@example.com ['no'] | ||
| 22 | 775 | test@canonical.com ['no'] | 778 | test@canonical.com ['no'] |
| 23 | 776 | 779 | ||
| 24 | 777 | The presence of the security flag on a bug is, surprise, denoted by a | 780 | The presence of the security flag on a bug is, surprise, denoted by a |
| 25 | @@ -786,6 +789,8 @@ | |||
| 26 | 786 | >>> for message in trigger_and_get_email_messages(bug_three): | 789 | >>> for message in trigger_and_get_email_messages(bug_three): |
| 27 | 787 | ... print message['To'], ( | 790 | ... print message['To'], ( |
| 28 | 788 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) | 791 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) |
| 29 | 792 | foo.bar@canonical.com ['yes'] | ||
| 30 | 793 | mark@example.com ['yes'] | ||
| 31 | 789 | test@canonical.com ['yes'] | 794 | test@canonical.com ['yes'] |
| 32 | 790 | 795 | ||
| 33 | 791 | 796 | ||
| 34 | 792 | 797 | ||
| 35 | === modified file 'lib/lp/bugs/doc/bugsubscription.txt' | |||
| 36 | --- lib/lp/bugs/doc/bugsubscription.txt 2012-04-17 17:58:37 +0000 | |||
| 37 | +++ lib/lp/bugs/doc/bugsubscription.txt 2012-04-17 18:01:41 +0000 | |||
| 38 | @@ -380,17 +380,7 @@ | |||
| 39 | 380 | () | 380 | () |
| 40 | 381 | 381 | ||
| 41 | 382 | When a bug is marked private, specific people like the bugtask bug supervisors | 382 | When a bug is marked private, specific people like the bugtask bug supervisors |
| 53 | 383 | will be automatically subscribed, and only specifically allowed existing | 383 | will be automatically subscribed. |
| 43 | 384 | direct subscribers (eg bugtask pillar maintainers) will remain subscribed. | ||
| 44 | 385 | |||
| 45 | 386 | We currently use a feature flag to control who is subscribed when a bug is | ||
| 46 | 387 | made private. | ||
| 47 | 388 | |||
| 48 | 389 | >>> from lp.services.features.testing import FeatureFixture | ||
| 49 | 390 | >>> feature_flag = { | ||
| 50 | 391 | ... 'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'} | ||
| 51 | 392 | >>> flags = FeatureFixture(feature_flag) | ||
| 52 | 393 | >>> flags.setUp() | ||
| 54 | 394 | 384 | ||
| 55 | 395 | >>> from zope.event import notify | 385 | >>> from zope.event import notify |
| 56 | 396 | 386 | ||
| 57 | @@ -438,26 +428,20 @@ | |||
| 58 | 438 | >>> print_displayname(linux_source_bug.getDirectSubscribers()) | 428 | >>> print_displayname(linux_source_bug.getDirectSubscribers()) |
| 59 | 439 | Foo Bar | 429 | Foo Bar |
| 60 | 440 | Mark Shuttleworth | 430 | Mark Shuttleworth |
| 61 | 431 | Robert Collins | ||
| 62 | 432 | Ubuntu Team | ||
| 63 | 441 | 433 | ||
| 64 | 442 | >>> print_displayname(linux_source_bug.getIndirectSubscribers()) | 434 | >>> print_displayname(linux_source_bug.getIndirectSubscribers()) |
| 65 | 443 | Martin Pitt | 435 | Martin Pitt |
| 66 | 444 | No Privileges Person | 436 | No Privileges Person |
| 67 | 445 | Robert Collins | ||
| 68 | 446 | Sample Person | 437 | Sample Person |
| 69 | 447 | Scott James Remnant | 438 | Scott James Remnant |
| 70 | 448 | Ubuntu Team | ||
| 71 | 449 | 439 | ||
| 72 | 450 | >>> print_displayname(linux_source_bug.getAlsoNotifiedSubscribers()) | 440 | >>> print_displayname(linux_source_bug.getAlsoNotifiedSubscribers()) |
| 73 | 451 | Martin Pitt | 441 | Martin Pitt |
| 74 | 452 | No Privileges Person | 442 | No Privileges Person |
| 75 | 453 | Robert Collins | ||
| 76 | 454 | Sample Person | 443 | Sample Person |
| 77 | 455 | Scott James Remnant | 444 | Scott James Remnant |
| 78 | 456 | Ubuntu Team | ||
| 79 | 457 | |||
| 80 | 458 | Clean up the feature flag. | ||
| 81 | 459 | |||
| 82 | 460 | >>> flags.cleanUp() | ||
| 83 | 461 | 445 | ||
| 84 | 462 | To find out which email addresses should receive a notification email on | 446 | To find out which email addresses should receive a notification email on |
| 85 | 463 | a bug, and why, IBug.getBugNotificationRecipients() assembles an | 447 | a bug, and why, IBug.getBugNotificationRecipients() assembles an |
| 86 | @@ -472,8 +456,8 @@ | |||
| 87 | 472 | [('foo.bar@canonical.com', 'Subscriber'), | 456 | [('foo.bar@canonical.com', 'Subscriber'), |
| 88 | 473 | ('mark@example.com', 'Subscriber'), | 457 | ('mark@example.com', 'Subscriber'), |
| 89 | 474 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), | 458 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), |
| 92 | 475 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 459 | ('robertc@robertcollins.net', 'Subscriber'), |
| 93 | 476 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 460 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 94 | 477 | ('test@canonical.com', 'Assignee')] | 461 | ('test@canonical.com', 'Assignee')] |
| 95 | 478 | 462 | ||
| 96 | 479 | If IBug.getBugNotificationRecipients() is passed a BugNotificationLevel | 463 | If IBug.getBugNotificationRecipients() is passed a BugNotificationLevel |
| 97 | @@ -486,8 +470,8 @@ | |||
| 98 | 486 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] | 470 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] |
| 99 | 487 | [('foo.bar@canonical.com', 'Subscriber'), | 471 | [('foo.bar@canonical.com', 'Subscriber'), |
| 100 | 488 | ('mark@example.com', 'Subscriber'), | 472 | ('mark@example.com', 'Subscriber'), |
| 103 | 489 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 473 | ('robertc@robertcollins.net', 'Subscriber'), |
| 104 | 490 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 474 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 105 | 491 | ('test@canonical.com', 'Assignee')] | 475 | ('test@canonical.com', 'Assignee')] |
| 106 | 492 | 476 | ||
| 107 | 493 | When Sample Person is unsubscribed from linux_source_bug, he is no | 477 | When Sample Person is unsubscribed from linux_source_bug, he is no |
| 108 | @@ -501,8 +485,8 @@ | |||
| 109 | 501 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] | 485 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] |
| 110 | 502 | [('foo.bar@canonical.com', 'Subscriber'), | 486 | [('foo.bar@canonical.com', 'Subscriber'), |
| 111 | 503 | ('mark@example.com', 'Subscriber'), | 487 | ('mark@example.com', 'Subscriber'), |
| 114 | 504 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 488 | ('robertc@robertcollins.net', 'Subscriber'), |
| 115 | 505 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 489 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 116 | 506 | ('test@canonical.com', 'Assignee')] | 490 | ('test@canonical.com', 'Assignee')] |
| 117 | 507 | 491 | ||
| 118 | 508 | ...but remains included for the level LIFECYCLE. | 492 | ...but remains included for the level LIFECYCLE. |
| 119 | @@ -515,8 +499,8 @@ | |||
| 120 | 515 | [('foo.bar@canonical.com', 'Subscriber'), | 499 | [('foo.bar@canonical.com', 'Subscriber'), |
| 121 | 516 | ('mark@example.com', 'Subscriber'), | 500 | ('mark@example.com', 'Subscriber'), |
| 122 | 517 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), | 501 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), |
| 125 | 518 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 502 | ('robertc@robertcollins.net', 'Subscriber'), |
| 126 | 519 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 503 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 127 | 520 | ('test@canonical.com', 'Assignee')] | 504 | ('test@canonical.com', 'Assignee')] |
| 128 | 521 | 505 | ||
| 129 | 522 | To find out if someone is already directly subscribed to a bug, call | 506 | To find out if someone is already directly subscribed to a bug, call |
| 130 | 523 | 507 | ||
| 131 | === modified file 'lib/lp/bugs/doc/initial-bug-contacts.txt' | |||
| 132 | --- lib/lp/bugs/doc/initial-bug-contacts.txt 2012-04-17 17:58:37 +0000 | |||
| 133 | +++ lib/lp/bugs/doc/initial-bug-contacts.txt 2012-04-17 18:01:41 +0000 | |||
| 134 | @@ -288,16 +288,6 @@ | |||
| 135 | 288 | u'Sample Person', u'Steve Alexander', u'Ubuntu Gnome Team', | 288 | u'Sample Person', u'Steve Alexander', u'Ubuntu Gnome Team', |
| 136 | 289 | u'Ubuntu Team'] | 289 | u'Ubuntu Team'] |
| 137 | 290 | 290 | ||
| 138 | 291 | |||
| 139 | 292 | We currently use a feature flag to control who is subscribed when a bug is | ||
| 140 | 293 | made private. | ||
| 141 | 294 | |||
| 142 | 295 | >>> from lp.services.features.testing import FeatureFixture | ||
| 143 | 296 | >>> feature_flag = { | ||
| 144 | 297 | ... 'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'} | ||
| 145 | 298 | >>> flags = FeatureFixture(feature_flag) | ||
| 146 | 299 | >>> flags.setUp() | ||
| 147 | 300 | |||
| 148 | 301 | If a bug is private, no changes are made to the subscriber list when a | 291 | If a bug is private, no changes are made to the subscriber list when a |
| 149 | 302 | bug is reassigned to a different package. | 292 | bug is reassigned to a different package. |
| 150 | 303 | 293 | ||
| 151 | @@ -329,13 +319,9 @@ | |||
| 152 | 329 | the unallowed subscribers are removed: | 319 | the unallowed subscribers are removed: |
| 153 | 330 | 320 | ||
| 154 | 331 | >>> subscriber_names(bug_one_in_ubuntu_firefox.bug) | 321 | >>> subscriber_names(bug_one_in_ubuntu_firefox.bug) |
| 156 | 332 | [u'Foo Bar', u'Mark Shuttleworth', u'Sample Person', | 322 | [u'Foo Bar', u'Sample Person', |
| 157 | 333 | u'Steve Alexander', u'Ubuntu Team'] | 323 | u'Steve Alexander', u'Ubuntu Team'] |
| 158 | 334 | 324 | ||
| 159 | 335 | Clean up the feature flag. | ||
| 160 | 336 | |||
| 161 | 337 | >>> flags.cleanUp() | ||
| 162 | 338 | |||
| 163 | 339 | 325 | ||
| 164 | 340 | Product Bug Supervisors and Bug Tasks | 326 | Product Bug Supervisors and Bug Tasks |
| 165 | 341 | ------------------------------------- | 327 | ------------------------------------- |
| 166 | 342 | 328 | ||
| 167 | === modified file 'lib/lp/bugs/doc/security-teams.txt' | |||
| 168 | --- lib/lp/bugs/doc/security-teams.txt 2012-04-17 17:58:37 +0000 | |||
| 169 | +++ lib/lp/bugs/doc/security-teams.txt 2012-04-17 18:01:41 +0000 | |||
| 170 | @@ -280,17 +280,7 @@ | |||
| 171 | 280 | 280 | ||
| 172 | 281 | 281 | ||
| 173 | 282 | When a bug becomes security-related, the security contacts for the pillars it | 282 | When a bug becomes security-related, the security contacts for the pillars it |
| 185 | 283 | affects are subscribed to it. This happens regardless of whether the feature | 283 | affects are subscribed to it. |
| 175 | 284 | flag is set. | ||
| 176 | 285 | |||
| 177 | 286 | We currently use a feature flag to control who is subscribed when a bug is | ||
| 178 | 287 | made security related. | ||
| 179 | 288 | |||
| 180 | 289 | >>> from lp.services.features.testing import FeatureFixture | ||
| 181 | 290 | >>> feature_flag = { | ||
| 182 | 291 | ... 'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'} | ||
| 183 | 292 | >>> security_flags = FeatureFixture(feature_flag) | ||
| 184 | 293 | >>> security_flags.setUp() | ||
| 186 | 294 | 284 | ||
| 187 | 295 | >>> from zope.event import notify | 285 | >>> from zope.event import notify |
| 188 | 296 | >>> from lazr.lifecycle.event import ObjectModifiedEvent | 286 | >>> from lazr.lifecycle.event import ObjectModifiedEvent |
| 189 | @@ -317,30 +307,3 @@ | |||
| 190 | 317 | Bug Reporter | 307 | Bug Reporter |
| 191 | 318 | Distribution Security Contact | 308 | Distribution Security Contact |
| 192 | 319 | Product Security Contact | 309 | Product Security Contact |
| 193 | 320 | |||
| 194 | 321 | Clean up the feature flag. | ||
| 195 | 322 | |||
| 196 | 323 | >>> security_flags.cleanUp() | ||
| 197 | 324 | |||
| 198 | 325 | And once more without the feature flag. | ||
| 199 | 326 | |||
| 200 | 327 | >>> product = factory.makeProduct() | ||
| 201 | 328 | >>> product.security_contact = factory.makePerson( | ||
| 202 | 329 | ... displayname='Product Security Contact') | ||
| 203 | 330 | >>> distribution = factory.makeDistribution() | ||
| 204 | 331 | >>> distribution.security_contact = factory.makePerson( | ||
| 205 | 332 | ... displayname='Distribution Security Contact') | ||
| 206 | 333 | >>> reporter = factory.makePerson(displayname=u'Bug Reporter') | ||
| 207 | 334 | >>> bug = factory.makeBug(product=product, owner=reporter) | ||
| 208 | 335 | >>> bug.addTask(owner=reporter, target=distribution) | ||
| 209 | 336 | <BugTask ...> | ||
| 210 | 337 | >>> old_state = Snapshot(bug, providing=IBug) | ||
| 211 | 338 | >>> bug.setSecurityRelated(True, getUtility(ILaunchBag).user) | ||
| 212 | 339 | True | ||
| 213 | 340 | >>> notify(ObjectModifiedEvent(bug, old_state, ['security_related'])) | ||
| 214 | 341 | >>> for subscriber_name in sorted( | ||
| 215 | 342 | ... s.displayname for s in bug.getDirectSubscribers()): | ||
| 216 | 343 | ... print subscriber_name | ||
| 217 | 344 | Bug Reporter | ||
| 218 | 345 | Distribution Security Contact | ||
| 219 | 346 | Product Security Contact | ||
| 220 | 347 | 310 | ||
| 221 | === modified file 'lib/lp/bugs/model/bug.py' | |||
| 222 | --- lib/lp/bugs/model/bug.py 2012-04-17 18:00:24 +0000 | |||
| 223 | +++ lib/lp/bugs/model/bug.py 2012-04-17 18:01:41 +0000 | |||
| 224 | @@ -1740,9 +1740,11 @@ | |||
| 225 | 1740 | if information_type in PRIVATE_INFORMATION_TYPES: | 1740 | if information_type in PRIVATE_INFORMATION_TYPES: |
| 226 | 1741 | self.who_made_private = who | 1741 | self.who_made_private = who |
| 227 | 1742 | self.date_made_private = UTC_NOW | 1742 | self.date_made_private = UTC_NOW |
| 228 | 1743 | missing_subscribers = set([who, self.owner]) | ||
| 229 | 1743 | else: | 1744 | else: |
| 230 | 1744 | self.who_made_private = None | 1745 | self.who_made_private = None |
| 231 | 1745 | self.date_made_private = None | 1746 | self.date_made_private = None |
| 232 | 1747 | missing_subscribers = set() | ||
| 233 | 1746 | # XXX: This should be a bulk update. RBC 20100827 | 1748 | # XXX: This should be a bulk update. RBC 20100827 |
| 234 | 1747 | # bug=https://bugs.launchpad.net/storm/+bug/625071 | 1749 | # bug=https://bugs.launchpad.net/storm/+bug/625071 |
| 235 | 1748 | for attachment in self.attachments_unpopulated: | 1750 | for attachment in self.attachments_unpopulated: |
| 236 | @@ -1751,7 +1753,6 @@ | |||
| 237 | 1751 | self.updateHeat() | 1753 | self.updateHeat() |
| 238 | 1752 | 1754 | ||
| 239 | 1753 | # There are several people we need to ensure are subscribed. | 1755 | # There are several people we need to ensure are subscribed. |
| 240 | 1754 | missing_subscribers = set([who, self.owner]) | ||
| 241 | 1755 | # If the information type is userdata, we need to check for bug | 1756 | # If the information type is userdata, we need to check for bug |
| 242 | 1756 | # supervisors who aren't subscribed and should be. If there is no | 1757 | # supervisors who aren't subscribed and should be. If there is no |
| 243 | 1757 | # bug supervisor, we need to subscribe the maintainer. | 1758 | # bug supervisor, we need to subscribe the maintainer. |
| 244 | @@ -1774,8 +1775,10 @@ | |||
| 245 | 1774 | missing_subscribers.add(pillar.owner) | 1775 | missing_subscribers.add(pillar.owner) |
| 246 | 1775 | 1776 | ||
| 247 | 1776 | for s in missing_subscribers: | 1777 | for s in missing_subscribers: |
| 250 | 1777 | subscriptions = get_structural_subscriptions_for_bug(self, s) | 1778 | # Don't subscribe someone if they're already subscribed via a |
| 251 | 1778 | if subscriptions.is_empty(): | 1779 | # team. |
| 252 | 1780 | already_subscribed_teams = self.getSubscribersForPerson(s) | ||
| 253 | 1781 | if already_subscribed_teams.is_empty(): | ||
| 254 | 1779 | self.subscribe(s, who) | 1782 | self.subscribe(s, who) |
| 255 | 1780 | 1783 | ||
| 256 | 1781 | self.information_type = information_type | 1784 | self.information_type = information_type |
| 257 | 1782 | 1785 | ||
| 258 | === modified file 'lib/lp/bugs/model/tests/test_bug.py' | |||
| 259 | --- lib/lp/bugs/model/tests/test_bug.py 2012-04-17 18:00:24 +0000 | |||
| 260 | +++ lib/lp/bugs/model/tests/test_bug.py 2012-04-17 18:01:41 +0000 | |||
| 261 | @@ -567,14 +567,6 @@ | |||
| 262 | 567 | 567 | ||
| 263 | 568 | layer = DatabaseFunctionalLayer | 568 | layer = DatabaseFunctionalLayer |
| 264 | 569 | 569 | ||
| 265 | 570 | def setUp(self): | ||
| 266 | 571 | super(TestBugPrivateAndSecurityRelatedUpdatesMixin, self).setUp() | ||
| 267 | 572 | f_flag_str = 'disclosure.enhanced_private_bug_subscriptions.enabled' | ||
| 268 | 573 | feature_flag = {f_flag_str: 'on'} | ||
| 269 | 574 | flags = FeatureFixture(feature_flag) | ||
| 270 | 575 | flags.setUp() | ||
| 271 | 576 | self.addCleanup(flags.cleanUp) | ||
| 272 | 577 | |||
| 273 | 578 | def test_setPrivate_subscribes_person_who_makes_bug_private(self): | 570 | def test_setPrivate_subscribes_person_who_makes_bug_private(self): |
| 274 | 579 | # When setPrivate(True) is called on a bug, the person who is | 571 | # When setPrivate(True) is called on a bug, the person who is |
| 275 | 580 | # marking the bug private is subscribed to the bug. | 572 | # marking the bug private is subscribed to the bug. |
| 276 | @@ -589,8 +581,8 @@ | |||
| 277 | 589 | # marking the bug private will not be subscribed if they're | 581 | # marking the bug private will not be subscribed if they're |
| 278 | 590 | # already a member of a team which is a direct subscriber. | 582 | # already a member of a team which is a direct subscriber. |
| 279 | 591 | bug = self.factory.makeBug() | 583 | bug = self.factory.makeBug() |
| 282 | 592 | team = self.factory.makeTeam() | 584 | person = self.factory.makePerson(name='teamowner') |
| 283 | 593 | person = team.teamowner | 585 | team = self.factory.makeTeam(owner=person, name='team') |
| 284 | 594 | with person_logged_in(person): | 586 | with person_logged_in(person): |
| 285 | 595 | bug.subscribe(team, person) | 587 | bug.subscribe(team, person) |
| 286 | 596 | bug.setPrivate(True, person) | 588 | bug.setPrivate(True, person) |
| 287 | @@ -632,78 +624,71 @@ | |||
| 288 | 632 | return (bug, bug_owner, naked_bugtask_a, naked_bugtask_b, | 624 | return (bug, bug_owner, naked_bugtask_a, naked_bugtask_b, |
| 289 | 633 | naked_default_bugtask) | 625 | naked_default_bugtask) |
| 290 | 634 | 626 | ||
| 294 | 635 | def test_setPrivateTrueAndSecurityRelatedTrue(self): | 627 | def test_transition_to_EMBARGOEDSECURITY_information_type(self): |
| 295 | 636 | # When a bug is marked as private=true and security_related=true, the | 628 | # When a bug is marked as EMBARGOEDSECURITY, the direct subscribers |
| 296 | 637 | # direct subscribers should include: | 629 | # should include: |
| 297 | 638 | # - the bug reporter | 630 | # - the bug reporter |
| 298 | 639 | # - the bugtask pillar security contacts (if set) | 631 | # - the bugtask pillar security contacts (if set) |
| 299 | 640 | # - the person changing the state | 632 | # - the person changing the state |
| 300 | 641 | # - and bug/pillar owners, drivers if they are already subscribed | 633 | # - and bug/pillar owners, drivers if they are already subscribed |
| 301 | 642 | # If the bug is for a private project, then other direct subscribers | ||
| 302 | 643 | # should be unsubscribed. | ||
| 303 | 644 | 634 | ||
| 304 | 645 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 635 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 305 | 646 | self.createBugTasksAndSubscribers()) | 636 | self.createBugTasksAndSubscribers()) |
| 306 | 647 | initial_subscribers = set(( | 637 | initial_subscribers = set(( |
| 309 | 648 | self.factory.makePerson(), bugtask_a.owner, bug_owner, | 638 | self.factory.makePerson(name='subscriber'), bugtask_a.owner, |
| 310 | 649 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) | 639 | bug_owner, bugtask_a.pillar.security_contact, |
| 311 | 640 | bugtask_a.pillar.driver)) | ||
| 312 | 641 | initial_subscribers.update(bug.getDirectSubscribers()) | ||
| 313 | 650 | 642 | ||
| 314 | 651 | with person_logged_in(bug_owner): | 643 | with person_logged_in(bug_owner): |
| 315 | 652 | for subscriber in initial_subscribers: | 644 | for subscriber in initial_subscribers: |
| 316 | 653 | bug.subscribe(subscriber, bug_owner) | 645 | bug.subscribe(subscriber, bug_owner) |
| 318 | 654 | who = self.factory.makePerson() | 646 | who = self.factory.makePerson(name='who') |
| 319 | 655 | bug.transitionToInformationType( | 647 | bug.transitionToInformationType( |
| 320 | 656 | InformationType.EMBARGOEDSECURITY, who=who) | 648 | InformationType.EMBARGOEDSECURITY, who=who) |
| 321 | 657 | subscribers = bug.getDirectSubscribers() | 649 | subscribers = bug.getDirectSubscribers() |
| 322 | 650 | initial_subscribers.update(bug.getDirectSubscribers()) | ||
| 323 | 658 | expected_subscribers = set(( | 651 | expected_subscribers = set(( |
| 324 | 659 | bugtask_a.owner, | 652 | bugtask_a.owner, |
| 325 | 660 | default_bugtask.pillar.bug_supervisor, | ||
| 326 | 661 | default_bugtask.pillar.driver, | 653 | default_bugtask.pillar.driver, |
| 327 | 662 | default_bugtask.pillar.security_contact, | 654 | default_bugtask.pillar.security_contact, |
| 328 | 663 | bug_owner, who)) | 655 | bug_owner, who)) |
| 331 | 664 | if not self.private_project: | 656 | expected_subscribers.update(initial_subscribers) |
| 330 | 665 | expected_subscribers.update(initial_subscribers) | ||
| 332 | 666 | self.assertContentEqual(expected_subscribers, subscribers) | 657 | self.assertContentEqual(expected_subscribers, subscribers) |
| 333 | 667 | 658 | ||
| 337 | 668 | def test_setPrivateTrueAndSecurityRelatedFalse(self): | 659 | def test_transition_to_USERDATA_information_type(self): |
| 338 | 669 | # When a bug is marked as private=true and security_related=false, the | 660 | # When a bug is marked as USERDATA, the direct subscribers should |
| 339 | 670 | # direct subscribers should include: | 661 | # include: |
| 340 | 671 | # - the bug reporter | 662 | # - the bug reporter |
| 341 | 672 | # - the bugtask pillar bug supervisors (if set) | 663 | # - the bugtask pillar bug supervisors (if set) |
| 342 | 673 | # - the person changing the state | 664 | # - the person changing the state |
| 343 | 674 | # - and bug/pillar owners, drivers if they are already subscribed | 665 | # - and bug/pillar owners, drivers if they are already subscribed |
| 344 | 675 | # If the bug is for a private project, then other direct subscribers | ||
| 345 | 676 | # should be unsubscribed. | ||
| 346 | 677 | 666 | ||
| 347 | 678 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 667 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 348 | 679 | self.createBugTasksAndSubscribers(private_security_related=True)) | 668 | self.createBugTasksAndSubscribers(private_security_related=True)) |
| 349 | 680 | initial_subscribers = set(( | 669 | initial_subscribers = set(( |
| 351 | 681 | self.factory.makePerson(), bug_owner, | 670 | self.factory.makePerson(name='subscriber'), bug_owner, |
| 352 | 682 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) | 671 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) |
| 353 | 683 | 672 | ||
| 354 | 684 | with person_logged_in(bug_owner): | 673 | with person_logged_in(bug_owner): |
| 355 | 685 | for subscriber in initial_subscribers: | 674 | for subscriber in initial_subscribers: |
| 356 | 686 | bug.subscribe(subscriber, bug_owner) | 675 | bug.subscribe(subscriber, bug_owner) |
| 358 | 687 | who = self.factory.makePerson() | 676 | who = self.factory.makePerson(name='who') |
| 359 | 688 | bug.transitionToInformationType(InformationType.USERDATA, who) | 677 | bug.transitionToInformationType(InformationType.USERDATA, who) |
| 360 | 689 | subscribers = bug.getDirectSubscribers() | 678 | subscribers = bug.getDirectSubscribers() |
| 361 | 690 | expected_subscribers = set(( | 679 | expected_subscribers = set(( |
| 362 | 691 | default_bugtask.pillar.bug_supervisor, | 680 | default_bugtask.pillar.bug_supervisor, |
| 363 | 692 | default_bugtask.pillar.driver, | 681 | default_bugtask.pillar.driver, |
| 364 | 693 | bug_owner, who)) | 682 | bug_owner, who)) |
| 368 | 694 | if not self.private_project: | 683 | expected_subscribers.update(initial_subscribers) |
| 366 | 695 | expected_subscribers.update(initial_subscribers) | ||
| 367 | 696 | expected_subscribers.remove(bugtask_a.pillar.security_contact) | ||
| 369 | 697 | self.assertContentEqual(expected_subscribers, subscribers) | 684 | self.assertContentEqual(expected_subscribers, subscribers) |
| 370 | 698 | 685 | ||
| 374 | 699 | def test_setPrivateFalseAndSecurityRelatedTrue(self): | 686 | def test_transition_to_UNEMBARGOEDSECURITY_information_type(self): |
| 375 | 700 | # When a bug is marked as private=false and security_related=true, the | 687 | # When a security bug is unembargoed, direct subscribers should |
| 376 | 701 | # direct subscribers should include: | 688 | # include: |
| 377 | 702 | # - the bug reporter | 689 | # - the bug reporter |
| 378 | 703 | # - the bugtask pillar security contacts (if set) | 690 | # - the bugtask pillar security contacts (if set) |
| 379 | 704 | # - and bug/pillar owners, drivers if they are already subscribed | 691 | # - and bug/pillar owners, drivers if they are already subscribed |
| 380 | 705 | # If the bug is for a private project, then other direct subscribers | ||
| 381 | 706 | # should be unsubscribed. | ||
| 382 | 707 | 692 | ||
| 383 | 708 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 693 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 384 | 709 | self.createBugTasksAndSubscribers(private_security_related=True)) | 694 | self.createBugTasksAndSubscribers(private_security_related=True)) |
| 385 | @@ -715,7 +700,7 @@ | |||
| 386 | 715 | with person_logged_in(bug_owner): | 700 | with person_logged_in(bug_owner): |
| 387 | 716 | for subscriber in initial_subscribers: | 701 | for subscriber in initial_subscribers: |
| 388 | 717 | bug.subscribe(subscriber, bug_owner) | 702 | bug.subscribe(subscriber, bug_owner) |
| 390 | 718 | who = self.factory.makePerson() | 703 | who = self.factory.makePerson(name='who') |
| 391 | 719 | bug.transitionToInformationType( | 704 | bug.transitionToInformationType( |
| 392 | 720 | InformationType.UNEMBARGOEDSECURITY, who) | 705 | InformationType.UNEMBARGOEDSECURITY, who) |
| 393 | 721 | subscribers = bug.getDirectSubscribers() | 706 | subscribers = bug.getDirectSubscribers() |
| 394 | @@ -723,36 +708,33 @@ | |||
| 395 | 723 | default_bugtask.pillar.driver, | 708 | default_bugtask.pillar.driver, |
| 396 | 724 | default_bugtask.pillar.security_contact, | 709 | default_bugtask.pillar.security_contact, |
| 397 | 725 | bug_owner)) | 710 | bug_owner)) |
| 401 | 726 | if not self.private_project: | 711 | expected_subscribers.update(initial_subscribers) |
| 399 | 727 | expected_subscribers.update(initial_subscribers) | ||
| 400 | 728 | expected_subscribers.remove(default_bugtask.pillar.bug_supervisor) | ||
| 402 | 729 | self.assertContentEqual(expected_subscribers, subscribers) | 712 | self.assertContentEqual(expected_subscribers, subscribers) |
| 403 | 730 | 713 | ||
| 407 | 731 | def test_setPrivateFalseAndSecurityRelatedFalse(self): | 714 | def test_transition_to_PUBLIC_information_type(self): |
| 408 | 732 | # When a bug is marked as private=false and security_related=false, | 715 | # Subscriptions aren't altered when a bug is transitioned to the |
| 409 | 733 | # any existing subscriptions are left alone. | 716 | # PUBLIC information type. |
| 410 | 734 | 717 | ||
| 411 | 735 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 718 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 412 | 736 | self.createBugTasksAndSubscribers(private_security_related=True)) | 719 | self.createBugTasksAndSubscribers(private_security_related=True)) |
| 413 | 737 | initial_subscribers = set(( | 720 | initial_subscribers = set(( |
| 415 | 738 | self.factory.makePerson(), bug_owner, | 721 | self.factory.makePerson(name='subscriber'), bug_owner, |
| 416 | 739 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) | 722 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) |
| 417 | 740 | 723 | ||
| 418 | 741 | with person_logged_in(bug_owner): | 724 | with person_logged_in(bug_owner): |
| 419 | 742 | for subscriber in initial_subscribers: | 725 | for subscriber in initial_subscribers: |
| 420 | 743 | bug.subscribe(subscriber, bug_owner) | 726 | bug.subscribe(subscriber, bug_owner) |
| 423 | 744 | who = self.factory.makePerson() | 727 | who = self.factory.makePerson(name='who') |
| 424 | 745 | expected_direct_subscribers = set(bug.getDirectSubscribers()) | 728 | subscribers_before_public = set(bug.getDirectSubscribers()) |
| 425 | 746 | bug.transitionToInformationType(InformationType.PUBLIC, who) | 729 | bug.transitionToInformationType(InformationType.PUBLIC, who) |
| 432 | 747 | subscribers = set(bug.getDirectSubscribers()) | 730 | subscribers_after_public = set(bug.getDirectSubscribers()) |
| 433 | 748 | expected_direct_subscribers.difference_update( | 731 | self.assertContentEqual( |
| 434 | 749 | (default_bugtask.pillar.security_contact, | 732 | subscribers_before_public, |
| 435 | 750 | default_bugtask.pillar.bug_supervisor, | 733 | subscribers_after_public) |
| 430 | 751 | bugtask_a.pillar.security_contact)) | ||
| 431 | 752 | self.assertContentEqual(expected_direct_subscribers, subscribers) | ||
| 436 | 753 | 734 | ||
| 437 | 754 | def test_setPillarOwnerSubscribedIfNoBugSupervisor(self): | 735 | def test_setPillarOwnerSubscribedIfNoBugSupervisor(self): |
| 439 | 755 | # The pillar owner is subscribed if the bug supervisor is not set. | 736 | # The pillar owner is subscribed if the bug supervisor is not set and |
| 440 | 737 | # the bug is marked as USERDATA. | ||
| 441 | 756 | 738 | ||
| 442 | 757 | bug_owner = self.factory.makePerson(name='bugowner') | 739 | bug_owner = self.factory.makePerson(name='bugowner') |
| 443 | 758 | bug = self.factory.makeBug(owner=bug_owner) | 740 | bug = self.factory.makeBug(owner=bug_owner) |
| 444 | @@ -766,18 +748,19 @@ | |||
| 445 | 766 | subscribers) | 748 | subscribers) |
| 446 | 767 | 749 | ||
| 447 | 768 | def test_setPillarOwnerSubscribedIfNoSecurityContact(self): | 750 | def test_setPillarOwnerSubscribedIfNoSecurityContact(self): |
| 449 | 769 | # The pillar owner is subscribed if the security contact is not set. | 751 | # The pillar owner is subscribed if the security contact is not set |
| 450 | 752 | # and the bug is marked as EMBARGOEDSECURITY. | ||
| 451 | 770 | 753 | ||
| 452 | 771 | bug_owner = self.factory.makePerson(name='bugowner') | 754 | bug_owner = self.factory.makePerson(name='bugowner') |
| 453 | 772 | bug = self.factory.makeBug(owner=bug_owner) | 755 | bug = self.factory.makeBug(owner=bug_owner) |
| 454 | 773 | with person_logged_in(bug_owner): | 756 | with person_logged_in(bug_owner): |
| 456 | 774 | who = self.factory.makePerson() | 757 | who = self.factory.makePerson(name='who') |
| 457 | 775 | bug.transitionToInformationType( | 758 | bug.transitionToInformationType( |
| 459 | 776 | InformationType.UNEMBARGOEDSECURITY, who) | 759 | InformationType.EMBARGOEDSECURITY, who) |
| 460 | 777 | subscribers = bug.getDirectSubscribers() | 760 | subscribers = bug.getDirectSubscribers() |
| 461 | 778 | naked_bugtask = removeSecurityProxy(bug).default_bugtask | 761 | naked_bugtask = removeSecurityProxy(bug).default_bugtask |
| 462 | 779 | self.assertContentEqual( | 762 | self.assertContentEqual( |
| 464 | 780 | set((naked_bugtask.pillar.owner, bug_owner)), | 763 | set((naked_bugtask.pillar.owner, bug_owner, who)), |
| 465 | 781 | subscribers) | 764 | subscribers) |
| 466 | 782 | 765 | ||
| 467 | 783 | def _fetch_notifications(self, bug, reason_header): | 766 | def _fetch_notifications(self, bug, reason_header): |
| 468 | @@ -833,32 +816,6 @@ | |||
| 469 | 833 | actual_recipients.append(recipient.person) | 816 | actual_recipients.append(recipient.person) |
| 470 | 834 | self.assertContentEqual(expected_recipients, actual_recipients) | 817 | self.assertContentEqual(expected_recipients, actual_recipients) |
| 471 | 835 | 818 | ||
| 472 | 836 | def test_bugSupervisorUnsubscribedIfBugMadePublic(self): | ||
| 473 | 837 | # The bug supervisors are unsubscribed if a bug is made public and an | ||
| 474 | 838 | # email is sent telling them they have been unsubscribed. | ||
| 475 | 839 | |||
| 476 | 840 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | ||
| 477 | 841 | self.createBugTasksAndSubscribers(private_security_related=True)) | ||
| 478 | 842 | |||
| 479 | 843 | with person_logged_in(bug_owner): | ||
| 480 | 844 | bug.subscribe(default_bugtask.pillar.bug_supervisor, bug_owner) | ||
| 481 | 845 | who = self.factory.makePerson(name="who") | ||
| 482 | 846 | bug.transitionToInformationType( | ||
| 483 | 847 | InformationType.UNEMBARGOEDSECURITY, who) | ||
| 484 | 848 | subscribers = bug.getDirectSubscribers() | ||
| 485 | 849 | self.assertNotIn( | ||
| 486 | 850 | default_bugtask.pillar.bug_supervisor, subscribers) | ||
| 487 | 851 | |||
| 488 | 852 | expected_recipients = [ | ||
| 489 | 853 | default_bugtask.pillar.bug_supervisor, | ||
| 490 | 854 | ] | ||
| 491 | 855 | expected_body_text = '** This bug is no longer private' | ||
| 492 | 856 | expected_reason_body = ('You received this bug notification ' | ||
| 493 | 857 | 'because you are a bug supervisor.') | ||
| 494 | 858 | self._check_notifications( | ||
| 495 | 859 | bug, expected_recipients, expected_body_text, | ||
| 496 | 860 | expected_reason_body, False, True, 'Bug Supervisor') | ||
| 497 | 861 | |||
| 498 | 862 | def test_structural_bug_supervisor_becomes_direct_on_private(self): | 819 | def test_structural_bug_supervisor_becomes_direct_on_private(self): |
| 499 | 863 | # If a bug supervisor has a structural subscription to the bug, and | 820 | # If a bug supervisor has a structural subscription to the bug, and |
| 500 | 864 | # the bug is marked as private, the supervisor should get a direct | 821 | # the bug is marked as private, the supervisor should get a direct |
| 501 | @@ -876,31 +833,6 @@ | |||
| 502 | 876 | bug.transitionToInformationType(InformationType.USERDATA, who) | 833 | bug.transitionToInformationType(InformationType.USERDATA, who) |
| 503 | 877 | self.assertTrue(bug_supervisor in bug.getDirectSubscribers()) | 834 | self.assertTrue(bug_supervisor in bug.getDirectSubscribers()) |
| 504 | 878 | 835 | ||
| 505 | 879 | def test_securityContactUnsubscribedIfBugNotSecurityRelated(self): | ||
| 506 | 880 | # The security contacts are unsubscribed if a bug has security_related | ||
| 507 | 881 | # set to false and an email is sent telling them they have been | ||
| 508 | 882 | # unsubscribed. | ||
| 509 | 883 | |||
| 510 | 884 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | ||
| 511 | 885 | self.createBugTasksAndSubscribers(private_security_related=True)) | ||
| 512 | 886 | |||
| 513 | 887 | with person_logged_in(bug_owner): | ||
| 514 | 888 | bug.subscribe(bugtask_a.pillar.security_contact, bug_owner) | ||
| 515 | 889 | who = self.factory.makePerson(name="who") | ||
| 516 | 890 | bug.transitionToInformationType(InformationType.USERDATA, who) | ||
| 517 | 891 | subscribers = bug.getDirectSubscribers() | ||
| 518 | 892 | self.assertFalse(bugtask_a.pillar.security_contact in subscribers) | ||
| 519 | 893 | |||
| 520 | 894 | expected_recipients = [ | ||
| 521 | 895 | bugtask_a.pillar.security_contact, | ||
| 522 | 896 | ] | ||
| 523 | 897 | expected_body_text = '** This bug is no longer security related' | ||
| 524 | 898 | expected_reason_body = ('You received this bug notification ' | ||
| 525 | 899 | 'because you are a security contact.') | ||
| 526 | 900 | self._check_notifications( | ||
| 527 | 901 | bug, expected_recipients, expected_body_text, | ||
| 528 | 902 | expected_reason_body, True, False, 'Security Contact') | ||
| 529 | 903 | |||
| 530 | 904 | 836 | ||
| 531 | 905 | class TestBugPrivacy(TestCaseWithFactory): | 837 | class TestBugPrivacy(TestCaseWithFactory): |
| 532 | 906 | 838 | ||
| 533 | 907 | 839 | ||
| 534 | === modified file 'lib/lp/bugs/tests/test_bug_mirror_access_triggers.py' | |||
| 535 | --- lib/lp/bugs/tests/test_bug_mirror_access_triggers.py 2012-04-17 17:58:37 +0000 | |||
| 536 | +++ lib/lp/bugs/tests/test_bug_mirror_access_triggers.py 2012-04-17 18:01:41 +0000 | |||
| 537 | @@ -141,7 +141,9 @@ | |||
| 538 | 141 | bug.setPrivate(True, bug.owner) | 141 | bug.setPrivate(True, bug.owner) |
| 539 | 142 | self.assertIsNot( | 142 | self.assertIsNot( |
| 540 | 143 | None, getUtility(IAccessArtifactSource).find([bug]).one()) | 143 | None, getUtility(IAccessArtifactSource).find([bug]).one()) |
| 542 | 144 | self.assertEqual((1, 1), self.assertMirrored(bug)) | 144 | # There are two grants--one for the reporter, one for the product |
| 543 | 145 | # owner or supervisor (if set). There is only one policy, USERDATA. | ||
| 544 | 146 | self.assertEqual((2, 1), self.assertMirrored(bug)) | ||
| 545 | 145 | 147 | ||
| 546 | 146 | def test_security_related(self): | 148 | def test_security_related(self): |
| 547 | 147 | # Setting the security_related flag uses EMBARGOEDSECURITY | 149 | # Setting the security_related flag uses EMBARGOEDSECURITY |
| 548 | @@ -153,7 +155,9 @@ | |||
| 549 | 153 | [InformationType.USERDATA], | 155 | [InformationType.USERDATA], |
| 550 | 154 | self.getPolicyTypesForArtifact(artifact)) | 156 | self.getPolicyTypesForArtifact(artifact)) |
| 551 | 155 | bug.setSecurityRelated(True, bug.owner) | 157 | bug.setSecurityRelated(True, bug.owner) |
| 553 | 156 | self.assertEqual((1, 1), self.assertMirrored(bug)) | 158 | # Both the reporter and either the product owner or the product's |
| 554 | 159 | # security contact have grants. | ||
| 555 | 160 | self.assertEqual((2, 1), self.assertMirrored(bug)) | ||
| 556 | 157 | self.assertContentEqual( | 161 | self.assertContentEqual( |
| 557 | 158 | [InformationType.EMBARGOEDSECURITY], | 162 | [InformationType.EMBARGOEDSECURITY], |
| 558 | 159 | self.getPolicyTypesForArtifact(artifact)) | 163 | self.getPolicyTypesForArtifact(artifact)) |
| 559 | 160 | 164 | ||
| 560 | === modified file 'lib/lp/bugs/tests/test_bugvisibility.py' | |||
| 561 | --- lib/lp/bugs/tests/test_bugvisibility.py 2012-04-17 17:59:54 +0000 | |||
| 562 | +++ lib/lp/bugs/tests/test_bugvisibility.py 2012-04-17 18:01:41 +0000 | |||
| 563 | @@ -88,72 +88,3 @@ | |||
| 564 | 88 | def test_publicBugAnonUser(self): | 88 | def test_publicBugAnonUser(self): |
| 565 | 89 | # Since the bug is private, the anonymous user cannot see it. | 89 | # Since the bug is private, the anonymous user cannot see it. |
| 566 | 90 | self.assertFalse(self.bug.userCanView(None)) | 90 | self.assertFalse(self.bug.userCanView(None)) |
| 567 | 91 | |||
| 568 | 92 | |||
| 569 | 93 | class TestPrivateBugVisibilityAfterTransition(TestCaseWithFactory): | ||
| 570 | 94 | """Test visibility for a public bug, set to private.""" | ||
| 571 | 95 | |||
| 572 | 96 | layer = DatabaseFunctionalLayer | ||
| 573 | 97 | |||
| 574 | 98 | def setUp(self): | ||
| 575 | 99 | super(TestPrivateBugVisibilityAfterTransition, self).setUp() | ||
| 576 | 100 | self.product_owner = self.factory.makePerson(name="productowner") | ||
| 577 | 101 | self.maintainer = self.factory.makeTeam( | ||
| 578 | 102 | name="maintainer", | ||
| 579 | 103 | owner=self.product_owner, | ||
| 580 | 104 | subscription_policy=TeamSubscriptionPolicy.RESTRICTED) | ||
| 581 | 105 | self.maintainer_member = self.factory.makePerson( | ||
| 582 | 106 | name="maintainermember") | ||
| 583 | 107 | self.owner = self.factory.makePerson(name="bugowner") | ||
| 584 | 108 | self.product = self.factory.makeProduct( | ||
| 585 | 109 | name="regular-product", owner=self.maintainer) | ||
| 586 | 110 | self.bug = self.factory.makeBug( | ||
| 587 | 111 | owner=self.owner, product=self.product) | ||
| 588 | 112 | |||
| 589 | 113 | self.bug_team_member = self.factory.makePerson(name="bugteammember") | ||
| 590 | 114 | self.bug_team = self.factory.makeTeam( | ||
| 591 | 115 | name="bugteam", | ||
| 592 | 116 | owner=self.product_owner) | ||
| 593 | 117 | |||
| 594 | 118 | with celebrity_logged_in('admin'): | ||
| 595 | 119 | self.maintainer.addMember( | ||
| 596 | 120 | self.maintainer_member, | ||
| 597 | 121 | self.product_owner) | ||
| 598 | 122 | self.bug_team.addMember(self.bug_team_member, self.product_owner) | ||
| 599 | 123 | |||
| 600 | 124 | def _makePrivate(self): | ||
| 601 | 125 | with celebrity_logged_in('admin'): | ||
| 602 | 126 | self.bug.setPrivate(private=True, who=self.product_owner) | ||
| 603 | 127 | |||
| 604 | 128 | @contextmanager | ||
| 605 | 129 | def _setupSupervisor(self): | ||
| 606 | 130 | with celebrity_logged_in('admin'): | ||
| 607 | 131 | self.product.setBugSupervisor( | ||
| 608 | 132 | bug_supervisor=self.bug_team, | ||
| 609 | 133 | user=self.product_owner) | ||
| 610 | 134 | yield | ||
| 611 | 135 | with celebrity_logged_in('admin'): | ||
| 612 | 136 | self.product.setBugSupervisor( | ||
| 613 | 137 | bug_supervisor=None, | ||
| 614 | 138 | user=self.product_owner) | ||
| 615 | 139 | |||
| 616 | 140 | def test_bug_supervisor_can_see_bug(self): | ||
| 617 | 141 | with self._setupSupervisor(): | ||
| 618 | 142 | self._makePrivate() | ||
| 619 | 143 | self.assertTrue(self.bug.userCanView(self.bug_team_member)) | ||
| 620 | 144 | |||
| 621 | 145 | def test_reporter_can_see(self): | ||
| 622 | 146 | self._makePrivate() | ||
| 623 | 147 | self.assertTrue(self.bug.userCanView(self.owner)) | ||
| 624 | 148 | |||
| 625 | 149 | def test_maintainer_can_see_without_supervisor(self): | ||
| 626 | 150 | # If no bug supervisor is set, the maintainer is given access. | ||
| 627 | 151 | self._makePrivate() | ||
| 628 | 152 | self.assertTrue(self.bug.userCanView(self.maintainer_member)) | ||
| 629 | 153 | |||
| 630 | 154 | def test_assignee_can_see(self): | ||
| 631 | 155 | bug_assignee = self.factory.makePerson(name="bugassignee") | ||
| 632 | 156 | with celebrity_logged_in('admin'): | ||
| 633 | 157 | self.bug.default_bugtask.transitionToAssignee(bug_assignee) | ||
| 634 | 158 | self._makePrivate() | ||
| 635 | 159 | self.assertTrue(self.bug.userCanView(bug_assignee)) | ||
Revision history for this message
| Curtis Hovey (sinzui) wrote : | # |
Thank you very very much.
review:
Approve
(code)
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'lib/lp/bugs/doc/bugnotification-sending.txt' | |||
| 2 | --- lib/lp/bugs/doc/bugnotification-sending.txt 2012-03-23 06:10:28 +0000 | |||
| 3 | +++ lib/lp/bugs/doc/bugnotification-sending.txt 2012-04-17 18:05:27 +0000 | |||
| 4 | @@ -756,9 +756,10 @@ | |||
| 5 | 756 | 756 | ||
| 6 | 757 | >>> for message in trigger_and_get_email_messages(bug_three): | 757 | >>> for message in trigger_and_get_email_messages(bug_three): |
| 7 | 758 | ... print message['To'], message.get_all('X-Launchpad-Bug-Private') | 758 | ... print message['To'], message.get_all('X-Launchpad-Bug-Private') |
| 8 | 759 | foo.bar@canonical.com ['yes'] | ||
| 9 | 760 | mark@example.com ['yes'] | ||
| 10 | 759 | test@canonical.com ['yes'] | 761 | test@canonical.com ['yes'] |
| 11 | 760 | 762 | ||
| 12 | 761 | |||
| 13 | 762 | The X-Launchpad-Bug-Security-Vulnerability header | 763 | The X-Launchpad-Bug-Security-Vulnerability header |
| 14 | 763 | ------------------------------------------------- | 764 | ------------------------------------------------- |
| 15 | 764 | 765 | ||
| 16 | @@ -772,6 +773,8 @@ | |||
| 17 | 772 | >>> for message in trigger_and_get_email_messages(bug_three): | 773 | >>> for message in trigger_and_get_email_messages(bug_three): |
| 18 | 773 | ... print message['To'], ( | 774 | ... print message['To'], ( |
| 19 | 774 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) | 775 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) |
| 20 | 776 | foo.bar@canonical.com ['no'] | ||
| 21 | 777 | mark@example.com ['no'] | ||
| 22 | 775 | test@canonical.com ['no'] | 778 | test@canonical.com ['no'] |
| 23 | 776 | 779 | ||
| 24 | 777 | The presence of the security flag on a bug is, surprise, denoted by a | 780 | The presence of the security flag on a bug is, surprise, denoted by a |
| 25 | @@ -786,6 +789,8 @@ | |||
| 26 | 786 | >>> for message in trigger_and_get_email_messages(bug_three): | 789 | >>> for message in trigger_and_get_email_messages(bug_three): |
| 27 | 787 | ... print message['To'], ( | 790 | ... print message['To'], ( |
| 28 | 788 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) | 791 | ... message.get_all('X-Launchpad-Bug-Security-Vulnerability')) |
| 29 | 792 | foo.bar@canonical.com ['yes'] | ||
| 30 | 793 | mark@example.com ['yes'] | ||
| 31 | 789 | test@canonical.com ['yes'] | 794 | test@canonical.com ['yes'] |
| 32 | 790 | 795 | ||
| 33 | 791 | 796 | ||
| 34 | 792 | 797 | ||
| 35 | === modified file 'lib/lp/bugs/doc/bugsubscription.txt' | |||
| 36 | --- lib/lp/bugs/doc/bugsubscription.txt 2012-04-03 06:14:09 +0000 | |||
| 37 | +++ lib/lp/bugs/doc/bugsubscription.txt 2012-04-17 18:05:27 +0000 | |||
| 38 | @@ -380,17 +380,7 @@ | |||
| 39 | 380 | () | 380 | () |
| 40 | 381 | 381 | ||
| 41 | 382 | When a bug is marked private, specific people like the bugtask bug supervisors | 382 | When a bug is marked private, specific people like the bugtask bug supervisors |
| 53 | 383 | will be automatically subscribed, and only specifically allowed existing | 383 | will be automatically subscribed. |
| 43 | 384 | direct subscribers (eg bugtask pillar maintainers) will remain subscribed. | ||
| 44 | 385 | |||
| 45 | 386 | We currently use a feature flag to control who is subscribed when a bug is | ||
| 46 | 387 | made private. | ||
| 47 | 388 | |||
| 48 | 389 | >>> from lp.services.features.testing import FeatureFixture | ||
| 49 | 390 | >>> feature_flag = { | ||
| 50 | 391 | ... 'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'} | ||
| 51 | 392 | >>> flags = FeatureFixture(feature_flag) | ||
| 52 | 393 | >>> flags.setUp() | ||
| 54 | 394 | 384 | ||
| 55 | 395 | >>> from zope.event import notify | 385 | >>> from zope.event import notify |
| 56 | 396 | 386 | ||
| 57 | @@ -438,26 +428,20 @@ | |||
| 58 | 438 | >>> print_displayname(linux_source_bug.getDirectSubscribers()) | 428 | >>> print_displayname(linux_source_bug.getDirectSubscribers()) |
| 59 | 439 | Foo Bar | 429 | Foo Bar |
| 60 | 440 | Mark Shuttleworth | 430 | Mark Shuttleworth |
| 61 | 431 | Robert Collins | ||
| 62 | 432 | Ubuntu Team | ||
| 63 | 441 | 433 | ||
| 64 | 442 | >>> print_displayname(linux_source_bug.getIndirectSubscribers()) | 434 | >>> print_displayname(linux_source_bug.getIndirectSubscribers()) |
| 65 | 443 | Martin Pitt | 435 | Martin Pitt |
| 66 | 444 | No Privileges Person | 436 | No Privileges Person |
| 67 | 445 | Robert Collins | ||
| 68 | 446 | Sample Person | 437 | Sample Person |
| 69 | 447 | Scott James Remnant | 438 | Scott James Remnant |
| 70 | 448 | Ubuntu Team | ||
| 71 | 449 | 439 | ||
| 72 | 450 | >>> print_displayname(linux_source_bug.getAlsoNotifiedSubscribers()) | 440 | >>> print_displayname(linux_source_bug.getAlsoNotifiedSubscribers()) |
| 73 | 451 | Martin Pitt | 441 | Martin Pitt |
| 74 | 452 | No Privileges Person | 442 | No Privileges Person |
| 75 | 453 | Robert Collins | ||
| 76 | 454 | Sample Person | 443 | Sample Person |
| 77 | 455 | Scott James Remnant | 444 | Scott James Remnant |
| 78 | 456 | Ubuntu Team | ||
| 79 | 457 | |||
| 80 | 458 | Clean up the feature flag. | ||
| 81 | 459 | |||
| 82 | 460 | >>> flags.cleanUp() | ||
| 83 | 461 | 445 | ||
| 84 | 462 | To find out which email addresses should receive a notification email on | 446 | To find out which email addresses should receive a notification email on |
| 85 | 463 | a bug, and why, IBug.getBugNotificationRecipients() assembles an | 447 | a bug, and why, IBug.getBugNotificationRecipients() assembles an |
| 86 | @@ -472,8 +456,8 @@ | |||
| 87 | 472 | [('foo.bar@canonical.com', 'Subscriber'), | 456 | [('foo.bar@canonical.com', 'Subscriber'), |
| 88 | 473 | ('mark@example.com', 'Subscriber'), | 457 | ('mark@example.com', 'Subscriber'), |
| 89 | 474 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), | 458 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), |
| 92 | 475 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 459 | ('robertc@robertcollins.net', 'Subscriber'), |
| 93 | 476 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 460 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 94 | 477 | ('test@canonical.com', 'Assignee')] | 461 | ('test@canonical.com', 'Assignee')] |
| 95 | 478 | 462 | ||
| 96 | 479 | If IBug.getBugNotificationRecipients() is passed a BugNotificationLevel | 463 | If IBug.getBugNotificationRecipients() is passed a BugNotificationLevel |
| 97 | @@ -486,8 +470,8 @@ | |||
| 98 | 486 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] | 470 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] |
| 99 | 487 | [('foo.bar@canonical.com', 'Subscriber'), | 471 | [('foo.bar@canonical.com', 'Subscriber'), |
| 100 | 488 | ('mark@example.com', 'Subscriber'), | 472 | ('mark@example.com', 'Subscriber'), |
| 103 | 489 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 473 | ('robertc@robertcollins.net', 'Subscriber'), |
| 104 | 490 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 474 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 105 | 491 | ('test@canonical.com', 'Assignee')] | 475 | ('test@canonical.com', 'Assignee')] |
| 106 | 492 | 476 | ||
| 107 | 493 | When Sample Person is unsubscribed from linux_source_bug, he is no | 477 | When Sample Person is unsubscribed from linux_source_bug, he is no |
| 108 | @@ -501,8 +485,8 @@ | |||
| 109 | 501 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] | 485 | >>> [(address, recipients.getReason(address)[1]) for address in addresses] |
| 110 | 502 | [('foo.bar@canonical.com', 'Subscriber'), | 486 | [('foo.bar@canonical.com', 'Subscriber'), |
| 111 | 503 | ('mark@example.com', 'Subscriber'), | 487 | ('mark@example.com', 'Subscriber'), |
| 114 | 504 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 488 | ('robertc@robertcollins.net', 'Subscriber'), |
| 115 | 505 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 489 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 116 | 506 | ('test@canonical.com', 'Assignee')] | 490 | ('test@canonical.com', 'Assignee')] |
| 117 | 507 | 491 | ||
| 118 | 508 | ...but remains included for the level LIFECYCLE. | 492 | ...but remains included for the level LIFECYCLE. |
| 119 | @@ -515,8 +499,8 @@ | |||
| 120 | 515 | [('foo.bar@canonical.com', 'Subscriber'), | 499 | [('foo.bar@canonical.com', 'Subscriber'), |
| 121 | 516 | ('mark@example.com', 'Subscriber'), | 500 | ('mark@example.com', 'Subscriber'), |
| 122 | 517 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), | 501 | ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'), |
| 125 | 518 | ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'), | 502 | ('robertc@robertcollins.net', 'Subscriber'), |
| 126 | 519 | ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'), | 503 | ('support@ubuntu.com', u'Subscriber @ubuntu-team'), |
| 127 | 520 | ('test@canonical.com', 'Assignee')] | 504 | ('test@canonical.com', 'Assignee')] |
| 128 | 521 | 505 | ||
| 129 | 522 | To find out if someone is already directly subscribed to a bug, call | 506 | To find out if someone is already directly subscribed to a bug, call |
| 130 | 523 | 507 | ||
| 131 | === modified file 'lib/lp/bugs/doc/initial-bug-contacts.txt' | |||
| 132 | --- lib/lp/bugs/doc/initial-bug-contacts.txt 2012-04-03 06:14:09 +0000 | |||
| 133 | +++ lib/lp/bugs/doc/initial-bug-contacts.txt 2012-04-17 18:05:27 +0000 | |||
| 134 | @@ -288,16 +288,6 @@ | |||
| 135 | 288 | u'Sample Person', u'Steve Alexander', u'Ubuntu Gnome Team', | 288 | u'Sample Person', u'Steve Alexander', u'Ubuntu Gnome Team', |
| 136 | 289 | u'Ubuntu Team'] | 289 | u'Ubuntu Team'] |
| 137 | 290 | 290 | ||
| 138 | 291 | |||
| 139 | 292 | We currently use a feature flag to control who is subscribed when a bug is | ||
| 140 | 293 | made private. | ||
| 141 | 294 | |||
| 142 | 295 | >>> from lp.services.features.testing import FeatureFixture | ||
| 143 | 296 | >>> feature_flag = { | ||
| 144 | 297 | ... 'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'} | ||
| 145 | 298 | >>> flags = FeatureFixture(feature_flag) | ||
| 146 | 299 | >>> flags.setUp() | ||
| 147 | 300 | |||
| 148 | 301 | If a bug is private, no changes are made to the subscriber list when a | 291 | If a bug is private, no changes are made to the subscriber list when a |
| 149 | 302 | bug is reassigned to a different package. | 292 | bug is reassigned to a different package. |
| 150 | 303 | 293 | ||
| 151 | @@ -329,13 +319,9 @@ | |||
| 152 | 329 | the unallowed subscribers are removed: | 319 | the unallowed subscribers are removed: |
| 153 | 330 | 320 | ||
| 154 | 331 | >>> subscriber_names(bug_one_in_ubuntu_firefox.bug) | 321 | >>> subscriber_names(bug_one_in_ubuntu_firefox.bug) |
| 156 | 332 | [u'Foo Bar', u'Mark Shuttleworth', u'Sample Person', | 322 | [u'Foo Bar', u'Sample Person', |
| 157 | 333 | u'Steve Alexander', u'Ubuntu Team'] | 323 | u'Steve Alexander', u'Ubuntu Team'] |
| 158 | 334 | 324 | ||
| 159 | 335 | Clean up the feature flag. | ||
| 160 | 336 | |||
| 161 | 337 | >>> flags.cleanUp() | ||
| 162 | 338 | |||
| 163 | 339 | 325 | ||
| 164 | 340 | Product Bug Supervisors and Bug Tasks | 326 | Product Bug Supervisors and Bug Tasks |
| 165 | 341 | ------------------------------------- | 327 | ------------------------------------- |
| 166 | 342 | 328 | ||
| 167 | === modified file 'lib/lp/bugs/doc/security-teams.txt' | |||
| 168 | --- lib/lp/bugs/doc/security-teams.txt 2012-04-04 05:46:26 +0000 | |||
| 169 | +++ lib/lp/bugs/doc/security-teams.txt 2012-04-17 18:05:27 +0000 | |||
| 170 | @@ -280,17 +280,7 @@ | |||
| 171 | 280 | 280 | ||
| 172 | 281 | 281 | ||
| 173 | 282 | When a bug becomes security-related, the security contacts for the pillars it | 282 | When a bug becomes security-related, the security contacts for the pillars it |
| 185 | 283 | affects are subscribed to it. This happens regardless of whether the feature | 283 | affects are subscribed to it. |
| 175 | 284 | flag is set. | ||
| 176 | 285 | |||
| 177 | 286 | We currently use a feature flag to control who is subscribed when a bug is | ||
| 178 | 287 | made security related. | ||
| 179 | 288 | |||
| 180 | 289 | >>> from lp.services.features.testing import FeatureFixture | ||
| 181 | 290 | >>> feature_flag = { | ||
| 182 | 291 | ... 'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'} | ||
| 183 | 292 | >>> security_flags = FeatureFixture(feature_flag) | ||
| 184 | 293 | >>> security_flags.setUp() | ||
| 186 | 294 | 284 | ||
| 187 | 295 | >>> from zope.event import notify | 285 | >>> from zope.event import notify |
| 188 | 296 | >>> from lazr.lifecycle.event import ObjectModifiedEvent | 286 | >>> from lazr.lifecycle.event import ObjectModifiedEvent |
| 189 | @@ -317,30 +307,3 @@ | |||
| 190 | 317 | Bug Reporter | 307 | Bug Reporter |
| 191 | 318 | Distribution Security Contact | 308 | Distribution Security Contact |
| 192 | 319 | Product Security Contact | 309 | Product Security Contact |
| 193 | 320 | |||
| 194 | 321 | Clean up the feature flag. | ||
| 195 | 322 | |||
| 196 | 323 | >>> security_flags.cleanUp() | ||
| 197 | 324 | |||
| 198 | 325 | And once more without the feature flag. | ||
| 199 | 326 | |||
| 200 | 327 | >>> product = factory.makeProduct() | ||
| 201 | 328 | >>> product.security_contact = factory.makePerson( | ||
| 202 | 329 | ... displayname='Product Security Contact') | ||
| 203 | 330 | >>> distribution = factory.makeDistribution() | ||
| 204 | 331 | >>> distribution.security_contact = factory.makePerson( | ||
| 205 | 332 | ... displayname='Distribution Security Contact') | ||
| 206 | 333 | >>> reporter = factory.makePerson(displayname=u'Bug Reporter') | ||
| 207 | 334 | >>> bug = factory.makeBug(product=product, owner=reporter) | ||
| 208 | 335 | >>> bug.addTask(owner=reporter, target=distribution) | ||
| 209 | 336 | <BugTask ...> | ||
| 210 | 337 | >>> old_state = Snapshot(bug, providing=IBug) | ||
| 211 | 338 | >>> bug.setSecurityRelated(True, getUtility(ILaunchBag).user) | ||
| 212 | 339 | True | ||
| 213 | 340 | >>> notify(ObjectModifiedEvent(bug, old_state, ['security_related'])) | ||
| 214 | 341 | >>> for subscriber_name in sorted( | ||
| 215 | 342 | ... s.displayname for s in bug.getDirectSubscribers()): | ||
| 216 | 343 | ... print subscriber_name | ||
| 217 | 344 | Bug Reporter | ||
| 218 | 345 | Distribution Security Contact | ||
| 219 | 346 | Product Security Contact | ||
| 220 | 347 | 310 | ||
| 221 | === modified file 'lib/lp/bugs/model/bug.py' | |||
| 222 | --- lib/lp/bugs/model/bug.py 2012-04-17 01:11:47 +0000 | |||
| 223 | +++ lib/lp/bugs/model/bug.py 2012-04-17 18:05:27 +0000 | |||
| 224 | @@ -1733,10 +1733,6 @@ | |||
| 225 | 1733 | "Cannot transition the information type to proprietary.") | 1733 | "Cannot transition the information type to proprietary.") |
| 226 | 1734 | if self.information_type == information_type: | 1734 | if self.information_type == information_type: |
| 227 | 1735 | return False | 1735 | return False |
| 228 | 1736 | f_flag_str = 'disclosure.enhanced_private_bug_subscriptions.enabled' | ||
| 229 | 1737 | f_flag = bool(getFeatureFlag(f_flag_str)) | ||
| 230 | 1738 | if f_flag: | ||
| 231 | 1739 | self.reconcileSubscribers(information_type, who) | ||
| 232 | 1740 | if (information_type == InformationType.PROPRIETARY and | 1736 | if (information_type == InformationType.PROPRIETARY and |
| 233 | 1741 | len(self.affected_pillars) > 1): | 1737 | len(self.affected_pillars) > 1): |
| 234 | 1742 | raise BugCannotBePrivate( | 1738 | raise BugCannotBePrivate( |
| 235 | @@ -1744,34 +1740,47 @@ | |||
| 236 | 1744 | if information_type in PRIVATE_INFORMATION_TYPES: | 1740 | if information_type in PRIVATE_INFORMATION_TYPES: |
| 237 | 1745 | self.who_made_private = who | 1741 | self.who_made_private = who |
| 238 | 1746 | self.date_made_private = UTC_NOW | 1742 | self.date_made_private = UTC_NOW |
| 239 | 1743 | missing_subscribers = set([who, self.owner]) | ||
| 240 | 1747 | else: | 1744 | else: |
| 241 | 1748 | self.who_made_private = None | 1745 | self.who_made_private = None |
| 242 | 1749 | self.date_made_private = None | 1746 | self.date_made_private = None |
| 243 | 1747 | missing_subscribers = set() | ||
| 244 | 1750 | # XXX: This should be a bulk update. RBC 20100827 | 1748 | # XXX: This should be a bulk update. RBC 20100827 |
| 245 | 1751 | # bug=https://bugs.launchpad.net/storm/+bug/625071 | 1749 | # bug=https://bugs.launchpad.net/storm/+bug/625071 |
| 246 | 1752 | for attachment in self.attachments_unpopulated: | 1750 | for attachment in self.attachments_unpopulated: |
| 247 | 1753 | attachment.libraryfile.restricted = ( | 1751 | attachment.libraryfile.restricted = ( |
| 248 | 1754 | information_type in PRIVATE_INFORMATION_TYPES) | 1752 | information_type in PRIVATE_INFORMATION_TYPES) |
| 249 | 1755 | self.updateHeat() | 1753 | self.updateHeat() |
| 267 | 1756 | if not f_flag and information_type == InformationType.USERDATA: | 1754 | |
| 268 | 1757 | # If we didn't call reconcileSubscribers(), we may have | 1755 | # There are several people we need to ensure are subscribed. |
| 269 | 1758 | # bug supervisors who should be on this bug, but aren't. | 1756 | # If the information type is userdata, we need to check for bug |
| 270 | 1759 | supervisors = set() | 1757 | # supervisors who aren't subscribed and should be. If there is no |
| 271 | 1760 | for bugtask in self.bugtasks: | 1758 | # bug supervisor, we need to subscribe the maintainer. |
| 272 | 1761 | supervisors.add(bugtask.pillar.bug_supervisor) | 1759 | pillars = self.affected_pillars |
| 273 | 1762 | if None in supervisors: | 1760 | if information_type == InformationType.USERDATA: |
| 274 | 1763 | supervisors.remove(None) | 1761 | for pillar in pillars: |
| 275 | 1764 | for s in supervisors: | 1762 | if pillar.bug_supervisor is not None: |
| 276 | 1765 | if not get_structural_subscriptions_for_bug(self, s): | 1763 | missing_subscribers.add(pillar.bug_supervisor) |
| 277 | 1766 | self.subscribe(s, who) | 1764 | else: |
| 278 | 1767 | if not f_flag and information_type in SECURITY_INFORMATION_TYPES: | 1765 | missing_subscribers.add(pillar.owner) |
| 279 | 1768 | # The bug turned out to be security-related, subscribe the | 1766 | |
| 280 | 1769 | # security contact. We do it here only if the feature flag | 1767 | # If the information type is security related, we need to ensure |
| 281 | 1770 | # is not set, otherwise it's done in | 1768 | # the security contacts are subscribed. If there is no security |
| 282 | 1771 | # reconcileSubscribers(). | 1769 | # contact, we need to subscribe the maintainer. |
| 283 | 1772 | for pillar in self.affected_pillars: | 1770 | if information_type in SECURITY_INFORMATION_TYPES: |
| 284 | 1771 | for pillar in pillars: | ||
| 285 | 1773 | if pillar.security_contact is not None: | 1772 | if pillar.security_contact is not None: |
| 287 | 1774 | self.subscribe(pillar.security_contact, who) | 1773 | missing_subscribers.add(pillar.security_contact) |
| 288 | 1774 | else: | ||
| 289 | 1775 | missing_subscribers.add(pillar.owner) | ||
| 290 | 1776 | |||
| 291 | 1777 | for s in missing_subscribers: | ||
| 292 | 1778 | # Don't subscribe someone if they're already subscribed via a | ||
| 293 | 1779 | # team. | ||
| 294 | 1780 | already_subscribed_teams = self.getSubscribersForPerson(s) | ||
| 295 | 1781 | if already_subscribed_teams.is_empty(): | ||
| 296 | 1782 | self.subscribe(s, who) | ||
| 297 | 1783 | |||
| 298 | 1775 | self.information_type = information_type | 1784 | self.information_type = information_type |
| 299 | 1776 | # Set the legacy attributes for now. | 1785 | # Set the legacy attributes for now. |
| 300 | 1777 | self._private = information_type in PRIVATE_INFORMATION_TYPES | 1786 | self._private = information_type in PRIVATE_INFORMATION_TYPES |
| 301 | @@ -1838,81 +1847,6 @@ | |||
| 302 | 1838 | bug_supervisors.append(pillar.bug_supervisor) | 1847 | bug_supervisors.append(pillar.bug_supervisor) |
| 303 | 1839 | return bug_supervisors, security_contacts | 1848 | return bug_supervisors, security_contacts |
| 304 | 1840 | 1849 | ||
| 305 | 1841 | def reconcileSubscribers(self, information_type, who): | ||
| 306 | 1842 | """ Ensure only appropriate people are subscribed to private bugs. | ||
| 307 | 1843 | |||
| 308 | 1844 | When a bug is marked as either private = True or security_related = | ||
| 309 | 1845 | True, we need to ensure that only people who are authorised to know | ||
| 310 | 1846 | about the privileged contents of the bug remain directly subscribed | ||
| 311 | 1847 | to it. So we: | ||
| 312 | 1848 | 1. Get the required subscribers depending on the bug status. | ||
| 313 | 1849 | 2. Get the auto removed subscribers depending on the bug status. | ||
| 314 | 1850 | eg security contacts when a bug is updated to security related = | ||
| 315 | 1851 | false. | ||
| 316 | 1852 | 3. Get the allowed subscribers = required subscribers | ||
| 317 | 1853 | + bugtask owners | ||
| 318 | 1854 | 4. Remove any current direct subscribers who are not allowed or are | ||
| 319 | 1855 | to be auto removed. | ||
| 320 | 1856 | 5. Add any subscribers who are required. | ||
| 321 | 1857 | """ | ||
| 322 | 1858 | current_direct_subscribers = ( | ||
| 323 | 1859 | self.getSubscriptionInfo().direct_subscribers) | ||
| 324 | 1860 | required_subscribers = self.getRequiredSubscribers( | ||
| 325 | 1861 | information_type, who) | ||
| 326 | 1862 | removed_bug_supervisors, removed_security_contacts = ( | ||
| 327 | 1863 | self.getAutoRemovedSubscribers(information_type)) | ||
| 328 | 1864 | for subscriber in removed_bug_supervisors: | ||
| 329 | 1865 | recipients = BugNotificationRecipients() | ||
| 330 | 1866 | recipients.addBugSupervisor(subscriber) | ||
| 331 | 1867 | notification_text = ("This bug is no longer private so the bug " | ||
| 332 | 1868 | "supervisor was unsubscribed. They will no longer be " | ||
| 333 | 1869 | "notified of changes to this bug for privacy related " | ||
| 334 | 1870 | "reasons, but may receive notifications about this bug from " | ||
| 335 | 1871 | "other subscriptions.") | ||
| 336 | 1872 | self.unsubscribe( | ||
| 337 | 1873 | subscriber, who, ignore_permissions=True, | ||
| 338 | 1874 | send_notification=True, | ||
| 339 | 1875 | notification_text=notification_text, | ||
| 340 | 1876 | recipients=recipients) | ||
| 341 | 1877 | for subscriber in removed_security_contacts: | ||
| 342 | 1878 | recipients = BugNotificationRecipients() | ||
| 343 | 1879 | recipients.addSecurityContact(subscriber) | ||
| 344 | 1880 | notification_text = ("This bug is no longer security related so " | ||
| 345 | 1881 | "the security contact was unsubscribed. They will no longer " | ||
| 346 | 1882 | "be notified of changes to this bug for security related " | ||
| 347 | 1883 | "reasons, but may receive notifications about this bug " | ||
| 348 | 1884 | "from other subscriptions.") | ||
| 349 | 1885 | self.unsubscribe( | ||
| 350 | 1886 | subscriber, who, ignore_permissions=True, | ||
| 351 | 1887 | send_notification=True, | ||
| 352 | 1888 | notification_text=notification_text, | ||
| 353 | 1889 | recipients=recipients) | ||
| 354 | 1890 | |||
| 355 | 1891 | # If this bug is for a project that is marked as having private bugs | ||
| 356 | 1892 | # by default, and the bug is private or security related, we will | ||
| 357 | 1893 | # unsubscribe any unauthorised direct subscribers. | ||
| 358 | 1894 | pillar = self.default_bugtask.pillar | ||
| 359 | 1895 | private_project = IProduct.providedBy(pillar) and pillar.private_bugs | ||
| 360 | 1896 | privileged_info = information_type != InformationType.PUBLIC | ||
| 361 | 1897 | if private_project and privileged_info: | ||
| 362 | 1898 | allowed_subscribers = set() | ||
| 363 | 1899 | allowed_subscribers.add(self.owner) | ||
| 364 | 1900 | for bugtask in self.bugtasks: | ||
| 365 | 1901 | allowed_subscribers.add(bugtask.owner) | ||
| 366 | 1902 | allowed_subscribers.add(bugtask.pillar.owner) | ||
| 367 | 1903 | allowed_subscribers.update(set(bugtask.pillar.drivers)) | ||
| 368 | 1904 | allowed_subscribers = required_subscribers.union( | ||
| 369 | 1905 | allowed_subscribers) | ||
| 370 | 1906 | subscribers_to_remove = ( | ||
| 371 | 1907 | current_direct_subscribers.difference(allowed_subscribers)) | ||
| 372 | 1908 | for subscriber in subscribers_to_remove: | ||
| 373 | 1909 | self.unsubscribe(subscriber, who, ignore_permissions=True) | ||
| 374 | 1910 | |||
| 375 | 1911 | subscribers_to_add = ( | ||
| 376 | 1912 | required_subscribers.difference(current_direct_subscribers)) | ||
| 377 | 1913 | for subscriber in subscribers_to_add: | ||
| 378 | 1914 | self.subscribe(subscriber, who) | ||
| 379 | 1915 | |||
| 380 | 1916 | def getBugTask(self, target): | 1850 | def getBugTask(self, target): |
| 381 | 1917 | """See `IBug`.""" | 1851 | """See `IBug`.""" |
| 382 | 1918 | for bugtask in self.bugtasks: | 1852 | for bugtask in self.bugtasks: |
| 383 | 1919 | 1853 | ||
| 384 | === modified file 'lib/lp/bugs/model/tests/test_bug.py' | |||
| 385 | --- lib/lp/bugs/model/tests/test_bug.py 2012-04-17 01:11:47 +0000 | |||
| 386 | +++ lib/lp/bugs/model/tests/test_bug.py 2012-04-17 18:05:27 +0000 | |||
| 387 | @@ -567,14 +567,6 @@ | |||
| 388 | 567 | 567 | ||
| 389 | 568 | layer = DatabaseFunctionalLayer | 568 | layer = DatabaseFunctionalLayer |
| 390 | 569 | 569 | ||
| 391 | 570 | def setUp(self): | ||
| 392 | 571 | super(TestBugPrivateAndSecurityRelatedUpdatesMixin, self).setUp() | ||
| 393 | 572 | f_flag_str = 'disclosure.enhanced_private_bug_subscriptions.enabled' | ||
| 394 | 573 | feature_flag = {f_flag_str: 'on'} | ||
| 395 | 574 | flags = FeatureFixture(feature_flag) | ||
| 396 | 575 | flags.setUp() | ||
| 397 | 576 | self.addCleanup(flags.cleanUp) | ||
| 398 | 577 | |||
| 399 | 578 | def test_setPrivate_subscribes_person_who_makes_bug_private(self): | 570 | def test_setPrivate_subscribes_person_who_makes_bug_private(self): |
| 400 | 579 | # When setPrivate(True) is called on a bug, the person who is | 571 | # When setPrivate(True) is called on a bug, the person who is |
| 401 | 580 | # marking the bug private is subscribed to the bug. | 572 | # marking the bug private is subscribed to the bug. |
| 402 | @@ -589,8 +581,8 @@ | |||
| 403 | 589 | # marking the bug private will not be subscribed if they're | 581 | # marking the bug private will not be subscribed if they're |
| 404 | 590 | # already a member of a team which is a direct subscriber. | 582 | # already a member of a team which is a direct subscriber. |
| 405 | 591 | bug = self.factory.makeBug() | 583 | bug = self.factory.makeBug() |
| 408 | 592 | team = self.factory.makeTeam() | 584 | person = self.factory.makePerson(name='teamowner') |
| 409 | 593 | person = team.teamowner | 585 | team = self.factory.makeTeam(owner=person, name='team') |
| 410 | 594 | with person_logged_in(person): | 586 | with person_logged_in(person): |
| 411 | 595 | bug.subscribe(team, person) | 587 | bug.subscribe(team, person) |
| 412 | 596 | bug.setPrivate(True, person) | 588 | bug.setPrivate(True, person) |
| 413 | @@ -632,78 +624,71 @@ | |||
| 414 | 632 | return (bug, bug_owner, naked_bugtask_a, naked_bugtask_b, | 624 | return (bug, bug_owner, naked_bugtask_a, naked_bugtask_b, |
| 415 | 633 | naked_default_bugtask) | 625 | naked_default_bugtask) |
| 416 | 634 | 626 | ||
| 420 | 635 | def test_setPrivateTrueAndSecurityRelatedTrue(self): | 627 | def test_transition_to_EMBARGOEDSECURITY_information_type(self): |
| 421 | 636 | # When a bug is marked as private=true and security_related=true, the | 628 | # When a bug is marked as EMBARGOEDSECURITY, the direct subscribers |
| 422 | 637 | # direct subscribers should include: | 629 | # should include: |
| 423 | 638 | # - the bug reporter | 630 | # - the bug reporter |
| 424 | 639 | # - the bugtask pillar security contacts (if set) | 631 | # - the bugtask pillar security contacts (if set) |
| 425 | 640 | # - the person changing the state | 632 | # - the person changing the state |
| 426 | 641 | # - and bug/pillar owners, drivers if they are already subscribed | 633 | # - and bug/pillar owners, drivers if they are already subscribed |
| 427 | 642 | # If the bug is for a private project, then other direct subscribers | ||
| 428 | 643 | # should be unsubscribed. | ||
| 429 | 644 | 634 | ||
| 430 | 645 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 635 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 431 | 646 | self.createBugTasksAndSubscribers()) | 636 | self.createBugTasksAndSubscribers()) |
| 432 | 647 | initial_subscribers = set(( | 637 | initial_subscribers = set(( |
| 435 | 648 | self.factory.makePerson(), bugtask_a.owner, bug_owner, | 638 | self.factory.makePerson(name='subscriber'), bugtask_a.owner, |
| 436 | 649 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) | 639 | bug_owner, bugtask_a.pillar.security_contact, |
| 437 | 640 | bugtask_a.pillar.driver)) | ||
| 438 | 641 | initial_subscribers.update(bug.getDirectSubscribers()) | ||
| 439 | 650 | 642 | ||
| 440 | 651 | with person_logged_in(bug_owner): | 643 | with person_logged_in(bug_owner): |
| 441 | 652 | for subscriber in initial_subscribers: | 644 | for subscriber in initial_subscribers: |
| 442 | 653 | bug.subscribe(subscriber, bug_owner) | 645 | bug.subscribe(subscriber, bug_owner) |
| 444 | 654 | who = self.factory.makePerson() | 646 | who = self.factory.makePerson(name='who') |
| 445 | 655 | bug.transitionToInformationType( | 647 | bug.transitionToInformationType( |
| 446 | 656 | InformationType.EMBARGOEDSECURITY, who=who) | 648 | InformationType.EMBARGOEDSECURITY, who=who) |
| 447 | 657 | subscribers = bug.getDirectSubscribers() | 649 | subscribers = bug.getDirectSubscribers() |
| 448 | 650 | initial_subscribers.update(bug.getDirectSubscribers()) | ||
| 449 | 658 | expected_subscribers = set(( | 651 | expected_subscribers = set(( |
| 450 | 659 | bugtask_a.owner, | 652 | bugtask_a.owner, |
| 451 | 660 | default_bugtask.pillar.bug_supervisor, | ||
| 452 | 661 | default_bugtask.pillar.driver, | 653 | default_bugtask.pillar.driver, |
| 453 | 662 | default_bugtask.pillar.security_contact, | 654 | default_bugtask.pillar.security_contact, |
| 454 | 663 | bug_owner, who)) | 655 | bug_owner, who)) |
| 457 | 664 | if not self.private_project: | 656 | expected_subscribers.update(initial_subscribers) |
| 456 | 665 | expected_subscribers.update(initial_subscribers) | ||
| 458 | 666 | self.assertContentEqual(expected_subscribers, subscribers) | 657 | self.assertContentEqual(expected_subscribers, subscribers) |
| 459 | 667 | 658 | ||
| 463 | 668 | def test_setPrivateTrueAndSecurityRelatedFalse(self): | 659 | def test_transition_to_USERDATA_information_type(self): |
| 464 | 669 | # When a bug is marked as private=true and security_related=false, the | 660 | # When a bug is marked as USERDATA, the direct subscribers should |
| 465 | 670 | # direct subscribers should include: | 661 | # include: |
| 466 | 671 | # - the bug reporter | 662 | # - the bug reporter |
| 467 | 672 | # - the bugtask pillar bug supervisors (if set) | 663 | # - the bugtask pillar bug supervisors (if set) |
| 468 | 673 | # - the person changing the state | 664 | # - the person changing the state |
| 469 | 674 | # - and bug/pillar owners, drivers if they are already subscribed | 665 | # - and bug/pillar owners, drivers if they are already subscribed |
| 470 | 675 | # If the bug is for a private project, then other direct subscribers | ||
| 471 | 676 | # should be unsubscribed. | ||
| 472 | 677 | 666 | ||
| 473 | 678 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 667 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 474 | 679 | self.createBugTasksAndSubscribers(private_security_related=True)) | 668 | self.createBugTasksAndSubscribers(private_security_related=True)) |
| 475 | 680 | initial_subscribers = set(( | 669 | initial_subscribers = set(( |
| 477 | 681 | self.factory.makePerson(), bug_owner, | 670 | self.factory.makePerson(name='subscriber'), bug_owner, |
| 478 | 682 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) | 671 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) |
| 479 | 683 | 672 | ||
| 480 | 684 | with person_logged_in(bug_owner): | 673 | with person_logged_in(bug_owner): |
| 481 | 685 | for subscriber in initial_subscribers: | 674 | for subscriber in initial_subscribers: |
| 482 | 686 | bug.subscribe(subscriber, bug_owner) | 675 | bug.subscribe(subscriber, bug_owner) |
| 484 | 687 | who = self.factory.makePerson() | 676 | who = self.factory.makePerson(name='who') |
| 485 | 688 | bug.transitionToInformationType(InformationType.USERDATA, who) | 677 | bug.transitionToInformationType(InformationType.USERDATA, who) |
| 486 | 689 | subscribers = bug.getDirectSubscribers() | 678 | subscribers = bug.getDirectSubscribers() |
| 487 | 690 | expected_subscribers = set(( | 679 | expected_subscribers = set(( |
| 488 | 691 | default_bugtask.pillar.bug_supervisor, | 680 | default_bugtask.pillar.bug_supervisor, |
| 489 | 692 | default_bugtask.pillar.driver, | 681 | default_bugtask.pillar.driver, |
| 490 | 693 | bug_owner, who)) | 682 | bug_owner, who)) |
| 494 | 694 | if not self.private_project: | 683 | expected_subscribers.update(initial_subscribers) |
| 492 | 695 | expected_subscribers.update(initial_subscribers) | ||
| 493 | 696 | expected_subscribers.remove(bugtask_a.pillar.security_contact) | ||
| 495 | 697 | self.assertContentEqual(expected_subscribers, subscribers) | 684 | self.assertContentEqual(expected_subscribers, subscribers) |
| 496 | 698 | 685 | ||
| 500 | 699 | def test_setPrivateFalseAndSecurityRelatedTrue(self): | 686 | def test_transition_to_UNEMBARGOEDSECURITY_information_type(self): |
| 501 | 700 | # When a bug is marked as private=false and security_related=true, the | 687 | # When a security bug is unembargoed, direct subscribers should |
| 502 | 701 | # direct subscribers should include: | 688 | # include: |
| 503 | 702 | # - the bug reporter | 689 | # - the bug reporter |
| 504 | 703 | # - the bugtask pillar security contacts (if set) | 690 | # - the bugtask pillar security contacts (if set) |
| 505 | 704 | # - and bug/pillar owners, drivers if they are already subscribed | 691 | # - and bug/pillar owners, drivers if they are already subscribed |
| 506 | 705 | # If the bug is for a private project, then other direct subscribers | ||
| 507 | 706 | # should be unsubscribed. | ||
| 508 | 707 | 692 | ||
| 509 | 708 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 693 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 510 | 709 | self.createBugTasksAndSubscribers(private_security_related=True)) | 694 | self.createBugTasksAndSubscribers(private_security_related=True)) |
| 511 | @@ -715,7 +700,7 @@ | |||
| 512 | 715 | with person_logged_in(bug_owner): | 700 | with person_logged_in(bug_owner): |
| 513 | 716 | for subscriber in initial_subscribers: | 701 | for subscriber in initial_subscribers: |
| 514 | 717 | bug.subscribe(subscriber, bug_owner) | 702 | bug.subscribe(subscriber, bug_owner) |
| 516 | 718 | who = self.factory.makePerson() | 703 | who = self.factory.makePerson(name='who') |
| 517 | 719 | bug.transitionToInformationType( | 704 | bug.transitionToInformationType( |
| 518 | 720 | InformationType.UNEMBARGOEDSECURITY, who) | 705 | InformationType.UNEMBARGOEDSECURITY, who) |
| 519 | 721 | subscribers = bug.getDirectSubscribers() | 706 | subscribers = bug.getDirectSubscribers() |
| 520 | @@ -723,36 +708,33 @@ | |||
| 521 | 723 | default_bugtask.pillar.driver, | 708 | default_bugtask.pillar.driver, |
| 522 | 724 | default_bugtask.pillar.security_contact, | 709 | default_bugtask.pillar.security_contact, |
| 523 | 725 | bug_owner)) | 710 | bug_owner)) |
| 527 | 726 | if not self.private_project: | 711 | expected_subscribers.update(initial_subscribers) |
| 525 | 727 | expected_subscribers.update(initial_subscribers) | ||
| 526 | 728 | expected_subscribers.remove(default_bugtask.pillar.bug_supervisor) | ||
| 528 | 729 | self.assertContentEqual(expected_subscribers, subscribers) | 712 | self.assertContentEqual(expected_subscribers, subscribers) |
| 529 | 730 | 713 | ||
| 533 | 731 | def test_setPrivateFalseAndSecurityRelatedFalse(self): | 714 | def test_transition_to_PUBLIC_information_type(self): |
| 534 | 732 | # When a bug is marked as private=false and security_related=false, | 715 | # Subscriptions aren't altered when a bug is transitioned to the |
| 535 | 733 | # any existing subscriptions are left alone. | 716 | # PUBLIC information type. |
| 536 | 734 | 717 | ||
| 537 | 735 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | 718 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( |
| 538 | 736 | self.createBugTasksAndSubscribers(private_security_related=True)) | 719 | self.createBugTasksAndSubscribers(private_security_related=True)) |
| 539 | 737 | initial_subscribers = set(( | 720 | initial_subscribers = set(( |
| 541 | 738 | self.factory.makePerson(), bug_owner, | 721 | self.factory.makePerson(name='subscriber'), bug_owner, |
| 542 | 739 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) | 722 | bugtask_a.pillar.security_contact, bugtask_a.pillar.driver)) |
| 543 | 740 | 723 | ||
| 544 | 741 | with person_logged_in(bug_owner): | 724 | with person_logged_in(bug_owner): |
| 545 | 742 | for subscriber in initial_subscribers: | 725 | for subscriber in initial_subscribers: |
| 546 | 743 | bug.subscribe(subscriber, bug_owner) | 726 | bug.subscribe(subscriber, bug_owner) |
| 549 | 744 | who = self.factory.makePerson() | 727 | who = self.factory.makePerson(name='who') |
| 550 | 745 | expected_direct_subscribers = set(bug.getDirectSubscribers()) | 728 | subscribers_before_public = set(bug.getDirectSubscribers()) |
| 551 | 746 | bug.transitionToInformationType(InformationType.PUBLIC, who) | 729 | bug.transitionToInformationType(InformationType.PUBLIC, who) |
| 558 | 747 | subscribers = set(bug.getDirectSubscribers()) | 730 | subscribers_after_public = set(bug.getDirectSubscribers()) |
| 559 | 748 | expected_direct_subscribers.difference_update( | 731 | self.assertContentEqual( |
| 560 | 749 | (default_bugtask.pillar.security_contact, | 732 | subscribers_before_public, |
| 561 | 750 | default_bugtask.pillar.bug_supervisor, | 733 | subscribers_after_public) |
| 556 | 751 | bugtask_a.pillar.security_contact)) | ||
| 557 | 752 | self.assertContentEqual(expected_direct_subscribers, subscribers) | ||
| 562 | 753 | 734 | ||
| 563 | 754 | def test_setPillarOwnerSubscribedIfNoBugSupervisor(self): | 735 | def test_setPillarOwnerSubscribedIfNoBugSupervisor(self): |
| 565 | 755 | # The pillar owner is subscribed if the bug supervisor is not set. | 736 | # The pillar owner is subscribed if the bug supervisor is not set and |
| 566 | 737 | # the bug is marked as USERDATA. | ||
| 567 | 756 | 738 | ||
| 568 | 757 | bug_owner = self.factory.makePerson(name='bugowner') | 739 | bug_owner = self.factory.makePerson(name='bugowner') |
| 569 | 758 | bug = self.factory.makeBug(owner=bug_owner) | 740 | bug = self.factory.makeBug(owner=bug_owner) |
| 570 | @@ -766,18 +748,19 @@ | |||
| 571 | 766 | subscribers) | 748 | subscribers) |
| 572 | 767 | 749 | ||
| 573 | 768 | def test_setPillarOwnerSubscribedIfNoSecurityContact(self): | 750 | def test_setPillarOwnerSubscribedIfNoSecurityContact(self): |
| 575 | 769 | # The pillar owner is subscribed if the security contact is not set. | 751 | # The pillar owner is subscribed if the security contact is not set |
| 576 | 752 | # and the bug is marked as EMBARGOEDSECURITY. | ||
| 577 | 770 | 753 | ||
| 578 | 771 | bug_owner = self.factory.makePerson(name='bugowner') | 754 | bug_owner = self.factory.makePerson(name='bugowner') |
| 579 | 772 | bug = self.factory.makeBug(owner=bug_owner) | 755 | bug = self.factory.makeBug(owner=bug_owner) |
| 580 | 773 | with person_logged_in(bug_owner): | 756 | with person_logged_in(bug_owner): |
| 582 | 774 | who = self.factory.makePerson() | 757 | who = self.factory.makePerson(name='who') |
| 583 | 775 | bug.transitionToInformationType( | 758 | bug.transitionToInformationType( |
| 585 | 776 | InformationType.UNEMBARGOEDSECURITY, who) | 759 | InformationType.EMBARGOEDSECURITY, who) |
| 586 | 777 | subscribers = bug.getDirectSubscribers() | 760 | subscribers = bug.getDirectSubscribers() |
| 587 | 778 | naked_bugtask = removeSecurityProxy(bug).default_bugtask | 761 | naked_bugtask = removeSecurityProxy(bug).default_bugtask |
| 588 | 779 | self.assertContentEqual( | 762 | self.assertContentEqual( |
| 590 | 780 | set((naked_bugtask.pillar.owner, bug_owner)), | 763 | set((naked_bugtask.pillar.owner, bug_owner, who)), |
| 591 | 781 | subscribers) | 764 | subscribers) |
| 592 | 782 | 765 | ||
| 593 | 783 | def _fetch_notifications(self, bug, reason_header): | 766 | def _fetch_notifications(self, bug, reason_header): |
| 594 | @@ -833,32 +816,6 @@ | |||
| 595 | 833 | actual_recipients.append(recipient.person) | 816 | actual_recipients.append(recipient.person) |
| 596 | 834 | self.assertContentEqual(expected_recipients, actual_recipients) | 817 | self.assertContentEqual(expected_recipients, actual_recipients) |
| 597 | 835 | 818 | ||
| 598 | 836 | def test_bugSupervisorUnsubscribedIfBugMadePublic(self): | ||
| 599 | 837 | # The bug supervisors are unsubscribed if a bug is made public and an | ||
| 600 | 838 | # email is sent telling them they have been unsubscribed. | ||
| 601 | 839 | |||
| 602 | 840 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | ||
| 603 | 841 | self.createBugTasksAndSubscribers(private_security_related=True)) | ||
| 604 | 842 | |||
| 605 | 843 | with person_logged_in(bug_owner): | ||
| 606 | 844 | bug.subscribe(default_bugtask.pillar.bug_supervisor, bug_owner) | ||
| 607 | 845 | who = self.factory.makePerson(name="who") | ||
| 608 | 846 | bug.transitionToInformationType( | ||
| 609 | 847 | InformationType.UNEMBARGOEDSECURITY, who) | ||
| 610 | 848 | subscribers = bug.getDirectSubscribers() | ||
| 611 | 849 | self.assertNotIn( | ||
| 612 | 850 | default_bugtask.pillar.bug_supervisor, subscribers) | ||
| 613 | 851 | |||
| 614 | 852 | expected_recipients = [ | ||
| 615 | 853 | default_bugtask.pillar.bug_supervisor, | ||
| 616 | 854 | ] | ||
| 617 | 855 | expected_body_text = '** This bug is no longer private' | ||
| 618 | 856 | expected_reason_body = ('You received this bug notification ' | ||
| 619 | 857 | 'because you are a bug supervisor.') | ||
| 620 | 858 | self._check_notifications( | ||
| 621 | 859 | bug, expected_recipients, expected_body_text, | ||
| 622 | 860 | expected_reason_body, False, True, 'Bug Supervisor') | ||
| 623 | 861 | |||
| 624 | 862 | def test_structural_bug_supervisor_becomes_direct_on_private(self): | 819 | def test_structural_bug_supervisor_becomes_direct_on_private(self): |
| 625 | 863 | # If a bug supervisor has a structural subscription to the bug, and | 820 | # If a bug supervisor has a structural subscription to the bug, and |
| 626 | 864 | # the bug is marked as private, the supervisor should get a direct | 821 | # the bug is marked as private, the supervisor should get a direct |
| 627 | @@ -876,31 +833,6 @@ | |||
| 628 | 876 | bug.transitionToInformationType(InformationType.USERDATA, who) | 833 | bug.transitionToInformationType(InformationType.USERDATA, who) |
| 629 | 877 | self.assertTrue(bug_supervisor in bug.getDirectSubscribers()) | 834 | self.assertTrue(bug_supervisor in bug.getDirectSubscribers()) |
| 630 | 878 | 835 | ||
| 631 | 879 | def test_securityContactUnsubscribedIfBugNotSecurityRelated(self): | ||
| 632 | 880 | # The security contacts are unsubscribed if a bug has security_related | ||
| 633 | 881 | # set to false and an email is sent telling them they have been | ||
| 634 | 882 | # unsubscribed. | ||
| 635 | 883 | |||
| 636 | 884 | (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = ( | ||
| 637 | 885 | self.createBugTasksAndSubscribers(private_security_related=True)) | ||
| 638 | 886 | |||
| 639 | 887 | with person_logged_in(bug_owner): | ||
| 640 | 888 | bug.subscribe(bugtask_a.pillar.security_contact, bug_owner) | ||
| 641 | 889 | who = self.factory.makePerson(name="who") | ||
| 642 | 890 | bug.transitionToInformationType(InformationType.USERDATA, who) | ||
| 643 | 891 | subscribers = bug.getDirectSubscribers() | ||
| 644 | 892 | self.assertFalse(bugtask_a.pillar.security_contact in subscribers) | ||
| 645 | 893 | |||
| 646 | 894 | expected_recipients = [ | ||
| 647 | 895 | bugtask_a.pillar.security_contact, | ||
| 648 | 896 | ] | ||
| 649 | 897 | expected_body_text = '** This bug is no longer security related' | ||
| 650 | 898 | expected_reason_body = ('You received this bug notification ' | ||
| 651 | 899 | 'because you are a security contact.') | ||
| 652 | 900 | self._check_notifications( | ||
| 653 | 901 | bug, expected_recipients, expected_body_text, | ||
| 654 | 902 | expected_reason_body, True, False, 'Security Contact') | ||
| 655 | 903 | |||
| 656 | 904 | 836 | ||
| 657 | 905 | class TestBugPrivacy(TestCaseWithFactory): | 837 | class TestBugPrivacy(TestCaseWithFactory): |
| 658 | 906 | 838 | ||
| 659 | 907 | 839 | ||
| 660 | === modified file 'lib/lp/bugs/tests/test_bug_mirror_access_triggers.py' | |||
| 661 | --- lib/lp/bugs/tests/test_bug_mirror_access_triggers.py 2012-04-03 06:14:09 +0000 | |||
| 662 | +++ lib/lp/bugs/tests/test_bug_mirror_access_triggers.py 2012-04-17 18:05:27 +0000 | |||
| 663 | @@ -141,7 +141,9 @@ | |||
| 664 | 141 | bug.setPrivate(True, bug.owner) | 141 | bug.setPrivate(True, bug.owner) |
| 665 | 142 | self.assertIsNot( | 142 | self.assertIsNot( |
| 666 | 143 | None, getUtility(IAccessArtifactSource).find([bug]).one()) | 143 | None, getUtility(IAccessArtifactSource).find([bug]).one()) |
| 668 | 144 | self.assertEqual((1, 1), self.assertMirrored(bug)) | 144 | # There are two grants--one for the reporter, one for the product |
| 669 | 145 | # owner or supervisor (if set). There is only one policy, USERDATA. | ||
| 670 | 146 | self.assertEqual((2, 1), self.assertMirrored(bug)) | ||
| 671 | 145 | 147 | ||
| 672 | 146 | def test_security_related(self): | 148 | def test_security_related(self): |
| 673 | 147 | # Setting the security_related flag uses EMBARGOEDSECURITY | 149 | # Setting the security_related flag uses EMBARGOEDSECURITY |
| 674 | @@ -153,7 +155,9 @@ | |||
| 675 | 153 | [InformationType.USERDATA], | 155 | [InformationType.USERDATA], |
| 676 | 154 | self.getPolicyTypesForArtifact(artifact)) | 156 | self.getPolicyTypesForArtifact(artifact)) |
| 677 | 155 | bug.setSecurityRelated(True, bug.owner) | 157 | bug.setSecurityRelated(True, bug.owner) |
| 679 | 156 | self.assertEqual((1, 1), self.assertMirrored(bug)) | 158 | # Both the reporter and either the product owner or the product's |
| 680 | 159 | # security contact have grants. | ||
| 681 | 160 | self.assertEqual((2, 1), self.assertMirrored(bug)) | ||
| 682 | 157 | self.assertContentEqual( | 161 | self.assertContentEqual( |
| 683 | 158 | [InformationType.EMBARGOEDSECURITY], | 162 | [InformationType.EMBARGOEDSECURITY], |
| 684 | 159 | self.getPolicyTypesForArtifact(artifact)) | 163 | self.getPolicyTypesForArtifact(artifact)) |
| 685 | 160 | 164 | ||
| 686 | === modified file 'lib/lp/bugs/tests/test_bugvisibility.py' | |||
| 687 | --- lib/lp/bugs/tests/test_bugvisibility.py 2012-02-15 02:01:14 +0000 | |||
| 688 | +++ lib/lp/bugs/tests/test_bugvisibility.py 2012-04-17 18:05:27 +0000 | |||
| 689 | @@ -3,11 +3,17 @@ | |||
| 690 | 3 | 3 | ||
| 691 | 4 | """Tests for visibility of a bug.""" | 4 | """Tests for visibility of a bug.""" |
| 692 | 5 | 5 | ||
| 693 | 6 | from contextlib import contextmanager | ||
| 694 | 7 | |||
| 695 | 8 | from lp.registry.interfaces.person import TeamSubscriptionPolicy | ||
| 696 | 6 | from lp.testing import ( | 9 | from lp.testing import ( |
| 697 | 7 | celebrity_logged_in, | 10 | celebrity_logged_in, |
| 698 | 8 | TestCaseWithFactory, | 11 | TestCaseWithFactory, |
| 699 | 9 | ) | 12 | ) |
| 701 | 10 | from lp.testing.layers import LaunchpadFunctionalLayer | 13 | from lp.testing.layers import ( |
| 702 | 14 | DatabaseFunctionalLayer, | ||
| 703 | 15 | LaunchpadFunctionalLayer, | ||
| 704 | 16 | ) | ||
| 705 | 11 | 17 | ||
| 706 | 12 | 18 | ||
| 707 | 13 | class TestPublicBugVisibility(TestCaseWithFactory): | 19 | class TestPublicBugVisibility(TestCaseWithFactory): |
| 708 | 14 | 20 | ||
| 709 | === modified file 'lib/lp/services/features/flags.py' | |||
| 710 | --- lib/lp/services/features/flags.py 2012-04-11 05:21:33 +0000 | |||
| 711 | +++ lib/lp/services/features/flags.py 2012-04-17 18:05:27 +0000 | |||
| 712 | @@ -216,13 +216,6 @@ | |||
| 713 | 216 | '', | 216 | '', |
| 714 | 217 | '', | 217 | '', |
| 715 | 218 | ''), | 218 | ''), |
| 716 | 219 | ('disclosure.enhanced_private_bug_subscriptions.enabled', | ||
| 717 | 220 | 'boolean', | ||
| 718 | 221 | ('Enables the auto subscribing and unsubscribing of users as a bug ' | ||
| 719 | 222 | 'transitions between public, private and security related states.'), | ||
| 720 | 223 | '', | ||
| 721 | 224 | '', | ||
| 722 | 225 | ''), | ||
| 723 | 226 | ('disclosure.users_hide_own_bug_comments.enabled', | 219 | ('disclosure.users_hide_own_bug_comments.enabled', |
| 724 | 227 | 'boolean', | 220 | 'boolean', |
| 725 | 228 | 'Allows users in project roles and comment owners to hide bug comments.', | 221 | 'Allows users in project roles and comment owners to hide bug comments.', |
This branch reproduces the situation that drove William to put it behind the feature flag to kill it. Let's not repeat this mistake again.
These rules cannot apply to Ubuntu. it's bug supervisor does not get automatic access to private bugs, this is why we spent an extra three months to create 3 sharing policies instead of one, Ubuntu is not like any other project in Lp. Ubuntu's maintainer does not get access to private or security bugs. recall the success criteria for sharing is that that maintainer (or us) can setup Ubuntu so that ubuntu-security is the only party that can see embargoed security bugs, and apport is the only party that can see user data bugs.
There is, or was, code that checked that the project has .private_bugs or .hasCurrentComm