Launchpad itself

Merge lp:~jml/launchpad/drop-special-commercial-permissions into lp:launchpad

  1. drop-special-commercial-permissions
  2. Merge into devel
Proposed by Jonathan Lange
Status: Merged
Approved by: William Grant
Approved revision: no longer in the source branch.
Merged at revision: 15205
Proposed branch: lp:~jml/launchpad/drop-special-commercial-permissions
Merge into: lp:launchpad
Prerequisite: lp:~jml/launchpad/narrow-commercial-celebrity
Diff against target: 113 lines (+15/-40)
3 files modified
lib/lp/security.py (+0/-8)
lib/lp/soyuz/stories/webservice/xx-archive-commercial.txt (+5/-3)
lib/lp/soyuz/tests/test_archive_agent.py (+10/-29)
To merge this branch: bzr merge lp:~jml/launchpad/drop-special-commercial-permissions
Reviewer Review Type Date Requested Status
Anthony Lenton (community) Approve
William Grant code Approve
James Westby (community) Approve
Richard Harding (community) code Approve
Review via email: mp+104270@code.launchpad.net

Commit message

No more special permissions for commercial archives.

Description of the change

We've discovered that we don't actually need as much of the permission that being ILaunchpadCelebrity.software_center_agent gives us.

Specifically, we don't actually care if 'commercial' is set on PPAs or not, since software-center-agent is already an owner all of the PPAs that we create. As far as I can tell, this just leaves software-center-agent with the mere power to get archive subscription URLs. As such, I've deleted some of the tests.

You can think of the deleted tests as summarizing what software-center-agent is about to lose.

Code-wise this is pretty easy, but there's a relatively high integration risk. Thus, we're going to do integration testing with a demo copy of Launchpad run from EC2, so please don't land this until we give the all clear.

Also, I'd welcome reviews from a broader range of reviewers.

Another 25 deletions of credit, bring us up to 113 + 25 = 138.

Thanks,
jml

To post a comment you must log in.
Revision history for this message
Richard Harding (rharding) wrote :

Thanks Jonathan, as a reviewer I'd tend to want to keep the check that the user doesn't have access/permissions to the private archive just so that I can be sure 100% that this doesn't enable something that was previously forbidden, but that's just because I'm not all that sure of the full set of possible ramifications.

I'm going to

review: Approve (code)
Revision history for this message
Jonathan Lange (jml) wrote :

I think that got truncated, "I'm going to".

We already have tests that arbitrary users cannot access private archives. I don't think we ought to have tests for non-access for every special user that we can think of – otherwise where does it end?

Thanks for the review!

jml

Revision history for this message
James Westby (james-w) wrote :

Hi,

This looks good to me from a code point of view.

Agree about the need for integration testing.

I think that we may also want to audit the current PPAs to make sure that
s-c-a won't lose permissions that it needs to complete sales of something
available in software-center. I'm not exactly sure how we would determine
that though.

Thanks,

James

review: Approve
Revision history for this message
William Grant (wgrant) wrote :

https://pastebin.canonical.com/65324/ is the number of commercial PPAs by owner.

It looks like you can probably now remove in_software_center_agent from lib/lp/registry/interfaces/role.py. The only remaining things that use the celebrity are Person.getArchiveSubscriptionURL(s), and they use it directly.

review: Approve (code)
Revision history for this message
Jonathan Lange (jml) wrote :

Thanks everyone. I've triggered an 'ec2 test' run for this and will work with achuni & the MyApps guys to make sure we can get proper QA done.

Revision history for this message
Anthony Lenton (elachuni) wrote :

Thanks jml,

We've verified sca is still able to go around its business with this change; the only process change is that we need to ensure the sca user is added to the team that owns the ppa now, so that it is able to create subscriptions. This is a reasonable requirement.

review: Approve
Revision history for this message
Jonathan Lange (jml) wrote :

OK, talking to Anthony, it would be better if we land this so that we can QA against staging.launchpad.net rather than qastaging.launchpad.net. I don't quite know how to make this happen, but I'd appreciate it if whoever lands this patch could do whatever's necessary.

I've added a note to the bug asking to please not mark it as qa-ok without first speaking with Anthony.

Thanks,
jml

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/security.py'
2--- lib/lp/security.py 2012-04-27 00:48:11 +0000
3+++ lib/lp/security.py 2012-05-04 10:47:25 +0000
4@@ -2379,10 +2379,6 @@
5 if archive_subs:
6 return True
7
8- # The software center agent can view commercial archives
9- if self.obj.commercial:
10- return user.in_software_center_agent
11-
12 return False
13
14 def checkUnauthenticated(self):
15@@ -2437,10 +2433,6 @@
16 user.in_ubuntu_security):
17 return True
18
19- # The software center agent can change commercial archives
20- if self.obj.commercial:
21- return user.in_software_center_agent
22-
23 return False
24
25
26
27=== modified file 'lib/lp/soyuz/stories/webservice/xx-archive-commercial.txt'
28--- lib/lp/soyuz/stories/webservice/xx-archive-commercial.txt 2012-05-01 12:09:24 +0000
29+++ lib/lp/soyuz/stories/webservice/xx-archive-commercial.txt 2012-05-04 10:47:25 +0000
30@@ -16,14 +16,16 @@
31
32 == Software Center Agent ==
33
34-Create the P3A marked commercial, and fetch the celebrity.
35+Create the P3A where software_center_agent is an owner.
36
37 >>> from zope.component import getUtility
38 >>> from lp.app.interfaces.launchpad import ILaunchpadCelebrities
39 >>> login('admin@canonical.com')
40 >>> celebrity = getUtility(ILaunchpadCelebrities).software_center_agent
41- >>> archive = factory.makeArchive(
42- ... name='commercial', private=True, commercial=True)
43+ >>> owner = factory.makePerson()
44+ >>> ppa_owner = factory.makeTeam(members=[celebrity, owner])
45+ >>> archive = factory.makeArchive(name='commercial', private=True,
46+ ... owner=ppa_owner)
47 >>> url = "/~%s/+archive/commercial" % archive.owner.name
48 >>> person = factory.makePerson(name='joe')
49 >>> logout()
50
51=== modified file 'lib/lp/soyuz/tests/test_archive_agent.py'
52--- lib/lp/soyuz/tests/test_archive_agent.py 2012-05-01 12:25:22 +0000
53+++ lib/lp/soyuz/tests/test_archive_agent.py 2012-05-04 10:47:25 +0000
54@@ -5,49 +5,30 @@
55
56 from zope.component import getUtility
57
58-from lp.services.webapp.authorization import check_permission
59-from lp.soyuz.interfaces.archivesubscriber import IArchiveSubscriberSet
60+from lp.app.interfaces.launchpad import ILaunchpadCelebrities
61 from lp.testing import (
62 celebrity_logged_in,
63+ person_logged_in,
64 TestCaseWithFactory,
65 )
66 from lp.testing.layers import DatabaseFunctionalLayer
67
68
69-class TestArchivePrivacy(TestCaseWithFactory):
70+class TestSoftwareCenterAgent(TestCaseWithFactory):
71
72 layer = DatabaseFunctionalLayer
73
74- def test_check_permission(self):
75- """The software center agent has the relevant permissions for a
76- commercial archive, but not a private one.
77- """
78- ppa = self.factory.makeArchive(private=True, commercial=True)
79- with celebrity_logged_in('software_center_agent'):
80- self.assertEqual(check_permission('launchpad.View', ppa), True)
81- self.assertEqual(check_permission('launchpad.Append', ppa), True)
82-
83- def test_check_permission_private(self):
84- ppa = self.factory.makeArchive(private=True, commercial=False)
85- with celebrity_logged_in('software_center_agent'):
86- self.assertEqual(check_permission('launchpad.View', ppa), False)
87- self.assertEqual(check_permission('launchpad.Append', ppa), False)
88-
89- def test_add_subscription(self):
90- person = self.factory.makePerson()
91- ppa = self.factory.makeArchive(private=True, commercial=True)
92- with celebrity_logged_in('software_center_agent') as agent:
93- ppa.newSubscription(person, agent)
94- subscription = getUtility(IArchiveSubscriberSet).getBySubscriber(
95- person, archive=ppa).one()
96- self.assertEqual(subscription.registrant, agent)
97- self.assertEqual(subscription.subscriber, person)
98-
99 def test_getArchiveSubscriptionURL(self):
100- ppa = self.factory.makeArchive(private=True, commercial=True)
101+ # The software center agent can get subscription URLs for any
102+ # archive that it's an owner of.
103+ owner = self.factory.makePerson()
104+ agent = getUtility(ILaunchpadCelebrities).software_center_agent
105+ ppa_owner = self.factory.makeTeam(members=[owner, agent])
106+ ppa = self.factory.makeArchive(owner=ppa_owner, private=True)
107 person = self.factory.makePerson()
108 with celebrity_logged_in('software_center_agent') as agent:
109 sources = person.getArchiveSubscriptionURL(agent, ppa)
110+ with person_logged_in(ppa.owner):
111 authtoken = ppa.getAuthToken(person).token
112 url = ppa.archive_url.split('http://')[1]
113 new_url = "http://%s:%s@%s" % (person.name, authtoken, url)