Merge lp:~jtv/launchpad/recife-pofile-owner-privs into lp:~launchpad/launchpad/recife
Status: | Merged |
---|---|
Approved by: | Graham Binns |
Approved revision: | no longer in the source branch. |
Merged at revision: | 9175 |
Proposed branch: | lp:~jtv/launchpad/recife-pofile-owner-privs |
Merge into: | lp:~launchpad/launchpad/recife |
Diff against target: |
640 lines (+142/-108) 9 files modified
lib/canonical/launchpad/security.py (+4/-7) lib/lp/translations/browser/potemplate.py (+1/-3) lib/lp/translations/interfaces/pofile.py (+0/-3) lib/lp/translations/model/pofile.py (+10/-16) lib/lp/translations/model/potemplate.py (+9/-7) lib/lp/translations/stories/standalone/xx-pofile-export.txt (+7/-20) lib/lp/translations/tests/test_pofile.py (+11/-0) lib/lp/translations/tests/test_potemplate.py (+29/-4) lib/lp/translations/tests/test_translatedlanguage.py (+71/-48) |
To merge this branch: | bzr merge lp:~jtv/launchpad/recife-pofile-owner-privs |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Graham Binns (community) | code | Approve | |
Review via email: mp+38827@code.launchpad.net |
Commit message
Give POFile.owner no special privileges, and always set it to the creator.
Description of the change
Strip POFile.owner of its privileges
=======
For the Recife feature branch, this branch implements a change to the privileges model. The change pertains to who gets edit rights to a translation as embodied by a POFile.
The details of that are quite complex. I leave most for my next branch. But one thing that bestows edit privileges to a user is ownership: the user who is (a member of) a POFile.owner can edit that POFile. But ownership of a POFile is somewhat arbitrary: just submitting a suggestion for instance can implicitly create a POFile in the database. Anyone can do it in almost anyone's project or package.
Having submitted the first suggestion to a translation should not make you an editor, and that is where the existing code does a little weasel dance: *if* you currently have edit rights, then you also become the owner of the POFile that you cause to be created. If you don't, ownership defaults to the Rosetta experts team. Nobody will ever notice… unless you later lose your edit rights for whatever reason. Then you'll arbitrarily stay able to edit those POFiles that you caused to be created, but not the others that you lost edit rights to. It's both complicated and pointless.
After discussion with all members of the Translations team at various times, this branch streamlines POFile.owner:
* Implies no special privileges on the POFile.
* Always gets set to whoever causes it to be created.
* Is initialized during POFile construction, not with a separate method.
* Effectively means "creator" (and may be renamed later).
It's not obvious but there were actually two places in the code that gave special rights to POFile.owner: the security.py class built on EditByOwnersOrA
I hit some circular imports between pofile and person, so you'll see me concentrate references to DummyPOFile here and there and do local imports. Not quite enough to create a new helper, I guess.
In the xx-pofile-export pagetest you'll see a stretch of test removed. That's because I added a unit test for the removed privilege; everything else that bit of test did was duplicated under a different login right afterwards.
To test this, you'll want a full Translations test:
{{{
make schema
./bin/test -vvc lp.translations
}}}
There's no lint left. The price is some diff pollution.
Jeroen