Merge lp:~julian-edwards/launchpad/perms-for-changing-uploaders--bug-828894 into lp:launchpad
Status: | Merged |
---|---|
Approved by: | Julian Edwards |
Approved revision: | no longer in the source branch. |
Merged at revision: | 13797 |
Proposed branch: | lp:~julian-edwards/launchpad/perms-for-changing-uploaders--bug-828894 |
Merge into: | lp:launchpad |
Diff against target: |
478 lines (+144/-131) 7 files modified
lib/canonical/launchpad/security.py (+16/-9) lib/lp/soyuz/configure.zcml (+1/-25) lib/lp/soyuz/doc/archivepermission.txt (+3/-40) lib/lp/soyuz/interfaces/archive.py (+41/-41) lib/lp/soyuz/interfaces/archivepermission.py (+9/-0) lib/lp/soyuz/stories/webservice/xx-archive.txt (+67/-11) lib/lp/soyuz/tests/test_archive.py (+7/-5) |
To merge this branch: | bzr merge lp:~julian-edwards/launchpad/perms-for-changing-uploaders--bug-828894 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Curtis Hovey (community) | code | Approve | |
Review via email: mp+72220@code.launchpad.net |
Commit message
[r=sinzui][bug=828894] Fix the permissions required to change uploader-related permissions on a distribution.
Description of the change
= Summary =
Fix the permissions required to change uploader-related permissions
on a distribution.
== Proposed fix ==
There are three types of upload permissions for a distribution's primary
archive:
1. component-based
2. package-based
3. packageset-based
Right now to change #1 and #2 you need to be in the team that owns the archive
object. To change #3 you need to be an admin or a member of Ubuntu Techboard.
These 2 rules are basically useless for anything other than Ubuntu because
* There's no way to alter the archive owner other than via SQL
* Derived distros don't want Ubuntu Techboard changing their permissions!
This branch fixes this situation so that the two different rules are unified
so that you need to be in the *distribution's* owning team (this is Maintainer
on the distro page) to change these permissions.
== Pre-implementation notes ==
Discussed with Gavin as I had a PEBKAC moment working out how the heck
we'd got by without an EditArchive security adapter up until now but it turns
out that it inherits the IHasOwner magic.
== Implementation details ==
Several changes were needed:
* Add a new security adapter for IArchive/
distro main archives to be edited by the distro owner or an admin, and
leaves PPAs editable by their archive owners.
* Remove the EditArchivePerm
because it can never have enough contextual information to be useful (it
doesn't know what the archive is). We now rely on the utility only getting
called via IArchive code.
* Change the zcml declaration for IArchivePermiss
to call its methods.
* Remove unnecessary testing in lib/lp/
* Add a warning in lib/lp/
exporting ArchivePermissi
good security model.
* Fix lib/lp/
security checks.
* Fix lib/lp/
to alter some of the uploader permissions.
== Tests ==
bin/test -cvvt test_archive -t xx-archive.txt -t archivepermissi
And probably more, I've not run this through ec2 yet.
== Demo and Q/A ==
Dogfood.
Thank you for this fix. I believe with your change that there is exactly one call for user.in_ ubuntu_ techboard Which is used in security.py and defined in lp/registry/ interfaces/ role.py. Is there any chance you could also change EditPackagesetSet to not use that role and remove the role from code?