Offspring

Merge lp:~salgado/offspring/private-project-requires-owner into lp:~linaro-automation/offspring/private-builds

private-project-requires-owner
Merge into private-builds

Proposed by Guilherme Salgado on 2011-10-21

Status:	Merged
Approved by:	James Tunnicliffe on 2011-10-21
Approved revision:	no longer in the source branch.
Merged at revision:	72
Proposed branch:	lp:~salgado/offspring/private-project-requires-owner
Merge into:	lp:~linaro-automation/offspring/private-builds
Diff against target:	133 lines (+74/-5) 3 files modified lib/offspring/web/queuemanager/forms.py (+9/-3) lib/offspring/web/queuemanager/models.py (+2/-2) lib/offspring/web/queuemanager/tests/test_views.py (+63/-0)
To merge this branch:	bzr merge lp:~salgado/offspring/private-project-requires-owner
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
James Tunnicliffe (community)		2011-10-21	Approve on 2011-10-21
Review via email: mp+80074@code.launchpad.net

Description of the change

This one ensures we can't have a private project without an owner, as that could render them completely inaccessible.

I've also removed the 'access_groups' field from +add/+edit project views because at this point we only need a single access group associated to a private project, and that's maintained via the +acl page. I also moved the declaration of the is_private and owner fields around in the model code so that they don't show up at the top of the form for creating/editing projects.

Revision history for this message

James Tunnicliffe (dooferlad) on 2011-10-21:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Guilherme Salgado

Linaro Infrastructure

 === modified file 'lib/offspring/web/queuemanager/forms.py'
 --- lib/offspring/web/queuemanager/forms.py	2011-10-10 14:53:58 +0000
 +++ lib/offspring/web/queuemanager/forms.py	2011-10-21 14:42:51 +0000
@@ -4,7 +4,7 @@
  from django.contrib.auth.models import User
  from django.db import models
  from django.forms import (
--    Form, ModelChoiceField, ModelForm, Textarea, TextInput)
++    Form, ModelChoiceField, ModelForm, Textarea, TextInput, ValidationError)
  from django.forms import fields
  from offspring.web.queuemanager.models import (
@@ -34,19 +34,25 @@
      def clean_series(self):
          return self.cleaned_data['series'].lower()
++    def clean_owner(self):
++        data = self.cleaned_data
++        if data['_is_private'] and not data['owner']:
++            raise ValidationError('A private project needs an owner')
++        return self.cleaned_data['owner']
++
  class CreateProjectForm(ProjectBaseForm):
      launchpad_project = ModelChoiceField(
          LaunchpadProject.objects, widget=SelectWithAddNew, required=False)
      class Meta(ProjectBaseForm.Meta):
--        exclude = ('priority', 'is_active', 'suite')
++        exclude = ('priority', 'is_active', 'suite', 'access_groups')
  class EditProjectForm(ProjectBaseForm):
      launchpad_project = ModelChoiceField(
          LaunchpadProject.objects, widget=SelectWithAddNew, required=False)
      class Meta(ProjectBaseForm.Meta):
--        exclude = ('name', 'priority', 'is_active')
++        exclude = ('name', 'priority', 'is_active', 'access_groups')
  class AccessGroupMemberForm(Form):
 === modified file 'lib/offspring/web/queuemanager/models.py'
 --- lib/offspring/web/queuemanager/models.py	2011-10-20 16:13:00 +0000
 +++ lib/offspring/web/queuemanager/models.py	2011-10-21 14:42:51 +0000
@@ -203,12 +203,12 @@
      # updating existing uses of Project.objects won't leak private projects.
      objects = PublicOnlyObjectsManager()
++    name = models.SlugField('codename', max_length=200, primary_key=True, unique=True)
++    title = models.CharField('project title', max_length=30)
      _is_private = models.BooleanField(default=False, db_column='is_private')
      # We allow projects without an owner for backwards compatibility but
      # there's a DB constraint to ensure private projects always have an owner.
      owner = models.ForeignKey(User, blank=True, null=True)
--    name = models.SlugField('codename', max_length=200, primary_key=True, unique=True)
--    title = models.CharField('project title', max_length=30)
      project_group = models.ForeignKey(ProjectGroup, blank=True, null=True)
      priority = models.IntegerField(default=50)
      is_active = models.BooleanField(default=True)
 === modified file 'lib/offspring/web/queuemanager/tests/test_views.py'
 --- lib/offspring/web/queuemanager/tests/test_views.py	2011-10-20 16:13:00 +0000
 +++ lib/offspring/web/queuemanager/tests/test_views.py	2011-10-21 14:42:51 +0000
@@ -107,6 +107,69 @@
              response, self.get_expected_page_heading(project),
              status_code=200, msg_prefix=response.content)
++    def test_private_project_needs_owner(self):
++        # A project can't be made private without an owner because that'd make
++        # it completely inaccessible.
++        project = factory.makeProject(is_private=False)
++        user = factory.makeUser()
++        self.grant_necessary_permission_to(user)
++        self.assertTrue(
++            self.client.login(username=user.username, password=user.username))
++        data = {'status': [u'devel'],
++                'config_url': [u'http://example.com'],
++                'project_group': [u''],
++                'title': [u'test'],
++                '_is_private': [u'on'],
++                '_save': [u'Save'],
++                'series': [u'natty'],
++                'arch': [u'amd64']}
++        response = self.client.post(
++            reverse(self.view_path, args=[project.name]), data)
++        self.assertContains(
++            response, 'A private project needs an owner',
++            status_code=200, msg_prefix=response.content)
++
++        # If we specify an owner, we'll be able to make that project private.
++        data['owner'] = user.id
++        response = self.client.post(
++            reverse(self.view_path, args=[project.name]), data, follow=True)
++        self.assertContains(
++            response, 'This project is visible only to its owner',
++            status_code=200, msg_prefix=response.content)
++
++
++class ProjectCreateViewTests(TestCase):
++    view_path = 'offspring.web.queuemanager.views.project_create'
++
++    def test_creating_a_private_project_needs_owner(self):
++        # When creating a new private project, an owner for it must be
++        # specified.
++        user = factory.makeUser()
++        grant_permission_to_user(user, 'add_project')
++        self.assertTrue(
++            self.client.login(username=user.username, password=user.username))
++        data = {'status': [u'devel'],
++                'config_url': [u'http://example.com'],
++                'project_group': [u''],
++                'title': [u'test'],
++                'name': [u'test'],
++                '_is_private': [u'on'],
++                '_save': [u'Save'],
++                'series': [u'natty'],
++                'arch': [u'amd64']}
++        response = self.client.post(reverse(self.view_path), data)
++        self.assertContains(
++            response, 'A private project needs an owner',
++            status_code=200, msg_prefix=response.content)
++
++        # If we specify an owner, we'll be able to make that project private.
++        data['owner'] = user.id
++        response = self.client.post(
++            reverse(self.view_path), data, follow=True)
++        self.assertContains(
++            response, 'This project is visible only to its owner',
++            status_code=200, msg_prefix=response.content)
++
  class BuilderListTests(TestCase):
      view_name = 'builder_list'

Offspring

Merge lp:~salgado/offspring/private-project-requires-owner into lp:~linaro-automation/offspring/private-builds

Commit message

Description of the change

Preview Diff

Subscribers