Merge lp:~sinzui/launchpad/closed-teams-1 into lp:launchpad
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merged at revision: | 12046 | ||||||||
Proposed branch: | lp:~sinzui/launchpad/closed-teams-1 | ||||||||
Merge into: | lp:launchpad | ||||||||
Diff against target: |
330 lines (+241/-3) 3 files modified
lib/lp/registry/errors.py (+26/-0) lib/lp/registry/interfaces/person.py (+80/-2) lib/lp/registry/tests/test_team.py (+135/-1) |
||||||||
To merge this branch: | bzr merge lp:~sinzui/launchpad/closed-teams-1 | ||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Brad Crittenden (community) | Approve | ||
Review via email: mp+43375@code.launchpad.net |
Description of the change
Do not permit teams to be compromised by changes to the subscription policy.
Launchpad bug:
https:/
https:/
Pre-
Test command: ./bin/test -vv -t TestTeamSubscri
A restricted or moderated team is effectively an open team if it has an open
team as a member.
The branch that updated the picker fixed the first issue in this bug -- closed
teams cannot add an open team as a member or make an open team team the owner.
The remaining issue is to guard changes to the subscription policy:
* A closed team cannot become open if it is a member of another closed team
* An open team cannot become closed if it has an open team as a member
The guard only needs to check the immediate super teams or sub teams, since
the deeper teams in the hierarchy must also conform to these rules.
ADDENDUM
Open teams cannot have PPAs, only vetted members may upload to the archive.
-------
RULES
* Add TeamSubscriptio
not permitted
* Add a validator to check that changes to a team's subscription policies
are enforced.
1. Closed teams cannot become open if they are members of closed team.
Rule 1 means a closed team cannot become open if it is a member of
any team
2. Open teams cannot become closed if it has any direct or indirect
open teams as members.
* The validator can raise TeamSubscriptio
invalid. it is also: webservice_
* Use the validator when subscriptionpolicy is changed.
* A field validator is needed to ensure api changes are sane
* Add a guard to prevent closed teams with PPAs from becoming open.
QA
* Try to change ~launchpad to open (rule 1)
* Try to change an open team with open teams to closed (rule 2)
* Try to change a team with a PPA to an open team.
LINT
lib/
lib/
lib/
IMPLEMENTATION
Added TeamSubscriptio
in the UI. Created TeamSubsciption
vocabulary and the constraints imposed by team memberships and ppas. The
contraint work is actually done by a helper function called
team_subscripti
lib/
lib/
lib/
Hi Curtis,
27 + The error can be raised because a super team or member team prevents
28 + the this team from setting a specific policy. The error can also be
29 + raised if the team has an active PPA.
s/the this/this/
There is a logic problem we discussed on IRC nPolicy. OPEN: onpolicy != TeamSubscriptio nPolicy. OPEN:
elif policy != TeamSubscriptio
should be
elif team.subscripti
In your tests, I think it would be clearer if your two teams were parent_team and child_team. I find other_team switching roles based on the test to be confusing.
Otherwise it looks good. I'll mark it approved since we discussed the changes you'll make.
Thanks for the fix and killing two bugs at once.