Launchpad itself

Merge lp:~sinzui/launchpad/commercial-admin-private-teams into lp:launchpad

  1. commercial-admin-private-teams
  2. Merge into devel
Proposed by Curtis Hovey
Status: Merged
Approved by: Brad Crittenden
Approved revision: no longer in the source branch.
Merged at revision: 11354
Proposed branch: lp:~sinzui/launchpad/commercial-admin-private-teams
Merge into: lp:launchpad
Diff against target: 104 lines (+29/-10)
2 files modified
lib/canonical/launchpad/security.py (+7/-5)
lib/lp/registry/doc/private-team-visibility.txt (+22/-5)
To merge this branch: bzr merge lp:~sinzui/launchpad/commercial-admin-private-teams
Reviewer Review Type Date Requested Status
Brad Crittenden (community) code Approve
Review via email: mp+32549@code.launchpad.net

Description of the change

This is my branch to permit commercial admins to see private teams.

    lp:~sinzui/launchpad/registry-rename-0
    Diff size: 97
    Launchpad bug:
          https://bugs.launchpad.net/bugs/613791
    Test command: ./bin/test -vv -t private-team-visibility
    Pre-implementation: bigjools
    Target release: 10.09

Permit commercial admins to see private teams
---------------------------------------------

Commercial admins have been asked to help private teams resolve setup and
launchpad usage issues, but they cannot see the team to help. Canonical
groups, canonical partners, and commercial users expect the people who help
setup private teams be able to help resolve issues.

Rules
-----

    * Add commercial admins to the launchpad.View rules for private teams.

QA
--

    * As a commercial admin verify you can see a private team that you are not
      a member of.

Lint
----

Linting changed files:
  lib/canonical/launchpad/security.py
  lib/lp/registry/doc/private-team-visibility.txt

Test
----

    * lib/lp/registry/doc/private-team-visibility.txt
      * Updated the doctest to show who is permitted to see private teams.

Implementation
--------------

    * lib/canonical/launchpad/security.py
      * Added commercial admins the launchpad.View on private teams and
        TeamMemberships (which are implcitly private if the team is private).

To post a comment you must log in.
Revision history for this message
Brad Crittenden (bac) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/canonical/launchpad/security.py'
2--- lib/canonical/launchpad/security.py 2010-08-09 17:14:10 +0000
3+++ lib/canonical/launchpad/security.py 2010-08-14 22:18:47 +0000
4@@ -654,11 +654,12 @@
5 """Verify that the user can view the team's membership.
6
7 Anyone can see a public team's membership. Only a team member or
8- a Launchpad admin can view a private team.
9+ commercial admin or a Launchpad admin can view a private team.
10 """
11 if self.obj.team.visibility == PersonVisibility.PUBLIC:
12 return True
13- if user.in_admin or user.inTeam(self.obj.team):
14+ if (user.in_admin or user.in_commercial_admin
15+ or user.inTeam(self.obj.team)):
16 return True
17 return False
18
19@@ -725,12 +726,13 @@
20 def checkAuthenticated(self, user):
21 """Verify that the user can view the team's membership.
22
23- Anyone can see a public team's membership. Only a team member
24- or a Launchpad admin can view a private team's members.
25+ Anyone can see a public team's membership. Only a team member,
26+ commercial admin, or a Launchpad admin can view a private team's
27+ members.
28 """
29 if self.obj.visibility == PersonVisibility.PUBLIC:
30 return True
31- if user.in_admin or user.inTeam(self.obj):
32+ if user.in_admin or user.in_commercial_admin or user.inTeam(self.obj):
33 return True
34 # We also grant visibility of the private team to administrators of
35 # other teams that have been invited to join the private team.
36
37=== modified file 'lib/lp/registry/doc/private-team-visibility.txt'
38--- lib/lp/registry/doc/private-team-visibility.txt 2010-07-27 22:13:36 +0000
39+++ lib/lp/registry/doc/private-team-visibility.txt 2010-08-14 22:18:47 +0000
40@@ -10,9 +10,11 @@
41 administrators .
42
43 >>> from lp.registry.interfaces.person import PersonVisibility
44+ >>> from lp.testing import login_celebrity
45+
46 >>> priv_owner = factory.makePerson(name="priv-owner")
47 >>> priv_member = factory.makePerson(name="priv-member")
48- >>> login('commercial-member@canonical.com')
49+ >>> commercial_admin = login_celebrity('commercial_admin')
50 >>> priv_team = factory.makeTeam(owner=priv_owner, name="priv-team",
51 ... visibility=PersonVisibility.PRIVATE)
52 >>> login_person(priv_owner)
53@@ -31,6 +33,17 @@
54 >>> login_person(priv_member)
55 >>> members = priv_team.activemembers
56
57+A commercial admin can view private teams and private team memberships.
58+
59+ >>> from canonical.launchpad.webapp.authorization import check_permission
60+
61+ >>> commercial_admin = login_celebrity('commercial_admin')
62+ >>> check_permission('launchpad.View', priv_team)
63+ True
64+ >>> team_membership = priv_member.myactivememberships[0]
65+ >>> check_permission('launchpad.View', team_membership)
66+ True
67+
68 A person who is not in the team cannot see the membership and cannot
69 see other details of the team, such as the name.
70
71@@ -38,12 +51,14 @@
72 >>> members = priv_team.activemembers
73 Traceback (most recent call last):
74 ...
75- Unauthorized: (<Person at ... priv-team (Priv Team)>, 'activemembers', 'launchpad.View')
76+ Unauthorized: (<Person at ... priv-team (Priv Team)>,
77+ 'activemembers', 'launchpad.View')
78
79 >>> print priv_team.name
80 Traceback (most recent call last):
81 ...
82- Unauthorized: (<Person at ... priv-team (Priv Team)>, 'name', 'launchpad.View')
83+ Unauthorized: (<Person at ... priv-team (Priv Team)>,
84+ 'name', 'launchpad.View')
85
86 Public teams can join private teams. When adding one team to another
87 the team is invited to join and that invitation must be accepted by
88@@ -63,7 +78,8 @@
89 >>> print priv_team.name
90 Traceback (most recent call last):
91 ...
92- Unauthorized: (<Person at ... priv-team (Priv Team)>, 'name', 'launchpad.View')
93+ Unauthorized: (<Person at ... priv-team (Priv Team)>,
94+ 'name', 'launchpad.View')
95
96 >>> login_person(priv_owner)
97 >>> ignored = priv_team.addMember(pub_team, reviewer=priv_owner)
98@@ -89,4 +105,5 @@
99 >>> print priv_team.name
100 Traceback (most recent call last):
101 ...
102- Unauthorized: (<Person at ... priv-team (Priv Team)>, 'name', 'launchpad.View')
103+ Unauthorized: (<Person at ... priv-team (Priv Team)>,
104+ 'name', 'launchpad.View')