Launchpad itself

Merge lp:~sinzui/launchpad/commercial-admin-sharing into lp:launchpad

  1. commercial-admin-sharing
  2. Merge into devel
Proposed by Curtis Hovey
Status: Merged
Approved by: Curtis Hovey
Approved revision: no longer in the source branch.
Merged at revision: 15846
Proposed branch: lp:~sinzui/launchpad/commercial-admin-sharing
Merge into: lp:launchpad
Prerequisite: lp:~sinzui/launchpad/entitle-branch-sharing
Diff against target: 0 lines
To merge this branch: bzr merge lp:~sinzui/launchpad/commercial-admin-sharing
Reviewer Review Type Date Requested Status
Ian Booth (community) Approve
Review via email: mp+120464@code.launchpad.net

Commit message

Allow commercial admins to help setup project sharing.

Description of the change

Commercial admins are responsible for helping commercial project setup,
but they do not have permission to access +sharing. There is some irony
here because bug 750871 indicates that they are the only group that can
configure branch sharing policies :(

We want to grant launchpad.view on +sharing to commercial admins. This
will not give them permission to see the private bugs and branches. It
will allow them to see and set the sharing policies. They may need to
share/unshare with teams, but that should not be undertaken if the
changes are complex.

--------------------------------------------------------------------

RULES

    Pre-implementation: jcsackett
    * Change the permission on +sharing to allow commercial admins.
    * Ensure commercial admins can set the bug and branch sharing
      policies
    * The permissions to access and change are launchpad.Driver and
      launchpad.Edit, and giving the commercial admins unqualified access
      also gives privileges to edit a project and nominate for series.
    * Editing a project is not bad in the case of a commercial project.
      Commercial Admins only need this extra permission for commercial
      projects.

QA

    As a commercial admin
    * Visit http://qastaging.launchpad.net/fusionapp
    * Verify you can see the link to Sharing
    * Follow the link.
    * Verify you can see the Sharing page.
    * Set the bug sharing policy to proprietary, can be public.
    * Set the branch sharing policy to proprietary, only proprietary.

    * Visit https://qastaging.launchpad.net/zeitgeist-datasources
    * Verify you do not see the Sharing link
    * Verify you cannot access
      https://qastaging.launchpad.net/zeitgeist-datasources/+sharing

LINT

    lib/lp/security.py
    lib/lp/registry/tests/test_product.py

TEST

    ./bin/test -vvc -t ProductPermissionTestCase lp.registry.tests.test_product

IMPLEMENTATION

Extended the existing permission checkers to permit the user to edit or
drive a product if the user is a commercial admin and the product has a
commercial subscription. Though the driver role has permission to edit
bugs and blueprints, it is not conveyed to the commercial admin because
the IProduct driver and edit permissions are very specific to creating
a series and configuring the product apps.
    lib/lp/security.py
    lib/lp/registry/tests/test_product.py

To post a comment you must log in.
Revision history for this message
Ian Booth (wallyworld) wrote :

Looks nice. Should there be a couple of negative tests to ensure we don't leak access to bugs and blueprints? I think we do need these.

review: Approve

Preview Diff

Empty