I have bughugger authorised as an application which can access launchpad on
my behalf.
Out of curiosity, I tried to remove its authorisation from launchpad:
And I get the following error:
Not allowed here
Sorry, you don't have permission to access this page.
Rules
-----
* Fix the security checker, which is checking a decorator, not the person.
* It was broken when henning added his nice security utility...the
test uses an admin, not a regualr user, so the problem was not caught.
This is my branch to fix OAuth access token permissions.
lp:~sinzui/launchpad/portlet-package-summary-timeout /bugs.launchpad .net/bugs/ 511567 implementation: no one
Diff size: 34
Launchpad bug: https:/
Test command: ./bin/test -vv -t doc/oauth.txt
Pre-
Target release: 10.02
Fix OAuth access token permissions ------- ------- ------- ------
-------
I have bughugger authorised as an application which can access launchpad on
my behalf.
Out of curiosity, I tried to remove its authorisation from launchpad:
And I get the following error:
Not allowed here
Sorry, you don't have permission to access this page.
Rules
-----
* Fix the security checker, which is checking a decorator, not the person.
* It was broken when henning added his nice security utility...the
test uses an admin, not a regualr user, so the problem was not caught.
QA
--
* Visit https:/ /edge.launchpad .net/people/ +me/+oauth- tokens
* Revoke a script.
* Verify it is gone; there is no 403 error.
Lint
----
Linting changed files: /launchpad/ security. py /launchpad/ doc/oauth. txt
lib/canonical
lib/canonical
Test
----
* lib/canonical/ launchpad/ doc/oauth. txt
* Added a test to show a *non-admin* can change his access token.
Implementation
--------------
* lib/canonical/ launchpad/ security. py
* Updated the security checker to user user.person not the decorator
object.