Merge lp:~sinzui/launchpad/override-blacklist-0 into lp:launchpad/db-devel
Status: | Merged |
---|---|
Merged at revision: | 10126 |
Proposed branch: | lp:~sinzui/launchpad/override-blacklist-0 |
Merge into: | lp:launchpad/db-devel |
Diff against target: |
650 lines (+273/-41) 15 files modified
database/schema/comments.sql (+1/-0) database/schema/patch-2208-36-0.sql (+15/-0) database/schema/security.cfg (+2/-2) database/schema/trusted.sql (+56/-13) lib/lp/registry/browser/nameblacklist.py (+3/-2) lib/lp/registry/browser/tests/nameblacklist-views.txt (+13/-6) lib/lp/registry/interfaces/nameblacklist.py (+13/-1) lib/lp/registry/interfaces/person.py (+7/-2) lib/lp/registry/model/nameblacklist.py (+6/-1) lib/lp/registry/model/person.py (+8/-3) lib/lp/registry/templates/nameblacklists-index.pt (+20/-0) lib/lp/registry/tests/test_nameblacklist.py (+47/-4) lib/lp/registry/tests/test_person.py (+14/-1) lib/lp/services/fields/__init__.py (+4/-1) lib/lp/services/fields/tests/test_fields.py (+64/-5) |
To merge this branch: | bzr merge lp:~sinzui/launchpad/override-blacklist-0 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Abel Deuring (community) | code | Approve | |
Stuart Bishop (community) | db | Approve | |
Robert Collins | db | Pending | |
Review via email: mp+45499@code.launchpad.net |
This proposal supersedes a proposal from 2011-01-06.
Description of the change
Add a column to nameblacklist to specify the team that may override the
restriction.
Launchpad bug: https:/
Pre-
Test command: ./bin/test -vv \
-t nameblacklist -t test_fields -t test_person
Admins need to use SQL to change the name of pillar and persons because
the UI does not permit them to override the nameblacklist for approved
exceptions.
There are some names that really cannot be overridden. There are some that
admins do need to change. There are other that commericial or registy
admins could be trusted to use. We need a way to define who can override
blacklisted name.
jml and sinzui discussed the issue and decided that the blacklist admin
views should permit admins to specify the team that can override the
namebacklist. When the team is None, the nameblacklist cannot be overridden.
-------
RULES
* Add a column to the nameblacklist to reference a team or is null.
Update the functions to accept a user id to build a list of teams
the user is in, then skip regexps when the user is in the admin team.
* Update the NameBlacklistField to pass the current user when available.
* Add the team field to the +nameblacklist list and the add/edit forms.
QA
* Visit https:/
* Verify it displays a column for admin
* Choose to add a new expression and add ~launchpad as the admin
* Verify you can register a project that matchs the expression
* Update the ^launchpad expressions; add ~launchpad as the admin
* Verify you can register a project that starts with launchpad.
LINT
database/
database/
database/
database/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
IMPLEMENTATION
Added the nameblacklist.admin column and updated the functions to use it.
Updated the interface and model too.
database/
database/
database/
database/
lib/
lib/
lib/
Updated the code to pass the current user to when available when working
the the nameblacklist.
lib/
lib/
lib/
lib/
lib/
Added nameblacklist.admin to the UI
lib/
lib/
lib/
Database patch needs an index:
CREATE INDEX nameblacklist_ _admin_ _idx ON NameBlackList( admin);
I don't really like that there is no warning when you create something with a blacklisted name that you are allowed to override. I'm not sure if a warning is desirable enough to complicate the UI.
Should the admins team in Launchpad be allowed ignore the blacklist entirely? Membership in this team needs to be checked for explicitly.
Here is a much more efficient version of the stored procedure that also performs the admin check:
CREATE OR REPLACE FUNCTION name_blacklist_ match(text, integer) RETURNS int4 .decode( "UTF-8" )
LANGUAGE plpythonu STABLE RETURNS NULL ON NULL INPUT
EXTERNAL SECURITY DEFINER SET search_path TO public AS
$$
import re
name = args[0]
user_id = args[1]
# Initialize shared storage, shared between invocations. key("regexp_ select_ plan"):
if not SD.has_
# All the blacklist regexps except the ones we are an admin
SD["regexp_ select_ plan"] = plpy.prepare("""
SELECT team FROM TeamParticipation
WHERE person = $1)
# for. These we do not check since they are not blacklisted to us.
SELECT id, regexp FROM NameBlacklist
WHERE admin IS NULL OR admin NOT IN (
ORDER BY id
""", ["integer"])
# Storage for compiled regexps
SD["compiled" ] = {}
# admins is a celebrity and its id is immutable. ")[0][" id"]
admins_id = plpy.execute(
"SELECT id FROM Person WHERE name='admins'
SELECT TRUE FROM TeamParticipation
WHERE
AND TeamParticipati
LIMIT 1
""" % admins_id, ["integer"])
# Names are never blacklisted for admins.
SD["admin_ select_ plan"], [user_id]).nrows() > 0:
if user_id is not None and plpy.execute(
return None
compiled = SD["compiled"]
for row in plpy.execute( SD["regexp_ select_ plan"], [user_id]): get(regexp_ id) is None regexp_ id][0] != regexp_txt):
regexp_ txt, re.IGNORECASE | re.UNICODE | re.VERBOSE
compiled[ regexp_ id] = (regexp_txt, regexp) regexp_ id][1]
regexp_id = row["id"]
regexp_txt = row["regexp"]
if (compiled.
or compiled[
regexp = re.compile(
)
else:
regexp = compiled[
if regexp.search(name) is not None:
return regexp_id
return None
$$;