Merge lp:~sinzui/launchpad/project-branch-permissions into lp:launchpad
| Status: | Merged |
|---|---|
| Approved by: | Curtis Hovey on 2012-08-20 |
| Approved revision: | no longer in the source branch. |
| Merged at revision: | 15831 |
| Proposed branch: | lp:~sinzui/launchpad/project-branch-permissions |
| Merge into: | lp:launchpad |
| Diff against target: |
219 lines (+103/-33) 4 files modified
lib/lp/code/configure.zcml (+5/-0) lib/lp/code/interfaces/branch.py (+42/-33) lib/lp/code/model/tests/test_branch.py (+43/-0) lib/lp/security.py (+13/-0) |
| To merge this branch: | bzr merge lp:~sinzui/launchpad/project-branch-permissions |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Ian Booth (community) | 2012-08-17 | Approve on 2012-08-20 | |
|
Review via email:
|
|||
Commit Message
Allow project maintainers to change branch information to prevent disclosure.
Description of the Change
Project maintainers cannot update branches owned by contributors to
secure the project.
-------
RULES
Pre-
* Several attributes on IBranchEditable
can be moved to IBranchModerate.
* Add a security checker for launchpad.Moderate on IBranchModerate
that permits the anyone with launchpad.Edit + the product.owner
and commercial admins permission to change the data.
QA
* Visit https:/
* Verify the branches owned by former Canonical employees are Private
* Run the test api script
* Verify all the branches are Private branches are now Proprietary
{{{
import logging
from launchpadlib.
logging.
log = logging.
log.
lp = Launchpad.
'testing', service_root='https:/
project = lp.projects[
statuses = [
for branch in project.
if branch.
try:
except:
}}
LINT
lib/
lib/
lib/
lib/
TEST
./bin/test -vvc -t BranchModerateT
IMPLEMENTATION
Added a security checker for launchpad.Moderate on branches. Anyone with
launchpad.Edit plus the product.owner and commercial admins have
permission.
lib/
Created IBranchModerate
and lifecycle_status from IBranchEditable
IBranchModerate and moved transitionToInf
IBranchEditable.
lib/
lib/
lib/

Looks great. A few quibbles:
Small typos:
35 + """IBranch attributes that can be edited by a more than one community."""
56 + """IBranch methods that can be edited by a more than one community."""
I think this was unintentional:
195 + """Tests for `Branch. commitsFornDays `."""
With the BranchModerateT estCase tests, we check access is granted for product owner and commercial admin. Could you please add in checks for branch owner to be complete.