Merge lp:~thumper/launchpad/vcs-imports-permission-review into lp:launchpad

Proposed by Tim Penhey on 2010-05-11
Status: Merged
Approved by: Tim Penhey on 2010-05-12
Approved revision: no longer in the source branch.
Merged at revision: 10861
Proposed branch: lp:~thumper/launchpad/vcs-imports-permission-review
Merge into: lp:launchpad
Diff against target: 237 lines (+22/-64)
7 files modified
lib/canonical/launchpad/security.py (+1/-14)
lib/lp/code/browser/bazaar.py (+1/-17)
lib/lp/code/browser/configure.zcml (+0/-4)
lib/lp/code/doc/codeimport-machine.txt (+8/-10)
lib/lp/code/model/tests/test_codeimportjob.py (+2/-5)
lib/lp/code/model/tests/test_codeimportmachine.py (+2/-4)
lib/lp/code/stories/codeimport/xx-codeimport-machines.txt (+8/-10)
To merge this branch: bzr merge lp:~thumper/launchpad/vcs-imports-permission-review
Reviewer Review Type Date Requested Status
Michael Nelson (community) 2010-05-12 Approve on 2010-05-12
Jelmer Vernooij (community) code* 2010-05-11 Approve on 2010-05-11
Review via email: mp+25047@code.launchpad.net

Commit Message

Remove old weird permissions held by the vcs-imports team.

Description of the Change

In the discussions around having trustworthy community people be members of vcs-imports, we kicked off a security review of the vcs-imports celebrity.

For historical reasons vcs-imports had launchpad.Admin on IBazaarApplication and IProductSeries. Both of these have been removed, as has an old unused menu for IBazaarApplication.

All deletions in this code.

Running the tests through ec2 now.

To post a comment you must log in.
Jelmer Vernooij (jelmer) wrote :

It seems like EditCodeImportMachine can also be removed, it's unused as far as I can tell.

review: Approve (code*)
Jelmer Vernooij (jelmer) wrote :

> It seems like EditCodeImportMachine can also be removed, it's unused as far as
> I can tell.
If it is still used, do we want community members to be able to edit code import machines?

Tim Penhey (thumper) wrote :

On Wed, 12 May 2010 11:13:26 you wrote:
> > It seems like EditCodeImportMachine can also be removed, it's unused as
> > far as I can tell.
>
> If it is still used, do we want community members to be able to edit code
> import machines?

I was wondering about that. We could change it to be admins and bzr experts
very easily.

Tim

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/canonical/launchpad/security.py'
2--- lib/canonical/launchpad/security.py 2010-04-26 15:02:03 +0000
3+++ lib/canonical/launchpad/security.py 2010-05-14 02:03:34 +0000
4@@ -551,14 +551,6 @@
5 user.in_admin)
6
7
8-class AdminSeriesByVCSImports(AuthorizationBase):
9- permission = 'launchpad.Admin'
10- usedfor = IProductSeries
11-
12- def checkAuthenticated(self, user):
13- return user.in_vcs_imports
14-
15-
16 class EditProjectMilestoneNever(AuthorizationBase):
17 permission = 'launchpad.Edit'
18 usedfor = IProjectGroupMilestone
19@@ -1101,11 +1093,6 @@
20 return user.in_admin or user.in_vcs_imports
21
22
23-class AdminTheBazaar(OnlyVcsImportsAndAdmins):
24- permission = 'launchpad.Admin'
25- usedfor = IBazaarApplication
26-
27-
28 class EditCodeImport(OnlyVcsImportsAndAdmins):
29 """Control who can edit the object view of a CodeImport.
30
31@@ -1136,7 +1123,7 @@
32 usedfor = ICodeImportJobWorkflow
33
34
35-class EditCodeImportMachine(OnlyVcsImportsAndAdmins):
36+class EditCodeImportMachine(OnlyBazaarExpertsAndAdmins):
37 """Control who can edit the object view of a CodeImportMachine.
38
39 Access is restricted to members of ~vcs-imports and Launchpad admins.
40
41=== modified file 'lib/lp/code/browser/bazaar.py'
42--- lib/lp/code/browser/bazaar.py 2010-03-18 21:56:18 +0000
43+++ lib/lp/code/browser/bazaar.py 2010-05-14 02:03:34 +0000
44@@ -25,24 +25,8 @@
45 from lp.code.interfaces.branch import IBranchCloud, IBranchSet
46 from lp.code.interfaces.branchcollection import IAllBranches
47 from lp.code.interfaces.codeimport import ICodeImportSet
48-from canonical.launchpad.interfaces.launchpad import IBazaarApplication
49 from lp.registry.interfaces.product import IProductSet
50-from canonical.launchpad.webapp import (
51- ApplicationMenu, canonical_url, enabled_with_permission, LaunchpadView,
52- Link)
53-
54-
55-class BazaarBranchesMenu(ApplicationMenu):
56- usedfor = IBazaarApplication
57- facet = 'branches'
58- links = ['importer']
59-
60- @enabled_with_permission('launchpad.Admin')
61- def importer(self):
62- target = 'series/'
63- text = 'Branch importer'
64- summary = 'Manage CVS and SVN Trunk Imports'
65- return Link(target, text, summary, icon='branch')
66+from canonical.launchpad.webapp import canonical_url, LaunchpadView
67
68
69 class BazaarApplicationView(LaunchpadView):
70
71=== modified file 'lib/lp/code/browser/configure.zcml'
72--- lib/lp/code/browser/configure.zcml 2010-05-12 17:23:07 +0000
73+++ lib/lp/code/browser/configure.zcml 2010-05-14 02:03:34 +0000
74@@ -141,10 +141,6 @@
75 name="+index"
76 template="../templates/bazaar-index.pt"/>
77 </browser:pages>
78- <browser:menus
79- classes="
80- BazaarBranchesMenu"
81- module="lp.code.browser.bazaar"/>
82 <browser:page
83 for="lp.code.interfaces.branchmergeproposal.IBranchMergeProposal"
84 name="+hierarchy"
85
86=== modified file 'lib/lp/code/doc/codeimport-machine.txt'
87--- lib/lp/code/doc/codeimport-machine.txt 2009-06-12 16:36:02 +0000
88+++ lib/lp/code/doc/codeimport-machine.txt 2010-05-14 02:03:34 +0000
89@@ -140,19 +140,17 @@
90 The setQuiescing method sets the machine's state to QUIESCING and
91 records the corresponding event. A user is passed into the method
92 to be recorded in the event, and will in almost all cases be a
93-member of vcs-imports.
94+member of the bazaar experts or more likely a LOSA (administrator).
95
96- >>> login('david.allouche@canonical.com')
97+ >>> login('admin@canonical.com')
98 >>> from canonical.launchpad.interfaces import ILaunchpadCelebrities
99- >>> ddaa = getUtility(ILaunchBag).user
100- >>> ddaa.inTeam(getUtility(ILaunchpadCelebrities).vcs_imports)
101- True
102+ >>> admin = getUtility(ILaunchBag).user
103
104 >>> new_machine.setOnline()
105 >>> new_events = NewEvents()
106- >>> new_machine.setQuiescing(ddaa, "1.1.42 rollout")
107+ >>> new_machine.setQuiescing(admin, "1.1.42 rollout")
108 >>> print new_events.summary()
109- QUIESCE frobisher ddaa
110+ QUIESCE frobisher name16
111
112 >>> [new_event] = new_events
113 >>> dict(new_event.items())[CodeImportEventDataType.MESSAGE]
114@@ -210,7 +208,7 @@
115 Attempting the transition from OFFLINE to QUIESCING is also logic error.
116
117 >>> offline_machine = new_machine_with_state(OFFLINE)
118- >>> offline_machine.setQuiescing(ddaa, "No worky!")
119+ >>> offline_machine.setQuiescing(admin, "No worky!")
120 Traceback (most recent call last):
121 ...
122 AssertionError: State of machine ... was OFFLINE.
123@@ -219,7 +217,7 @@
124 must fail.
125
126 >>> online_machine = new_machine_with_state(ONLINE)
127- >>> online_machine.setQuiescing(ddaa, "Because.")
128+ >>> online_machine.setQuiescing(admin, "Because.")
129 >>> print online_machine.state.name
130 QUIESCING
131
132@@ -243,7 +241,7 @@
133 ONLINE
134
135 >>> quiescing_machine = new_machine_with_state(QUIESCING)
136- >>> quiescing_machine.setQuiescing(ddaa, "No worky!")
137+ >>> quiescing_machine.setQuiescing(admin, "No worky!")
138 Traceback (most recent call last):
139 ...
140 AssertionError: State of machine ... was QUIESCING.
141
142=== modified file 'lib/lp/code/model/tests/test_codeimportjob.py'
143--- lib/lp/code/model/tests/test_codeimportjob.py 2010-03-18 17:49:21 +0000
144+++ lib/lp/code/model/tests/test_codeimportjob.py 2010-05-14 02:03:34 +0000
145@@ -651,14 +651,12 @@
146 def test_wrongJobState(self):
147 # Calling startJob with a job whose state is not PENDING is an error.
148 code_import = self.factory.makeCodeImport()
149- machine = self.factory.makeCodeImportMachine()
150+ machine = self.factory.makeCodeImportMachine(set_online=True)
151 job = self.factory.makeCodeImportJob(code_import)
152 # ICodeImportJob does not allow setting 'state', so we must
153 # use removeSecurityProxy.
154 RUNNING = CodeImportJobState.RUNNING
155 removeSecurityProxy(job).state = RUNNING
156- # Machines are OFFLINE when they are created.
157- machine.setOnline()
158 # Testing startJob failure.
159 self.assertFailure(
160 "The CodeImportJob associated with %s is "
161@@ -709,8 +707,7 @@
162 def setUp(self):
163 super(TestCodeImportJobWorkflowFinishJob, self).setUp()
164 login_for_code_imports()
165- self.machine = self.factory.makeCodeImportMachine()
166- self.machine.setOnline()
167+ self.machine = self.factory.makeCodeImportMachine(set_online=True)
168
169 def makeRunningJob(self, code_import=None):
170 """Make and return a CodeImportJob object with state==RUNNING.
171
172=== modified file 'lib/lp/code/model/tests/test_codeimportmachine.py'
173--- lib/lp/code/model/tests/test_codeimportmachine.py 2010-02-19 03:15:04 +0000
174+++ lib/lp/code/model/tests/test_codeimportmachine.py 2010-05-14 02:03:34 +0000
175@@ -12,8 +12,6 @@
176 from canonical.database.constants import UTC_NOW
177 from lp.code.enums import (
178 CodeImportMachineOfflineReason, CodeImportMachineState)
179-from lp.code.model.tests.test_codeimportjob import (
180- login_for_code_imports)
181 from lp.code.interfaces.codeimportjob import ICodeImportJobWorkflow
182 from lp.testing import TestCaseWithFactory
183 from canonical.testing import DatabaseFunctionalLayer
184@@ -25,8 +23,8 @@
185 layer = DatabaseFunctionalLayer
186
187 def setUp(self):
188- super(TestCodeImportMachineShouldLookForJob, self).setUp()
189- login_for_code_imports()
190+ super(TestCodeImportMachineShouldLookForJob, self).setUp(
191+ 'admin@canonical.com')
192 self.machine = self.factory.makeCodeImportMachine(set_online=True)
193
194 def createJobRunningOnMachine(self, machine):
195
196=== modified file 'lib/lp/code/stories/codeimport/xx-codeimport-machines.txt'
197--- lib/lp/code/stories/codeimport/xx-codeimport-machines.txt 2009-10-06 17:44:23 +0000
198+++ lib/lp/code/stories/codeimport/xx-codeimport-machines.txt 2010-05-14 02:03:34 +0000
199@@ -25,7 +25,7 @@
200 running jobs in the table.
201
202 >>> from canonical.launchpad.ftests import login, logout
203- >>> login('david.allouche@canonical.com')
204+ >>> login('admin@canonical.com')
205
206 >>> apollo, odin, saturn = (
207 ... factory.makeCodeImportMachine(set_online=True, hostname='apollo'),
208@@ -105,22 +105,20 @@
209 >>> print find_tag_by_id(browser.contents, 'update-status')
210 None
211
212- >>> import_browser = setupBrowser(
213- ... auth="Basic david.allouche@canonical.com:test")
214- >>> import_browser.open(browser.url)
215+ >>> admin_browser.open(browser.url)
216
217- >>> print find_tag_by_id(import_browser.contents,
218+ >>> print find_tag_by_id(admin_browser.contents,
219 ... 'update-status').h2.renderContents()
220 Update machine status
221
222- >>> import_browser.getControl('Reason').value = (
223+ >>> admin_browser.getControl('Reason').value = (
224 ... "Testing quiescing.")
225- >>> import_browser.getControl('Set Quiescing').click()
226- >>> print_heading(import_browser)
227+ >>> admin_browser.getControl('Set Quiescing').click()
228+ >>> print_heading(admin_browser)
229 apollo: Quiescing
230
231- >>> print_events(import_browser)
232+ >>> print_events(admin_browser)
233 Related events
234- ...: David Allouche set Quiescing Requested
235+ ...: ... set Quiescing Requested
236 Message: Testing quiescing.
237 ...