Launchpad itself

Merge lp:~thumper/launchpad/vcs-imports-permission-review into lp:launchpad

vcs-imports-permission-review
Merge into devel

Proposed by Tim Penhey on 2010-05-11

Status:

Merged

Approved by:

Tim Penhey on 2010-05-12

Approved revision:

no longer in the source branch.

Merged at revision:

10861

Proposed branch:

lp:~thumper/launchpad/vcs-imports-permission-review

Merge into:

lp:launchpad

Diff against target:

237 lines (+22/-64)

7 files modified

lib/canonical/launchpad/security.py (+1/-14)
lib/lp/code/browser/bazaar.py (+1/-17)
lib/lp/code/browser/configure.zcml (+0/-4)
lib/lp/code/doc/codeimport-machine.txt (+8/-10)
lib/lp/code/model/tests/test_codeimportjob.py (+2/-5)
lib/lp/code/model/tests/test_codeimportmachine.py (+2/-4)
lib/lp/code/stories/codeimport/xx-codeimport-machines.txt (+8/-10)

To merge this branch:

bzr merge lp:~thumper/launchpad/vcs-imports-permission-review

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Michael Nelson (community)		2010-05-12	Approve on 2010-05-12
Jelmer Vernooij (community)	code*	2010-05-11	Approve on 2010-05-11
Review via email: mp+25047@code.launchpad.net

Commit Message

Remove old weird permissions held by the vcs-imports team.

Description of the Change

In the discussions around having trustworthy community people be members of vcs-imports, we kicked off a security review of the vcs-imports celebrity.

For historical reasons vcs-imports had launchpad.Admin on IBazaarApplication and IProductSeries. Both of these have been removed, as has an old unused menu for IBazaarApplication.

All deletions in this code.

Running the tests through ec2 now.

Jelmer Vernooij (jelmer) wrote on 2010-05-11:

It seems like EditCodeImportMachine can also be removed, it's unused as far as I can tell.

review: Approve (code*)

Jelmer Vernooij (jelmer) wrote on 2010-05-11:

> It seems like EditCodeImportMachine can also be removed, it's unused as far as
> I can tell.
If it is still used, do we want community members to be able to edit code import machines?

Tim Penhey (thumper) wrote on 2010-05-11:

On Wed, 12 May 2010 11:13:26 you wrote:
> > It seems like EditCodeImportMachine can also be removed, it's unused as
> > far as I can tell.
>
> If it is still used, do we want community members to be able to edit code
> import machines?

I was wondering about that. We could change it to be admins and bzr experts
very easily.

Tim

Michael Nelson (michael.nelson) on 2010-05-12:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to status/vote changes:

Tzaddi

Tzaddi Belding

1	=== modified file 'lib/canonical/launchpad/security.py'
2	--- lib/canonical/launchpad/security.py 2010-04-26 15:02:03 +0000
3	+++ lib/canonical/launchpad/security.py 2010-05-14 02:03:34 +0000
4	@@ -551,14 +551,6 @@
5	user.in_admin)
6
7
8	-class AdminSeriesByVCSImports(AuthorizationBase):
9	- permission = 'launchpad.Admin'
10	- usedfor = IProductSeries
11	-
12	- def checkAuthenticated(self, user):
13	- return user.in_vcs_imports
14	-
15	-
16	class EditProjectMilestoneNever(AuthorizationBase):
17	permission = 'launchpad.Edit'
18	usedfor = IProjectGroupMilestone
19	@@ -1101,11 +1093,6 @@
20	return user.in_admin or user.in_vcs_imports
21
22
23	-class AdminTheBazaar(OnlyVcsImportsAndAdmins):
24	- permission = 'launchpad.Admin'
25	- usedfor = IBazaarApplication
26	-
27	-
28	class EditCodeImport(OnlyVcsImportsAndAdmins):
29	"""Control who can edit the object view of a CodeImport.
30
31	@@ -1136,7 +1123,7 @@
32	usedfor = ICodeImportJobWorkflow
33
34
35	-class EditCodeImportMachine(OnlyVcsImportsAndAdmins):
36	+class EditCodeImportMachine(OnlyBazaarExpertsAndAdmins):
37	"""Control who can edit the object view of a CodeImportMachine.
38
39	Access is restricted to members of ~vcs-imports and Launchpad admins.
40
41	=== modified file 'lib/lp/code/browser/bazaar.py'
42	--- lib/lp/code/browser/bazaar.py 2010-03-18 21:56:18 +0000
43	+++ lib/lp/code/browser/bazaar.py 2010-05-14 02:03:34 +0000
44	@@ -25,24 +25,8 @@
45	from lp.code.interfaces.branch import IBranchCloud, IBranchSet
46	from lp.code.interfaces.branchcollection import IAllBranches
47	from lp.code.interfaces.codeimport import ICodeImportSet
48	-from canonical.launchpad.interfaces.launchpad import IBazaarApplication
49	from lp.registry.interfaces.product import IProductSet
50	-from canonical.launchpad.webapp import (
51	- ApplicationMenu, canonical_url, enabled_with_permission, LaunchpadView,
52	- Link)
53	-
54	-
55	-class BazaarBranchesMenu(ApplicationMenu):
56	- usedfor = IBazaarApplication
57	- facet = 'branches'
58	- links = ['importer']
59	-
60	- @enabled_with_permission('launchpad.Admin')
61	- def importer(self):
62	- target = 'series/'
63	- text = 'Branch importer'
64	- summary = 'Manage CVS and SVN Trunk Imports'
65	- return Link(target, text, summary, icon='branch')
66	+from canonical.launchpad.webapp import canonical_url, LaunchpadView
67
68
69	class BazaarApplicationView(LaunchpadView):
70
71	=== modified file 'lib/lp/code/browser/configure.zcml'
72	--- lib/lp/code/browser/configure.zcml 2010-05-12 17:23:07 +0000
73	+++ lib/lp/code/browser/configure.zcml 2010-05-14 02:03:34 +0000
74	@@ -141,10 +141,6 @@
75	name="+index"
76	template="../templates/bazaar-index.pt"/>
77	</browser:pages>
78	- <browser:menus
79	- classes="
80	- BazaarBranchesMenu"
81	- module="lp.code.browser.bazaar"/>
82	<browser:page
83	for="lp.code.interfaces.branchmergeproposal.IBranchMergeProposal"
84	name="+hierarchy"
85
86	=== modified file 'lib/lp/code/doc/codeimport-machine.txt'
87	--- lib/lp/code/doc/codeimport-machine.txt 2009-06-12 16:36:02 +0000
88	+++ lib/lp/code/doc/codeimport-machine.txt 2010-05-14 02:03:34 +0000
89	@@ -140,19 +140,17 @@
90	The setQuiescing method sets the machine's state to QUIESCING and
91	records the corresponding event. A user is passed into the method
92	to be recorded in the event, and will in almost all cases be a
93	-member of vcs-imports.
94	+member of the bazaar experts or more likely a LOSA (administrator).
95
96	- >>> login('david.allouche@canonical.com')
97	+ >>> login('admin@canonical.com')
98	>>> from canonical.launchpad.interfaces import ILaunchpadCelebrities
99	- >>> ddaa = getUtility(ILaunchBag).user
100	- >>> ddaa.inTeam(getUtility(ILaunchpadCelebrities).vcs_imports)
101	- True
102	+ >>> admin = getUtility(ILaunchBag).user
103
104	>>> new_machine.setOnline()
105	>>> new_events = NewEvents()
106	- >>> new_machine.setQuiescing(ddaa, "1.1.42 rollout")
107	+ >>> new_machine.setQuiescing(admin, "1.1.42 rollout")
108	>>> print new_events.summary()
109	- QUIESCE frobisher ddaa
110	+ QUIESCE frobisher name16
111
112	>>> [new_event] = new_events
113	>>> dict(new_event.items())[CodeImportEventDataType.MESSAGE]
114	@@ -210,7 +208,7 @@
115	Attempting the transition from OFFLINE to QUIESCING is also logic error.
116
117	>>> offline_machine = new_machine_with_state(OFFLINE)
118	- >>> offline_machine.setQuiescing(ddaa, "No worky!")
119	+ >>> offline_machine.setQuiescing(admin, "No worky!")
120	Traceback (most recent call last):
121	...
122	AssertionError: State of machine ... was OFFLINE.
123	@@ -219,7 +217,7 @@
124	must fail.
125
126	>>> online_machine = new_machine_with_state(ONLINE)
127	- >>> online_machine.setQuiescing(ddaa, "Because.")
128	+ >>> online_machine.setQuiescing(admin, "Because.")
129	>>> print online_machine.state.name
130	QUIESCING
131
132	@@ -243,7 +241,7 @@
133	ONLINE
134
135	>>> quiescing_machine = new_machine_with_state(QUIESCING)
136	- >>> quiescing_machine.setQuiescing(ddaa, "No worky!")
137	+ >>> quiescing_machine.setQuiescing(admin, "No worky!")
138	Traceback (most recent call last):
139	...
140	AssertionError: State of machine ... was QUIESCING.
141
142	=== modified file 'lib/lp/code/model/tests/test_codeimportjob.py'
143	--- lib/lp/code/model/tests/test_codeimportjob.py 2010-03-18 17:49:21 +0000
144	+++ lib/lp/code/model/tests/test_codeimportjob.py 2010-05-14 02:03:34 +0000
145	@@ -651,14 +651,12 @@
146	def test_wrongJobState(self):
147	# Calling startJob with a job whose state is not PENDING is an error.
148	code_import = self.factory.makeCodeImport()
149	- machine = self.factory.makeCodeImportMachine()
150	+ machine = self.factory.makeCodeImportMachine(set_online=True)
151	job = self.factory.makeCodeImportJob(code_import)
152	# ICodeImportJob does not allow setting 'state', so we must
153	# use removeSecurityProxy.
154	RUNNING = CodeImportJobState.RUNNING
155	removeSecurityProxy(job).state = RUNNING
156	- # Machines are OFFLINE when they are created.
157	- machine.setOnline()
158	# Testing startJob failure.
159	self.assertFailure(
160	"The CodeImportJob associated with %s is "
161	@@ -709,8 +707,7 @@
162	def setUp(self):
163	super(TestCodeImportJobWorkflowFinishJob, self).setUp()
164	login_for_code_imports()
165	- self.machine = self.factory.makeCodeImportMachine()
166	- self.machine.setOnline()
167	+ self.machine = self.factory.makeCodeImportMachine(set_online=True)
168
169	def makeRunningJob(self, code_import=None):
170	"""Make and return a CodeImportJob object with state==RUNNING.
171
172	=== modified file 'lib/lp/code/model/tests/test_codeimportmachine.py'
173	--- lib/lp/code/model/tests/test_codeimportmachine.py 2010-02-19 03:15:04 +0000
174	+++ lib/lp/code/model/tests/test_codeimportmachine.py 2010-05-14 02:03:34 +0000
175	@@ -12,8 +12,6 @@
176	from canonical.database.constants import UTC_NOW
177	from lp.code.enums import (
178	CodeImportMachineOfflineReason, CodeImportMachineState)
179	-from lp.code.model.tests.test_codeimportjob import (
180	- login_for_code_imports)
181	from lp.code.interfaces.codeimportjob import ICodeImportJobWorkflow
182	from lp.testing import TestCaseWithFactory
183	from canonical.testing import DatabaseFunctionalLayer
184	@@ -25,8 +23,8 @@
185	layer = DatabaseFunctionalLayer
186
187	def setUp(self):
188	- super(TestCodeImportMachineShouldLookForJob, self).setUp()
189	- login_for_code_imports()
190	+ super(TestCodeImportMachineShouldLookForJob, self).setUp(
191	+ 'admin@canonical.com')
192	self.machine = self.factory.makeCodeImportMachine(set_online=True)
193
194	def createJobRunningOnMachine(self, machine):
195
196	=== modified file 'lib/lp/code/stories/codeimport/xx-codeimport-machines.txt'
197	--- lib/lp/code/stories/codeimport/xx-codeimport-machines.txt 2009-10-06 17:44:23 +0000
198	+++ lib/lp/code/stories/codeimport/xx-codeimport-machines.txt 2010-05-14 02:03:34 +0000
199	@@ -25,7 +25,7 @@
200	running jobs in the table.
201
202	>>> from canonical.launchpad.ftests import login, logout
203	- >>> login('david.allouche@canonical.com')
204	+ >>> login('admin@canonical.com')
205
206	>>> apollo, odin, saturn = (
207	... factory.makeCodeImportMachine(set_online=True, hostname='apollo'),
208	@@ -105,22 +105,20 @@
209	>>> print find_tag_by_id(browser.contents, 'update-status')
210	None
211
212	- >>> import_browser = setupBrowser(
213	- ... auth="Basic david.allouche@canonical.com:test")
214	- >>> import_browser.open(browser.url)
215	+ >>> admin_browser.open(browser.url)
216
217	- >>> print find_tag_by_id(import_browser.contents,
218	+ >>> print find_tag_by_id(admin_browser.contents,
219	... 'update-status').h2.renderContents()
220	Update machine status
221
222	- >>> import_browser.getControl('Reason').value = (
223	+ >>> admin_browser.getControl('Reason').value = (
224	... "Testing quiescing.")
225	- >>> import_browser.getControl('Set Quiescing').click()
226	- >>> print_heading(import_browser)
227	+ >>> admin_browser.getControl('Set Quiescing').click()
228	+ >>> print_heading(admin_browser)
229	apollo: Quiescing
230
231	- >>> print_events(import_browser)
232	+ >>> print_events(admin_browser)
233	Related events
234	- ...: David Allouche set Quiescing Requested
235	+ ...: ... set Quiescing Requested
236	Message: Testing quiescing.
237	...