Launchpad itself

Merge lp:~twom/launchpad/widen-performLookup-account-for-grants into lp:launchpad

  1. widen-performLookup-account-for-grants
  2. Merge into devel
Proposed by Tom Wardill
Status: Merged
Merged at revision: 18809
Proposed branch: lp:~twom/launchpad/widen-performLookup-account-for-grants
Merge into: lp:launchpad
Diff against target: 93 lines (+52/-3)
2 files modified
lib/lp/code/xmlrpc/git.py (+10/-3)
lib/lp/code/xmlrpc/tests/test_git.py (+42/-0)
To merge this branch: bzr merge lp:~twom/launchpad/widen-performLookup-account-for-grants
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+357706@code.launchpad.net

Commit message

Widen _performLookup to account for users with grants

Description of the change

Allow write access for users that have a RuleGrant to the repository, as well as the repository owner.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/code/xmlrpc/git.py'
2--- lib/lp/code/xmlrpc/git.py 2018-10-22 10:37:03 +0000
3+++ lib/lp/code/xmlrpc/git.py 2018-10-23 16:37:06 +0000
4@@ -103,7 +103,7 @@
5 else:
6 return issuer.checkMacaroonIssuer(macaroon)
7
8- def _performLookup(self, path, auth_params):
9+ def _performLookup(self, requester, path, auth_params):
10 repository, extra_path = getUtility(IGitLookup).getByPath(path)
11 if repository is None:
12 return None
13@@ -127,6 +127,13 @@
14 writable = (
15 repository.repository_type == GitRepositoryType.HOSTED and
16 check_permission("launchpad.Edit", repository))
17+ # If we have any grants to this user, they are declared to have
18+ # write access at this point. `_checkRefPermissions` will
19+ # sort out access to individual refs at a later point in the push.
20+ if not writable:
21+ grants = naked_repository.findRuleGrantsByGrantee(requester)
22+ if not grants.is_empty():
23+ writable = True
24 private = repository.private
25 return {
26 "path": hosting_path,
27@@ -282,11 +289,11 @@
28 if requester == LAUNCHPAD_ANONYMOUS:
29 requester = None
30 try:
31- result = self._performLookup(path, auth_params)
32+ result = self._performLookup(requester, path, auth_params)
33 if (result is None and requester is not None and
34 permission == "write"):
35 self._createRepository(requester, path)
36- result = self._performLookup(path, auth_params)
37+ result = self._performLookup(requester, path, auth_params)
38 if result is None:
39 raise faults.GitRepositoryNotFound(path)
40 if permission != "read" and not result["writable"]:
41
42=== modified file 'lib/lp/code/xmlrpc/tests/test_git.py'
43--- lib/lp/code/xmlrpc/tests/test_git.py 2018-10-18 15:07:49 +0000
44+++ lib/lp/code/xmlrpc/tests/test_git.py 2018-10-23 16:37:06 +0000
45@@ -266,6 +266,48 @@
46 self.assertEqual(
47 initial_count, getUtility(IAllGitRepositories).count())
48
49+ def test_translatePath_grant_to_other(self):
50+ requester = self.factory.makePerson()
51+ other_person = self.factory.makePerson()
52+ repository = self.factory.makeGitRepository(owner=requester)
53+ rule = self.factory.makeGitRule(
54+ repository, ref_pattern=u'refs/heads/stable/next')
55+ self.factory.makeGitRuleGrant(
56+ rule=rule, grantee=other_person,
57+ can_force_push=True)
58+ path = u"/%s" % repository.unique_name
59+ self.assertTranslates(
60+ other_person, path, repository, True, private=False)
61+
62+ def test_translatePath_grant_but_no_access(self):
63+ requester = self.factory.makePerson()
64+ grant_person = self.factory.makePerson()
65+ other_person = self.factory.makePerson()
66+ repository = self.factory.makeGitRepository(owner=requester)
67+ rule = self.factory.makeGitRule(
68+ repository, ref_pattern=u'refs/heads/stable/next')
69+ self.factory.makeGitRuleGrant(
70+ rule=rule, grantee=grant_person,
71+ can_force_push=True)
72+ path = u"/%s" % repository.unique_name
73+ self.assertTranslates(
74+ other_person, path, repository, False, private=False)
75+
76+ def test_translatePath_grant_to_other_private(self):
77+ requester = self.factory.makePerson()
78+ other_person = self.factory.makePerson()
79+ repository = removeSecurityProxy(
80+ self.factory.makeGitRepository(
81+ owner=requester, information_type=InformationType.USERDATA))
82+ rule = self.factory.makeGitRule(
83+ repository, ref_pattern=u'refs/heads/stable/next')
84+ self.factory.makeGitRuleGrant(
85+ rule=rule, grantee=other_person,
86+ can_force_push=True)
87+ path = u"/%s" % repository.unique_name
88+ self.assertGitRepositoryNotFound(
89+ other_person, path, can_authenticate=True)
90+
91 def _make_scenario_one_repository(self):
92 user_a = self.factory.makePerson()
93 user_b = self.factory.makePerson()