Launchpad itself

Merge lp:~twom/launchpad/widen-performLookup-account-for-grants into lp:launchpad

  1. widen-performLookup-account-for-grants
  2. Merge into devel
Proposed by Tom Wardill
Status: Merged
Merged at revision: 18809
Proposed branch: lp:~twom/launchpad/widen-performLookup-account-for-grants
Merge into: lp:launchpad
Diff against target: 93 lines (+52/-3)
2 files modified
lib/lp/code/xmlrpc/git.py (+10/-3)
lib/lp/code/xmlrpc/tests/test_git.py (+42/-0)
To merge this branch: bzr merge lp:~twom/launchpad/widen-performLookup-account-for-grants
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+357706@code.launchpad.net

Commit message

Widen _performLookup to account for users with grants

Description of the change

Allow write access for users that have a RuleGrant to the repository, as well as the repository owner.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'lib/lp/code/xmlrpc/git.py'
--- lib/lp/code/xmlrpc/git.py 2018-10-22 10:37:03 +0000
+++ lib/lp/code/xmlrpc/git.py 2018-10-23 16:37:06 +0000
@@ -103,7 +103,7 @@
103 else:103 else:
104 return issuer.checkMacaroonIssuer(macaroon)104 return issuer.checkMacaroonIssuer(macaroon)
105105
106 def _performLookup(self, path, auth_params):106 def _performLookup(self, requester, path, auth_params):
107 repository, extra_path = getUtility(IGitLookup).getByPath(path)107 repository, extra_path = getUtility(IGitLookup).getByPath(path)
108 if repository is None:108 if repository is None:
109 return None109 return None
@@ -127,6 +127,13 @@
127 writable = (127 writable = (
128 repository.repository_type == GitRepositoryType.HOSTED and128 repository.repository_type == GitRepositoryType.HOSTED and
129 check_permission("launchpad.Edit", repository))129 check_permission("launchpad.Edit", repository))
130 # If we have any grants to this user, they are declared to have
131 # write access at this point. `_checkRefPermissions` will
132 # sort out access to individual refs at a later point in the push.
133 if not writable:
134 grants = naked_repository.findRuleGrantsByGrantee(requester)
135 if not grants.is_empty():
136 writable = True
130 private = repository.private137 private = repository.private
131 return {138 return {
132 "path": hosting_path,139 "path": hosting_path,
@@ -282,11 +289,11 @@
282 if requester == LAUNCHPAD_ANONYMOUS:289 if requester == LAUNCHPAD_ANONYMOUS:
283 requester = None290 requester = None
284 try:291 try:
285 result = self._performLookup(path, auth_params)292 result = self._performLookup(requester, path, auth_params)
286 if (result is None and requester is not None and293 if (result is None and requester is not None and
287 permission == "write"):294 permission == "write"):
288 self._createRepository(requester, path)295 self._createRepository(requester, path)
289 result = self._performLookup(path, auth_params)296 result = self._performLookup(requester, path, auth_params)
290 if result is None:297 if result is None:
291 raise faults.GitRepositoryNotFound(path)298 raise faults.GitRepositoryNotFound(path)
292 if permission != "read" and not result["writable"]:299 if permission != "read" and not result["writable"]:
293300
=== modified file 'lib/lp/code/xmlrpc/tests/test_git.py'
--- lib/lp/code/xmlrpc/tests/test_git.py 2018-10-18 15:07:49 +0000
+++ lib/lp/code/xmlrpc/tests/test_git.py 2018-10-23 16:37:06 +0000
@@ -266,6 +266,48 @@
266 self.assertEqual(266 self.assertEqual(
267 initial_count, getUtility(IAllGitRepositories).count())267 initial_count, getUtility(IAllGitRepositories).count())
268268
269 def test_translatePath_grant_to_other(self):
270 requester = self.factory.makePerson()
271 other_person = self.factory.makePerson()
272 repository = self.factory.makeGitRepository(owner=requester)
273 rule = self.factory.makeGitRule(
274 repository, ref_pattern=u'refs/heads/stable/next')
275 self.factory.makeGitRuleGrant(
276 rule=rule, grantee=other_person,
277 can_force_push=True)
278 path = u"/%s" % repository.unique_name
279 self.assertTranslates(
280 other_person, path, repository, True, private=False)
281
282 def test_translatePath_grant_but_no_access(self):
283 requester = self.factory.makePerson()
284 grant_person = self.factory.makePerson()
285 other_person = self.factory.makePerson()
286 repository = self.factory.makeGitRepository(owner=requester)
287 rule = self.factory.makeGitRule(
288 repository, ref_pattern=u'refs/heads/stable/next')
289 self.factory.makeGitRuleGrant(
290 rule=rule, grantee=grant_person,
291 can_force_push=True)
292 path = u"/%s" % repository.unique_name
293 self.assertTranslates(
294 other_person, path, repository, False, private=False)
295
296 def test_translatePath_grant_to_other_private(self):
297 requester = self.factory.makePerson()
298 other_person = self.factory.makePerson()
299 repository = removeSecurityProxy(
300 self.factory.makeGitRepository(
301 owner=requester, information_type=InformationType.USERDATA))
302 rule = self.factory.makeGitRule(
303 repository, ref_pattern=u'refs/heads/stable/next')
304 self.factory.makeGitRuleGrant(
305 rule=rule, grantee=other_person,
306 can_force_push=True)
307 path = u"/%s" % repository.unique_name
308 self.assertGitRepositoryNotFound(
309 other_person, path, can_authenticate=True)
310
269 def _make_scenario_one_repository(self):311 def _make_scenario_one_repository(self):
270 user_a = self.factory.makePerson()312 user_a = self.factory.makePerson()
271 user_b = self.factory.makePerson()313 user_b = self.factory.makePerson()