Launchpad itself

Merge lp:~wgrant/launchpad/bug-1489674 into lp:launchpad

  1. bug-1489674
  2. Merge into devel
Proposed by William Grant
Status: Merged
Merged at revision: 17704
Proposed branch: lp:~wgrant/launchpad/bug-1489674
Merge into: lp:launchpad
Diff against target: 69 lines (+27/-5)
2 files modified
lib/lp/bugs/mail/bugnotificationbuilder.py (+1/-1)
lib/lp/bugs/mail/tests/test_bugnotificationbuilder.py (+26/-4)
To merge this branch: bzr merge lp:~wgrant/launchpad/bug-1489674
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+269480@code.launchpad.net

Commit message

Fix BugNotificationBuilder to always removeSecurityProxy before it touches a potentially private person.

Description of the change

BugNotificationBuilder.build has to handle invisible private teams, and already uses removeSecurityProxy in places, but it fails to bypass the proxy when retrieving expanded_notification_footers. See OOPS-cf057b82417ad315c3b7a858ca8237ba for an example.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/bugs/mail/bugnotificationbuilder.py'
2--- lib/lp/bugs/mail/bugnotificationbuilder.py 2015-07-31 14:46:31 +0000
3+++ lib/lp/bugs/mail/bugnotificationbuilder.py 2015-08-28 09:05:40 +0000
4@@ -215,7 +215,7 @@
5 # XXX cjwatson 2015-07-31: This is cloned-and-hacked from
6 # BaseMailer; it would ultimately be better to convert bug
7 # notifications to that framework.
8- if to_person.expanded_notification_footers:
9+ if removeSecurityProxy(to_person).expanded_notification_footers:
10 lines = []
11 for key, value in headers:
12 if key.startswith('X-Launchpad-'):
13
14=== modified file 'lib/lp/bugs/mail/tests/test_bugnotificationbuilder.py'
15--- lib/lp/bugs/mail/tests/test_bugnotificationbuilder.py 2015-07-31 14:46:31 +0000
16+++ lib/lp/bugs/mail/tests/test_bugnotificationbuilder.py 2015-08-28 09:05:40 +0000
17@@ -6,16 +6,21 @@
18 from datetime import datetime
19
20 import pytz
21+from zope.security.interfaces import Unauthorized
22
23 from lp.bugs.mail.bugnotificationbuilder import BugNotificationBuilder
24-from lp.testing import TestCaseWithFactory
25-from lp.testing.layers import ZopelessDatabaseLayer
26+from lp.registry.enums import PersonVisibility
27+from lp.testing import (
28+ person_logged_in,
29+ TestCaseWithFactory,
30+ )
31+from lp.testing.layers import DatabaseFunctionalLayer
32
33
34 class TestBugNotificationBuilder(TestCaseWithFactory):
35 """Test emails sent when subscribed by someone else."""
36
37- layer = ZopelessDatabaseLayer
38+ layer = DatabaseFunctionalLayer
39
40 def setUp(self):
41 # Run the tests as a logged-in user.
42@@ -71,9 +76,26 @@
43 # Recipients with expanded_notification_footers receive an expanded
44 # footer on messages.
45 utc_now = datetime.now(pytz.UTC)
46- self.bug.owner.expanded_notification_footers = True
47+ with person_logged_in(self.bug.owner):
48+ self.bug.owner.expanded_notification_footers = True
49 message = self.builder.build(
50 'from', self.bug.owner, 'body', 'subject', utc_now, filters=[])
51 self.assertIn(
52 "\n-- \nLaunchpad-Notification-Type: bug\n",
53 message.get_payload(decode=True))
54+
55+ def test_private_team(self):
56+ # Recipients can be invisible private teams, as
57+ # BugNotificationBuilder runs in the context of the user making
58+ # the change. They work fine.
59+ private_team = self.factory.makeTeam(
60+ visibility=PersonVisibility.PRIVATE, email="private@example.com")
61+ random = self.factory.makePerson()
62+ with person_logged_in(random):
63+ self.assertRaises(
64+ Unauthorized, getattr, private_team,
65+ 'expanded_notification_footers')
66+ utc_now = datetime.now(pytz.UTC)
67+ message = self.builder.build(
68+ 'from', private_team, 'body', 'subject', utc_now, filters=[])
69+ self.assertIn("private@example.com", str(message))