launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #03918
Permission checks in the model (was: Re: warning: we will soon have much noise in the test results...)
On Mon, 26 Jul 2010 11:15:01 +0100, Jonathan Lange <jml@xxxxxxxxxxxxx> wrote:
> (Poking around will also find model code that checks for
> permissions or even duplicates the logic found in
> canonical/launchpad/security.py).
Could someone provide some guidance as to how to do this well. I was
asked to make the Specification model object safe to export by moving
some code out of the view in to the model.
One of the pieces of code was in proposeGoal(), in the view:
# do the stuff to propose the goal
specification.proposeGoal(goal, user)
if check_permission('launchpad.Driver', goal):
# approve the proposition automatically
...
As this should happen if you propose the goal over the API I wanted to
move this down to the model.
The signature of proposeGoal() is
def proposeGoal(self, goal, proposer):
...
Therefore I want to check in there whether the proposer has
launchpad.Driver on the goal.
check_permission doesn't work for that, and using the code in
security.py is tricky as it requires getting an interaction for
proposer, which seems wrong somehow.
What I found, by looking at bug nomination acceptence, which is similar,
was
is_driver = False
for driver in goal.drivers:
if proposer.inTeam(driver):
is_driver = True
break
if is_driver:
self.acceptBy(proposer)
which also seems wrong.
What should I be doing?
- What I did?
- Don't do this in the model?
- Change the API so that check_permission works?
- Use the security.py code, possibly writing a helper to get an
interaction for a person without logging them in, and passing this
to checkAuthenticated().
- Something else?
Thanks,
James
Follow ups
References
