← Back to team overview

launchpad-dev team mailing list archive

  1. launchpad-dev team
  2. Mailing list archive
  3. Message #07868

Chaining security adapters

  Thread PreviousDate PreviousThread Next 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Last week I fixed a bug[1] that was caused by one of the security adapters delegating to another one by explicitly naming it.  Unfortunately the named one was not appropriate.  The fix was to not hard-code the adapter but to use getAdapter to let the machinery find the correct one.

After fixing that single instance Francis asked that I look at all of the places we do something similar in our various security.py files.  There were many.  I opened [2] to track fixing them.

It is a common pattern for one object to defer to a child object's security adapter, e.g. the security rules for viewing a bug attachment are the same as for the associated bug, so the security adapter for the bug attachment forwards to the adapter for the bug.

To remove the hard-coded names and facilitate this pattern of forwarding via lookup I created a new base class called ForwardedAuthorization.

Here is a diff of the change to use the new class.  It shows forwarding to the child 'archive' and using a different permission, 'launchpad.Append' instead of the original 'launchpad.Edit'.  The permission is optional and should be omitted if it is the same as the original.

284   -class EditPublishing(AuthorizationBase):
285	+class EditPublishing(ForwardedAuthorization):
286	     """Restrict editing of source and binary packages.."""
287	     permission = "launchpad.Edit"
288	     usedfor = IPublishingEdit
289	 
290	-    def checkAuthenticated(self, user):
291	-        return AppendArchive(self.obj.archive).checkAuthenticated(user)
292	+    def __init__(self, obj):
293	+        super(EditPublishing, self).__init__(obj.archive, 'launchpad.Append')
294	 

Please use this new class when you need to follow the forwarding pattern.  My branch should land today.

- --Brad

[1] https://bugs.launchpad.net/launchpad/+bug/828914
[2] https://bugs.launchpad.net/launchpad/+bug/839784
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iD8DBQFOZhLLyVBcNIpRAS0RAvJqAJ4slaLUn52hZVaAMegPzpR8NIG56QCdG9SD
4EG3ahPY0aqjFEB76jHM3uI=
=xlCT
-----END PGP SIGNATURE-----

Follow ups

  Thread PreviousDate PreviousThread Next