launchpad-dev team mailing list archive

Thread
Date

Re: Chaining security adapters

To: Brad Crittenden <brad.crittenden@xxxxxxxxxxxxx>
From: Danilo Šegan <danilo@xxxxxxxxxxxxx>
Date: Mon, 12 Sep 2011 11:12:00 +0200
Cc: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <BA8A52AF-C7DD-4D21-ACCC-E57E812567A4@canonical.com>
Organization: Canonical Ltd.

Hi Brad,

У уто, 06. 09 2011. у 08:32 -0400, Brad Crittenden пише:
> Last week I fixed a bug[1] that was caused by one of the security adapters delegating to another one by explicitly naming it.  Unfortunately the named one was not appropriate.  The fix was to not hard-code the adapter but to use getAdapter to let the machinery find the correct one.
> 
> After fixing that single instance Francis asked that I look at all of the places we do something similar in our various security.py files.  There were many.  I opened [2] to track fixing them.
> 
> It is a common pattern for one object to defer to a child object's security adapter, e.g. the security rules for viewing a bug attachment are the same as for the associated bug, so the security adapter for the bug attachment forwards to the adapter for the bug.
> 
> To remove the hard-coded names and facilitate this pattern of forwarding via lookup I created a new base class called ForwardedAuthorization.
> 
> Here is a diff of the change to use the new class.  It shows forwarding to the child 'archive' and using a different permission, 'launchpad.Append' instead of the original 'launchpad.Edit'.  The permission is optional and should be omitted if it is the same as the original.
> 
> 284   -class EditPublishing(AuthorizationBase):
> 285	+class EditPublishing(ForwardedAuthorization):
> 286	     """Restrict editing of source and binary packages.."""
> 287	     permission = "launchpad.Edit"
> 288	     usedfor = IPublishingEdit
> 289	 
> 290	-    def checkAuthenticated(self, user):
> 291	-        return AppendArchive(self.obj.archive).checkAuthenticated(user)
> 292	+    def __init__(self, obj):
> 293	+        super(EditPublishing, self).__init__(obj.archive, 'launchpad.Append')
> 294	 
> 
> Please use this new class when you need to follow the forwarding pattern.  My branch should land today.

How does this relate to the forwardCheckAuthenticated Henning (I think)
implemented a while back?  Is it not the same thing, essentially?

Cheers,
Danilo

References

Chaining security adapters
From: Brad Crittenden, 2011-09-06