launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #00957
[Merge] lp:~allenap/launchpad/move-bugs-security-adapters-bug-635080 into lp:launchpad/devel
Gavin Panella has proposed merging lp:~allenap/launchpad/move-bugs-security-adapters-bug-635080 into lp:launchpad/devel.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
#635080 Move bugs-specific security adapters to lp.bugs.
https://bugs.launchpad.net/bugs/635080
This moves the bugs specific security adapters from c.l.security to lp.bugs.security. It's an almost entirely mechanical move; I've not changed any logic in the adapters.
--
https://code.launchpad.net/~allenap/launchpad/move-bugs-security-adapters-bug-635080/+merge/35132
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~allenap/launchpad/move-bugs-security-adapters-bug-635080 into lp:launchpad/devel.
=== modified file 'lib/canonical/launchpad/security.py'
--- lib/canonical/launchpad/security.py 2010-09-03 16:43:11 +0000
+++ lib/canonical/launchpad/security.py 2010-09-10 16:29:43 +0000
@@ -6,7 +6,10 @@
"""Security policies for using content objects."""
__metaclass__ = type
-__all__ = ['AuthorizationBase']
+__all__ = [
+ 'AnonymousAuthorization',
+ 'AuthorizationBase',
+ ]
from zope.component import (
getAdapter,
@@ -21,7 +24,6 @@
from canonical.launchpad.interfaces.account import IAccount
from canonical.launchpad.interfaces.emailaddress import IEmailAddress
from canonical.launchpad.interfaces.launchpad import (
- IHasBug,
IHasDrivers,
ILaunchpadCelebrities,
IPersonRoles,
@@ -29,7 +31,6 @@
from canonical.launchpad.interfaces.librarian import (
ILibraryFileAliasWithParent,
)
-from canonical.launchpad.interfaces.message import IMessage
from canonical.launchpad.interfaces.oauth import (
IOAuthAccessToken,
IOAuthRequestToken,
@@ -50,13 +51,6 @@
)
from lp.blueprints.interfaces.sprint import ISprint
from lp.blueprints.interfaces.sprintspecification import ISprintSpecification
-from lp.bugs.interfaces.bug import IBug
-from lp.bugs.interfaces.bugattachment import IBugAttachment
-from lp.bugs.interfaces.bugbranch import IBugBranch
-from lp.bugs.interfaces.bugnomination import IBugNomination
-from lp.bugs.interfaces.bugsubscription import IBugSubscription
-from lp.bugs.interfaces.bugtracker import IBugTracker
-from lp.bugs.interfaces.bugwatch import IBugWatch
from lp.buildmaster.interfaces.builder import (
IBuilder,
IBuilderSet,
@@ -399,14 +393,6 @@
usedfor = IOAuthRequestToken
-class EditBugNominationStatus(AuthorizationBase):
- permission = 'launchpad.Driver'
- usedfor = IBugNomination
-
- def checkAuthenticated(self, user):
- return self.obj.canApprove(user.person)
-
-
class EditByOwnersOrAdmins(AuthorizationBase):
permission = 'launchpad.Edit'
usedfor = IHasOwner
@@ -991,115 +977,6 @@
return EditByOwnersOrAdmins.checkAuthenticated(self, user)
-class EditBugTask(AuthorizationBase):
- """Permission checker for editing objects linked to a bug.
-
- Allow any logged-in user to edit objects linked to public
- bugs. Allow only explicit subscribers to edit objects linked to
- private bugs.
- """
- permission = 'launchpad.Edit'
- usedfor = IHasBug
-
- def checkAuthenticated(self, user):
- # Delegated entirely to the bug.
- return self.obj.bug.userCanView(user)
-
-
-class PublicToAllOrPrivateToExplicitSubscribersForBugTask(AuthorizationBase):
- permission = 'launchpad.View'
- usedfor = IHasBug
-
- def checkAuthenticated(self, user):
- return self.obj.bug.userCanView(user.person)
-
- def checkUnauthenticated(self):
- """Allow anonymous users to see non-private bugs only."""
- return not self.obj.bug.private
-
-
-class EditPublicByLoggedInUserAndPrivateByExplicitSubscribers(
- AuthorizationBase):
- permission = 'launchpad.Edit'
- usedfor = IBug
-
- def checkAuthenticated(self, user):
- """Allow any logged in user to edit a public bug, and only
- explicit subscribers to edit private bugs. Any bug that can be seen can
- be edited.
- """
- return self.obj.userCanView(user)
-
- def checkUnauthenticated(self):
- """Never allow unauthenticated users to edit a bug."""
- return False
-
-
-class PublicToAllOrPrivateToExplicitSubscribersForBug(AuthorizationBase):
- permission = 'launchpad.View'
- usedfor = IBug
-
- def checkAuthenticated(self, user):
- """Allow any user to see non-private bugs, but only explicit
- subscribers to see private bugs.
- """
- return self.obj.userCanView(user.person)
-
- def checkUnauthenticated(self):
- """Allow anonymous users to see non-private bugs only."""
- return not self.obj.private
-
-
-class EditBugBranch(EditPublicByLoggedInUserAndPrivateByExplicitSubscribers):
- permission = 'launchpad.Edit'
- usedfor = IBugBranch
-
- def __init__(self, bug_branch):
- # The same permissions as for the BugBranch's bug should apply
- # to the BugBranch itself.
- EditPublicByLoggedInUserAndPrivateByExplicitSubscribers.__init__(
- self, bug_branch.bug)
-
-
-class ViewBugAttachment(PublicToAllOrPrivateToExplicitSubscribersForBug):
- """Security adapter for viewing a bug attachment.
-
- If the user is authorized to view the bug, he's allowed to view the
- attachment.
- """
- permission = 'launchpad.View'
- usedfor = IBugAttachment
-
- def __init__(self, bugattachment):
- PublicToAllOrPrivateToExplicitSubscribersForBug.__init__(
- self, bugattachment.bug)
-
-
-class EditBugAttachment(
- EditPublicByLoggedInUserAndPrivateByExplicitSubscribers):
- """Security adapter for editing a bug attachment.
-
- If the user is authorized to view the bug, he's allowed to edit the
- attachment.
- """
- permission = 'launchpad.Edit'
- usedfor = IBugAttachment
-
- def __init__(self, bugattachment):
- EditPublicByLoggedInUserAndPrivateByExplicitSubscribers.__init__(
- self, bugattachment.bug)
-
-
-class ViewBugSubscription(AnonymousAuthorization):
-
- usedfor = IBugSubscription
-
-
-class ViewBugMessage(AnonymousAuthorization):
-
- usedfor = IMessage
-
-
class ViewAnnouncement(AuthorizationBase):
permission = 'launchpad.View'
usedfor = IAnnouncement
@@ -1418,20 +1295,6 @@
user.inTeam(translation_group.owner)))
-class ViewBugTracker(AnonymousAuthorization):
- """Anyone can view a bug tracker."""
- usedfor = IBugTracker
-
-
-class EditBugTracker(AuthorizationBase):
- permission = 'launchpad.Edit'
- usedfor = IBugTracker
-
- def checkAuthenticated(self, user):
- """Any logged-in user can edit a bug tracker."""
- return True
-
-
class EditProductRelease(EditByOwnersOrAdmins):
permission = 'launchpad.Edit'
usedfor = IProductRelease
@@ -2580,24 +2443,3 @@
if parent is None:
return False
return check_permission(self.permission, parent)
-
-
-class AdminBugTracker(AuthorizationBase):
- permission = 'launchpad.Admin'
- usedfor = IBugTracker
-
- def checkAuthenticated(self, user):
- return (
- user.in_janitor or
- user.in_admin or
- user.in_launchpad_developers)
-
-
-class AdminBugWatch(AuthorizationBase):
- permission = 'launchpad.Admin'
- usedfor = IBugWatch
-
- def checkAuthenticated(self, user):
- return (
- user.in_admin or
- user.in_launchpad_developers)
=== modified file 'lib/lp/bugs/configure.zcml'
--- lib/lp/bugs/configure.zcml 2010-09-01 12:47:32 +0000
+++ lib/lp/bugs/configure.zcml 2010-09-10 16:29:43 +0000
@@ -10,6 +10,8 @@
xmlns:lp="http://namespaces.canonical.com/lp";
i18n_domain="launchpad">
+ <authorizations module=".security" />
+
<include package=".browser"/>
<publisher
=== added file 'lib/lp/bugs/security.py'
--- lib/lp/bugs/security.py 1970-01-01 00:00:00 +0000
+++ lib/lp/bugs/security.py 2010-09-10 16:29:43 +0000
@@ -0,0 +1,173 @@
+# Copyright 2010 Canonical Ltd. This software is licensed under the
+# GNU Affero General Public License version 3 (see the file LICENSE).
+
+"""Security adapters for the bugs module."""
+
+__metaclass__ = type
+__all__ = []
+
+from canonical.launchpad.interfaces.launchpad import IHasBug
+from canonical.launchpad.interfaces.message import IMessage
+from canonical.launchpad.security import (
+ AnonymousAuthorization,
+ AuthorizationBase,
+ )
+from lp.bugs.interfaces.bug import IBug
+from lp.bugs.interfaces.bugattachment import IBugAttachment
+from lp.bugs.interfaces.bugbranch import IBugBranch
+from lp.bugs.interfaces.bugnomination import IBugNomination
+from lp.bugs.interfaces.bugsubscription import IBugSubscription
+from lp.bugs.interfaces.bugtracker import IBugTracker
+from lp.bugs.interfaces.bugwatch import IBugWatch
+
+
+class EditBugNominationStatus(AuthorizationBase):
+ permission = 'launchpad.Driver'
+ usedfor = IBugNomination
+
+ def checkAuthenticated(self, user):
+ return self.obj.canApprove(user.person)
+
+
+class EditBugTask(AuthorizationBase):
+ """Permission checker for editing objects linked to a bug.
+
+ Allow any logged-in user to edit objects linked to public
+ bugs. Allow only explicit subscribers to edit objects linked to
+ private bugs.
+ """
+ permission = 'launchpad.Edit'
+ usedfor = IHasBug
+
+ def checkAuthenticated(self, user):
+ # Delegated entirely to the bug.
+ return self.obj.bug.userCanView(user)
+
+
+class PublicToAllOrPrivateToExplicitSubscribersForBugTask(AuthorizationBase):
+ permission = 'launchpad.View'
+ usedfor = IHasBug
+
+ def checkAuthenticated(self, user):
+ return self.obj.bug.userCanView(user.person)
+
+ def checkUnauthenticated(self):
+ """Allow anonymous users to see non-private bugs only."""
+ return not self.obj.bug.private
+
+
+class EditPublicByLoggedInUserAndPrivateByExplicitSubscribers(
+ AuthorizationBase):
+ permission = 'launchpad.Edit'
+ usedfor = IBug
+
+ def checkAuthenticated(self, user):
+ """Allow any logged in user to edit a public bug, and only
+ explicit subscribers to edit private bugs. Any bug that can be seen can
+ be edited.
+ """
+ return self.obj.userCanView(user)
+
+ def checkUnauthenticated(self):
+ """Never allow unauthenticated users to edit a bug."""
+ return False
+
+
+class PublicToAllOrPrivateToExplicitSubscribersForBug(AuthorizationBase):
+ permission = 'launchpad.View'
+ usedfor = IBug
+
+ def checkAuthenticated(self, user):
+ """Allow any user to see non-private bugs, but only explicit
+ subscribers to see private bugs.
+ """
+ return self.obj.userCanView(user.person)
+
+ def checkUnauthenticated(self):
+ """Allow anonymous users to see non-private bugs only."""
+ return not self.obj.private
+
+
+class EditBugBranch(EditPublicByLoggedInUserAndPrivateByExplicitSubscribers):
+ permission = 'launchpad.Edit'
+ usedfor = IBugBranch
+
+ def __init__(self, bug_branch):
+ # The same permissions as for the BugBranch's bug should apply
+ # to the BugBranch itself.
+ EditPublicByLoggedInUserAndPrivateByExplicitSubscribers.__init__(
+ self, bug_branch.bug)
+
+
+class ViewBugAttachment(PublicToAllOrPrivateToExplicitSubscribersForBug):
+ """Security adapter for viewing a bug attachment.
+
+ If the user is authorized to view the bug, he's allowed to view the
+ attachment.
+ """
+ permission = 'launchpad.View'
+ usedfor = IBugAttachment
+
+ def __init__(self, bugattachment):
+ PublicToAllOrPrivateToExplicitSubscribersForBug.__init__(
+ self, bugattachment.bug)
+
+
+class EditBugAttachment(
+ EditPublicByLoggedInUserAndPrivateByExplicitSubscribers):
+ """Security adapter for editing a bug attachment.
+
+ If the user is authorized to view the bug, he's allowed to edit the
+ attachment.
+ """
+ permission = 'launchpad.Edit'
+ usedfor = IBugAttachment
+
+ def __init__(self, bugattachment):
+ EditPublicByLoggedInUserAndPrivateByExplicitSubscribers.__init__(
+ self, bugattachment.bug)
+
+
+class ViewBugSubscription(AnonymousAuthorization):
+
+ usedfor = IBugSubscription
+
+
+class ViewBugMessage(AnonymousAuthorization):
+
+ usedfor = IMessage
+
+
+class ViewBugTracker(AnonymousAuthorization):
+ """Anyone can view a bug tracker."""
+ usedfor = IBugTracker
+
+
+class EditBugTracker(AuthorizationBase):
+ permission = 'launchpad.Edit'
+ usedfor = IBugTracker
+
+ def checkAuthenticated(self, user):
+ """Any logged-in user can edit a bug tracker."""
+ return True
+
+
+class AdminBugTracker(AuthorizationBase):
+ permission = 'launchpad.Admin'
+ usedfor = IBugTracker
+
+ def checkAuthenticated(self, user):
+ return (
+ user.in_janitor or
+ user.in_admin or
+ user.in_launchpad_developers)
+
+
+class AdminBugWatch(AuthorizationBase):
+ permission = 'launchpad.Admin'
+ usedfor = IBugWatch
+
+ def checkAuthenticated(self, user):
+ return (
+ user.in_admin or
+ user.in_launchpad_developers)
