launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #00973
[Merge] lp:~sinzui/launchpad/file-api-0 into lp:launchpad/devel
Curtis Hovey has proposed merging lp:~sinzui/launchpad/file-api-0 into lp:launchpad/devel.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
#636420 release.files missing on API
https://bugs.launchpad.net/bugs/636420
This is my branch to expose ProductReleaseFile objects over the API.
lp:~sinzui/launchpad/file-api-0
Diff size: 53
Launchpad bug: https://bugs.launchpad.net/bugs/636420
Test command: ./bin/test -vv -t xx-project-registry.txt
Pre-implementation: no one
Target release: 10.10
Expose ProductReleaseFile objects over the API
----------------------------------------------
There is no anonymous security checker to view an IProductReleaseFile so the
files are not available over the API. security.py needs something like:
class ViewProductReleaseFile(AnonymousAuthorization):
"""Anyone can view an IProductReleaseFile."""
usedfor = IProductReleaseFile
This issue only affect anonymous access. Logged in user can see the files.
Rules
-----
* Add an anonymous view permission because anyone should be permitted to
see a release file.
QA
--
This API script will test that anyone can access the file:
from launchpadlib.launchpad import Launchpad, EDGE_SERVICE_ROOT
lp = Launchpad.login('testing', '', '', EDGE_SERVICE_ROOT)
project = lp.projects['drizzle']
release = project.getRelease(version='2010-08-30')
for release_file in release.files:
print release_file.name
Lint
----
Linting changed files:
lib/canonical/launchpad/security.py
lib/lp/registry/stories/webservice/xx-project-registry.txt
Test
----
* lib/lp/registry/stories/webservice/xx-project-registry.txt
* Added a test to verify that anonymous users can see the same file
that logged in users can see.
Implementation
--------------
* lib/canonical/launchpad/security.py
* Added AnonymousAuthorization for IProductReleaseFile
--
https://code.launchpad.net/~sinzui/launchpad/file-api-0/+merge/35230
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~sinzui/launchpad/file-api-0 into lp:launchpad/devel.
=== modified file 'lib/canonical/launchpad/security.py'
--- lib/canonical/launchpad/security.py 2010-09-10 16:21:21 +0000
+++ lib/canonical/launchpad/security.py 2010-09-12 16:56:04 +0000
@@ -418,6 +418,11 @@
user)
+class ViewProductReleaseFile(AnonymousAuthorization):
+ """Anyone can view an IProductReleaseFile."""
+ usedfor = IProductReleaseFile
+
+
class AdminDistributionMirrorByDistroOwnerOrMirrorAdminsOrAdmins(
AuthorizationBase):
permission = 'launchpad.Admin'
=== modified file 'lib/lp/registry/stories/webservice/xx-project-registry.txt'
--- lib/lp/registry/stories/webservice/xx-project-registry.txt 2010-07-20 17:50:45 +0000
+++ lib/lp/registry/stories/webservice/xx-project-registry.txt 2010-09-12 16:56:04 +0000
@@ -568,7 +568,9 @@
>>> project_collection = webservice.named_get(
... "/projects", "search", text="Apache").jsonBody()
- >>> projects = [project['display_name'] for project in project_collection['entries']]
+ >>> projects = [
+ ... project['display_name']
+ ... for project in project_collection['entries']]
>>> for project_name in sorted(projects):
... print project_name
Derby
@@ -1228,6 +1230,13 @@
>>> print_self_link_of_entries(ff_100_files)
http://.../firefox/1.0/1.0.0/+file/filename2.txt
+Anonymous users can access project release files.
+
+ >>> release_files = anon_webservice.get(
+ ... '/firefox/1.0/1.0.0/files').jsonBody()
+ >>> print_self_link_of_entries(release_files)
+ http://.../firefox/1.0/1.0.0/+file/filename2.txt
+
Commercial subscriptions
------------------------
@@ -1252,7 +1261,6 @@
>>> logout()
- >>> from lazr.restful.interfaces import IRepresentationCache
>>> ws_uncache(mmm)
>>> mmm = webservice.get("/mega-money-maker").jsonBody()
>>> print mmm['display_name']
