launchpad-reviewers team mailing list archive

Thread
Date

[Merge] lp:~stevenk/launchpad/drop-bug-limitedview into lp:launchpad

To: mp+95490@xxxxxxxxxxxxxxxxxx
From: Steve Kowalik <stevenk@xxxxxxxxxx>
Date: Fri, 02 Mar 2012 00:24:18 -0000
Reply-to: mp+95490@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Steve Kowalik has proposed merging lp:~stevenk/launchpad/drop-bug-limitedview into lp:launchpad.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~stevenk/launchpad/drop-bug-limitedview/+merge/95490

Drop the security adapter for LimitedView on IBug. It was not very well thought out, since all of the views are on IBugTask, and we can not disclose anything about any of the bug tasks. It's not going to go any further, so it's best to kick it out of the tree.
-- 
https://code.launchpad.net/~stevenk/launchpad/drop-bug-limitedview/+merge/95490
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~stevenk/launchpad/drop-bug-limitedview into lp:launchpad.

=== modified file 'lib/lp/bugs/security.py'
--- lib/lp/bugs/security.py	2012-02-23 05:10:33 +0000
+++ lib/lp/bugs/security.py	2012-03-02 00:23:18 +0000
@@ -252,30 +252,3 @@
         return (
             self.obj.structural_subscription is None or
             user.inTeam(self.obj.structural_subscription.subscriber))
-
-
-class PublicOrPrivateBugExistence(AuthorizationBase):
-    """Restrict knowing about the existence of bugs.
-
-    Knowing the existence of a private bug allow traversing to its URL and
-    displaying the bug number.
-    """
-    permission = 'launchpad.LimitedView'
-    usedfor = IBug
-
-    def checkUnauthenticated(self):
-        """Unauthenticated users can only view public bugs."""
-        return not self.obj.private
-
-    def checkAuthenticated(self, user):
-        """By default, we simply perform a View permission check.
-
-        We also grant limited viewability to users who are subscribed via
-        a duplicate bug.
-        """
-        if self.forwardCheckAuthenticated(
-            user, self.obj, 'launchpad.View'):
-            return True
-
-        return not self.obj.private or self.obj.isSubscribedToDupes(
-            user.person)

=== modified file 'lib/lp/bugs/tests/test_bug.py'
--- lib/lp/bugs/tests/test_bug.py	2012-02-22 05:54:08 +0000
+++ lib/lp/bugs/tests/test_bug.py	2012-03-02 00:23:18 +0000
@@ -22,9 +22,7 @@
     UserCannotEditBugTaskImportance,
     UserCannotEditBugTaskMilestone,
     )
-from lp.services.webapp.authorization import check_permission
 from lp.testing import (
-    celebrity_logged_in,
     person_logged_in,
     StormStatementRecorder,
     TestCaseWithFactory,
@@ -299,21 +297,3 @@
         params.setBugTarget(product=target)
         bug = getUtility(IBugSet).createBug(params)
         self.assertEqual([cve], [cve_link.cve for cve_link in bug.cve_links])
-
-
-class TestLimitedViewBugSecurityAdapter(TestCaseWithFactory):
-    layer = DatabaseFunctionalLayer
-
-    def test_user_private_bug_subscribed_to_public_dup(self):
-        # A user has limited visibility of a private bug if they are
-        # subscribed to a duplicate.
-        bug = self.factory.makeBug(private=True)
-        person = self.factory.makePerson()
-        dup = self.factory.makeBug()
-        with person_logged_in(dup.owner):
-            dup.subscribe(person, dup.owner)
-        with celebrity_logged_in('admin'):
-            dup.markAsDuplicate(bug)
-        with person_logged_in(person):
-            self.assertFalse(check_permission('launchpad.View', bug))
-            self.assertTrue(check_permission('launchpad.LimitedView', bug))