launchpad-reviewers team mailing list archive

[Ian Booth <ian.booth@xxxxxxxxxxxxx>]

Ian Booth has proposed merging lp:~wallyworld/launchpad/access-policy-grant-bug-search-994356 into lp:launchpad.

Requested reviews:
  William Grant (wgrant)
Related bugs:
  Bug #994356 in Launchpad itself: "searching using bugtaskflat does not respect access policy grants"
  https://bugs.launchpad.net/launchpad/+bug/994356

For more details, see:
https://code.launchpad.net/~wallyworld/launchpad/access-policy-grant-bug-search-994356/+merge/104674

== Implementation ==

Add an extra query clause to _get_bug_privacy_filter_with_decorator so that bugs belonging to a pillar where the use has access via a policy grant are returned.

== Tests ==

Add a test to the bugtask.txt doc test.

== Lint ==

Checking for conflicts and issues in changed files.

Linting changed files:
  lib/lp/bugs/doc/bugtask.txt
  lib/lp/bugs/model/bugtasksearch.py

-- 
https://code.launchpad.net/~wallyworld/launchpad/access-policy-grant-bug-search-994356/+merge/104674
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.

=== modified file 'lib/lp/bugs/doc/bugtask.txt'
--- lib/lp/bugs/doc/bugtask.txt	2012-03-21 12:41:20 +0000
+++ lib/lp/bugs/doc/bugtask.txt	2012-05-04 06:01:19 +0000
@@ -774,6 +774,27 @@
     >>> print sorted(bug_ids)
     [1, 4, 5]
 
+We can create an access policy grant on the pillar to which the bug is
+targeted and No Privileges Person will have access to the private bug.
+
+    >>> from lp.registry.enums import InformationType
+    >>> from lp.registry.interfaces.accesspolicy import (
+    ...     IAccessPolicyGrantSource,
+    ...     IAccessPolicySource,
+    ...     )
+    >>> aps = getUtility(IAccessPolicySource)
+    >>> [policy] = aps.find(
+    ...     [(upstream_mozilla, InformationType.USERDATA)])
+    >>> apgs = getUtility(IAccessPolicyGrantSource)
+    >>> grant = apgs.grant([(policy, mr_no_privs, ubuntu_team)])
+    >>> bugtasks = upstream_mozilla.searchTasks(params)
+    >>> print bugtasks.count()
+    4
+    >>> bug_ids = [bt.bug.id for bt in bugtasks]
+    >>> print sorted(bug_ids)
+    [1, 4, 5, 6]
+    >>> apgs.revoke([(policy, mr_no_privs)])
+
 
 Open bugtask count for a given list of projects
 -----------------------------------------------

=== modified file 'lib/lp/bugs/model/bugtasksearch.py'
--- lib/lp/bugs/model/bugtasksearch.py	2012-05-02 23:01:55 +0000
+++ lib/lp/bugs/model/bugtasksearch.py	2012-05-04 06:01:19 +0000
@@ -1431,10 +1431,19 @@
         return "", _nocache_bug_decorator
 
     if use_flat:
-        query = ("""
+        artifact_grant_query = ("""
             BugTaskFlat.access_grants &&
             (SELECT array_agg(team) FROM teamparticipation WHERE person = %d)
             """ % user.id)
+        policy_grant_query = ("""
+            BugTaskFlat.access_policies &&
+            (SELECT array_agg(policy) FROM
+                accesspolicygrant
+                JOIN teamparticipation
+                    ON teamparticipation.team = accesspolicygrant.grantee
+                WHERE person = %d)
+            """ % user.id)
+        query = "%s OR %s" % (artifact_grant_query, policy_grant_query)
     else:
         # A subselect is used here because joining through
         # TeamParticipation is only relevant to the "user-aware"