launchpad-reviewers team mailing list archive

[Abel Deuring <abel.deuring@xxxxxxxxxxxxx>]

On 03.10.2012 08:10, Steve Kowalik wrote:
> Review: Needs Fixing code
> 
> 33	+ store = Store.of(self)
> 34	+ grants_for_user = store.using(
> 35	+ AccessPolicy,
> 36	+ Join(
> 37	+ AccessPolicyGrant,
> 38	+ And(
> 39	+ AccessPolicyGrant.policy_id == AccessPolicy.id,
> 40	+ AccessPolicyGrant.grantee_id == user.id))).find(
> 41	+ AccessPolicyGrant,
> 42	+ AccessPolicy.product_id == self.id,
> 43	+ AccessPolicy.type == self.information_type)
> 44	+ if grants_for_user.is_empty():
> 45	+ return False

Sure, done. I simply forgot that we we have some infrastructure to deal
with accesss grants...

> 
> This looks remarkably like IAccessPolicyGrant.find() ? Can you just call into that?
> 
> 223	+ owner = product.owner
> 227	+ self.makeAccessPolicyGrant(policy, grantee=owner)
> 
> Surely you can just say grantee=product.owner?

Not directly:

            naked_product.information_type = information_type
            if information_type in PROPRIETARY_INFORMATION_TYPES:
                policy = self.makeAccessPolicy(product,
                                               information_type)
                self.makeAccessPolicyGrant(
                    policy, grantee=naked_product.owner)

The change of information_type in the first line above lets userCanView
check if the current user has a grant when the attribute "owner" of
product is retrieved in the last line. But najed_product works of course.



-- 
https://code.launchpad.net/~adeuring/launchpad/correct-permission-check-for-iproduct/+merge/127518
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.