launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #13486
[Merge] lp:~abentley/launchpad/flag-enables-privacy-checks into lp:launchpad
Aaron Bentley has proposed merging lp:~abentley/launchpad/flag-enables-privacy-checks into lp:launchpad.
Commit message:
Provide disclosure.private_project.traversal_override.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
Bug #1067771 in Launchpad itself: "disabling private_projects does not restore service to users"
https://bugs.launchpad.net/launchpad/+bug/1067771
For more details, see:
https://code.launchpad.net/~abentley/launchpad/flag-enables-privacy-checks/+merge/130185
= Summary =
Ensure that enabling project privacy on qastaging doesn't make it unusable for non-users.
== Proposed fix ==
Introduce disclosure.private_project.traversal_override
== Pre-implementation notes ==
Brief discussion with deryck
== LOC Rationale ==
Part of Private Projects
== Implementation details ==
Updates ViewProduct to use userCanView for anonymous users.
Adds disclosure.private_project.traversal_override flag.
== Tests ==
bin/test -t test_anonymous_traversal_override -t test_userCanView_override
== Demo and Q/A ==
- Create a proprietary product.
- Log in as an unprivileged user.
- Attempt to view the product. You should be unable to see it.
- Log out.
- Attempt to view the product. You should be unable to see it.
- Enable disclosure.private_project.traversal_override for all users.
- Log in as an unprivileged user.
- Attempt to view the product. You should be able to see it.
- Log out.
- Attempt to view the product. You should be able to see it.
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
lib/lp/security.py
lib/lp/services/features/flags.py
lib/lp/registry/model/product.py
lib/lp/registry/tests/test_product.py
--
https://code.launchpad.net/~abentley/launchpad/flag-enables-privacy-checks/+merge/130185
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~abentley/launchpad/flag-enables-privacy-checks into lp:launchpad.
=== modified file 'lib/lp/registry/model/product.py'
--- lib/lp/registry/model/product.py 2012-10-16 14:28:22 +0000
+++ lib/lp/registry/model/product.py 2012-10-17 18:06:23 +0000
@@ -197,6 +197,7 @@
SQLBase,
sqlvalues,
)
+from lp.services.features import getFeatureFlag
from lp.services.propertycache import (
cachedproperty,
get_property_cache,
@@ -1533,6 +1534,8 @@
def userCanView(self, user):
"""See `IProductPublic`."""
+ if getFeatureFlag('disclosure.private_project.traversal_override'):
+ return True
if self.information_type in PUBLIC_INFORMATION_TYPES:
return True
if user is None:
=== modified file 'lib/lp/registry/tests/test_product.py'
--- lib/lp/registry/tests/test_product.py 2012-10-16 00:57:45 +0000
+++ lib/lp/registry/tests/test_product.py 2012-10-17 18:06:23 +0000
@@ -61,7 +61,6 @@
IAccessPolicySource,
)
from lp.registry.interfaces.oopsreferences import IHasOOPSReferences
-from lp.registry.interfaces.person import IPersonSet
from lp.registry.interfaces.product import (
IProduct,
IProductSet,
@@ -76,6 +75,7 @@
)
from lp.registry.model.productlicense import ProductLicense
from lp.services.database.lpstorm import IStore
+from lp.services.features.testing import FeatureFixture
from lp.services.webapp.authorization import check_permission
from lp.testing import (
celebrity_logged_in,
@@ -892,6 +892,28 @@
product.userCanView(user)
product.userCanView(IPersonRoles(user))
+ def test_userCanView_override(self):
+ # userCanView is overridden by the traversal override.
+ product = self.factory.makeProduct(
+ information_type=InformationType.PROPRIETARY)
+ unprivileged = self.factory.makePerson()
+ with person_logged_in(unprivileged):
+ with FeatureFixture(
+ {'disclosure.private_project.traversal_override': 'on'}):
+ self.assertTrue(product.userCanView(unprivileged))
+ self.assertFalse(product.userCanView(unprivileged))
+
+ def test_anonymous_traversal_override(self):
+ # The traversal override affects the permissions granted to anonymous
+ # users.
+ product = self.factory.makeProduct(
+ information_type=InformationType.PROPRIETARY)
+ with person_logged_in(None):
+ with FeatureFixture(
+ {'disclosure.private_project.traversal_override': 'on'}):
+ self.assertTrue(check_permission('launchpad.View', product))
+ self.assertFalse(check_permission('launchpad.View', product))
+
class TestProductBugInformationTypes(TestCaseWithFactory):
=== modified file 'lib/lp/security.py'
--- lib/lp/security.py 2012-10-12 14:53:10 +0000
+++ lib/lp/security.py 2012-10-17 18:06:23 +0000
@@ -29,7 +29,6 @@
from lp.answers.interfaces.questionmessage import IQuestionMessage
from lp.answers.interfaces.questionsperson import IQuestionsPerson
from lp.answers.interfaces.questiontarget import IQuestionTarget
-from lp.app.enums import PUBLIC_INFORMATION_TYPES
from lp.app.interfaces.launchpad import ILaunchpadCelebrities
from lp.app.interfaces.security import IAuthorization
from lp.app.security import (
@@ -433,7 +432,7 @@
return self.obj.userCanView(user)
def checkUnauthenticated(self):
- return self.obj.information_type in PUBLIC_INFORMATION_TYPES
+ return self.obj.userCanView(None)
class ChangeProduct(ViewProduct):
=== modified file 'lib/lp/services/features/flags.py'
--- lib/lp/services/features/flags.py 2012-10-12 03:11:38 +0000
+++ lib/lp/services/features/flags.py 2012-10-17 18:06:23 +0000
@@ -238,6 +238,12 @@
'disabled',
'',
'https://dev.launchpad.net/LEP/PrivateProjects'),
+ ('disclosure.private_project.traversal_override',
+ 'boolean',
+ 'If set, allow all users to traverse to private projects.',
+ 'Traversal to private projects requires special access.',
+ 'Override traveral checks.',
+ 'https://dev.launchpad.net/LEP/PrivateProjects'),
])
Follow ups
