launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #13744
[Merge] lp:~adeuring/launchpad/bug-1067736 into lp:launchpad
Abel Deuring has proposed merging lp:~adeuring/launchpad/bug-1067736 into lp:launchpad.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~adeuring/launchpad/bug-1067736/+merge/131527
This branch changes Product.userCanView() so that members of the registry experts team do not get accss to al rpivate products.
Additionally, the method now calls SharingService.checkPillarAccess() to check the permission for ordinary users. This method looks also for team grants, so I added a related assertion to test_access_launchpad_View_proprietary_product().
test:
./bin/test -vvt lp.registry.tests.test_product.TestProduct.test_access_launchpad_View_proprietary_product
no lint
--
https://code.launchpad.net/~adeuring/launchpad/bug-1067736/+merge/131527
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~adeuring/launchpad/bug-1067736 into lp:launchpad.
=== modified file 'lib/lp/registry/model/product.py'
--- lib/lp/registry/model/product.py 2012-10-24 14:54:46 +0000
+++ lib/lp/registry/model/product.py 2012-10-26 07:05:25 +0000
@@ -90,6 +90,7 @@
ILaunchpadUsage,
IServiceUsage,
)
+from lp.app.interfaces.services import IService
from lp.app.model.launchpad import InformationTypeMixin
from lp.blueprints.enums import (
SpecificationFilter,
@@ -1522,25 +1523,16 @@
return False
if user.id in self._known_viewers:
return True
- # We need the plain Storm Person object for the SQL query below
- # but an IPersonRoles object for the team membership checks.
- if IPersonRoles.providedBy(user):
- plain_user = user.person
- else:
- plain_user = user
+ if not IPersonRoles.providedBy(user):
user = IPersonRoles(user)
- if (user.in_commercial_admin or user.in_admin or
- user.in_registry_experts):
- self._known_viewers.add(user.id)
- return True
- policy = getUtility(IAccessPolicySource).find(
- [(self, self.information_type)]).one()
- grants_for_user = getUtility(IAccessPolicyGrantSource).find(
- [(policy, plain_user)])
- if grants_for_user.is_empty():
- return False
- self._known_viewers.add(user.id)
- return True
+ if user.in_commercial_admin or user.in_admin:
+ self._known_viewers.add(user.id)
+ return True
+ if getUtility(IService, 'sharing').checkPillarAccess(
+ [self], self.information_type, user):
+ self._known_viewers.add(user.id)
+ return True
+ return False
def get_precached_products(products, need_licences=False, need_projects=False,
=== modified file 'lib/lp/registry/tests/test_product.py'
--- lib/lp/registry/tests/test_product.py 2012-10-24 14:54:46 +0000
+++ lib/lp/registry/tests/test_product.py 2012-10-26 07:05:25 +0000
@@ -735,13 +735,20 @@
with person_logged_in(ordinary_user):
for attribute_name in names:
getattr(product, attribute_name)
+ # Access can be granted to a team too.
+ other_user = self.factory.makePerson()
+ team = self.factory.makeTeam(members=[other_user])
+ with person_logged_in(owner):
+ getUtility(IService, 'sharing').sharePillarInformation(
+ product, team, owner,
+ {InformationType.PROPRIETARY: SharingPermission.ALL})
+ with person_logged_in(other_user):
+ for attribute_name in names:
+ getattr(product, attribute_name)
# Admins can access proprietary products.
with celebrity_logged_in('admin'):
for attribute_name in names:
getattr(product, attribute_name)
- with celebrity_logged_in('registry_experts'):
- for attribute_name in names:
- getattr(product, attribute_name)
# Commercial admins have access to all products.
with celebrity_logged_in('commercial_admin'):
for attribute_name in names:
Follow ups
