launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #16972
[Merge] lp:~cjwatson/launchpad/livefs-admin-permissions into lp:launchpad
Colin Watson has proposed merging lp:~cjwatson/launchpad/livefs-admin-permissions into lp:launchpad.
Commit message:
Fix LiveFS administration for commercial admins who are neither admins nor LiveFS owners, and allow PPA self-admins to administer their own LiveFSes.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/livefs-admin-permissions/+merge/223911
Fix LiveFS administration for commercial admins who are neither admins nor LiveFS owners, and allow PPA self-admins to administer their own LiveFSes.
--
https://code.launchpad.net/~cjwatson/launchpad/livefs-admin-permissions/+merge/223911
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/livefs-admin-permissions into lp:launchpad.
=== modified file 'lib/lp/security.py'
--- lib/lp/security.py 2014-06-17 11:01:51 +0000
+++ lib/lp/security.py 2014-06-20 12:43:04 +0000
@@ -2884,19 +2884,33 @@
super(ViewLiveFS, self).__init__(obj, obj.owner, 'launchpad.View')
-class EditLiveFS(EditByOwnersOrAdmins):
+class EditLiveFS(AuthorizationBase):
+ permission = 'launchpad.Edit'
usedfor = ILiveFS
-
-class AdminLiveFS(AdminByCommercialTeamOrAdmins):
+ def checkAuthenticated(self, user):
+ return (
+ user.isOwner(self.obj) or
+ user.in_commercial_admin or user.in_admin)
+
+
+class AdminLiveFS(AuthorizationBase):
"""Restrict changing build settings on live filesystems.
The security of the non-virtualised build farm depends on these
- settings, so they can only be changed by commercial admins.
+ settings, so they can only be changed by commercial admins, or by "PPA"
+ self admins on live filesystems that they can already edit.
"""
permission = 'launchpad.Admin'
usedfor = ILiveFS
+ def checkAuthenticated(self, user):
+ if user.in_commercial_admin or user.in_admin:
+ return True
+ return (
+ user.in_ppa_self_admins
+ and EditLiveFS(self.obj).checkAuthenticated(user))
+
class ViewLiveFSBuild(DelegatedAuthorization):
permission = 'launchpad.View'
=== modified file 'lib/lp/soyuz/browser/tests/test_livefs.py'
--- lib/lp/soyuz/browser/tests/test_livefs.py 2014-06-17 15:16:18 +0000
+++ lib/lp/soyuz/browser/tests/test_livefs.py 2014-06-20 12:43:04 +0000
@@ -207,12 +207,12 @@
def test_admin_livefs(self):
# Admins can change require_virtualized.
login("admin@xxxxxxxxxxxxx")
- admins = getUtility(ILaunchpadCelebrities).commercial_admin
- admins.addMember(self.person, admins)
+ commercial_admin = self.factory.makePerson(
+ member_of=[getUtility(ILaunchpadCelebrities).commercial_admin])
login_person(self.person)
livefs = self.factory.makeLiveFS(registrant=self.person)
self.assertTrue(livefs.require_virtualized)
- browser = self.getViewBrowser(livefs, user=self.person)
+ browser = self.getViewBrowser(livefs, user=commercial_admin)
browser.getLink("Administer live filesystem").click()
browser.getControl("Require virtualized builders").selected = False
browser.getControl("Update live filesystem").click()
@@ -222,12 +222,13 @@
def test_admin_livefs_sets_date_last_modified(self):
# Administering a live filesystem sets the date_last_modified property.
login("admin@xxxxxxxxxxxxx")
- admins = getUtility(ILaunchpadCelebrities).commercial_admin
- admins.addMember(self.person, admins)
+ commercial_admin = self.factory.makePerson(
+ member_of=[getUtility(ILaunchpadCelebrities).commercial_admin])
login_person(self.person)
date_created = datetime(2000, 1, 1, tzinfo=pytz.UTC)
livefs = self.factory.makeLiveFS(
registrant=self.person, date_created=date_created)
+ login_person(commercial_admin)
view = LiveFSAdminView(livefs, LaunchpadTestRequest())
view.initialize()
view.request_action.success({"require_virtualized": False})
Follow ups
