launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #17442
[Merge] lp:~wgrant/launchpad/bug-1315625 into lp:launchpad
William Grant has proposed merging lp:~wgrant/launchpad/bug-1315625 into lp:launchpad.
Commit message:
Filter out inaccesible private projects in PillarVocabularyBase.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
Bug #1315625 in Launchpad itself: "Project picker oopses fetching icon for private projects when searching for "launchpad""
https://bugs.launchpad.net/launchpad/+bug/1315625
For more details, see:
https://code.launchpad.net/~wgrant/launchpad/bug-1315625/+merge/239304
Filter out inaccesible private projects in PillarVocabularyBase.
--
https://code.launchpad.net/~wgrant/launchpad/bug-1315625/+merge/239304
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/bug-1315625 into lp:launchpad.
=== modified file 'lib/lp/registry/tests/test_pillar_vocabularies.py'
--- lib/lp/registry/tests/test_pillar_vocabularies.py 2012-01-01 02:58:52 +0000
+++ lib/lp/registry/tests/test_pillar_vocabularies.py 2014-10-22 20:44:40 +0000
@@ -5,13 +5,20 @@
__metaclass__ = type
+from zope.component import getUtility
+
+from lp.app.enums import InformationType
+from lp.app.interfaces.services import IService
+from lp.registry.enums import SharingPermission
from lp.registry.vocabularies import (
DistributionOrProductOrProjectGroupVocabulary,
DistributionOrProductVocabulary,
PillarVocabularyBase,
)
from lp.testing import (
+ admin_logged_in,
celebrity_logged_in,
+ login_person,
TestCaseWithFactory,
)
from lp.testing.layers import DatabaseFunctionalLayer
@@ -191,3 +198,21 @@
result = [term.value for term in terms]
self.assertEqual([self.product, self.distribution], result)
self.assertFalse(self.project_group in self.vocabulary)
+
+ def test_invisible_private_projects_are_excluded(self):
+ with admin_logged_in():
+ owner = self.factory.makePerson()
+ private = self.factory.makeProduct(
+ name="private-snark", owner=owner,
+ information_type=InformationType.PROPRIETARY)
+
+ # Anonymous users don't get the private project.
+ terms = self.vocabulary.searchForTerms('snark')
+ result = [term.value for term in terms]
+ self.assertNotIn(private, result)
+
+ # But the owner can see it.
+ login_person(owner)
+ terms = self.vocabulary.searchForTerms('snark')
+ result = [term.value for term in terms]
+ self.assertIn(private, result)
=== modified file 'lib/lp/registry/vocabularies.py'
--- lib/lp/registry/vocabularies.py 2014-03-11 10:14:20 +0000
+++ lib/lp/registry/vocabularies.py 2014-10-22 20:44:40 +0000
@@ -1831,24 +1831,28 @@
return self.emptySelectResults()
query = ensure_unicode(query).lower()
store = IStore(PillarName)
- equal_clauses = [PillarName.name == query]
- like_clauses = [
+ origin = [
+ PillarName,
+ LeftJoin(Product, Product.id == PillarName.productID),
+ ]
+ base_clauses = [
+ ProductSet.getProductPrivacyFilter(getUtility(ILaunchBag).user)]
+ if self._filter:
+ base_clauses.extend(self._filter)
+ if vocab_filter:
+ base_clauses.extend(vocab_filter.filter_terms)
+ equal_clauses = base_clauses + [PillarName.name == query]
+ like_clauses = base_clauses + [
PillarName.name != query, PillarName.name.contains_string(query)]
- if self._filter:
- equal_clauses.extend(self._filter)
- like_clauses.extend(self._filter)
- if vocab_filter:
- equal_clauses.extend(vocab_filter.filter_terms)
- like_clauses.extend(vocab_filter.filter_terms)
ranked_results = store.execute(
Union(
Select(
(PillarName.id, PillarName.name, SQL('100 AS rank')),
- tables=[PillarName],
+ tables=origin,
where=And(*equal_clauses)),
Select(
(PillarName.id, PillarName.name, SQL('50 AS rank')),
- tables=[PillarName],
+ tables=origin,
where=And(*like_clauses)),
limit=self._limit, order_by=(
Desc(SQL('rank')), PillarName.name), all=True))
Follow ups
