launchpad-reviewers team mailing list archive

Thread
Date

[Merge] lp:~wgrant/launchpad/ssh-bugactivity-anon into lp:launchpad

To: mp+291613@xxxxxxxxxxxxxxxxxx
From: William Grant <me@xxxxxxxxxxxxxxxxxx>
Date: Tue, 12 Apr 2016 11:06:27 -0000
Reply-to: mp+291613@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

William Grant has proposed merging lp:~wgrant/launchpad/ssh-bugactivity-anon into lp:launchpad.

Commit message:
Make ISSHKey and IBugActivity records visible to anonymous API requests where appropriate.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #991079 in Launchpad itself: "Anonymous API requests are not shown any bug activity"
  https://bugs.launchpad.net/launchpad/+bug/991079
  Bug #1014996 in Launchpad itself: "launchpadlib person sshkeys requires authentication while fetching via URL doesn't"
  https://bugs.launchpad.net/launchpad/+bug/1014996

For more details, see:
https://code.launchpad.net/~wgrant/launchpad/ssh-bugactivity-anon/+merge/291613

Make ISSHKey and IBugActivity records visible to anonymous API requests where appropriate.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/ssh-bugactivity-anon into lp:launchpad.

=== modified file 'lib/lp/bugs/security.py'
--- lib/lp/bugs/security.py	2016-02-04 12:45:38 +0000
+++ lib/lp/bugs/security.py	2016-04-12 11:05:49 +0000
@@ -12,6 +12,7 @@
     DelegatedAuthorization,
     )
 from lp.bugs.interfaces.bug import IBug
+from lp.bugs.interfaces.bugactivity import IBugActivity
 from lp.bugs.interfaces.bugattachment import IBugAttachment
 from lp.bugs.interfaces.bugnomination import IBugNomination
 from lp.bugs.interfaces.bugsubscription import IBugSubscription
@@ -158,6 +159,19 @@
             bugattachment, bugattachment.bug)
 
 
+class ViewBugActivity(DelegatedAuthorization):
+    """Security adapter for viewing a bug activity record.
+
+    If the user is authorized to view the bug, they're allowed to view the
+    activity.
+    """
+    permission = 'launchpad.View'
+    usedfor = IBugActivity
+
+    def __init__(self, bugactivity):
+        super(ViewBugActivity, self).__init__(bugactivity, bugactivity.bug)
+
+
 class ViewBugSubscription(AnonymousAuthorization):
 
     usedfor = IBugSubscription

=== modified file 'lib/lp/bugs/stories/webservice/xx-bug.txt'
--- lib/lp/bugs/stories/webservice/xx-bug.txt	2016-01-26 15:47:37 +0000
+++ lib/lp/bugs/stories/webservice/xx-bug.txt	2016-04-12 11:05:49 +0000
@@ -2108,7 +2108,7 @@
 
     >>> from lazr.restful.testing.webservice import (
     ...     pprint_collection, pprint_entry)
-    >>> activity = webservice.get(
+    >>> activity = anon_webservice.get(
     ...     bug_one['activity_collection_link']).jsonBody()
     >>> pprint_collection(activity)
     next_collection_link: u'http://.../bugs/1/activity?ws.size=5&memo=5&ws.start=5'
@@ -2116,6 +2116,8 @@
     start: 0
     total_size: 24
     ...
+    message: u"Decided problem wasn't silly after all"
+    ...
 
     >>> bug_nine_activity = webservice.get(
     ...   "/bugs/9/activity").jsonBody()

=== modified file 'lib/lp/registry/stories/webservice/xx-person.txt'
--- lib/lp/registry/stories/webservice/xx-person.txt	2016-01-26 15:47:37 +0000
+++ lib/lp/registry/stories/webservice/xx-person.txt	2016-04-12 11:05:49 +0000
@@ -193,7 +193,7 @@
     >>> sshkeys = sample_person['sshkeys_collection_link']
     >>> print sshkeys
     http://.../~ssh-user/sshkeys
-    >>> print_self_link_of_entries(webservice.get(sshkeys).jsonBody())
+    >>> print_self_link_of_entries(anon_webservice.get(sshkeys).jsonBody())
 
 Let's give "ssh-user" a key via the back door of our internal Python APIs.
 This setting of the ssh key should trigger a notice that the key has been
@@ -215,7 +215,7 @@
 Now when we get the sshkey collection for 'sssh-user' again, the key should
 show up:
 
-    >>> keys = webservice.get(sshkeys).jsonBody()
+    >>> keys = anon_webservice.get(sshkeys).jsonBody()
     >>> print_self_link_of_entries(keys)
     http://.../~ssh-user/+ssh-keys/...
 

=== modified file 'lib/lp/security.py'
--- lib/lp/security.py	2016-02-05 14:34:51 +0000
+++ lib/lp/security.py	2016-04-12 11:05:49 +0000
@@ -165,6 +165,7 @@
     IHasOwner,
     )
 from lp.registry.interfaces.sourcepackage import ISourcePackage
+from lp.registry.interfaces.ssh import ISSHKey
 from lp.registry.interfaces.teammembership import (
     ITeamMembership,
     TeamMembershipStatus,
@@ -2918,6 +2919,10 @@
     usedfor = IGPGKey
 
 
+class ViewSSHKey(AnonymousAuthorization):
+    usedfor = ISSHKey
+
+
 class ViewIrcID(AnonymousAuthorization):
     usedfor = IIrcID

Follow ups

[Merge] lp:~wgrant/launchpad/ssh-bugactivity-anon into lp:launchpad
From: noreply, 2016-04-15
Re: [Merge] lp:~wgrant/launchpad/ssh-bugactivity-anon into lp:launchpad
From: Colin Watson, 2016-04-14