launchpad-reviewers team mailing list archive

Thread
Date

[Merge] lp:~wgrant/launchpad/answer-contacts-are-satan into lp:launchpad

To: mp+303646@xxxxxxxxxxxxxxxxxx
From: William Grant <me@xxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Aug 2016 04:39:26 -0000
Reply-to: mp+303646@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

William Grant has proposed merging lp:~wgrant/launchpad/answer-contacts-are-satan into lp:launchpad.

Commit message:
Prevent answer contacts from editing question titles and descriptions.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~wgrant/launchpad/answer-contacts-are-satan/+merge/303646

Prevent answer contacts from editing question titles and descriptions.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/answer-contacts-are-satan into lp:launchpad.

=== modified file 'lib/lp/answers/tests/test_question.py'
--- lib/lp/answers/tests/test_question.py	2015-12-01 11:38:01 +0000
+++ lib/lp/answers/tests/test_question.py	2016-08-23 04:39:00 +0000
@@ -4,9 +4,11 @@
 __metaclass__ = type
 
 from testtools.testcase import ExpectedException
+from zope.component import getUtility
 from zope.security.interfaces import Unauthorized
 from zope.security.proxy import removeSecurityProxy
 
+from lp.services.worlddata.interfaces.language import ILanguageSet
 from lp.testing import (
     admin_logged_in,
     anonymous_logged_in,
@@ -33,6 +35,14 @@
                 question.title = 'foo random'
             with ExpectedException(Unauthorized):
                 question.description = 'foo random'
+        answer_contact = self.factory.makePerson()
+        with person_logged_in(answer_contact):
+            answer_contact.addLanguage(getUtility(ILanguageSet)['en'])
+            question.target.addAnswerContact(answer_contact, answer_contact)
+            with ExpectedException(Unauthorized):
+                question.title = 'foo contact'
+            with ExpectedException(Unauthorized):
+                question.description = 'foo contact'
         with person_logged_in(question.owner):
             question.title = question.description = 'foo owner'
         with person_logged_in(question.target.owner):

=== modified file 'lib/lp/security.py'
--- lib/lp/security.py	2016-07-15 14:25:15 +0000
+++ lib/lp/security.py	2016-08-23 04:39:00 +0000
@@ -2042,7 +2042,7 @@
 
     def checkAuthenticated(self, user):
         return (
-            AppendQuestion(self.obj).checkAuthenticated(user)
+            AdminQuestion(self.obj).checkAuthenticated(user)
             or QuestionOwner(self.obj).checkAuthenticated(user))