launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:stricter-blueprint-edit-permissions into launchpad:master

To: mp+377869@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Tue, 21 Jan 2020 13:46:26 -0000
Reply-to: mp+377869@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:stricter-blueprint-edit-permissions into launchpad:master.

Commit message:
Restrict some blueprint edit operations a bit more

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/377869

AnyAllowedPerson is too open for things that are hard to revert.  We should design better per-target permissions for this at some point, but for now at least restrict it to AnyLegitimatePerson to discourage drive-by vandalism.

Compare https://code.launchpad.net/~cjwatson/launchpad/stricter-bug-edit-permissions/+merge/365131.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:stricter-blueprint-edit-permissions into launchpad:master.

diff --git a/lib/lp/blueprints/configure.zcml b/lib/lp/blueprints/configure.zcml
index 368c5ee..6279e87 100644
--- a/lib/lp/blueprints/configure.zcml
+++ b/lib/lp/blueprints/configure.zcml
@@ -179,7 +179,7 @@
          specification may only be changed by people who may also view
          the specification. -->
     <require
-        permission="launchpad.AnyAllowedPerson"
+        permission="launchpad.AnyLegitimatePerson"
         set_attributes="whiteboard"/>
     <!-- NB: goals and goalstatus are not to be set directly, it should
          only be set through the proposeGoal / acceptBy / declineBy
@@ -201,7 +201,7 @@
         permission="launchpad.LimitedView"
         attributes="bugs"/>
     <require
-        permission="launchpad.AnyAllowedPerson"
+        permission="launchpad.AnyLegitimatePerson"
         attributes="linkBug
                     unlinkBug
                     setWorkItems"/>
diff --git a/lib/lp/blueprints/tests/test_specification.py b/lib/lp/blueprints/tests/test_specification.py
index 3272b38..8de08c9 100644
--- a/lib/lp/blueprints/tests/test_specification.py
+++ b/lib/lp/blueprints/tests/test_specification.py
@@ -192,7 +192,7 @@ class SpecificationTests(TestCaseWithFactory):
                 'setDefinitionStatus', 'setImplementationStatus', 'setTarget',
                 'transitionToInformationType', 'updateWorkItems')),
             'launchpad.Driver': set(('acceptBy', 'declineBy')),
-            'launchpad.AnyAllowedPerson': set((
+            'launchpad.AnyLegitimatePerson': set((
                 'unlinkBug', 'linkBug', 'setWorkItems')),
             }
         specification = self.factory.makeSpecification()
@@ -203,7 +203,7 @@ class SpecificationTests(TestCaseWithFactory):
     def test_set_permissions(self):
         expected_get_permissions = {
             'launchpad.Admin': set(('direction_approved', 'priority')),
-            'launchpad.AnyAllowedPerson': set(('whiteboard', )),
+            'launchpad.AnyLegitimatePerson': set(('whiteboard', )),
             'launchpad.Edit': set((
                 'approver', 'assignee', 'definition_status', 'distribution',
                 'drafter', 'implementation_status', 'man_days', 'milestone',