launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~pappacena/launchpad:oci-project-admin-api-integration into launchpad:master

To: mp+381683@xxxxxxxxxxxxxxxxxx
From: "Thiago F. Pappacena" <pappacena@xxxxxxxxx>
Date: Fri, 03 Apr 2020 21:13:32 -0000
Reply-to: mp+381683@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Thiago F. Pappacena has proposed merging ~pappacena/launchpad:oci-project-admin-api-integration into launchpad:master with ~pappacena/launchpad:oci-project-admin as a prerequisite.

Commit message:
Checking permission before allowing users to create OCIProject for a Distribution.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~pappacena/launchpad/+git/launchpad/+merge/381683
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~pappacena/launchpad:oci-project-admin-api-integration into launchpad:master.

diff --git a/lib/lp/registry/model/distribution.py b/lib/lp/registry/model/distribution.py
index c6173f9..b635dcd 100644
--- a/lib/lp/registry/model/distribution.py
+++ b/lib/lp/registry/model/distribution.py
@@ -1474,7 +1474,8 @@ class Distribution(SQLBase, BugTargetBase, MakesAnnouncements,
 
     def newOCIProject(self, registrant, name, description=None):
         """Create an `IOCIProject` for this distro."""
-        if not getFeatureFlag(OCI_PROJECT_ALLOW_CREATE):
+        if (not getFeatureFlag(OCI_PROJECT_ALLOW_CREATE) or not
+                self.canAdministerOCIProjects(registrant)):
             raise Unauthorized("Creating new OCI projects is not allowed.")
         return getUtility(IOCIProjectSet).new(
             pillar=self, registrant=registrant, name=name,
diff --git a/lib/lp/registry/tests/test_ociproject.py b/lib/lp/registry/tests/test_ociproject.py
index bdbbc33..2f5257c 100644
--- a/lib/lp/registry/tests/test_ociproject.py
+++ b/lib/lp/registry/tests/test_ociproject.py
@@ -158,6 +158,22 @@ class TestOCIProjectWebservice(TestCaseWithFactory):
         self.assertEqual(200, response.status, response.body)
         return response.jsonBody()
 
+    def assertIsPossibleToCreateOCIProject(self, distro, registrant):
+        url = api_url(distro)
+        obj = {"name": "someprojectname", "description": "My OCI project"}
+        resp = self.webservice.named_post(url, "newOCIProject", **obj)
+        self.assertEqual(201, resp.status, resp.body)
+
+        new_obj_url = resp.getHeader("Location")
+        oci_project = self.webservice.get(new_obj_url).jsonBody()
+        with person_logged_in(self.person):
+            self.assertThat(oci_project, ContainsDict({
+                "registrant_link": Equals(self.getAbsoluteURL(registrant)),
+                "name": Equals(obj["name"]),
+                "description": Equals(obj["description"]),
+                "distribution_link": Equals(self.getAbsoluteURL(distro)),
+            }))
+
     def test_api_get_oci_project(self):
         with person_logged_in(self.person):
             person = removeSecurityProxy(self.person)
@@ -221,24 +237,35 @@ class TestOCIProjectWebservice(TestCaseWithFactory):
 
     def test_create_oci_project(self):
         with person_logged_in(self.person):
-            distro = removeSecurityProxy(self.factory.makeDistribution(
-                owner=self.person))
-            registrant_url = self.getAbsoluteURL(self.person)
-            url = api_url(distro)
+            distro = self.factory.makeDistribution(owner=self.person)
 
-        obj = {"name": "someprojectname", "description": "My OCI project"}
-        resp = self.webservice.named_post(url, "newOCIProject", **obj)
-        self.assertEqual(201, resp.status, resp.body)
+        self.assertIsPossibleToCreateOCIProject(distro, self.person)
 
-        new_obj_url = resp.getHeader("Location")
-        oci_project = self.webservice.get(new_obj_url).jsonBody()
+    def test_ociproject_admin_can_create(self):
         with person_logged_in(self.person):
-            self.assertThat(oci_project, ContainsDict({
-                "registrant_link": Equals(registrant_url),
-                "name": Equals(obj["name"]),
-                "description": Equals(obj["description"]),
-                "distribution_link": Equals(self.getAbsoluteURL(distro)),
-                }))
+            owner = self.factory.makePerson()
+            distro = self.factory.makeDistribution(
+                owner=owner, oci_project_admin=self.person)
+        self.assertIsPossibleToCreateOCIProject(distro, self.person)
+
+    def test_same_team_of_ociproject_admin_can_create(self):
+        with admin_logged_in():
+            team = self.factory.makeTeam()
+            team.addMember(self.person, team.teamowner)
+            distro = self.factory.makeDistribution(
+                owner=team.teamowner, oci_project_admin=team)
+
+        self.assertIsPossibleToCreateOCIProject(distro, self.person)
+
+    def test_not_everyone_can_create_oci_project(self):
+        with person_logged_in(self.person):
+            owner = self.factory.makePerson()
+            distro = self.factory.makeDistribution(
+                owner=owner, oci_project_admin=owner)
+            url = api_url(distro)
+        obj = {"name": "someprojectname", "description": "My OCI project"}
+        resp = self.webservice.named_post(url, "newOCIProject", **obj)
+        self.assertEqual(401, resp.status, resp.body)
 
     def test_api_create_oci_project_is_disabled_by_feature_flag(self):
         self.useFixture(FeatureFixture({OCI_PROJECT_ALLOW_CREATE: ''}))

Follow ups

[Merge] ~pappacena/launchpad:oci-project-admin-api-integration into launchpad:master
From: Thiago F. Pappacena, 2020-04-03