launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] ~ilasc/launchpad:add-vulnerability-orm into launchpad:master

To: mp+415966@xxxxxxxxxxxxxxxxxx
From: Ioana Lasc <mp+415966@xxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Feb 2022 14:49:16 -0000
In-reply-to: <164562080737.11921.2603486850236921588.launchpad@ackee.canonical.com>
Reply-to: mp+415966@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx


Diff comments:

> diff --git a/lib/lp/security.py b/lib/lp/security.py
> index 22bc140..98e6f26 100644
> --- a/lib/lp/security.py
> +++ b/lib/lp/security.py
> @@ -3781,3 +3782,12 @@ class EditCIBuild(AdminByBuilddAdmin):
>          if auth_repository.checkAuthenticated(user):
>              return True
>          return super().checkAuthenticated(user)
> +
> +
> +class EditVulnerability(AuthorizationBase):
> +    permission = 'launchpad.Edit'
> +    usedfor = IVulnerability
> +
> +    def checkAuthenticated(self, user):
> +        return (

As we discussed in Standup you and I have the same question here in terms of how wide do we want to open this and if we should inherit permissions from Bug (where owner is not really an owner), or CVE (which doesn't even have an owner at all)...

> +            user.in_commercial_admin or user.in_admin)


-- 
https://code.launchpad.net/~ilasc/launchpad/+git/launchpad/+merge/415966
Your team Launchpad code reviewers is requested to review the proposed merge of ~ilasc/launchpad:add-vulnerability-orm into launchpad:master.

References

[Merge] ~ilasc/launchpad:add-vulnerability-orm into launchpad:master
From: Ioana Lasc, 2022-02-23