Re: [Apache Bloodhound] #438: Implement and enforce product permission policy

Mon, 18 Mar 2013 09:50:53 -0700 

#438: Implement and enforce product permission policy
---------------------------+---------------------------------
  Reporter:  olemis        |      Owner:  olemis
      Type:  task          |     Status:  assigned
  Priority:  critical      |  Milestone:  Release 6
 Component:  multiproduct  |    Version:
Resolution:                |   Keywords:  permission security
---------------------------+---------------------------------

Comment (by olemis):

 Replying to [comment:6 jure]:
 > Patch also breaks dispatching process as
 `PermissionSystem.get_actions_dict` (that traverses through requestors)
 attempts to instantiate `ProductEnvironment` w/o product parameter

 yep , noticed in [http://pastebin.com/XFjv4frV 2013/03/17 test report]

 [...]
 > Workaround is to remove `IPermissionRequestor` from the list of
 interfaces implemented by  `ProductEnvironment`.

 I'd rather suggest to apply [attachment:t438_r1457691_cpmngr_xtpt.diff] ;
 proposed to upstream in trac:ticket:11121 . After doing so

 {{{
 #!sh

 $ python setup.py test -m tests

 [...]

 ======================================================================
 FAIL: Test Another arbitrary protocol Link
 ----------------------------------------------------------------------
 Traceback (most recent call last):
   File "/path/to/bloodhound/trac/trac/wiki/tests/formatter.py", line 209,
 in test
     % (msg, self.file, self.line, self.title, formatter.flavor))
 AssertionError: u'<p>\n<a class="ext-link"
 href="svn+ssh://secureserver.org"><span class="icon"> [truncated]... !=
 u'<p>\n<a class="ext-link" href="svn+ssh://secureserver.org"><span
 class="icon"> [truncated]...
   <p>
   <a class="ext-link" href="svn+ssh://secureserver.org"><span
 class="icon"></span>svn+ssh://secureserver.org</a>
   <a class="ext-link" href="svn+ssh://secureserver.org"><span
 class="icon"></span>SVN link</a>
 - <a class="ext-link" href="rfc-2396.compatible://link"><span
 class="icon"></span>rfc-2396.compatible://link</a>
 + <a class="missing product">rfc-2396</a>.compatible://link
   <a class="ext-link" href="rfc-2396.compatible://link"><span
 class="icon"></span>RFC 2396</a>
 - <a class="ext-link" href="rfc-2396+under_score://link"><span
 class="icon"></span>rfc-2396+under_score://link</a>
 + <a class="missing product">rfc-2396</a>+under_score://link
   <a class="ext-link" href="rfc-2396+under_score://link"><span
 class="icon"></span>underscore</a>
   unsafe://scheme is not rendered
   </p>


 /path/to/bloodhound/trac/trac/wiki/tests/wiki-tests.txt:474: "Another
 arbitrary protocol Link" (default flavor)

 ----------------------------------------------------------------------
 Ran 1140 tests in 574.342s

 FAILED (failures=1)

 }}}

 ... as usual ...

-- 
Ticket URL: <https://issues.apache.org/bloodhound/ticket/438#comment:7>
Apache Bloodhound <https://issues.apache.org/bloodhound/>
The Apache Bloodhound (incubating) issue tracker

Reply via email to