Abel Deuring has proposed merging lp:~adeuring/launchpad/bug-1067736 into
lp:launchpad.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~adeuring/launchpad/bug-1067736/+merge/131527
This branch changes Product.userCanView() so that members of the registry
experts team do not get accss to al rpivate products.
Additionally, the method now calls SharingService.checkPillarAccess() to check
the permission for ordinary users. This method looks also for team grants, so I
added a related assertion to test_access_launchpad_View_proprietary_product().
test:
./bin/test -vvt
lp.registry.tests.test_product.TestProduct.test_access_launchpad_View_proprietary_product
no lint
--
https://code.launchpad.net/~adeuring/launchpad/bug-1067736/+merge/131527
Your team Launchpad code reviewers is requested to review the proposed merge of
lp:~adeuring/launchpad/bug-1067736 into lp:launchpad.
=== modified file 'lib/lp/registry/model/product.py'
--- lib/lp/registry/model/product.py 2012-10-24 14:54:46 +0000
+++ lib/lp/registry/model/product.py 2012-10-26 07:05:25 +0000
@@ -90,6 +90,7 @@
ILaunchpadUsage,
IServiceUsage,
)
+from lp.app.interfaces.services import IService
from lp.app.model.launchpad import InformationTypeMixin
from lp.blueprints.enums import (
SpecificationFilter,
@@ -1522,25 +1523,16 @@
return False
if user.id in self._known_viewers:
return True
- # We need the plain Storm Person object for the SQL query below
- # but an IPersonRoles object for the team membership checks.
- if IPersonRoles.providedBy(user):
- plain_user = user.person
- else:
- plain_user = user
+ if not IPersonRoles.providedBy(user):
user = IPersonRoles(user)
- if (user.in_commercial_admin or user.in_admin or
- user.in_registry_experts):
- self._known_viewers.add(user.id)
- return True
- policy = getUtility(IAccessPolicySource).find(
- [(self, self.information_type)]).one()
- grants_for_user = getUtility(IAccessPolicyGrantSource).find(
- [(policy, plain_user)])
- if grants_for_user.is_empty():
- return False
- self._known_viewers.add(user.id)
- return True
+ if user.in_commercial_admin or user.in_admin:
+ self._known_viewers.add(user.id)
+ return True
+ if getUtility(IService, 'sharing').checkPillarAccess(
+ [self], self.information_type, user):
+ self._known_viewers.add(user.id)
+ return True
+ return False
def get_precached_products(products, need_licences=False, need_projects=False,
=== modified file 'lib/lp/registry/tests/test_product.py'
--- lib/lp/registry/tests/test_product.py 2012-10-24 14:54:46 +0000
+++ lib/lp/registry/tests/test_product.py 2012-10-26 07:05:25 +0000
@@ -735,13 +735,20 @@
with person_logged_in(ordinary_user):
for attribute_name in names:
getattr(product, attribute_name)
+ # Access can be granted to a team too.
+ other_user = self.factory.makePerson()
+ team = self.factory.makeTeam(members=[other_user])
+ with person_logged_in(owner):
+ getUtility(IService, 'sharing').sharePillarInformation(
+ product, team, owner,
+ {InformationType.PROPRIETARY: SharingPermission.ALL})
+ with person_logged_in(other_user):
+ for attribute_name in names:
+ getattr(product, attribute_name)
# Admins can access proprietary products.
with celebrity_logged_in('admin'):
for attribute_name in names:
getattr(product, attribute_name)
- with celebrity_logged_in('registry_experts'):
- for attribute_name in names:
- getattr(product, attribute_name)
# Commercial admins have access to all products.
with celebrity_logged_in('commercial_admin'):
for attribute_name in names:
_______________________________________________
Mailing list: https://launchpad.net/~launchpad-reviewers
Post to : [email protected]
Unsubscribe : https://launchpad.net/~launchpad-reviewers
More help : https://help.launchpad.net/ListHelp
