Tom Wardill has proposed merging lp:~twom/launchpad/widen-performLookup-account-for-grants into lp:launchpad.
Commit message: Widen _performLookup to account for users with grants Requested reviews: Launchpad code reviewers (launchpad-reviewers) For more details, see: https://code.launchpad.net/~twom/launchpad/widen-performLookup-account-for-grants/+merge/357706 Allow write access for users that have a RuleGrant to the repository, as well as the repository owner. -- Your team Launchpad code reviewers is requested to review the proposed merge of lp:~twom/launchpad/widen-performLookup-account-for-grants into lp:launchpad.
=== modified file 'lib/lp/code/xmlrpc/git.py' --- lib/lp/code/xmlrpc/git.py 2018-10-22 10:37:03 +0000 +++ lib/lp/code/xmlrpc/git.py 2018-10-23 16:17:49 +0000 @@ -103,7 +103,7 @@ else: return issuer.checkMacaroonIssuer(macaroon) - def _performLookup(self, path, auth_params): + def _performLookup(self, path, auth_params, requester): repository, extra_path = getUtility(IGitLookup).getByPath(path) if repository is None: return None @@ -127,6 +127,13 @@ writable = ( repository.repository_type == GitRepositoryType.HOSTED and check_permission("launchpad.Edit", repository)) + # If we have any grants to this user, they are declared to have + # write access at this point. `_checkRefPermissions` will + # sort out access to individual refs at a later point in the push. + if not writable: + grants = naked_repository.findRuleGrantsByGrantee(requester) + if not grants.is_empty(): + writable = True private = repository.private return { "path": hosting_path, @@ -282,11 +289,11 @@ if requester == LAUNCHPAD_ANONYMOUS: requester = None try: - result = self._performLookup(path, auth_params) + result = self._performLookup(path, auth_params, requester) if (result is None and requester is not None and permission == "write"): - self._createRepository(requester, path) - result = self._performLookup(path, auth_params) + self._createRepository(requester, path, requester) + result = self._performLookup(path, auth_params, requester) if result is None: raise faults.GitRepositoryNotFound(path) if permission != "read" and not result["writable"]: === modified file 'lib/lp/code/xmlrpc/tests/test_git.py' --- lib/lp/code/xmlrpc/tests/test_git.py 2018-10-18 15:07:49 +0000 +++ lib/lp/code/xmlrpc/tests/test_git.py 2018-10-23 16:17:49 +0000 @@ -266,6 +266,34 @@ self.assertEqual( initial_count, getUtility(IAllGitRepositories).count()) + def test_translatePath_grant_to_other(self): + requester = self.factory.makePerson() + other_person = self.factory.makePerson() + repository = self.factory.makeGitRepository(owner=requester) + rule = self.factory.makeGitRule( + repository, ref_pattern=u'refs/heads/stable/next') + self.factory.makeGitRuleGrant( + rule=rule, grantee=other_person, + can_force_push=True) + path = u"/%s" % repository.unique_name + self.assertTranslates( + other_person, path, repository, True, private=False) + + def test_translatePath_grant_to_other_private(self): + requester = self.factory.makePerson() + other_person = self.factory.makePerson() + repository = removeSecurityProxy( + self.factory.makeGitRepository( + owner=requester, information_type=InformationType.USERDATA)) + rule = self.factory.makeGitRule( + repository, ref_pattern=u'refs/heads/stable/next') + self.factory.makeGitRuleGrant( + rule=rule, grantee=other_person, + can_force_push=True) + path = u"/%s" % repository.unique_name + self.assertGitRepositoryNotFound( + other_person, path, can_authenticate=True) + def _make_scenario_one_repository(self): user_a = self.factory.makePerson() user_b = self.factory.makePerson()
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : launchpad-reviewers@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp