Launchpad itself

NameError: Unauthorized: when ~registry user tries to edit feature

Bug #651852 reported by Martin Pool
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Benji York
Launchpad itself 11.01

Bug Description

Silly mistake:
https://edge.launchpad.net/+feature-rules
tries to let all users read but only admin users write, but it has, at least, a missing import statement causing

Module zope.formlib.form, line 606, in success
return self.success_handler(self.form, self, data)
Module lp.services.features.browser.edit, line 63, in change_action
raise Unauthorized()
NameError: global name 'Unauthorized' is not defined<br />

https://lp-oops.canonical.com/oops.py/?oopsid=OOPS-1734ED352

and I guess a missing test too.

I don't think this needs to block continued deployment though.

Related branches

lp:~benji/launchpad/bug-669701
Edwin Grubbs (community): Approve (code)
Curtis Hovey (community): Approve (ui)
Leonard Richardson (community): Approve
Diff: 273 lines (+114/-28)
6 files modified
lib/lp/registry/browser/tests/test_projectgroup.py (+1/-3)
lib/lp/services/features/browser/edit.py (+35/-18)
lib/lp/services/features/browser/tests/test_feature_editor.py (+64/-2)
lib/lp/services/features/rulesource.py (+4/-1)
lib/lp/services/features/templates/feature-rules.pt (+7/-1)
lib/lp/services/features/tests/test_flags.py (+3/-3)
Martin Pool (mbp)
summary: - NameError: Unauthorized: when unauthorized user triest to edit feature
+ NameError: Unauthorized: when ~registry user tries to edit feature
Diogo Matsubara (matsubara)
tags: added: oops
Gary Poster (gary)
Changed in launchpad-foundations:
status: Confirmed → Triaged
Revision history for this message
Martin Pool (mbp) wrote :

Some suggestions from canonical-launchpad, to make the overall form work better:

See BranchEditView.setUpFields() in lp.code.browser.Branch.py for an
example of hiding fields depending on a user's team permission.

If you want to make fields readonly instead of hiding them, set the
"for_display" attribute to True - see
BranchMergeProposalEnqueueView.setUpFields() in
lp.code.browser.branchmergeproposal.py for an example.

Basically, just override the setUpFields() method in your view class and
do whatever you need to in there.

---

There is a permission that you can add to the action I believe. This will make sure the button isn't there if the person doesn't have that permission.

Revision history for this message
Martin Pool (mbp) wrote :

fixed in passing by benji in https://code.launchpad.net/~benji/launchpad/bug-669701/+merge/45171

Changed in launchpad:
status: Triaged → In Progress
assignee: Martin Pool (mbp) → nobody
Benji York (benji)
Changed in launchpad:
assignee: nobody → Benji York (benji)
Revision history for this message
Launchpad QA Bot (lpqabot) wrote : Bug fixed by a commit

Fixed in stable r12169 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12169>.

Changed in launchpad:
milestone: none → 11.01
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Benji York (benji)
tags: added: qa-ok
removed: qa-needstesting
Robert Collins (lifeless)
Changed in launchpad:
importance: Medium → Critical
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.