Code review comment for lp:~abentley/launchpad/restricted-diffs

= Summary =
Fix bug #328271, "Use the restricted librarian for diffs for private branches".

== Proposed fix ==
Use the restricted librarian for diffs of all branches, and let the standard
security mechanisms decide who can view the diffs.

== Pre-implementation notes ==
None

== Implementation details ==
PreviewDiffs are now accessible via the +files path segment, with the same mechanism as Launchpad components.

IPreviewDiff access was allowed to anyone. Now it is only allowed to those who
can access the merge proposal.

== Tests ==
bin/test -vt xx-branchmergeproposals.txt -t test_getFileByName

== Demo and Q/A ==
Create a private branch and propose it for merging. Wait until the diff is
generated. Go to the URL for the diff. Log out. Go to the URL for the diff.
You should get an access denied message.

= Launchpad lint =

Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.

Linting changed files:
  lib/lp/code/browser/configure.zcml
  lib/lp/code/configure.zcml
  lib/canonical/launchpad/security.py
  lib/lp/code/browser/diff.py
  lib/lp/code/model/diff.py
  lib/lp/code/stories/branches/xx-branchmergeproposals.txt
  lib/lp/code/model/tests/test_diff.py
  lib/lp/code/templates/branchmergeproposal-diff.pt
  lib/lp/code/interfaces/diff.py

== Pylint notices ==

lib/lp/code/model/diff.py
    18: [F0401] Unable to import 'lazr.delegates' (No module named delegates)
    210: [W0703, Diff.fromFile] Catch "Exception"

lib/lp/code/interfaces/diff.py
    20: [F0401] Unable to import 'lazr.restful.fields' (No module named restful)
    21: [F0401] Unable to import 'lazr.restful.declarations' (No module named restful)