Launchpad itself

Merge lp:~bac/launchpad/bug-588773 into lp:launchpad

  1. bug-588773
  2. Merge into devel
Proposed by Brad Crittenden
Status: Merged
Approved by: Aaron Bentley
Approved revision: no longer in the source branch.
Merged at revision: 10966
Proposed branch: lp:~bac/launchpad/bug-588773
Merge into: lp:launchpad
Diff against target: 1369 lines (+286/-17)
3 files modified
lib/canonical/launchpad/security.py (+186/-11)
lib/lp/registry/browser/tests/test_edit_permissions.py (+97/-0)
lib/lp/registry/stories/product/xx-product-edit.txt (+3/-6)
To merge this branch: bzr merge lp:~bac/launchpad/bug-588773
Reviewer Review Type Date Requested Status
Aaron Bentley (community) code Approve
Review via email: mp+26968@code.launchpad.net

Commit message

Allow registry admins to access +edit on persons and pillars.

Description of the change

= Summary =

We want registry experts (members of ~registry) to have more abilities
in order to perform CHR duties. Often things like person or pillar
editing has to be deferred to LP admins which is not an efficient use of
their nor the CHR's time.

== Proposed fix ==

Change the security settings for launchpad.Edit for pillars and persons
to include registry experts.

== Pre-implementation notes ==

Chats with Curtis.

== Implementation details ==

As above.

== Tests ==

bin/test -vvm lp.registry -t test_edit_permissions

== Demo and Q/A ==

In our sample data, only mark is in the registry admin team, but he is
also a LP admin, so using that account to test proves nothing. A
non-admin (such as bac) needs to be added to the registry team.

Once that is done, simply demonstrate that the registry expert can edit
people, project, project groups, and distros.

= Launchpad lint =

Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.

Linting changed files:
  lib/canonical/launchpad/security.py
  lib/lp/registry/browser/tests/test_edit_permissions.py

== Pyflakes notices ==

lib/canonical/launchpad/security.py
    1170: undefined name 'EditDistributionByDistroOwnersOrAdmins'

== Pylint notices ==

lib/canonical/launchpad/security.py
    1170: [E0602, AdminDistributionTranslations.checkAuthenticated]
Undefined variable 'EditDistributionByDistroOwnersOrAdmins'

I'll sort this out.

To post a comment you must log in.
Revision history for this message
Brad Crittenden (bac) wrote :

Here is the incremental to fix the lint issue:

=== modified file 'lib/canonical/launchpad/security.py'
--- lib/canonical/launchpad/security.py 2010-06-07 15:52:21 +0000
+++ lib/canonical/launchpad/security.py 2010-06-07 16:29:17 +0000
@@ -781,7 +781,7 @@
     usedfor = IDistribution

-class EditDistroByOwnersRegistryExpertOrAdmins(
+class EditDistributionByOwnersRegistryExpertsOrAdmins(
     EditByOwnersRegistryExpertsOrAdmins):
     """The owner of a distribution should be able to edit its
     information; it is mainly administrative data, such as bug
@@ -1167,7 +1167,7 @@
             return True
         else:
             return (user.in_rosetta_experts or
- EditDistributionByDistroOwnersOrAdmins(
+ EditByOwnersOrAdmins(
                         self.obj).checkAuthenticated(user))

Revision history for this message
Aaron Bentley (abentley) wrote :

Looks good. As discussed on IRC, there are a few spots that could use an additional blank line.

review: Approve (code)
Revision history for this message
Brad Crittenden (bac) wrote :

Thanks Aaron. The file was a bit of a mess regarding blank lines between the class/docstring and the first line of code. I fixed them all.

http://pastebin.ubuntu.com/446250/

Revision history for this message
Brad Crittenden (bac) wrote :

Fixed a failing test:

http://pastebin.ubuntu.com/446284/

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'lib/canonical/launchpad/security.py'
--- lib/canonical/launchpad/security.py 2010-06-07 12:01:14 +0000
+++ lib/canonical/launchpad/security.py 2010-06-08 13:20:48 +0000
@@ -132,6 +132,7 @@
132132
133133
134class AuthorizationBase:134class AuthorizationBase:
135
135 implements(IAuthorization)136 implements(IAuthorization)
136 permission = None137 permission = None
137 usedfor = None138 usedfor = None
@@ -176,6 +177,7 @@
176 By default, any logged-in user can see anything. More restrictive177 By default, any logged-in user can see anything. More restrictive
177 rulesets are defined in other IAuthorization implementations.178 rulesets are defined in other IAuthorization implementations.
178 """179 """
180
179 permission = 'launchpad.View'181 permission = 'launchpad.View'
180 usedfor = Interface182 usedfor = Interface
181183
@@ -186,6 +188,7 @@
186188
187class AnonymousAuthorization(AuthorizationBase):189class AnonymousAuthorization(AuthorizationBase):
188 """Allow any authenticated and unauthenticated user access."""190 """Allow any authenticated and unauthenticated user access."""
191
189 permission = 'launchpad.View'192 permission = 'launchpad.View'
190193
191 def checkUnauthenticated(self):194 def checkUnauthenticated(self):
@@ -198,6 +201,7 @@
198201
199202
200class AdminByAdminsTeam(AuthorizationBase):203class AdminByAdminsTeam(AuthorizationBase):
204
201 permission = 'launchpad.Admin'205 permission = 'launchpad.Admin'
202 usedfor = Interface206 usedfor = Interface
203207
@@ -206,6 +210,7 @@
206210
207211
208class AdminByCommercialTeamOrAdmins(AuthorizationBase):212class AdminByCommercialTeamOrAdmins(AuthorizationBase):
213
209 permission = 'launchpad.Commercial'214 permission = 'launchpad.Commercial'
210 usedfor = Interface215 usedfor = Interface
211216
@@ -214,6 +219,7 @@
214219
215220
216class EditByRegistryExpertsOrAdmins(AuthorizationBase):221class EditByRegistryExpertsOrAdmins(AuthorizationBase):
222
217 permission = 'launchpad.Edit'223 permission = 'launchpad.Edit'
218 usedfor = ILaunchpadRoot224 usedfor = ILaunchpadRoot
219225
@@ -222,6 +228,7 @@
222228
223229
224class ReviewByRegistryExpertsOrAdmins(AuthorizationBase):230class ReviewByRegistryExpertsOrAdmins(AuthorizationBase):
231
225 permission = 'launchpad.ProjectReview'232 permission = 'launchpad.ProjectReview'
226 usedfor = None233 usedfor = None
227234
@@ -230,27 +237,33 @@
230237
231238
232class ReviewProduct(ReviewByRegistryExpertsOrAdmins):239class ReviewProduct(ReviewByRegistryExpertsOrAdmins):
240
233 usedfor = IProduct241 usedfor = IProduct
234242
235243
236class ReviewProductSet(ReviewByRegistryExpertsOrAdmins):244class ReviewProductSet(ReviewByRegistryExpertsOrAdmins):
245
237 usedfor = IProductSet246 usedfor = IProductSet
238247
239248
240class ReviewProject(ReviewByRegistryExpertsOrAdmins):249class ReviewProject(ReviewByRegistryExpertsOrAdmins):
250
241 usedfor = IProjectGroup251 usedfor = IProjectGroup
242252
243253
244class ReviewProjectGroupSet(ReviewByRegistryExpertsOrAdmins):254class ReviewProjectGroupSet(ReviewByRegistryExpertsOrAdmins):
255
245 usedfor = IProjectGroupSet256 usedfor = IProjectGroupSet
246257
247258
248class ModeratePerson(ReviewByRegistryExpertsOrAdmins):259class ModeratePerson(ReviewByRegistryExpertsOrAdmins):
260
249 permission = 'launchpad.Moderate'261 permission = 'launchpad.Moderate'
250 usedfor = IPerson262 usedfor = IPerson
251263
252264
253class ViewPillar(AuthorizationBase):265class ViewPillar(AuthorizationBase):
266
254 usedfor = IPillar267 usedfor = IPillar
255 permission = 'launchpad.View'268 permission = 'launchpad.View'
256269
@@ -268,6 +281,7 @@
268281
269282
270class EditAccountBySelfOrAdmin(AuthorizationBase):283class EditAccountBySelfOrAdmin(AuthorizationBase):
284
271 permission = 'launchpad.Edit'285 permission = 'launchpad.Edit'
272 usedfor = IAccount286 usedfor = IAccount
273287
@@ -282,10 +296,12 @@
282296
283297
284class ViewAccount(EditAccountBySelfOrAdmin):298class ViewAccount(EditAccountBySelfOrAdmin):
299
285 permission = 'launchpad.View'300 permission = 'launchpad.View'
286301
287302
288class SpecialAccount(EditAccountBySelfOrAdmin):303class SpecialAccount(EditAccountBySelfOrAdmin):
304
289 permission = 'launchpad.Special'305 permission = 'launchpad.Special'
290306
291 def checkAuthenticated(self, user):307 def checkAuthenticated(self, user):
@@ -294,14 +310,16 @@
294310
295311
296class ModerateAccountByRegistryExpert(AuthorizationBase):312class ModerateAccountByRegistryExpert(AuthorizationBase):
313
314 permission = 'launchpad.Moderate'
297 usedfor = IAccount315 usedfor = IAccount
298 permission = 'launchpad.Moderate'
299316
300 def checkAuthenticated(self, user):317 def checkAuthenticated(self, user):
301 return user.in_admin or user.in_registry_experts318 return user.in_admin or user.in_registry_experts
302319
303320
304class EditOAuthAccessToken(AuthorizationBase):321class EditOAuthAccessToken(AuthorizationBase):
322
305 permission = 'launchpad.Edit'323 permission = 'launchpad.Edit'
306 usedfor = IOAuthAccessToken324 usedfor = IOAuthAccessToken
307325
@@ -310,11 +328,13 @@
310328
311329
312class EditOAuthRequestToken(EditOAuthAccessToken):330class EditOAuthRequestToken(EditOAuthAccessToken):
331
313 permission = 'launchpad.Edit'332 permission = 'launchpad.Edit'
314 usedfor = IOAuthRequestToken333 usedfor = IOAuthRequestToken
315334
316335
317class EditBugNominationStatus(AuthorizationBase):336class EditBugNominationStatus(AuthorizationBase):
337
318 permission = 'launchpad.Driver'338 permission = 'launchpad.Driver'
319 usedfor = IBugNomination339 usedfor = IBugNomination
320340
@@ -323,6 +343,7 @@
323343
324344
325class EditByOwnersOrAdmins(AuthorizationBase):345class EditByOwnersOrAdmins(AuthorizationBase):
346
326 permission = 'launchpad.Edit'347 permission = 'launchpad.Edit'
327 usedfor = IHasOwner348 usedfor = IHasOwner
328349
@@ -330,15 +351,28 @@
330 return user.isOwner(self.obj) or user.in_admin351 return user.isOwner(self.obj) or user.in_admin
331352
332353
333class EditProduct(EditByOwnersOrAdmins):354class EditByOwnersRegistryExpertsOrAdmins(AuthorizationBase):
355
356 permission = 'launchpad.Edit'
357
358 def checkAuthenticated(self, user):
359 return (user.isOwner(self.obj) or
360 user.in_registry_experts or
361 user.in_admin)
362
363
364class EditProduct(EditByOwnersRegistryExpertsOrAdmins):
365
334 usedfor = IProduct366 usedfor = IProduct
335367
336368
337class EditPackaging(EditByOwnersOrAdmins):369class EditPackaging(EditByOwnersOrAdmins):
370
338 usedfor = IPackaging371 usedfor = IPackaging
339372
340373
341class EditProductReleaseFile(AuthorizationBase):374class EditProductReleaseFile(AuthorizationBase):
375
342 permission = 'launchpad.Edit'376 permission = 'launchpad.Edit'
343 usedfor = IProductReleaseFile377 usedfor = IProductReleaseFile
344378
@@ -349,6 +383,7 @@
349383
350class AdminDistributionMirrorByDistroOwnerOrMirrorAdminsOrAdmins(384class AdminDistributionMirrorByDistroOwnerOrMirrorAdminsOrAdmins(
351 AuthorizationBase):385 AuthorizationBase):
386
352 permission = 'launchpad.Admin'387 permission = 'launchpad.Admin'
353 usedfor = IDistributionMirror388 usedfor = IDistributionMirror
354389
@@ -360,6 +395,7 @@
360395
361class EditDistributionMirrorByOwnerOrDistroOwnerOrMirrorAdminsOrAdmins(396class EditDistributionMirrorByOwnerOrDistroOwnerOrMirrorAdminsOrAdmins(
362 AuthorizationBase):397 AuthorizationBase):
398
363 permission = 'launchpad.Edit'399 permission = 'launchpad.Edit'
364 usedfor = IDistributionMirror400 usedfor = IDistributionMirror
365401
@@ -371,11 +407,13 @@
371407
372class ViewDistributionMirror(AnonymousAuthorization):408class ViewDistributionMirror(AnonymousAuthorization):
373 """Anyone can view an IDistributionMirror."""409 """Anyone can view an IDistributionMirror."""
410
374 usedfor = IDistributionMirror411 usedfor = IDistributionMirror
375412
376413
377class ViewMilestone(AnonymousAuthorization):414class ViewMilestone(AnonymousAuthorization):
378 """Anyone can view an IMilestone."""415 """Anyone can view an IMilestone."""
416
379 usedfor = IMilestone417 usedfor = IMilestone
380418
381419
@@ -426,6 +464,7 @@
426464
427465
428class AdminSpecification(AuthorizationBase):466class AdminSpecification(AuthorizationBase):
467
429 permission = 'launchpad.Admin'468 permission = 'launchpad.Admin'
430 usedfor = ISpecification469 usedfor = ISpecification
431470
@@ -437,6 +476,7 @@
437476
438477
439class DriverSpecification(AuthorizationBase):478class DriverSpecification(AuthorizationBase):
479
440 permission = 'launchpad.Driver'480 permission = 'launchpad.Driver'
441 usedfor = ISpecification481 usedfor = ISpecification
442482
@@ -455,6 +495,7 @@
455 """The sprint owner or driver can say what makes it onto the agenda for495 """The sprint owner or driver can say what makes it onto the agenda for
456 the sprint.496 the sprint.
457 """497 """
498
458 permission = 'launchpad.Driver'499 permission = 'launchpad.Driver'
459 usedfor = ISprintSpecification500 usedfor = ISprintSpecification
460501
@@ -467,6 +508,7 @@
467 """The sprint owner or driver can say what makes it onto the agenda for508 """The sprint owner or driver can say what makes it onto the agenda for
468 the sprint.509 the sprint.
469 """510 """
511
470 permission = 'launchpad.Driver'512 permission = 'launchpad.Driver'
471 usedfor = ISprint513 usedfor = ISprint
472514
@@ -478,6 +520,7 @@
478520
479class Sprint(AuthorizationBase):521class Sprint(AuthorizationBase):
480 """An attendee, owner, or driver of a sprint."""522 """An attendee, owner, or driver of a sprint."""
523
481 permission = 'launchpad.View'524 permission = 'launchpad.View'
482 usedfor = ISprint525 usedfor = ISprint
483526
@@ -492,6 +535,7 @@
492class EditSpecificationSubscription(AuthorizationBase):535class EditSpecificationSubscription(AuthorizationBase):
493 """The subscriber, and people related to the spec or the target of the536 """The subscriber, and people related to the spec or the target of the
494 spec can determine who is essential."""537 spec can determine who is essential."""
538
495 permission = 'launchpad.Edit'539 permission = 'launchpad.Edit'
496 usedfor = ISpecificationSubscription540 usedfor = ISpecificationSubscription
497541
@@ -519,6 +563,7 @@
519563
520564
521class AdminProjectTranslations(AuthorizationBase):565class AdminProjectTranslations(AuthorizationBase):
566
522 permission = 'launchpad.TranslationsAdmin'567 permission = 'launchpad.TranslationsAdmin'
523 usedfor = IProjectGroup568 usedfor = IProjectGroup
524569
@@ -534,6 +579,7 @@
534579
535580
536class AdminProductTranslations(AuthorizationBase):581class AdminProductTranslations(AuthorizationBase):
582
537 permission = 'launchpad.TranslationsAdmin'583 permission = 'launchpad.TranslationsAdmin'
538 usedfor = IProduct584 usedfor = IProduct
539585
@@ -548,7 +594,13 @@
548 user.in_admin)594 user.in_admin)
549595
550596
597class EditProject(EditByOwnersRegistryExpertsOrAdmins):
598
599 usedfor = IProjectGroup
600
601
551class EditProjectMilestoneNever(AuthorizationBase):602class EditProjectMilestoneNever(AuthorizationBase):
603
552 permission = 'launchpad.Edit'604 permission = 'launchpad.Edit'
553 usedfor = IProjectGroupMilestone605 usedfor = IProjectGroupMilestone
554606
@@ -558,6 +610,7 @@
558610
559611
560class EditMilestoneByTargetOwnerOrAdmins(AuthorizationBase):612class EditMilestoneByTargetOwnerOrAdmins(AuthorizationBase):
613
561 permission = 'launchpad.Edit'614 permission = 'launchpad.Edit'
562 usedfor = IMilestone615 usedfor = IMilestone
563616
@@ -575,6 +628,7 @@
575628
576629
577class AdminMilestoneByLaunchpadAdmins(AuthorizationBase):630class AdminMilestoneByLaunchpadAdmins(AuthorizationBase):
631
578 permission = 'launchpad.Admin'632 permission = 'launchpad.Admin'
579 usedfor = IMilestone633 usedfor = IMilestone
580634
@@ -586,11 +640,13 @@
586640
587641
588class ModeratePersonSetByExpertsOrAdmins(ReviewByRegistryExpertsOrAdmins):642class ModeratePersonSetByExpertsOrAdmins(ReviewByRegistryExpertsOrAdmins):
643
589 permission = 'launchpad.Moderate'644 permission = 'launchpad.Moderate'
590 usedfor = IPersonSet645 usedfor = IPersonSet
591646
592647
593class EditTeamByTeamOwnerOrLaunchpadAdmins(AuthorizationBase):648class EditTeamByTeamOwnerOrLaunchpadAdmins(AuthorizationBase):
649
594 permission = 'launchpad.Owner'650 permission = 'launchpad.Owner'
595 usedfor = ITeam651 usedfor = ITeam
596652
@@ -601,6 +657,7 @@
601657
602658
603class EditTeamByTeamOwnerOrTeamAdminsOrAdmins(AuthorizationBase):659class EditTeamByTeamOwnerOrTeamAdminsOrAdmins(AuthorizationBase):
660
604 permission = 'launchpad.Edit'661 permission = 'launchpad.Edit'
605 usedfor = ITeam662 usedfor = ITeam
606663
@@ -613,6 +670,7 @@
613670
614671
615class ModerateTeam(ReviewByRegistryExpertsOrAdmins):672class ModerateTeam(ReviewByRegistryExpertsOrAdmins):
673
616 permission = 'launchpad.Moderate'674 permission = 'launchpad.Moderate'
617 usedfor = ITeam675 usedfor = ITeam
618676
@@ -628,6 +686,7 @@
628686
629687
630class EditTeamMembershipByTeamOwnerOrTeamAdminsOrAdmins(AuthorizationBase):688class EditTeamMembershipByTeamOwnerOrTeamAdminsOrAdmins(AuthorizationBase):
689
631 permission = 'launchpad.Edit'690 permission = 'launchpad.Edit'
632 usedfor = ITeamMembership691 usedfor = ITeamMembership
633692
@@ -640,6 +699,7 @@
640# going to be used only on the webservice (which explicitly checks for699# going to be used only on the webservice (which explicitly checks for
641# launchpad.View) so that we don't leak memberships of private teams.700# launchpad.View) so that we don't leak memberships of private teams.
642class ViewTeamMembership(AuthorizationBase):701class ViewTeamMembership(AuthorizationBase):
702
643 permission = 'launchpad.View'703 permission = 'launchpad.View'
644 usedfor = ITeamMembership704 usedfor = ITeamMembership
645705
@@ -660,19 +720,23 @@
660 return False720 return False
661721
662722
663class EditPersonBySelfOrAdmins(AuthorizationBase):723class EditPersonBySelfRegistryExpertsOrAdmins(AuthorizationBase):
724
664 permission = 'launchpad.Edit'725 permission = 'launchpad.Edit'
665 usedfor = IPerson726 usedfor = IPerson
666727
667 def checkAuthenticated(self, user):728 def checkAuthenticated(self, user):
668 """A user can edit the Person who is herself.729 """A user can edit his or her own object.
669730
670 The admin team can also edit any Person.731 The registry experts or admin teams can also edit any Person.
671 """732 """
672 return self.obj.id == user.person.id or user.in_admin733 return (self.obj.id == user.person.id or
734 user.in_registry_experts or
735 user.in_admin)
673736
674737
675class EditTranslationsPersonByPerson(AuthorizationBase):738class EditTranslationsPersonByPerson(AuthorizationBase):
739
676 permission = 'launchpad.Edit'740 permission = 'launchpad.Edit'
677 usedfor = ITranslationsPerson741 usedfor = ITranslationsPerson
678742
@@ -682,6 +746,7 @@
682746
683747
684class ViewPersonLocation(AuthorizationBase):748class ViewPersonLocation(AuthorizationBase):
749
685 permission = 'launchpad.View'750 permission = 'launchpad.View'
686 usedfor = IPersonLocation751 usedfor = IPersonLocation
687752
@@ -696,6 +761,7 @@
696761
697762
698class EditPersonBySelf(AuthorizationBase):763class EditPersonBySelf(AuthorizationBase):
764
699 permission = 'launchpad.Special'765 permission = 'launchpad.Special'
700 usedfor = IPerson766 usedfor = IPerson
701767
@@ -710,6 +776,7 @@
710 Only members of a team with a private membership can view the776 Only members of a team with a private membership can view the
711 membership list.777 membership list.
712 """778 """
779
713 permission = 'launchpad.View'780 permission = 'launchpad.View'
714 usedfor = IPerson781 usedfor = IPerson
715782
@@ -740,17 +807,20 @@
740807
741class EditPollByTeamOwnerOrTeamAdminsOrAdmins(808class EditPollByTeamOwnerOrTeamAdminsOrAdmins(
742 EditTeamMembershipByTeamOwnerOrTeamAdminsOrAdmins):809 EditTeamMembershipByTeamOwnerOrTeamAdminsOrAdmins):
810
743 permission = 'launchpad.Edit'811 permission = 'launchpad.Edit'
744 usedfor = IPoll812 usedfor = IPoll
745813
746814
747class EditPollSubsetByTeamOwnerOrTeamAdminsOrAdmins(815class EditPollSubsetByTeamOwnerOrTeamAdminsOrAdmins(
748 EditPollByTeamOwnerOrTeamAdminsOrAdmins):816 EditPollByTeamOwnerOrTeamAdminsOrAdmins):
817
749 permission = 'launchpad.Edit'818 permission = 'launchpad.Edit'
750 usedfor = IPollSubset819 usedfor = IPollSubset
751820
752821
753class EditPollOptionByTeamOwnerOrTeamAdminsOrAdmins(AuthorizationBase):822class EditPollOptionByTeamOwnerOrTeamAdminsOrAdmins(AuthorizationBase):
823
754 permission = 'launchpad.Edit'824 permission = 'launchpad.Edit'
755 usedfor = IPollOption825 usedfor = IPollOption
756826
@@ -762,21 +832,21 @@
762 """Soyuz involves huge chunks of data in the archive and librarian,832 """Soyuz involves huge chunks of data in the archive and librarian,
763 so for the moment we are locking down admin and edit on distributions833 so for the moment we are locking down admin and edit on distributions
764 and distroseriess to the Launchpad admin team."""834 and distroseriess to the Launchpad admin team."""
835
765 permission = 'launchpad.Admin'836 permission = 'launchpad.Admin'
766 usedfor = IDistribution837 usedfor = IDistribution
767838
768839
769class EditDistributionByDistroOwnersOrAdmins(AuthorizationBase):840class EditDistributionByOwnersRegistryExpertsOrAdmins(
841 EditByOwnersRegistryExpertsOrAdmins):
770 """The owner of a distribution should be able to edit its842 """The owner of a distribution should be able to edit its
771 information; it is mainly administrative data, such as bug843 information; it is mainly administrative data, such as bug
772 contacts. Note that creation of new distributions and distribution844 contacts. Note that creation of new distributions and distribution
773 series is still protected with launchpad.Admin"""845 series is still protected with launchpad.Admin"""
846
774 permission = 'launchpad.Edit'847 permission = 'launchpad.Edit'
775 usedfor = IDistribution848 usedfor = IDistribution
776849
777 def checkAuthenticated(self, user):
778 return user.isOwner(self.obj) or user.in_admin
779
780850
781class AppendDistributionByDriversOrOwnersOrAdmins(AuthorizationBase):851class AppendDistributionByDriversOrOwnersOrAdmins(AuthorizationBase):
782 """Distribution drivers, owners, and admins may plan releases.852 """Distribution drivers, owners, and admins may plan releases.
@@ -784,6 +854,7 @@
784 Drivers of `IDerivativeDistribution`s can create series. Owners and854 Drivers of `IDerivativeDistribution`s can create series. Owners and
785 admins can create series for all `IDistribution`s.855 admins can create series for all `IDistribution`s.
786 """856 """
857
787 permission = 'launchpad.Append'858 permission = 'launchpad.Append'
788 usedfor = IDistribution859 usedfor = IDistribution
789860
@@ -798,6 +869,7 @@
798class EditDistributionSourcePackageByDistroOwnersOrAdmins(AuthorizationBase):869class EditDistributionSourcePackageByDistroOwnersOrAdmins(AuthorizationBase):
799 """The owner of a distribution should be able to edit its source870 """The owner of a distribution should be able to edit its source
800 package information"""871 package information"""
872
801 permission = 'launchpad.Edit'873 permission = 'launchpad.Edit'
802 usedfor = IDistributionSourcePackage874 usedfor = IDistributionSourcePackage
803875
@@ -816,6 +888,7 @@
816 files moved to the new namespace, and mirrors would get very very888 files moved to the new namespace, and mirrors would get very very
817 upset. Then James T would be on your case.889 upset. Then James T would be on your case.
818 """890 """
891
819 permission = 'launchpad.Admin'892 permission = 'launchpad.Admin'
820 usedfor = IDistroSeries893 usedfor = IDistroSeries
821894
@@ -828,6 +901,7 @@
828 please consult with Kiko and MDZ on the mailing list before modifying901 please consult with Kiko and MDZ on the mailing list before modifying
829 these permissions.902 these permissions.
830 """903 """
904
831 permission = 'launchpad.Edit'905 permission = 'launchpad.Edit'
832 usedfor = IDistroSeries906 usedfor = IDistroSeries
833907
@@ -844,11 +918,13 @@
844918
845class ViewDistroSeries(AnonymousAuthorization):919class ViewDistroSeries(AnonymousAuthorization):
846 """Anyone can view a DistroSeries."""920 """Anyone can view a DistroSeries."""
921
847 usedfor = IDistroSeries922 usedfor = IDistroSeries
848923
849924
850class ViewCountry(AnonymousAuthorization):925class ViewCountry(AnonymousAuthorization):
851 """Anyone can view a Country."""926 """Anyone can view a Country."""
927
852 usedfor = ICountry928 usedfor = ICountry
853929
854930
@@ -858,6 +934,7 @@
858 Drivers exist for distribution and product series. Distribution and934 Drivers exist for distribution and product series. Distribution and
859 product owners are implicitly drivers too.935 product owners are implicitly drivers too.
860 """936 """
937
861 permission = 'launchpad.Driver'938 permission = 'launchpad.Driver'
862 usedfor = IHasDrivers939 usedfor = IHasDrivers
863940
@@ -873,6 +950,7 @@
873950
874951
875class EditProductSeries(EditByOwnersOrAdmins):952class EditProductSeries(EditByOwnersOrAdmins):
953
876 usedfor = IProductSeries954 usedfor = IProductSeries
877955
878 def checkAuthenticated(self, user):956 def checkAuthenticated(self, user):
@@ -898,6 +976,7 @@
898 bugs. Allow only explicit subscribers to edit objects linked to976 bugs. Allow only explicit subscribers to edit objects linked to
899 private bugs.977 private bugs.
900 """978 """
979
901 permission = 'launchpad.Edit'980 permission = 'launchpad.Edit'
902 usedfor = IHasBug981 usedfor = IHasBug
903982
@@ -923,6 +1002,7 @@
9231002
9241003
925class PublicToAllOrPrivateToExplicitSubscribersForBugTask(AuthorizationBase):1004class PublicToAllOrPrivateToExplicitSubscribersForBugTask(AuthorizationBase):
1005
926 permission = 'launchpad.View'1006 permission = 'launchpad.View'
927 usedfor = IHasBug1007 usedfor = IHasBug
9281008
@@ -936,6 +1016,7 @@
9361016
937class EditPublicByLoggedInUserAndPrivateByExplicitSubscribers(1017class EditPublicByLoggedInUserAndPrivateByExplicitSubscribers(
938 AuthorizationBase):1018 AuthorizationBase):
1019
939 permission = 'launchpad.Edit'1020 permission = 'launchpad.Edit'
940 usedfor = IBug1021 usedfor = IBug
9411022
@@ -963,6 +1044,7 @@
9631044
9641045
965class PublicToAllOrPrivateToExplicitSubscribersForBug(AuthorizationBase):1046class PublicToAllOrPrivateToExplicitSubscribersForBug(AuthorizationBase):
1047
966 permission = 'launchpad.View'1048 permission = 'launchpad.View'
967 usedfor = IBug1049 usedfor = IBug
9681050
@@ -978,6 +1060,7 @@
9781060
9791061
980class EditBugBranch(EditPublicByLoggedInUserAndPrivateByExplicitSubscribers):1062class EditBugBranch(EditPublicByLoggedInUserAndPrivateByExplicitSubscribers):
1063
981 permission = 'launchpad.Edit'1064 permission = 'launchpad.Edit'
982 usedfor = IBugBranch1065 usedfor = IBugBranch
9831066
@@ -994,6 +1077,7 @@
994 If the user is authorized to view the bug, he's allowed to view the1077 If the user is authorized to view the bug, he's allowed to view the
995 attachment.1078 attachment.
996 """1079 """
1080
997 permission = 'launchpad.View'1081 permission = 'launchpad.View'
998 usedfor = IBugAttachment1082 usedfor = IBugAttachment
9991083
@@ -1009,6 +1093,7 @@
1009 If the user is authorized to view the bug, he's allowed to edit the1093 If the user is authorized to view the bug, he's allowed to edit the
1010 attachment.1094 attachment.
1011 """1095 """
1096
1012 permission = 'launchpad.Edit'1097 permission = 'launchpad.Edit'
1013 usedfor = IBugAttachment1098 usedfor = IBugAttachment
10141099
@@ -1028,6 +1113,7 @@
10281113
10291114
1030class ViewAnnouncement(AuthorizationBase):1115class ViewAnnouncement(AuthorizationBase):
1116
1031 permission = 'launchpad.View'1117 permission = 'launchpad.View'
1032 usedfor = IAnnouncement1118 usedfor = IAnnouncement
10331119
@@ -1054,6 +1140,7 @@
10541140
10551141
1056class EditAnnouncement(AuthorizationBase):1142class EditAnnouncement(AuthorizationBase):
1143
1057 permission = 'launchpad.Edit'1144 permission = 'launchpad.Edit'
1058 usedfor = IAnnouncement1145 usedfor = IAnnouncement
10591146
@@ -1067,6 +1154,7 @@
10671154
10681155
1069class UseApiDoc(AuthorizationBase):1156class UseApiDoc(AuthorizationBase):
1157
1070 permission = 'zope.app.apidoc.UseAPIDoc'1158 permission = 'zope.app.apidoc.UseAPIDoc'
1071 usedfor = Interface1159 usedfor = Interface
10721160
@@ -1096,6 +1184,7 @@
1096 Currently, we restrict the visibility of the new code import1184 Currently, we restrict the visibility of the new code import
1097 system to members of ~vcs-imports and Launchpad admins.1185 system to members of ~vcs-imports and Launchpad admins.
1098 """1186 """
1187
1099 permission = 'launchpad.Edit'1188 permission = 'launchpad.Edit'
1100 usedfor = ICodeImport1189 usedfor = ICodeImport
11011190
@@ -1106,6 +1195,7 @@
1106 Currently, we restrict the visibility of the new code import1195 Currently, we restrict the visibility of the new code import
1107 system to members of ~vcs-imports and Launchpad admins.1196 system to members of ~vcs-imports and Launchpad admins.
1108 """1197 """
1198
1109 permission = 'launchpad.View'1199 permission = 'launchpad.View'
1110 usedfor = ICodeImportJobSet1200 usedfor = ICodeImportJobSet
11111201
@@ -1116,6 +1206,7 @@
1116 Currently, we restrict the visibility of the new code import1206 Currently, we restrict the visibility of the new code import
1117 system to members of ~vcs-imports and Launchpad admins.1207 system to members of ~vcs-imports and Launchpad admins.
1118 """1208 """
1209
1119 permission = 'launchpad.Edit'1210 permission = 'launchpad.Edit'
1120 usedfor = ICodeImportJobWorkflow1211 usedfor = ICodeImportJobWorkflow
11211212
@@ -1125,6 +1216,7 @@
11251216
1126 Access is restricted to members of ~bazaar-experts and Launchpad admins.1217 Access is restricted to members of ~bazaar-experts and Launchpad admins.
1127 """1218 """
1219
1128 permission = 'launchpad.Edit'1220 permission = 'launchpad.Edit'
1129 usedfor = ICodeImportMachine1221 usedfor = ICodeImportMachine
11301222
@@ -1137,6 +1229,7 @@
1137 and limits access to Rosetta experts, Launchpad admins and distribution1229 and limits access to Rosetta experts, Launchpad admins and distribution
1138 translation group owner.1230 translation group owner.
1139 """1231 """
1232
1140 permission = 'launchpad.TranslationsAdmin'1233 permission = 'launchpad.TranslationsAdmin'
1141 usedfor = IDistribution1234 usedfor = IDistribution
11421235
@@ -1154,12 +1247,13 @@
1154 return True1247 return True
1155 else:1248 else:
1156 return (user.in_rosetta_experts or1249 return (user.in_rosetta_experts or
1157 EditDistributionByDistroOwnersOrAdmins(1250 EditByOwnersOrAdmins(
1158 self.obj).checkAuthenticated(user))1251 self.obj).checkAuthenticated(user))
11591252
11601253
1161class ViewPOTemplates(AnonymousAuthorization):1254class ViewPOTemplates(AnonymousAuthorization):
1162 """Anyone can view an IPOTemplate."""1255 """Anyone can view an IPOTemplate."""
1256
1163 usedfor = IPOTemplate1257 usedfor = IPOTemplate
11641258
11651259
@@ -1191,6 +1285,7 @@
11911285
11921286
1193class EditPOTemplateDetails(AdminPOTemplateDetails, EditByOwnersOrAdmins):1287class EditPOTemplateDetails(AdminPOTemplateDetails, EditByOwnersOrAdmins):
1288
1194 permission = 'launchpad.Edit'1289 permission = 'launchpad.Edit'
1195 usedfor = IPOTemplate1290 usedfor = IPOTemplate
11961291
@@ -1211,16 +1306,19 @@
1211# XXX: Carlos Perello Marin 2005-05-24 bug=753:1306# XXX: Carlos Perello Marin 2005-05-24 bug=753:
1212# This should be using SuperSpecialPermissions when implemented.1307# This should be using SuperSpecialPermissions when implemented.
1213class AddPOTemplate(OnlyRosettaExpertsAndAdmins):1308class AddPOTemplate(OnlyRosettaExpertsAndAdmins):
1309
1214 permission = 'launchpad.Append'1310 permission = 'launchpad.Append'
1215 usedfor = IProductSeries1311 usedfor = IProductSeries
12161312
12171313
1218class ViewPOFile(AnonymousAuthorization):1314class ViewPOFile(AnonymousAuthorization):
1219 """Anyone can view an IPOFile."""1315 """Anyone can view an IPOFile."""
1316
1220 usedfor = IPOFile1317 usedfor = IPOFile
12211318
12221319
1223class EditPOFileDetails(EditByOwnersOrAdmins):1320class EditPOFileDetails(EditByOwnersOrAdmins):
1321
1224 usedfor = IPOFile1322 usedfor = IPOFile
12251323
1226 def checkAuthenticated(self, user):1324 def checkAuthenticated(self, user):
@@ -1233,6 +1331,7 @@
12331331
12341332
1235class AdminTranslator(OnlyRosettaExpertsAndAdmins):1333class AdminTranslator(OnlyRosettaExpertsAndAdmins):
1334
1236 permission = 'launchpad.Admin'1335 permission = 'launchpad.Admin'
1237 usedfor = ITranslator1336 usedfor = ITranslator
12381337
@@ -1244,6 +1343,7 @@
12441343
12451344
1246class EditTranslator(OnlyRosettaExpertsAndAdmins):1345class EditTranslator(OnlyRosettaExpertsAndAdmins):
1346
1247 permission = 'launchpad.Edit'1347 permission = 'launchpad.Edit'
1248 usedfor = IEditTranslator1348 usedfor = IEditTranslator
12491349
@@ -1256,6 +1356,7 @@
12561356
12571357
1258class EditTranslationGroup(OnlyRosettaExpertsAndAdmins):1358class EditTranslationGroup(OnlyRosettaExpertsAndAdmins):
1359
1259 permission = 'launchpad.Edit'1360 permission = 'launchpad.Edit'
1260 usedfor = ITranslationGroup1361 usedfor = ITranslationGroup
12611362
@@ -1267,6 +1368,7 @@
12671368
12681369
1269class EditTranslationGroupSet(OnlyRosettaExpertsAndAdmins):1370class EditTranslationGroupSet(OnlyRosettaExpertsAndAdmins):
1371
1270 permission = 'launchpad.Admin'1372 permission = 'launchpad.Admin'
1271 usedfor = ITranslationGroupSet1373 usedfor = ITranslationGroupSet
12721374
@@ -1312,10 +1414,12 @@
13121414
1313class ViewBugTracker(AnonymousAuthorization):1415class ViewBugTracker(AnonymousAuthorization):
1314 """Anyone can view a bug tracker."""1416 """Anyone can view a bug tracker."""
1417
1315 usedfor = IBugTracker1418 usedfor = IBugTracker
13161419
13171420
1318class EditBugTracker(AuthorizationBase):1421class EditBugTracker(AuthorizationBase):
1422
1319 permission = 'launchpad.Edit'1423 permission = 'launchpad.Edit'
1320 usedfor = IBugTracker1424 usedfor = IBugTracker
13211425
@@ -1325,6 +1429,7 @@
13251429
13261430
1327class EditProductRelease(EditByOwnersOrAdmins):1431class EditProductRelease(EditByOwnersOrAdmins):
1432
1328 permission = 'launchpad.Edit'1433 permission = 'launchpad.Edit'
1329 usedfor = IProductRelease1434 usedfor = IProductRelease
13301435
@@ -1344,6 +1449,7 @@
13441449
13451450
1346class AdminTranslationImportQueueEntry(AuthorizationBase):1451class AdminTranslationImportQueueEntry(AuthorizationBase):
1452
1347 permission = 'launchpad.Admin'1453 permission = 'launchpad.Admin'
1348 usedfor = ITranslationImportQueueEntry1454 usedfor = ITranslationImportQueueEntry
13491455
@@ -1352,6 +1458,7 @@
13521458
13531459
1354class EditTranslationImportQueueEntry(AuthorizationBase):1460class EditTranslationImportQueueEntry(AuthorizationBase):
1461
1355 permission = 'launchpad.Edit'1462 permission = 'launchpad.Edit'
1356 usedfor = ITranslationImportQueueEntry1463 usedfor = ITranslationImportQueueEntry
13571464
@@ -1363,11 +1470,13 @@
13631470
13641471
1365class AdminTranslationImportQueue(OnlyRosettaExpertsAndAdmins):1472class AdminTranslationImportQueue(OnlyRosettaExpertsAndAdmins):
1473
1366 permission = 'launchpad.Admin'1474 permission = 'launchpad.Admin'
1367 usedfor = ITranslationImportQueue1475 usedfor = ITranslationImportQueue
13681476
13691477
1370class EditPackageUploadQueue(AdminByAdminsTeam):1478class EditPackageUploadQueue(AdminByAdminsTeam):
1479
1371 permission = 'launchpad.Edit'1480 permission = 'launchpad.Edit'
1372 usedfor = IPackageUploadQueue1481 usedfor = IPackageUploadQueue
13731482
@@ -1384,6 +1493,7 @@
13841493
13851494
1386class EditPackageUpload(AdminByAdminsTeam):1495class EditPackageUpload(AdminByAdminsTeam):
1496
1387 permission = 'launchpad.Edit'1497 permission = 'launchpad.Edit'
1388 usedfor = IPackageUpload1498 usedfor = IPackageUpload
13891499
@@ -1416,6 +1526,7 @@
14161526
14171527
1418class AdminByBuilddAdmin(AuthorizationBase):1528class AdminByBuilddAdmin(AuthorizationBase):
1529
1419 permission = 'launchpad.Admin'1530 permission = 'launchpad.Admin'
14201531
1421 def checkAuthenticated(self, user):1532 def checkAuthenticated(self, user):
@@ -1424,10 +1535,12 @@
14241535
14251536
1426class AdminBuilderSet(AdminByBuilddAdmin):1537class AdminBuilderSet(AdminByBuilddAdmin):
1538
1427 usedfor = IBuilderSet1539 usedfor = IBuilderSet
14281540
14291541
1430class AdminBuilder(AdminByBuilddAdmin):1542class AdminBuilder(AdminByBuilddAdmin):
1543
1431 usedfor = IBuilder1544 usedfor = IBuilder
14321545
14331546
@@ -1435,20 +1548,24 @@
1435# in the original plan, we should grant some rights to the owners and1548# in the original plan, we should grant some rights to the owners and
1436# that's what Edit is for.1549# that's what Edit is for.
1437class EditBuilder(AdminByBuilddAdmin):1550class EditBuilder(AdminByBuilddAdmin):
1551
1438 permission = 'launchpad.Edit'1552 permission = 'launchpad.Edit'
1439 usedfor = IBuilder1553 usedfor = IBuilder
14401554
14411555
1442class AdminBuildRecord(AdminByBuilddAdmin):1556class AdminBuildRecord(AdminByBuilddAdmin):
1557
1443 usedfor = IBuildFarmJob1558 usedfor = IBuildFarmJob
14441559
14451560
1446class EditBuildFarmJob(AdminByBuilddAdmin):1561class EditBuildFarmJob(AdminByBuilddAdmin):
1562
1447 permission = 'launchpad.Edit'1563 permission = 'launchpad.Edit'
1448 usedfor = IBuildFarmJob1564 usedfor = IBuildFarmJob
14491565
14501566
1451class EditPackageBuild(EditBuildFarmJob):1567class EditPackageBuild(EditBuildFarmJob):
1568
1452 usedfor = IPackageBuild1569 usedfor = IPackageBuild
14531570
1454 def checkAuthenticated(self, user):1571 def checkAuthenticated(self, user):
@@ -1463,6 +1580,7 @@
1463 user.inTeam(self.obj.archive.owner))1580 user.inTeam(self.obj.archive.owner))
14641581
1465class EditBinaryPackageBuild(EditPackageBuild):1582class EditBinaryPackageBuild(EditPackageBuild):
1583
1466 permission = 'launchpad.Edit'1584 permission = 'launchpad.Edit'
1467 usedfor = IBinaryPackageBuild1585 usedfor = IBinaryPackageBuild
14681586
@@ -1492,6 +1610,7 @@
14921610
14931611
1494class ViewBinaryPackageBuild(EditBinaryPackageBuild):1612class ViewBinaryPackageBuild(EditBinaryPackageBuild):
1613
1495 permission = 'launchpad.View'1614 permission = 'launchpad.View'
14961615
1497 # This code MUST match the logic in1616 # This code MUST match the logic in
@@ -1539,6 +1658,7 @@
1539 This permission is based entirely on permission to view the1658 This permission is based entirely on permission to view the
1540 associated `IBinaryPackageBuild` and/or `IBranch`.1659 associated `IBinaryPackageBuild` and/or `IBranch`.
1541 """1660 """
1661
1542 permission = 'launchpad.View'1662 permission = 'launchpad.View'
1543 usedfor = IBuildFarmJobOld1663 usedfor = IBuildFarmJobOld
15441664
@@ -1581,6 +1701,7 @@
15811701
15821702
1583class AdminQuestion(AdminByAdminsTeam):1703class AdminQuestion(AdminByAdminsTeam):
1704
1584 permission = 'launchpad.Admin'1705 permission = 'launchpad.Admin'
1585 usedfor = IQuestion1706 usedfor = IQuestion
15861707
@@ -1592,6 +1713,7 @@
15921713
15931714
1594class ModerateQuestion(AdminQuestion):1715class ModerateQuestion(AdminQuestion):
1716
1595 permission = 'launchpad.Moderate'1717 permission = 'launchpad.Moderate'
1596 usedfor = IQuestion1718 usedfor = IQuestion
15971719
@@ -1606,6 +1728,7 @@
16061728
16071729
1608class QuestionOwner(AuthorizationBase):1730class QuestionOwner(AuthorizationBase):
1731
1609 permission = 'launchpad.Owner'1732 permission = 'launchpad.Owner'
1610 usedfor = IQuestion1733 usedfor = IQuestion
16111734
@@ -1615,6 +1738,7 @@
16151738
16161739
1617class ModerateFAQTarget(EditByOwnersOrAdmins):1740class ModerateFAQTarget(EditByOwnersOrAdmins):
1741
1618 permission = 'launchpad.Moderate'1742 permission = 'launchpad.Moderate'
1619 usedfor = IFAQTarget1743 usedfor = IFAQTarget
16201744
@@ -1630,6 +1754,7 @@
16301754
16311755
1632class EditFAQ(AuthorizationBase):1756class EditFAQ(AuthorizationBase):
1757
1633 permission = 'launchpad.Edit'1758 permission = 'launchpad.Edit'
1634 usedfor = IFAQ1759 usedfor = IFAQ
16351760
@@ -1649,20 +1774,24 @@
16491774
1650class ViewLanguageSet(AnonymousAuthorization):1775class ViewLanguageSet(AnonymousAuthorization):
1651 """Anyone can view an ILangaugeSet."""1776 """Anyone can view an ILangaugeSet."""
1777
1652 usedfor = ILanguageSet1778 usedfor = ILanguageSet
16531779
16541780
1655class AdminLanguageSet(OnlyRosettaExpertsAndAdmins):1781class AdminLanguageSet(OnlyRosettaExpertsAndAdmins):
1782
1656 permission = 'launchpad.Admin'1783 permission = 'launchpad.Admin'
1657 usedfor = ILanguageSet1784 usedfor = ILanguageSet
16581785
16591786
1660class ViewLanguage(AnonymousAuthorization):1787class ViewLanguage(AnonymousAuthorization):
1661 """Anyone can view an ILangauge."""1788 """Anyone can view an ILangauge."""
1789
1662 usedfor = ILanguage1790 usedfor = ILanguage
16631791
16641792
1665class AdminLanguage(OnlyRosettaExpertsAndAdmins):1793class AdminLanguage(OnlyRosettaExpertsAndAdmins):
1794
1666 permission = 'launchpad.Admin'1795 permission = 'launchpad.Admin'
1667 usedfor = ILanguage1796 usedfor = ILanguage
16681797
@@ -1674,6 +1803,7 @@
1674 of the branch, they are in the team that owns the branch, subscribed to1803 of the branch, they are in the team that owns the branch, subscribed to
1675 the branch, or a launchpad administrator.1804 the branch, or a launchpad administrator.
1676 """1805 """
1806
1677 permission = 'launchpad.View'1807 permission = 'launchpad.View'
1678 usedfor = IBranch1808 usedfor = IBranch
16791809
@@ -1686,6 +1816,7 @@
16861816
1687class EditBranch(AuthorizationBase):1817class EditBranch(AuthorizationBase):
1688 """The owner, bazaar experts or admins can edit branches."""1818 """The owner, bazaar experts or admins can edit branches."""
1819
1689 permission = 'launchpad.Edit'1820 permission = 'launchpad.Edit'
1690 usedfor = IBranch1821 usedfor = IBranch
16911822
@@ -1734,6 +1865,7 @@
17341865
1735class AdminBranch(AuthorizationBase):1866class AdminBranch(AuthorizationBase):
1736 """The bazaar experts or admins can administer branches."""1867 """The bazaar experts or admins can administer branches."""
1868
1737 permission = 'launchpad.Admin'1869 permission = 'launchpad.Admin'
1738 usedfor = IBranch1870 usedfor = IBranch
17391871
@@ -1743,6 +1875,7 @@
17431875
17441876
1745class AdminDistroSeriesTranslations(AuthorizationBase):1877class AdminDistroSeriesTranslations(AuthorizationBase):
1878
1746 permission = 'launchpad.TranslationsAdmin'1879 permission = 'launchpad.TranslationsAdmin'
1747 usedfor = IDistroSeries1880 usedfor = IDistroSeries
17481881
@@ -1757,6 +1890,7 @@
17571890
17581891
1759class BranchMergeProposalView(AuthorizationBase):1892class BranchMergeProposalView(AuthorizationBase):
1893
1760 permission = 'launchpad.View'1894 permission = 'launchpad.View'
1761 usedfor = IBranchMergeProposal1895 usedfor = IBranchMergeProposal
17621896
@@ -1781,6 +1915,7 @@
17811915
17821916
1783class PreviewDiffView(AuthorizationBase):1917class PreviewDiffView(AuthorizationBase):
1918
1784 permission = 'launchpad.View'1919 permission = 'launchpad.View'
1785 usedfor = IPreviewDiff1920 usedfor = IPreviewDiff
17861921
@@ -1804,6 +1939,7 @@
18041939
18051940
1806class CodeReviewVoteReferenceEdit(AuthorizationBase):1941class CodeReviewVoteReferenceEdit(AuthorizationBase):
1942
1807 permission = 'launchpad.Edit'1943 permission = 'launchpad.Edit'
1808 usedfor = ICodeReviewVoteReference1944 usedfor = ICodeReviewVoteReference
18091945
@@ -1825,6 +1961,7 @@
18251961
18261962
1827class CodeReviewCommentView(AuthorizationBase):1963class CodeReviewCommentView(AuthorizationBase):
1964
1828 permission = 'launchpad.View'1965 permission = 'launchpad.View'
1829 usedfor = ICodeReviewComment1966 usedfor = ICodeReviewComment
18301967
@@ -1848,6 +1985,7 @@
18481985
18491986
1850class CodeReviewCommentDelete(AuthorizationBase):1987class CodeReviewCommentDelete(AuthorizationBase):
1988
1851 permission = 'launchpad.Edit'1989 permission = 'launchpad.Edit'
1852 usedfor = ICodeReviewCommentDeletion1990 usedfor = ICodeReviewCommentDeletion
18531991
@@ -1871,6 +2009,7 @@
18712009
18722010
1873class BranchMergeProposalEdit(AuthorizationBase):2011class BranchMergeProposalEdit(AuthorizationBase):
2012
1874 permission = 'launchpad.Edit'2013 permission = 'launchpad.Edit'
1875 usedfor = IBranchMergeProposal2014 usedfor = IBranchMergeProposal
18762015
@@ -1896,6 +2035,7 @@
1896 Allow the owner of the entitlement, the entitlement registrant,2035 Allow the owner of the entitlement, the entitlement registrant,
1897 or any member of the team or any admin to view the entitlement.2036 or any member of the team or any admin to view the entitlement.
1898 """2037 """
2038
1899 permission = 'launchpad.View'2039 permission = 'launchpad.View'
1900 usedfor = IEntitlement2040 usedfor = IEntitlement
19012041
@@ -1913,6 +2053,7 @@
1913class AdminDistroSeriesLanguagePacks(2053class AdminDistroSeriesLanguagePacks(
1914 OnlyRosettaExpertsAndAdmins,2054 OnlyRosettaExpertsAndAdmins,
1915 EditDistroSeriesByOwnersOrDistroOwnersOrAdmins):2055 EditDistroSeriesByOwnersOrDistroOwnersOrAdmins):
2056
1916 permission = 'launchpad.LanguagePacksAdmin'2057 permission = 'launchpad.LanguagePacksAdmin'
1917 usedfor = IDistroSeries2058 usedfor = IDistroSeries
19182059
@@ -1931,11 +2072,13 @@
19312072
19322073
1933class AdminLanguagePack(OnlyRosettaExpertsAndAdmins):2074class AdminLanguagePack(OnlyRosettaExpertsAndAdmins):
2075
1934 permission = 'launchpad.LanguagePacksAdmin'2076 permission = 'launchpad.LanguagePacksAdmin'
1935 usedfor = ILanguagePack2077 usedfor = ILanguagePack
19362078
19372079
1938class ViewHWSubmission(AuthorizationBase):2080class ViewHWSubmission(AuthorizationBase):
2081
1939 permission = 'launchpad.View'2082 permission = 'launchpad.View'
1940 usedfor = IHWSubmission2083 usedfor = IHWSubmission
19412084
@@ -1956,6 +2099,7 @@
19562099
19572100
1958class EditHWSubmission(AdminByAdminsTeam):2101class EditHWSubmission(AdminByAdminsTeam):
2102
1959 permission = 'launchpad.Edit'2103 permission = 'launchpad.Edit'
1960 usedfor = IHWSubmission2104 usedfor = IHWSubmission
19612105
@@ -1963,6 +2107,7 @@
1963class ViewHWDBBase(AuthorizationBase):2107class ViewHWDBBase(AuthorizationBase):
1964 """Base class to restrict access to HWDB data to members of the HWDB team.2108 """Base class to restrict access to HWDB data to members of the HWDB team.
1965 """2109 """
2110
1966 permission = 'launchpad.View'2111 permission = 'launchpad.View'
19672112
1968 def checkAuthenticated(self, user):2113 def checkAuthenticated(self, user):
@@ -1975,34 +2120,42 @@
19752120
19762121
1977class ViewHWDriver(ViewHWDBBase):2122class ViewHWDriver(ViewHWDBBase):
2123
1978 usedfor = IHWDriver2124 usedfor = IHWDriver
19792125
19802126
1981class ViewHWDriverName(ViewHWDBBase):2127class ViewHWDriverName(ViewHWDBBase):
2128
1982 usedfor = IHWDriverName2129 usedfor = IHWDriverName
19832130
19842131
1985class ViewHWDriverPackageName(ViewHWDBBase):2132class ViewHWDriverPackageName(ViewHWDBBase):
2133
1986 usedfor = IHWDriverPackageName2134 usedfor = IHWDriverPackageName
19872135
19882136
1989class ViewHWVendorID(ViewHWDBBase):2137class ViewHWVendorID(ViewHWDBBase):
2138
1990 usedfor = IHWVendorID2139 usedfor = IHWVendorID
19912140
19922141
1993class ViewHWDevice(ViewHWDBBase):2142class ViewHWDevice(ViewHWDBBase):
2143
1994 usedfor = IHWDevice2144 usedfor = IHWDevice
19952145
19962146
1997class ViewHWSubmissionDevice(ViewHWDBBase):2147class ViewHWSubmissionDevice(ViewHWDBBase):
2148
1998 usedfor = IHWSubmissionDevice2149 usedfor = IHWSubmissionDevice
19992150
20002151
2001class ViewHWDBApplication(ViewHWDBBase):2152class ViewHWDBApplication(ViewHWDBBase):
2153
2002 usedfor = IHWDBApplication2154 usedfor = IHWDBApplication
20032155
20042156
2005class ViewHWDeviceClass(ViewHWDBBase):2157class ViewHWDeviceClass(ViewHWDBBase):
2158
2006 usedfor = IHWDeviceClass2159 usedfor = IHWDeviceClass
20072160
20082161
@@ -2012,6 +2165,7 @@
2012 Only admins or members of a team with a private membership can2165 Only admins or members of a team with a private membership can
2013 view the archive.2166 view the archive.
2014 """2167 """
2168
2015 permission = 'launchpad.View'2169 permission = 'launchpad.View'
2016 usedfor = IArchive2170 usedfor = IArchive
20172171
@@ -2059,6 +2213,7 @@
2059 Appending to ubuntu main archives can also be done by the2213 Appending to ubuntu main archives can also be done by the
2060 'ubuntu-security' celebrity.2214 'ubuntu-security' celebrity.
2061 """2215 """
2216
2062 permission = 'launchpad.Append'2217 permission = 'launchpad.Append'
2063 usedfor = IArchive2218 usedfor = IArchive
20642219
@@ -2087,6 +2242,7 @@
2087 The user just needs to be mentioned in the token, have append privilege2242 The user just needs to be mentioned in the token, have append privilege
2088 to the archive or be an admin.2243 to the archive or be an admin.
2089 """2244 """
2245
2090 permission = "launchpad.View"2246 permission = "launchpad.View"
2091 usedfor = IArchiveAuthToken2247 usedfor = IArchiveAuthToken
20922248
@@ -2103,6 +2259,7 @@
2103 The user should have append privileges to the context archive, or be an2259 The user should have append privileges to the context archive, or be an
2104 admin.2260 admin.
2105 """2261 """
2262
2106 permission = "launchpad.Edit"2263 permission = "launchpad.Edit"
2107 usedfor = IArchiveAuthToken2264 usedfor = IArchiveAuthToken
21082265
@@ -2119,6 +2276,7 @@
2119 The user should be the subscriber, have append privilege to the archive2276 The user should be the subscriber, have append privilege to the archive
2120 or be an admin.2277 or be an admin.
2121 """2278 """
2279
2122 permission = "launchpad.View"2280 permission = "launchpad.View"
2123 usedfor = IPersonalArchiveSubscription2281 usedfor = IPersonalArchiveSubscription
21242282
@@ -2139,6 +2297,7 @@
2139 The user should be the subscriber, have append privilege to the2297 The user should be the subscriber, have append privilege to the
2140 archive or be an admin.2298 archive or be an admin.
2141 """2299 """
2300
2142 permission = "launchpad.View"2301 permission = "launchpad.View"
2143 usedfor = IArchiveSubscriber2302 usedfor = IArchiveSubscriber
21442303
@@ -2154,6 +2313,7 @@
21542313
2155 The user should have append privilege to the archive or be an admin.2314 The user should have append privilege to the archive or be an admin.
2156 """2315 """
2316
2157 permission = "launchpad.Edit"2317 permission = "launchpad.Edit"
2158 usedfor = IArchiveSubscriber2318 usedfor = IArchiveSubscriber
21592319
@@ -2212,6 +2372,7 @@
22122372
2213class ViewSourcePackagePublishingHistory(ViewArchive):2373class ViewSourcePackagePublishingHistory(ViewArchive):
2214 """Restrict viewing of source publications."""2374 """Restrict viewing of source publications."""
2375
2215 permission = "launchpad.View"2376 permission = "launchpad.View"
2216 usedfor = ISourcePackagePublishingHistory2377 usedfor = ISourcePackagePublishingHistory
22172378
@@ -2221,6 +2382,7 @@
22212382
2222class EditPublishing(AuthorizationBase):2383class EditPublishing(AuthorizationBase):
2223 """Restrict editing of source and binary packages.."""2384 """Restrict editing of source and binary packages.."""
2385
2224 permission = "launchpad.Edit"2386 permission = "launchpad.Edit"
2225 usedfor = IPublishingEdit2387 usedfor = IPublishingEdit
22262388
@@ -2230,12 +2392,14 @@
22302392
2231class ViewBinaryPackagePublishingHistory(ViewSourcePackagePublishingHistory):2393class ViewBinaryPackagePublishingHistory(ViewSourcePackagePublishingHistory):
2232 """Restrict viewing of binary publications."""2394 """Restrict viewing of binary publications."""
2395
2233 usedfor = IBinaryPackagePublishingHistory2396 usedfor = IBinaryPackagePublishingHistory
22342397
22352398
2236class ViewBinaryPackageReleaseDownloadCount(2399class ViewBinaryPackageReleaseDownloadCount(
2237 ViewSourcePackagePublishingHistory):2400 ViewSourcePackagePublishingHistory):
2238 """Restrict viewing of binary package download counts."""2401 """Restrict viewing of binary package download counts."""
2402
2239 usedfor = IBinaryPackageReleaseDownloadCount2403 usedfor = IBinaryPackageReleaseDownloadCount
22402404
22412405
@@ -2249,6 +2413,7 @@
2249 automatically viewable even if the package is also published in2413 automatically viewable even if the package is also published in
2250 a private archive.2414 a private archive.
2251 """2415 """
2416
2252 permission = 'launchpad.View'2417 permission = 'launchpad.View'
2253 usedfor = ISourcePackageRelease2418 usedfor = ISourcePackageRelease
22542419
@@ -2273,6 +2438,7 @@
22732438
22742439
2275class MailingListApprovalByExperts(AuthorizationBase):2440class MailingListApprovalByExperts(AuthorizationBase):
2441
2276 permission = 'launchpad.Admin'2442 permission = 'launchpad.Admin'
2277 usedfor = IMailingListSet2443 usedfor = IMailingListSet
22782444
@@ -2281,6 +2447,7 @@
22812447
22822448
2283class ConfigureTeamMailingList(AuthorizationBase):2449class ConfigureTeamMailingList(AuthorizationBase):
2450
2284 permission = 'launchpad.MailingListManager'2451 permission = 'launchpad.MailingListManager'
2285 usedfor = ITeam2452 usedfor = ITeam
22862453
@@ -2305,6 +2472,7 @@
23052472
23062473
2307class ViewEmailAddress(AuthorizationBase):2474class ViewEmailAddress(AuthorizationBase):
2475
2308 permission = 'launchpad.View'2476 permission = 'launchpad.View'
2309 usedfor = IEmailAddress2477 usedfor = IEmailAddress
23102478
@@ -2342,6 +2510,7 @@
23422510
23432511
2344class EditEmailAddress(EditByOwnersOrAdmins):2512class EditEmailAddress(EditByOwnersOrAdmins):
2513
2345 permission = 'launchpad.Edit'2514 permission = 'launchpad.Edit'
2346 usedfor = IEmailAddress2515 usedfor = IEmailAddress
23472516
@@ -2354,18 +2523,22 @@
23542523
23552524
2356class ViewGPGKey(AnonymousAuthorization):2525class ViewGPGKey(AnonymousAuthorization):
2526
2357 usedfor = IGPGKey2527 usedfor = IGPGKey
23582528
23592529
2360class ViewIrcID(AnonymousAuthorization):2530class ViewIrcID(AnonymousAuthorization):
2531
2361 usedfor = IIrcID2532 usedfor = IIrcID
23622533
23632534
2364class ViewWikiName(AnonymousAuthorization):2535class ViewWikiName(AnonymousAuthorization):
2536
2365 usedfor = IWikiName2537 usedfor = IWikiName
23662538
23672539
2368class EditArchivePermissionSet(AuthorizationBase):2540class EditArchivePermissionSet(AuthorizationBase):
2541
2369 permission = 'launchpad.Edit'2542 permission = 'launchpad.Edit'
2370 usedfor = IArchivePermissionSet2543 usedfor = IArchivePermissionSet
23712544
@@ -2407,6 +2580,7 @@
24072580
24082581
2409class EditPackageset(AuthorizationBase):2582class EditPackageset(AuthorizationBase):
2583
2410 permission = 'launchpad.Edit'2584 permission = 'launchpad.Edit'
2411 usedfor = IPackageset2585 usedfor = IPackageset
24122586
@@ -2416,6 +2590,7 @@
24162590
24172591
2418class EditPackagesetSet(AuthorizationBase):2592class EditPackagesetSet(AuthorizationBase):
2593
2419 permission = 'launchpad.Edit'2594 permission = 'launchpad.Edit'
2420 usedfor = IPackagesetSet2595 usedfor = IPackagesetSet
24212596
24222597
=== added file 'lib/lp/registry/browser/tests/test_edit_permissions.py'
--- lib/lp/registry/browser/tests/test_edit_permissions.py 1970-01-01 00:00:00 +0000
+++ lib/lp/registry/browser/tests/test_edit_permissions.py 2010-06-08 13:20:48 +0000
@@ -0,0 +1,97 @@
1# Copyright 2010 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).
3
4"""Test harness for edit view permissions unit tests."""
5
6__metaclass__ = type
7
8
9import unittest
10
11from zope.component import getUtility
12from canonical.testing.layers import DatabaseFunctionalLayer
13from canonical.launchpad.ftests import ANONYMOUS, login, login_person
14from canonical.launchpad.interfaces.launchpad import ILaunchpadCelebrities
15from canonical.launchpad.webapp.authorization import check_permission
16from canonical.launchpad.webapp.servers import LaunchpadTestRequest
17from lp.registry.interfaces.person import IPersonSet
18from lp.testing import TestCaseWithFactory
19from lp.testing.views import create_initialized_view
20
21
22class EditViewPermissionBase(TestCaseWithFactory):
23 """Tests for permissions access the +edit page on the target."""
24
25 layer = DatabaseFunctionalLayer
26
27 def setUp(self):
28 super(EditViewPermissionBase, self).setUp()
29 self.setupTarget()
30 self.registry_admin = self.factory.makePerson(name='registry-admin')
31 celebs = getUtility(ILaunchpadCelebrities)
32 login_person(celebs.registry_experts.teamowner)
33 celebs.registry_experts.addMember(self.registry_admin,
34 self.registry_admin)
35 self.request = LaunchpadTestRequest()
36
37 def setupTarget(self):
38 """Set up the target context for the test suite."""
39 self.target = self.factory.makePerson(name='target-person')
40
41 def test_anon_cannot_edit(self):
42 login(ANONYMOUS)
43 view = create_initialized_view(self.target, '+edit')
44 self.assertFalse(check_permission('launchpad.Edit', view))
45
46 def test_arbitrary_user_cannot_edit(self):
47 person = self.factory.makePerson(name='the-dude')
48 login_person(person)
49 view = create_initialized_view(self.target, '+edit')
50 self.assertFalse(check_permission('launchpad.Edit', view))
51
52 def test_admin_can_edit(self):
53 admin = getUtility(IPersonSet).getByEmail('foo.bar@canonical.com')
54 login_person(admin)
55 view = create_initialized_view(self.target, '+edit')
56 self.assertTrue(check_permission('launchpad.Edit', view))
57
58 def test_registry_expert_can_edit(self):
59 login_person(self.registry_admin)
60 view = create_initialized_view(self.target, '+edit')
61 self.assertTrue(check_permission('launchpad.Edit', view))
62
63
64class PersonEditViewPermissionTestCase(EditViewPermissionBase):
65 """Tests for permissions to access person +edit page."""
66 def test_arbitrary_user_can_edit_her_own_data(self):
67 login_person(self.target)
68 view = create_initialized_view(self.target, '+edit')
69 self.assertTrue(check_permission('launchpad.Edit', view))
70
71
72class ProductEditViewPermissionTestCase(EditViewPermissionBase):
73 """Tests for permissions to access prodcut +edit page."""
74 def setupTarget(self):
75 self.target = self.factory.makeProduct()
76
77
78class ProjectEditViewPermissionTestCase(EditViewPermissionBase):
79 """Tests for permissions to access prodcut +edit page."""
80 def setupTarget(self):
81 self.target = self.factory.makeProject()
82
83
84class DistributionEditViewPermissionTestCase(EditViewPermissionBase):
85 """Tests for permissions to access prodcut +edit page."""
86 def setupTarget(self):
87 self.target = self.factory.makeDistribution()
88
89
90def test_suite():
91 suite = unittest.TestSuite()
92 suite.addTest(unittest.TestLoader().loadTestsFromName(__name__))
93 return suite
94
95
96if __name__ == '__main__':
97 unittest.main()
098
=== modified file 'lib/lp/registry/stories/product/xx-product-edit.txt'
--- lib/lp/registry/stories/product/xx-product-edit.txt 2010-05-24 20:23:19 +0000
+++ lib/lp/registry/stories/product/xx-product-edit.txt 2010-06-08 13:20:48 +0000
@@ -235,20 +235,17 @@
235 ...235 ...
236 Unauthorized:...236 Unauthorized:...
237237
238Even if we add them to the Registry Experts team:238If we add them to the Registry Experts team:
239239
240 >>> admin_browser.open("http://launchpad.dev/~registry/+addmember")240 >>> admin_browser.open("http://launchpad.dev/~registry/+addmember")
241 >>> admin_browser.getControl('New member').value = 'no-priv'241 >>> admin_browser.getControl('New member').value = 'no-priv'
242 >>> admin_browser.getControl('Add Member').click()242 >>> admin_browser.getControl('Add Member').click()
243243
244They still cannot edit projects.244They now can edit projects.
245245
246 >>> browser.open('http://launchpad.dev/firefox/+edit')246 >>> browser.open('http://launchpad.dev/firefox/+edit')
247 Traceback (most recent call last):
248 ...
249 Unauthorized:...
250247
251And they still can't access +admin.248But they still can't access +admin.
252249
253 >>> browser.open('http://launchpad.dev/firefox/+admin')250 >>> browser.open('http://launchpad.dev/firefox/+admin')
254 Traceback (most recent call last):251 Traceback (most recent call last):