Merge lp:~henninge/launchpad/devel-bug-638920-private-branch into lp:launchpad
Status: | Merged |
---|---|
Approved by: | Henning Eggers |
Approved revision: | no longer in the source branch. |
Merged at revision: | 11833 |
Proposed branch: | lp:~henninge/launchpad/devel-bug-638920-private-branch |
Merge into: | lp:launchpad |
Diff against target: |
293 lines (+174/-19) 4 files modified
lib/lp/translations/browser/productseries.py (+22/-7) lib/lp/translations/browser/tests/test_productserieslanguage_views.py (+100/-3) lib/lp/translations/stories/productseries/xx-productseries-translations.txt (+51/-8) lib/lp/translations/templates/productseries-translations.pt (+1/-1) |
To merge this branch: | bzr merge lp:~henninge/launchpad/devel-bug-638920-private-branch |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Abel Deuring (community) | code | Approve | |
Review via email: mp+39540@code.launchpad.net |
Commit message
Only try to show links to private branches to authorized users ond on a product series' translations page.
Description of the change
= Bug 638920 =
The translations page for a product series shows links the import and export Bazaar branches, if there are any. If either of these branches is private and the user no permissions to view them, the page fails with "unauthorized". The main page for a product series also displays a link to the series branch (which is the import branch in case of translations) but if it is private, it pretends that no branch has been set at all. Yes, that's flat out lying ;-). But since that page gets away with, the translations page can (in fact must) do the same.
== Proposed fix ==
Change the has_imports_enabled and has_exports_enabled flags on the view class to check for "View" permission on the branch. If the user lacks permission, the should return "False" just like when no imports or exports have been enabled.
== Implementation details ==
The actual fix is a few lines in lp/translations
The rest of the branch consists of tests for the two flags which were missing before and a pagetest that reproduced the bug nicely.
== Tests ==
I learned a little more about test layers because the new test would not work on the ZopelessLayer but needs the FunctionalLayer instead to be able to check permissions. Notice how I removed the security proxy from the productseries to be able to set it up (assign a branch, set import mode) for the test but the view itself is created using the secured copy of the productseries.
LaunchpadZopele
bin/test -vvcm lp.translations \
-t TestProductSeri
-t xx-productserie
== Demo and QA ==
See my little screen cast that I produced for this just for the fun of it. ;-)
http://
(Please forgive my blowing into the microphone. ;)
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
lib/lp/
lib/lp/
lib/lp/
lib/lp/
Hi Henning,
the code changes look overall good, but I am not very happy that we lie to our users. Would it be very difficult to tell people who don't have the permission to view the branch: "yes, there is a branch for synchronization, but sorry, you can't look at it."?
Did you discuss the different options with somebody?
Anyway, if there is an sort of agreement that it is OK to give the somehwat misleading message "no synchronization branch linked", I'll approve the branch. But could you change the doc string for has_import_enabled so that it says that the user permissions are "mixed into" the result value. And could you add such a doc string (or coemment) for has_exports_enabled and uses_bzr_sync?
Otherwise, developers might also be surprised if they use these properties without careful looking ;) (OK, I know that the code documented by the doc string/comment is just two lines below -- but at least I read somehwat selectively and could easily miss the additional clauses...