Launchpad itself

Merge lp:~jpds/launchpad/fix_520469 into lp:launchpad

  1. fix_520469
  2. Merge into devel
Proposed by Jonathan Davies
Status: Merged
Approved by: Curtis Hovey
Approved revision: no longer in the source branch.
Merged at revision: 10376
Proposed branch: lp:~jpds/launchpad/fix_520469
Merge into: lp:launchpad
Diff against target: 55 lines (+23/-4)
2 files modified
lib/canonical/launchpad/security.py (+5/-0)
lib/lp/registry/stories/webservice/xx-distribution-mirror.txt (+18/-4)
To merge this branch: bzr merge lp:~jpds/launchpad/fix_520469
Reviewer Review Type Date Requested Status
Curtis Hovey (community) code Approve
Review via email: mp+19890@code.launchpad.net

Commit message

Declare ViewDistributionMirror in security.py so that distribution mirror collections are anonymously accessible via the API.

To post a comment you must log in.
Revision history for this message
Jonathan Davies (jpds) wrote :

= Summary =

security.py needs an explicit declaration for viewing IDistributionMirror's via the API, this branch adds this.

Revision history for this message
Curtis Hovey (sinzui) wrote :

Thanks for addressing this issue. This is good to land.

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/canonical/launchpad/security.py'
2--- lib/canonical/launchpad/security.py 2010-02-19 16:33:29 +0000
3+++ lib/canonical/launchpad/security.py 2010-02-22 17:54:20 +0000
4@@ -359,6 +359,11 @@
5 user.inTeam(self.obj.distribution.mirror_admin))
6
7
8+class ViewDistributionMirror(AnonymousAuthorization):
9+ """Anyone can view an IDistributionMirror."""
10+ usedfor = IDistributionMirror
11+
12+
13 class EditSpecificationBranch(AuthorizationBase):
14
15 usedfor = ISpecificationBranch
16
17=== modified file 'lib/lp/registry/stories/webservice/xx-distribution-mirror.txt'
18--- lib/lp/registry/stories/webservice/xx-distribution-mirror.txt 2010-02-08 13:04:03 +0000
19+++ lib/lp/registry/stories/webservice/xx-distribution-mirror.txt 2010-02-22 17:54:20 +0000
20@@ -78,10 +78,20 @@
21 >>> no_priv_webservice = webservice_for_person(no_priv_db,
22 ... permission=OAuthPermission.READ_PUBLIC)
23 >>> logout()
24- >>> karl = webservice.get("/~karl").jsonBody()
25- >>> patch = {
26- ... u'owner_link': karl['self_link']
27- ... }
28+
29+Ensure that anonymous API sessions can view mirror listings; archive/releases.
30+
31+ >>> archive_response = anon_webservice.get(
32+ ... ubuntu['archive_mirrors_collection_link'])
33+ >>> anon_archive_mirrors = archive_response.jsonBody()
34+ >>> print anon_archive_mirrors['total_size']
35+ 4
36+
37+ >>> cd_response = anon_webservice.get(
38+ ... ubuntu['cdimage_mirrors_collection_link'])
39+ >>> anon_cd_mirrors = cd_response.jsonBody()
40+ >>> print anon_cd_mirrors['total_size']
41+ 4
42
43 One must have special permissions to access certain attributes:
44
45@@ -137,6 +147,10 @@
46
47 Now trying to set the owner using Sample Person's webservice is not authorized.
48
49+ >>> karl = webservice.get("/~karl").jsonBody()
50+ >>> patch = {
51+ ... u'owner_link': karl['self_link']
52+ ... }
53 >>> response = test_webservice.patch(
54 ... canonical_archive['self_link'], 'application/json', dumps(patch))
55 >>> print response.getheader('status')