Merge lp:~rockstar/launchpad/fix-cancel-rescore-permissions into lp:launchpad/db-devel
Proposed by
Paul Hummer
Status: | Merged |
---|---|
Approved by: | Aaron Bentley |
Approved revision: | no longer in the source branch. |
Merged at revision: | 9642 |
Proposed branch: | lp:~rockstar/launchpad/fix-cancel-rescore-permissions |
Merge into: | lp:launchpad/db-devel |
Diff against target: |
119 lines (+35/-6) 4 files modified
lib/canonical/launchpad/security.py (+6/-3) lib/lp/code/browser/configure.zcml (+3/-3) lib/lp/code/browser/tests/test_sourcepackagerecipe.py (+17/-0) lib/lp/code/browser/tests/test_sourcepackagerecipebuild.py (+9/-0) |
To merge this branch: | bzr merge lp:~rockstar/launchpad/fix-cancel-rescore-permissions |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Julian Edwards (community) | rc | Approve | |
Aaron Bentley (community) | Approve | ||
Review via email: mp+32126@code.launchpad.net |
Description of the change
This branch fixes bug #615144 - It changes the access permissions on some views to make sure they can't be accessed except by people that could see the links to those pages in the first place. They also put some tests in place to make sure that it is the way it's described. I'm not sure we really have much (but some) precedent for testing that you DON'T have access, but the tests are there now anyway. I also swapped permissions from requiring admin or bazaar experts to cancel the build to buildd-admin and bazaar experts to cancel the build, per bigjools' comment #6 in the bug.
To post a comment you must log in.
We should change the name of the launchpad.Edit permission on SourcePackageRe cipeBuild to launchpad.Admin in the future.