check_permission is (incorrectly) use security adapters which can check the wrong users permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Henning Eggers |
Bug Description
Security adapters are the classes in security.py that adapt to IAuthorization by inheriting from Authorization base. These implement "checkAuthentic
The correct way is to use "getAdapter" to find the right security adapter to refer to and call "checkAuthentic
Related branches
- Benji York (community): Approve (code)
- Diff: 0 lines
summary: |
- Don't use check_permission in security adapters. + check_permission is (incorrectly) use security adapters which can check + the wrong users permissions |
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Henning Eggers (henninge) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
Fixed in stable r12867 <http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 12867>.