Comment 3 for bug 573471
Revision history for this message
| Martin Pool (mbp) wrote Re: [Bug 573471] Re: KeyError: 'canonical' using scan-merge-proposals when run by non-canonical user | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On 3 May 2010 12:39, Parth Malwankar <email address hidden> wrote:
> The docstring in the script does mention.
>
> * this script will only work when run by members of ~canonical,
> because it's a private team
>
> I thought that might have caused this wasn't sure. I suppose the
> easiest fix would be to just give a clearer error message.
>
> I tried running the script after commenting out ~canonical from
> AUTHORIZED_TEAMS and the script seems to work fine.
> If ~contributor-
> (is it?) maybe ~contributor-
It's not a superset: you can see in your test run that I am not in
~contributor-
listed are staff. (I don't need to be because I have a separate
employment contract with Canonical that covers copyright etc.)
I think even if it was a member of ~c-a-c that would not be enough,
because you still wouldn't be able to see into the private team.
(imbw.)
Perhaps if you're not allowed to see that team (ie you get a KeyError)
you should continue without it, but print a message along with the
list at the end.
KeyError seems weird but the general security approach is that if you
can't see a thing, normally you just get "not found" rather than being
told you're not allowed. This has pros and cons but for now it's
reasonable that the api is consistent with the web ui.
--
Martin <http://