© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I just want to comment on this bug and I agree with Henry Nash's assessment of the fix proposed:
<Henry's comment>
Patch Set 4: Code-Review-2
So this issue has been discussed many times. In fact our code USED to do this. We removed these checks, since we do not want the assignment backend calling the identity backend. In some cases, the user/groups IDs might not even permenently exist in identity (e.g. Federation).
<end comment>
This is, based upon the many conversations we've had on this topic, working as intended. We should not be checking the user exists / group exists (we've talked this to death at the summits as well).
While the current federation does make use of groups in identity, I don't think there is general consensus that we should be checking validity of user/group when assigning grants.