Launchpad itself

Can't list members of private team that I own

Bug #1056788 reported by Loïc Minier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Triaged
Critical
Unassigned

Bug Description

Hi,

I'm a member of ~linaro-sysadmins which owns ~linaro-internal-wiki-access which is a private team, yet I can't access:
https://launchpad.net/~linaro-internal-wiki-access/+members
Forbidden
Not allowed here
Sorry, you don't have permission to access this page or the information in this page is not shared with you.

I tried to set myself as owner of the team (rather than having ~linaro-sysadmins as the owner), but it didn't help.

ADDENDUM:
The error is raised because the user is not a member of all private subteams. Placing a private team in another team gives explicit permission for the super team members to see that the team exists in accordance with the rule that all exclusive teams must have power to vet their members.

See original description
Tags: 403 privacy teams
Revision history for this message
Curtis Hovey (sinzui) wrote :

I cannot reproduce this. I see you are an admin of the team now. Were you not an admin/member when you tried this? Absentee owners do not have the same privileges as the people who are in the team.

Changed in launchpad:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Launchpad itself because there has been no activity for 60 days.]

Changed in launchpad:
status: Incomplete → Expired
Revision history for this message
Loïc Minier (lool) wrote :

Sorry, I had missed your reply; yes, I was not in the team itself, just in the team owning it.

Revision history for this message
Loïc Minier (lool) wrote :

Actually, this is hitting me again today:
can't list members of https://launchpad.net/~linaro-internal-wiki-access; I get a 403: Not allowed here
Sorry, you don't have permission to access this page or the information in this page is not shared with you.

but I'm a member of ~linaro-sysadmins which
a) owns ~linaro-internal-wiki-access and
b) is an admin member of that team according to https://launchpad.net/~linaro-internal-wiki-access/+member/linaro-sysadmins

also, I'm a direct admin member of the team apparently -- can't confirm 100%, just seeing it in https://launchpad.net/~linaro-internal-wiki-access/+member/lool

Thanks,

Changed in launchpad:
status: Expired → New
Revision history for this message
Curtis Hovey (sinzui) wrote :

The admin of the team is not a member of many of the private sub teams. The LP is raising forbidden. This is a corner case that was mostly likely caused by team membership changes -- you cannot add the sub team unless you could see it from the start. We need to fix to ensure no team spys on another team.

tags: added: privacy teams
tags: added: 403
Changed in launchpad:
status: New → Triaged
importance: Undecided → Critical
description: updated
Curtis Hovey (sinzui)
Changed in launchpad:
assignee: nobody → Curtis Hovey (sinzui)
Revision history for this message
Curtis Hovey (sinzui) wrote :

The PublicOrPrivateTeamsExistence class does think it is checking that the user's teams intersect with the subteam's super teams.
            # Do comparison by ids because they may be needed for comparison
            # to membership.team.ids later.
            user_teams = [
                team.id for team in user.person.teams_participated_in]
            super_teams = [team.id for team in self.obj.super_teams]
            intersection_teams = set(user_teams) & set(super_teams)
            if len(intersection_teams) > 0:
                return True

In Loïc's case, I can see ~linaro-internal-wiki-access listed at https://launchpad.net/~lool/+participation. I can see ~linaro-internal-wiki-access listed in the "Subteam of" of every private team listed on members.

Loïc, can you visit https://launchpad.net/~linaro-internal-wiki-access/+members and copy the OOPS id shown in the Forbidden page? I need to see what is Lp is doing just before the error is raised.

Revision history for this message
Curtis Hovey (sinzui) wrote :

Ah, I found a case in the oops reports from the 30th. OOPS-dd7182fb9961531ac8e71a9d5c347852 shows No limitedview on private-linaro-codesourcery-management-merged. This related to bug 393914

Curtis Hovey (sinzui)
Changed in launchpad:
assignee: Curtis Hovey (sinzui) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.