internal xmlrpc service requires impersonation to be handled per-method rather than systematically
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Triaged
|
Low
|
Unassigned | ||
Bug Description
What this was about at the time was wanting the implementation of private xml-rpc methods (which are unauthenticated) to be able to access methods that were restricted to members of ~vcs-imports (kind of a naff implementation of what is now feature flags) without using removeSecurityProxy all over the place. So the idea was that we would map xml-rpc endpoints (such as /codeimportsche
Obviously, the new code import system got completed without this ever being done, but there is perhaps a related need to handle impersonation in xml-rpc methods better. Methods such as createBranch clearly act on behalf of a particular user, and this is implemented in a rather crude way that expects the first argument to be a launchpad user id and basically stomps over the interaction (and request!) that the zope publication machinery has set up (although at least it no longer uses test helpers to do so). We could instead do this by (say) reading a hypothetical X-Act-As-
| description: | updated |
| Changed in launchpad: | |
| status: | New → Confirmed |
| tags: | added: tech-debt |
| Changed in launchpad-foundations: | |
| status: | Confirmed → Triaged |
| importance: | Undecided → Low |
| visibility: | private → public |
| Michael Hudson-Doyle (mwhudson) wrote | #1 |
| summary: |
- implement endpoint specific authentication for the private xml-rpc - server + internal xmlrpc service requires impersonation to be handled per-method + rather than systematically |
| description: | updated |
What this was about at the time was wanting the implementation of private xml-rpc methods (which are unauthenticated) to be able to access methods that were restricted to members of ~vcs-imports (kind of a naff implementation of what is now feature flags) without using removeSecurityProxy all over the place. So the idea was that we would map xml-rpc endpoints (such as /codeimportsche
Obviously, the new code import system got completed without this ever being done, but there is perhaps a related need to handle impersonation in xml-rpc methods better. Methods such as createBranch clearly act on behalf of a particular user, and this is implemented in a rather crude way that expects the first argument to be a launchpad user id and basically stomps over the interaction (and request!) that the zope publication machinery has set up (although at least it no longer uses test helpers to do so). We could instead do this by (say) reading a hypothetical X-Act-As-