Person.inTeam treats team owners as members but other code does not

Bug #227494 reported by Francis J. Lacoste
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Robert Collins

Bug Description

Like described in bug 196981, there is a discrepancy between participation checking done using IPerson.inTeam() and by joining the TeamParticipation table.

One consequence of this is that in the case where the owner isn't a member of the team, a team owner wouldn't see a team-owned private branch in a listing (filtered using TeamParticipation) but would still be able to see the branch by navigating to it (checked using inTeam()).

(This is not really a security issue, because the owner could always have access by adding himself to the team which he's entitled to do.)

Instead of forcing owners to have a membership record, it's cleaner to simply remove the special case in inTeam() and modify security adapters that need to also grant access to the team owner explicitely.


* Make owner really distinct from membership and remove the special casing. This will permit delegation (e.g. a CEO can delegate a security team) without any blurring of the lines or confusing behaviour.

Related branches

Revision history for this message
Francis J. Lacoste (flacoste) wrote :

Setting to low, since this is really a corner case, and results in a little confusion in the worst case.

Changed in launchpad:
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Guilherme Salgado (salgado) wrote :

There is at least one other place in which we consider the owner to be a team admin even when there's no teamparticipation for the owner on that team: IPerson.getAdministratedTeams().

I guess we'll want to fix that and look for other places which need fixing too.

Revision history for this message
Guilherme Salgado (salgado) wrote :

IPerson.getDirectAdministrators() is another one which will need fixing.

Curtis Hovey (sinzui)
affects: launchpad-foundations → launchpad-registry
Curtis Hovey (sinzui)
visibility: private → public
Curtis Hovey (sinzui)
tags: added: disclosure
summary: - Do not special case the owner in IPerson.inTeam()
+ Person.inTeam treats team owners as members but other code does not
description: updated
Changed in launchpad:
importance: Low → High
Revision history for this message
Robert Collins (lifeless) wrote :

I'm going to exclude the admin angle for now - owners will want to rename teams and change descriptions. So changing the admin rules would simply lead to having to split out any actions which a member-admin should be able to do that an owner-admin should not be able to do. I can't think of any such actions today, so splitting it out would not be interesting.

Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
Changed in launchpad:
assignee: nobody → Robert Collins (lifeless)
tags: added: qa-needstesting
Changed in launchpad:
status: Triaged → Fix Committed
Revision history for this message
Robert Collins (lifeless) wrote :

Tested by being owner of a team that owns another team. I correctly could not edit the second team unless I was actually listed as a member of the first team.

tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
Curtis Hovey (sinzui)
tags: added: hardening
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.