Launchpad itself

developer-membership-board should be able to edit ArchivePermissionSet

Bug #562451 reported by Colin Watson on 2010-04-13

This bug report is a duplicate of: Bug #828894: Changing upload/queue admin permissions is broken. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	High	Unassigned

Bug Description

Responsibility for granting upload privileges for many things, including per-package upload rights, has been delegated from techboard to developer-membership-board for a couple of months now. However, executing changes to per-package upload rights requires a member of techboard, because of this code in lib/canonical/launchpad/security.py:

class EditArchivePermissionSet(AuthorizationBase):
permission = 'launchpad.Edit'
usedfor = IArchivePermissionSet

    def checkAuthenticated(self, user):
        """Users must be an admin or a member of the tech board."""
        return user.in_admin or user.in_ubuntu_techboard

It looks as if we may need another celebrity for developer-membership-board, and then have 'user.in_admin or user.in_ubuntu_techboard or user.in_ubuntu_dmb' (or else somebody needs to figure out how to make this non-celebrity-based).

At the moment, I'm in both techboard and developer-membership-board and so can serve as a bridge to get things done, but this obviously shouldn't be relied upon forever.

Tags:

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2010-04-14:

That code is pretty gross, it's Ubuntu-specific.

Changed in soyuz:
status:	New → Triaged
importance:	Undecided → High
tags:	added: packagesets
Changed in soyuz:
milestone:	none → pending

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2010-04-14:

wgrant just reminded me about a nagging thought I had when I read this:

1. Editing packagesets is orthogonal to editing upload permissions and is indeed permissioned via techboard membership
2. Editing upload permissions is possible by anyone in the owner of the archive, which is currently ubuntu-drivers.

It sounds like we might need a new column on the Distro to control who can change upload permissions. The packagesets are completely unrelated to anything else which is why they got a celeb. This needs more thought generally.

Revision history for this message

Iain Lane (laney) wrote on 2011-07-26:

The DMB is granted the authority to manipulate packagesets too, so while this may be orthogonal, it's currently handled by the same team as PPU.

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2011-08-22:

See bug 831011 about editing packagesets.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #828894 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.