Launchpad itself

~vcs-imports team need privileges review

Bug #576090 reported by Brad Crittenden
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Tim Penhey
Launchpad itself 10.05

Bug Description

We want to open import reviews up to community members by adding them to the ~vcs-imports team. It appears the team currently has some extra privileges they should not. A thorough review needs to be done and the permissions set to be no more generous than necessary.

MaxB reports these current capabilities:

Privileges are:

lp.registry.browser.product: ~vcs-imports members can set the owner and license_reviewed flag of projects when registering a new project.

canonical.launchpad.security:

IProductSeries launchpad.Admin <--- weird!
IBazaarApplication launchpad.Admin
ICodeImport launchpad.Edit
ICodeImportJobSet launchpad.View
ICodeImportJobWorkflow launchpad.Edit
ICodeImportMachine launchpad.Edit
IBranch that is a code import launchpad.Edit

Related branches

lp:~thumper/launchpad/vcs-imports-permission-review
Michael Hudson-Doyle: Approve
Diff: 72 lines (+1/-33)
3 files modified
lib/canonical/launchpad/security.py (+1/-1)
lib/lp/registry/browser/product.py (+0/-26)
lib/lp/registry/browser/tests/project-add-views.txt (+0/-6)
Revision history for this message
Max Bowsher (maxb) wrote :

It has been hypothesized that the original purpose of IProductSeries launchpad.Admin might be to allow ~vcs-imports people to designate a newly created vcs import as the series development focus. This might not be sane, and should perhaps be handled through some other team. Perhaps ~launchpad-chr.

Revision history for this message
Tim Penhey (thumper) wrote : Re: [Bug 576090] Re: ~vcs-imports team need privileges review

On Thu, 06 May 2010 10:25:42 you wrote:
> It has been hypothesized that the original purpose of IProductSeries
> launchpad.Admin might be to allow ~vcs-imports people to designate a
> newly created vcs import as the series development focus. This might not
> be sane, and should perhaps be handled through some other team. Perhaps
> ~launchpad-chr.

No, originally import details were always connected to a product series.

Historical rubbish.

Tim Penhey (thumper)
Changed in launchpad-code:
status: New → Triaged
importance: Undecided → High
tags: added: tech-debt
Revision history for this message
Ursula Junque (ursinha) wrote : Bug fixed by a commit

Fixed in stable r10861 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/10861>

Changed in launchpad-code:
assignee: nobody → Tim Penhey (thumper)
milestone: none → 10.05
status: Triaged → Fix Committed
tags: added: qa-needstesting
Revision history for this message
Max Bowsher (maxb) wrote :

Remaining issues:

* thumper's branch didn't update the docstring of canonical.launchpad.security.EditCodeImportMachine, which now lies.

* thumper's branch didn't address the special access given to ~vcs-imports in lp.registry.browser.product.

Revision history for this message
Ursula Junque (ursinha) wrote :

Fixed in stable r10914 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/10914>

Tim Penhey (thumper)
tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui)
Changed in launchpad-code:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.