branch page overview for user fails (when something is private?)

Bug #579831 reported by John A Meinel on 2010-05-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
High
Tim Penhey

Bug Description

If I try to see an overview of what branches a user has created, it seems that sometimes Launchpad refuses to show me any of their branches. My best guess is that they have a private branch somewhere, and that restricts me from seeing any of their branches.

For example, you can go to:
  https://code.edge.launchpad.net/~jameinel

And see all of my branches. However, if I go to:
 https://code.edge.launchpad.net/~cjwatson

I get:
Not allowed here

Sorry, you don't have permission to access this page.

You are logged in as John A Meinel.

This doesn't happen on all pages (I can see ~spiv, ~lifeless, etc, but not ~james-w). I *can* switch to per-project view and see ~james-w/bzr.

I was curious to see what projects someone was working on, but it seems that if you work on anything private, you are blocked from viewing the public ones.

(Setting private, in case someone wants to sanitize the actual user names first.)

Related branches

Curtis Hovey (sinzui) on 2010-05-14
affects: launchpad → launchpad-code
Tim Penhey (thumper) wrote :

Oh FFS.

It has to do with a private team owning a branch. We check for access to view the branch, but not the owner of the branch.

It appears that a private team has a public branch.

Changed in launchpad-code:
status: New → Triaged
importance: Undecided → High
tags: added: privacy
Tim Penhey (thumper) wrote :

OK, I think I have it.

On this page we aren't checking for launchpad.View on the teams portlet at the bottom of the branch listing page.

Changed in launchpad-code:
milestone: none → 10.05
Tim Penhey (thumper) on 2010-05-28
Changed in launchpad-code:
assignee: nobody → Tim Penhey (thumper)
security vulnerability: yes → no
visibility: private → public
Tim Penhey (thumper) on 2010-05-31
Changed in launchpad-code:
status: Triaged → Fix Committed
Tim Penhey (thumper) wrote :

Landed on db-stable, so QAed against staging. All is good.

tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui) on 2010-06-02
Changed in launchpad-code:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers