Launchpad itself

subscribed team cannot view branch owned by (a different) private team

Bug #605130 reported by Monty Taylor
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Ian Booth

Bug Description

Bear with me - this is a slightly obtuse edge case.

Make a private branch associated with a project.
Subscribe a team to that branch.
Add a member to that team that cannot otherwise view the branch.

Now, as that member, go to the code.lp.net page for the project- you should see that the branch exists.
Click the link - you should experience FAIL.

BUT - if you bzr lp-login as that user and do a bzr branch of that branch, is does work as expected.

So, a team subscription does allow viewing of the branch, but for some reason web UI for this is bunk.

Related branches

lp:~wallyworld/launchpad/view-private-branch-artifacts-605130
Curtis Hovey (community): Approve (code)
Diff: 200 lines (+123/-3)
3 files modified
lib/lp/code/browser/branch.py (+9/-1)
lib/lp/code/browser/branchsubscription.py (+14/-2)
lib/lp/code/browser/tests/test_branch.py (+100/-0)
lp:~wallyworld/launchpad/private-owned-entity-traversal
Curtis Hovey (community): Approve (code)
Diff: 263 lines (+118/-38)
5 files modified
lib/canonical/launchpad/security.py (+38/-27)
lib/lp/app/browser/launchpad.py (+2/-2)
lib/lp/app/tests/test_tales.py (+30/-5)
lib/lp/registry/doc/private-team-visibility.txt (+38/-0)
lib/lp/testing/factory.py (+10/-4)
lp:~wallyworld/launchpad/private-owned-entity-traversal-2
Curtis Hovey (community): Approve (code)
Diff: 991 lines (+310/-170)
22 files modified
lib/canonical/launchpad/interfaces/_schema_circular_imports.py (+5/-5)
lib/canonical/launchpad/security.py (+38/-27)
lib/canonical/launchpad/webapp/authorization.py (+1/-1)
lib/canonical/launchpad/webapp/interaction.py (+2/-1)
lib/lp/app/browser/launchpad.py (+2/-2)
lib/lp/app/browser/tales.py (+8/-0)
lib/lp/app/tests/test_tales.py (+16/-9)
lib/lp/bugs/browser/tests/test_bugsubscription_views.py (+1/-1)
lib/lp/code/browser/tests/test_branchlisting.py (+4/-3)
lib/lp/registry/browser/tests/test_mailinglists.py (+8/-6)
lib/lp/registry/browser/tests/test_person_view.py (+12/-8)
lib/lp/registry/configure.zcml (+6/-4)
lib/lp/registry/doc/person.txt (+2/-1)
lib/lp/registry/doc/private-team-visibility.txt (+61/-0)
lib/lp/registry/interfaces/person.py (+79/-77)
lib/lp/registry/interfaces/role.py (+2/-1)
lib/lp/registry/model/personroles.py (+10/-8)
lib/lp/registry/stories/webservice/xx-derivedistroseries.txt (+2/-1)
lib/lp/registry/tests/test_person_vocabularies.py (+3/-2)
lib/lp/registry/tests/test_team_webservice.py (+4/-5)
lib/lp/soyuz/tests/test_archive_subscriptions.py (+33/-3)
lib/lp/testing/factory.py (+11/-5)
lp:~sinzui/launchpad/rollback-private-traversal
Curtis Hovey (community): Approve (code)
Diff: 1271 lines (+201/-453)
26 files modified
lib/canonical/launchpad/interfaces/_schema_circular_imports.py (+5/-5)
lib/canonical/launchpad/security.py (+27/-38)
lib/canonical/launchpad/webapp/authorization.py (+1/-1)
lib/canonical/launchpad/webapp/interaction.py (+1/-2)
lib/lp/app/browser/launchpad.py (+2/-2)
lib/lp/app/browser/tales.py (+0/-8)
lib/lp/app/tests/test_tales.py (+9/-16)
lib/lp/bugs/browser/tests/test_bugsubscription_views.py (+1/-1)
lib/lp/code/browser/branch.py (+1/-9)
lib/lp/code/browser/branchsubscription.py (+2/-14)
lib/lp/code/browser/tests/test_branch.py (+0/-100)
lib/lp/code/browser/tests/test_branchlisting.py (+3/-4)
lib/lp/code/stories/branches/xx-subscribing-branches.txt (+20/-14)
lib/lp/registry/browser/tests/test_mailinglists.py (+6/-8)
lib/lp/registry/browser/tests/test_person_view.py (+8/-12)
lib/lp/registry/configure.zcml (+4/-6)
lib/lp/registry/doc/person.txt (+1/-2)
lib/lp/registry/doc/private-team-visibility.txt (+0/-61)
lib/lp/registry/interfaces/person.py (+85/-85)
lib/lp/registry/interfaces/role.py (+1/-2)
lib/lp/registry/model/personroles.py (+8/-10)
lib/lp/registry/stories/webservice/xx-derivedistroseries.txt (+1/-2)
lib/lp/registry/tests/test_person_vocabularies.py (+2/-3)
lib/lp/registry/tests/test_team_webservice.py (+5/-4)
lib/lp/soyuz/tests/test_archive_subscriptions.py (+3/-33)
lib/lp/testing/factory.py (+5/-11)
lp:~sinzui/launchpad/private-traversal-4
Ian Booth (community): Approve (code)
Steve Kowalik (community): Approve (code)
Diff: 978 lines (+419/-174)
16 files modified
lib/canonical/launchpad/interfaces/_schema_circular_imports.py (+6/-5)
lib/canonical/launchpad/security.py (+38/-27)
lib/lp/app/browser/launchpad.py (+2/-2)
lib/lp/app/browser/tales.py (+8/-0)
lib/lp/app/tests/test_tales.py (+16/-9)
lib/lp/bugs/browser/tests/test_bugsubscription_views.py (+1/-1)
lib/lp/code/browser/branch.py (+9/-1)
lib/lp/code/browser/branchsubscription.py (+14/-2)
lib/lp/code/browser/tests/test_branch.py (+100/-0)
lib/lp/code/browser/tests/test_branchlisting.py (+4/-3)
lib/lp/code/stories/branches/xx-subscribing-branches.txt (+14/-20)
lib/lp/registry/configure.zcml (+6/-4)
lib/lp/registry/doc/private-team-visibility.txt (+61/-0)
lib/lp/registry/interfaces/person.py (+99/-99)
lib/lp/registry/interfaces/role.py (+2/-1)
lib/lp/soyuz/tests/test_archive_subscriptions.py (+39/-0)
Curtis Hovey (sinzui)
affects: launchpad → launchpad-code
Revision history for this message
Tim Penhey (thumper) wrote : Re: [Bug 605130] [NEW] subscribed team cannot view private branch

This has to do with how we actually handle branch traversal. We have a
denormalised field that stores the full unique name of the branch. This is
what is used for branch access and code browse.

However the web UI traversal goes through each segment of the URL, and thus
hits the private team that is the owner of the branch, and causes the page to
be forbidden to the subscriber.

  status triaged
  importance medium
  tag privacy

Changed in launchpad-code:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Robert Collins (lifeless) wrote :

Private PPA's had precisely the same issue - the same 'restrictedview'
permission (which I believe Curtis is renaming to 'Traversal' for
clarity) should help with addressing this.

Robert Collins (lifeless)
summary: - subscribed team cannot view private branch
+ subscribed team cannot view branch owned by (a different) private team
Changed in launchpad:
importance: Medium → High
Revision history for this message
Curtis Hovey (sinzui) wrote :

P3A access is granted by ViewPublicOrPrivateTeamMembers in the archive subscriber block. This method could be extended to check if the user is subscribed to any branch or merge proposal. I do not certain this kind of extension scales. The implementation would grant the user access to all of the private-teams pages by virtue of a single subscription. This is what happens with P3A and it is not ideal--having access to an archive should not convey access to anything outside of the traversal path.

When we talk about restricted observers in the context of a project (a user with a subscription to an artefact owned by a hypothetical private project) We believe a subscriber may know the names of the objects in the path of traversal, but nothing more. The user may see all the detail of the subscribed artefact and all the details of its subordinate artefacts. Thus subscribing a user to a branch owned by a private team should reveal the team name and displayname, give full access to the branch, and full access to the branches' MP's

I'd like to know William's opinion on this since he has been thinking about the restricted observer implementation.

tags: added: disclosure teams
tags: added: branches
Ian Booth (wallyworld)
Changed in launchpad:
assignee: nobody → Ian Booth (wallyworld)
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14477 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14477>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Ian Booth (wallyworld)
tags: added: qa-ok
removed: qa-needstesting
Ian Booth (wallyworld)
tags: added: bad-commit-14477 qa-bad
removed: qa-ok
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14489 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14489>.

tags: added: qa-needstesting
removed: qa-bad
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14490 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14490>.

Curtis Hovey (sinzui)
tags: added: bad-commit-14490
tags: added: bad-commit-14489
removed: bad-commit-14490
Curtis Hovey (sinzui)
tags: added: qa-bad
removed: qa-needstesting
Curtis Hovey (sinzui)
Changed in launchpad:
status: Fix Committed → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14500 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14500>.

tags: added: qa-needstesting
removed: qa-bad
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant)
tags: added: qa-untestable
removed: qa-needstesting
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14513 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14513>.

tags: added: qa-needstesting
removed: qa-untestable
Curtis Hovey (sinzui)
tags: added: qa-ok
removed: qa-needstesting
Steve Kowalik (stevenk)
tags: removed: bad-commit-14489
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.