Launchpad itself

product:+code-index merge proposal queries do not show private bugs visible by assignment

Bug #741234 reported by Robert Collins
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Ian Booth

Bug Description

Bug visibility rules were changed recently to permit assignees to see private bugs, but (at least) one code path was missed - the Product:+code-index duplicates the visibility rules and was not updated.

Related branches

lp:~wallyworld/launchpad/private-bug-visibility-741234
j.c.sackett (community): Approve
Diff: 167 lines (+32/-62)
3 files modified
lib/lp/bugs/model/bugbranch.py (+7/-40)
lib/lp/bugs/tests/test_bugbranch.py (+25/-0)
lib/lp/code/browser/branchlisting.py (+0/-22)
Revision history for this message
Robert Collins (lifeless) wrote :

I think this may be in scope for disclosure; if not please untag it.

tags: added: easy
tags: added: disclosure
j.c.sackett (jcsackett)
Changed in launchpad:
status: Triaged → In Progress
assignee: nobody → j.c.sackett (jcsackett)
j.c.sackett (jcsackett)
Changed in launchpad:
status: In Progress → Triaged
tags: removed: easy
Revision history for this message
j.c.sackett (jcsackett) wrote :

Curtis and I did a fair amount of investigation today, and the cause is actually less obvious.

We replicated this problem by assigning me to a bug on qastaging.launchpad.net/gdp, which Curtis had linked to a branch. On code.qastaging.launchpad.net/gdp we confirmed that I could see the branch in the listing, but could not see the badge for the bug.

Our initial guess after investigation was the BranchBadges .isBugBadgeVisible method was reporting bad data, probably because of something in linked_bugs on the branch or in the _known_viewers cache. A test, which you can see in lp:~jcsackett/launchpad/branch-listings-private-bugs that should have failed, revealing this problem, passes.

After more investigation, we're no longer certain what the root cause is. We will continue investigating.

Changed in launchpad:
assignee: j.c.sackett (jcsackett) → nobody
Revision history for this message
Ian Booth (wallyworld) wrote :

I have found the issue. The BugBranchSet method getBranchesWithVisibleBugs() is flawed.
If returns branches with bugs where the user is subscribed to the bug, but does not check that the user is assigned to the bug. Adding this check makes everything work. The codebase sadly appears to contain similar snippets (but constructed differently to suit the parent query) to check for bug/branch visibility.

Changed in launchpad:
assignee: nobody → Ian Booth (wallyworld)
Ian Booth (wallyworld)
Changed in launchpad:
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14772 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14772>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant)
tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
Curtis Hovey (sinzui)
tags: added: privacy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.