Launchpad itself

forwardCheckAuthenticated doesn't check existence if a permission is not specified

Bug #766955 reported by William Grant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Henning Eggers
Launchpad itself 11.05

Bug Description

forwardCheckAuthenticated doesn't behave correctly when its permission argument is None. It correctly defaults to self.permission, but assumes that it doesn't have to check_permission_is_registered. This isn't correct: the object is probably of a different type, so the check must be performed or the adapter lookup may fail.

Related branches

lp:~henninge/launchpad/devel-766955-move-authorizationbase (Merged)
lp:~henninge/launchpad/devel-766955-fix-forwardCheckAuthenticated
Gavin Panella (community): Approve
Diff: 237 lines (+141/-30)
3 files modified
lib/lp/app/security.py (+17/-8)
lib/lp/app/tests/test_security.py (+114/-22)
lib/lp/testing/__init__.py (+10/-0)
Revision history for this message
Henning Eggers (henninge) wrote :

It should also return False if no such adapter exists, just like checkPermission in LaunchpadSecurityPolicy.

Changed in launchpad:
assignee: nobody → Henning Eggers (henninge)
Henning Eggers (henninge)
Changed in launchpad:
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

r12937 in stable (http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12937) is part of this bug's fix.

Changed in launchpad:
milestone: none → 11.05
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r12943 (http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12943) by a commit, but not testable.

tags: added: qa-untestable
Changed in launchpad:
status: In Progress → Fix Committed
Brad Crittenden (bac)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.