Launchpad itself

Person.canWrite(), Person.canAccess() should not only work for the current user

Bug #767293 reported by Abel Deuring on 2011-04-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	Low	Unassigned

Bug Description

For two reasons, a user can call the methods Person.canWrite() and Person.canAccess() only for himself:

1. These methods use the functions canWrite(), canAccess() from zope.security.checker, and these functions check the permissions of the user of the current interaction.
2. Calling these methods for other persons than the current user might leak sensitve information. We should probably allow these methods only for LP admins, or perhaps for teams where the current user is a member.

Abel Deuring (adeuring) on 2011-04-20

Changed in launchpad:
importance:	Undecided → Low
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.