bug supervisors have more power than maintainers and admins
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Steve Kowalik |
Bug Description
I am sure this bug overlaps with several issues already reported. This bug is about a bad pattern in lp.bugs that might be fixable in one branch to address a lot of permission contradictions in Lp Bugs UI/API. Browser and model code frequently do something like
user.
which is not a permission check, but a role check. The code should be asking if the user has .edit, .moderate, or .admin on the object or property to determine what to do, such as
check_
which would invoke the proper security check in lp.bugs.security.
The proper check would know that the order of precedence is:
admins, pillar.owner, pillar.drivers, pillar.
^ admins can do everything. owners delegate planning and bug responsibilities to drivers and bug supervisors. Drivers work with release planing, which encompasses bugs and specs, Bug supervisors can work bugs.
Related branches
- Ian Booth (community): Approve (code)
-
Diff: 497 lines (+140/-100)10 files modifiedlib/lp/bugs/browser/bugtarget.py (+4/-1)
lib/lp/bugs/browser/bugtask.py (+28/-42)
lib/lp/bugs/browser/tests/test_bugtask.py (+1/-1)
lib/lp/bugs/configure.zcml (+1/-2)
lib/lp/bugs/interfaces/bugtask.py (+5/-4)
lib/lp/bugs/model/bugtask.py (+30/-42)
lib/lp/bugs/model/tests/test_bugtask.py (+65/-0)
lib/lp/bugs/stories/bugtask-management/xx-bugtask-edit-forms.txt (+2/-4)
lib/lp/bugs/templates/bugtask-edit-form.pt (+2/-2)
lib/lp/bugs/templates/bugtask-tasks-and-nominations-table-row.pt (+2/-2)
- William Grant: Approve (code)
-
Diff: 379 lines (+115/-42)12 files modifiedlib/lp/bugs/browser/bugtarget.py (+14/-17)
lib/lp/bugs/browser/tests/bugtarget-filebug-views.txt (+16/-11)
lib/lp/bugs/model/bugtask.py (+12/-8)
lib/lp/bugs/model/tests/test_bugtask.py (+32/-2)
lib/lp/bugs/stories/bug-release-management/xx-bug-release-management.txt (+1/-1)
lib/lp/registry/configure.zcml (+1/-0)
lib/lp/registry/interfaces/distributionsourcepackage.py (+4/-1)
lib/lp/registry/interfaces/sourcepackage.py (+6/-1)
lib/lp/registry/model/distributionsourcepackage.py (+8/-1)
lib/lp/registry/model/sourcepackage.py (+5/-0)
lib/lp/registry/tests/test_distributionsourcepackage.py (+8/-0)
lib/lp/registry/tests/test_sourcepackage.py (+8/-0)
tags: |
added: qa-untestable removed: qa-needstesting |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
tags: | added: hardening |
Perhaps it would be better to have owners etc just be members of bug
supervisors, this keeps the checks very simple, which is good for
performance, and allows both hands off delegation and inclusive
delegation.