launchpadlib

Document allow_access_levels in Launchpad.get_token_and_login() and .login_with()

Bug #493506 reported by Gavin Panella
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
launchpadlib
Triaged
Low
Unassigned

Bug Description

Martin Pitt today asked about what the valid values are for the allow_access_levels parameter to Launchpad.get_token_and_login() and .login_with(). In the time it took me to not be able to discover the valid values, pitti had discovered it by reading the HTML source on the token auth page. However, he had lost time before that trying to figure it out.

For applications like apport only one level of access control makes sense, so it's important to not offer other options, but with no documentation it's difficult to know if such a thing is possible, and then difficult to request.

Tags: trivial
Revision history for this message
Martin Pitt (pitti) wrote :

It seems the allowed values for this string array are

  READ_PUBLIC
  READ_PRIVATE
  WRITE_PUBLIC
  WRITE_PRIVATE

Revision history for this message
Leonard Richardson (leonardr) wrote :

I can do a little better. These values are published by Launchpad in a JSON document when you request an access token, and launchpadlib knows how to fetch and process this document.

"To get an up-to-date list of access levels, pass
token_format=Credentials.DICT_TOKEN_FORMAT into
Credentials.get_request_token, load the dict as JSON, and look
in 'access_levels'."

I designed this for use by non-browser authentication clients, so that they would always be able to get an up-to-date list of access levels. You can see the document by running the launchpad-request-token program:

$ bin/py src/launchpadlib/bin/launchpad-request-token foobar
{"oauth_token_secret": "XXX", "access_levels": [{"value": "UNAUTHORIZED", "title": "No Access"}, {"value": "READ_PUBLIC", "title": "Read Non-Private Data"}, {"value": "WRITE_PUBLIC", "title": "Change Non-Private Data"}, {"value": "READ_PRIVATE", "title": "Read Anything"}, {"value": "WRITE_PRIVATE", "title": "Change Anything"}], "oauth_token": "XXX", "oauth_token_consumer": "foobar", "lp.context": ""}

As you can see, the document maps the constants to human-readable descriptions.

I recognize that this itself is not documented, but it's better than a hard-coded list.

Robert Collins (lifeless)
Changed in launchpadlib:
importance: Medium → Low
Revision history for this message
hamed saberian (hamed6444) wrote :

ok493506

Revision history for this message
hamed saberian (hamed6444) wrote :

ok493506 ok hamedsaberian

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.