On April 19, 2011, Julian Edwards wrote:
> {{{
> class EditDistroSeriesParent(AuthorizationBase):
> """DistroSeriesParent can be edited by the same people who can edit
> the derived_distroseries."""
> permission = "launchpad.Edit"
> usedfor = IDistroSeriesParent
>
> def checkAuthenticated(self, user):
> auth = EditDistroSeriesByReleaseManagerOrDistroOwnersOrAdmins(
> self.obj.derived_series)
> return auth.checkAuthenticated(user)
> }}}
>
> Editing the DistroSeriesParent is identical to editing DistroSeries so
> that policy is re-used directly.
>
> Did I misunderstand or is this short-circuiting the security policy in a
> way I'm not thinking of?The above code assumes that the security adapter configured for launchpad.Edit on self.obj.derived_series would be EditDistroSeriesByReleaseManagerOrDistroOwnersOrAdmins That's probably the case currently. But let's say we introduce a new kind of derived_series that has a different kind of security adapter registered. That would introduce a bug here. -- Francis J. Lacoste [email protected]
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
