Merge lp://staging/~wgrant/launchpad/bug-433385 into lp://staging/launchpad

Proposed by William Grant
Status: Merged
Approved by: Graham Binns
Approved revision: no longer in the source branch.
Merged at revision: not available
Proposed branch: lp://staging/~wgrant/launchpad/bug-433385
Merge into: lp://staging/launchpad
Diff against target: None lines
To merge this branch: bzr merge lp://staging/~wgrant/launchpad/bug-433385
Reviewer Review Type Date Requested Status
Graham Binns (community) Approve
Review via email: mp+12134@code.staging.launchpad.net

Commit message

Unbreak access to unclaimed profiles with hidden email addresses

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) wrote :

= Summary =

ensurePerson now creates unclaimed Persons with hide_email_addresses set. PersonView.context_is_probably_team assumes that the user can always see the Person's EmailAddresses, which is no longer the case.

This is a perfectly valid (and arguably more correct) state for the data, so the view needs to handle it.

== Proposed fix ==

Use removeSecurityProxy on the EmailAddresses before attempting to access their 'email' attribute.

== Pre-implementation notes ==

None. It was affecting me locally, so I JFDI.

== Implementation details ==

Nothing special.

== Tests ==

I amended an existing team claim test to hide the Person's email addresses first.

bin/test -vvt xx-team-claim.txt

== Demo and Q/A ==

This is difficult without DB access. On the production DB, you would need to identify an unclaimed person created in the past 11 or so days by gina (the only LP instance that I know to have the relevant CP), then attempt to view that Person's index. If this fix works, you will receive a 403 on production, but a success on edge.

= Launchpad lint =

Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.

Linting changed files:
  lib/lp/registry/browser/person.py
  lib/lp/registry/stories/foaf/xx-team-claim.txt

== Pylint notices ==

lib/lp/registry/browser/person.py
    117: [F0401] Unable to import 'lazr.delegates' (No module named delegates)
    118: [F0401] Unable to import 'lazr.config' (No module named config)
    119: [F0401] Unable to import 'lazr.restful.interface' (No module named restful)

Revision history for this message
Graham Binns (gmb) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/registry/browser/person.py'
2--- lib/lp/registry/browser/person.py 2009-09-19 12:37:23 +0000
3+++ lib/lp/registry/browser/person.py 2009-09-20 07:13:52 +0000
4@@ -2688,7 +2688,7 @@
5 "This can only be used when the context has no account.")
6 emails = getUtility(IEmailAddressSet).getByPerson(self.context)
7 for email in emails:
8- if '@lists.' in email.email:
9+ if '@lists.' in removeSecurityProxy(email).email:
10 return True
11 return False
12
13
14=== modified file 'lib/lp/registry/stories/foaf/xx-team-claim.txt'
15--- lib/lp/registry/stories/foaf/xx-team-claim.txt 2009-09-18 15:24:30 +0000
16+++ lib/lp/registry/stories/foaf/xx-team-claim.txt 2009-09-20 07:11:04 +0000
17@@ -36,8 +36,10 @@
18 <Link text='Are you Ubuntu Doc Team?'...
19
20 While logged-in users get a link to claim that profile and turn it into a
21-team.
22+team. This works even if the profile's email addresses would normally be
23+hidden.
24
25+ >>> doc_team.hide_email_addresses = True
26 >>> user_browser.open('http://launchpad.dev/~doc')
27 >>> user_browser.getLink('Is this a team you run?').click()
28 >>> user_browser.title