Merge lp://qastaging/~sinzui/launchpad/closed-teams-0 into lp://qastaging/launchpad
Status: | Merged |
---|---|
Approved by: | Gavin Panella |
Approved revision: | no longer in the source branch. |
Merged at revision: | 12018 |
Proposed branch: | lp://qastaging/~sinzui/launchpad/closed-teams-0 |
Merge into: | lp://qastaging/launchpad |
Diff against target: |
762 lines (+264/-144) 15 files modified
lib/canonical/launchpad/vocabularies/dbobjects.py (+2/-0) lib/canonical/launchpad/webapp/vocabulary.py (+5/-1) lib/canonical/widgets/popup.py (+21/-13) lib/lp/answers/vocabulary.py (+1/-2) lib/lp/app/widgets/tests/test_popup.py (+43/-0) lib/lp/blueprints/vocabularies/specificationdependency.py (+1/-0) lib/lp/code/vocabularies/branch.py (+1/-0) lib/lp/registry/browser/configure.zcml (+1/-1) lib/lp/registry/browser/person.py (+7/-0) lib/lp/registry/browser/tests/test_team.py (+14/-0) lib/lp/registry/doc/vocabularies.txt (+1/-93) lib/lp/registry/javascript/team.js (+2/-2) lib/lp/registry/templates/team-portlet-membership.pt (+4/-2) lib/lp/registry/tests/test_person_vocabularies.py (+99/-18) lib/lp/registry/vocabularies.py (+62/-12) |
To merge this branch: | bzr merge lp://qastaging/~sinzui/launchpad/closed-teams-0 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Gavin Panella (community) | Approve | ||
Review via email: mp+42500@code.qastaging.launchpad.net |
Description of the change
Need a closed team and user vocabulary and picker
Launchpad bug: https:/
Pre-
Test command: ./bin/test -vv \
-t test_popup -t test_team -t test_person_
There are several cases where Launchpad must prevent users from selecting a
team with an open subscription policy because it compromises security or
discloses information. The person picker and forms need a vocabulary that is
composed on closed teams (restricted and moderated), and users. The
picker/vocabulary is needed is needed in:
1. closed team owner role
2. closed team +addmember
3. moderated team +proposemember
-------
RULES
* Update the ValidTeamMember
to exclude open teams when the context team is closed.
* Update IHugeVocabulary, <intermediate classes>, VocabularyPicke
to use the vocabs step_title so that users understand what can and
cannot be searched for. This issue was discovered in user testing.
* Update all IHugeVocabularies to have a step_title
* Update the add member ajax feature to also use the vocabulary's
step_title
QA
Using a moderated or restricted team to test.
* Verify that open teams to not appear in the person picker to add
a new member from the team's front page.
* Verify that open teams to not appear in the person picker to add
a new member from the teams +addmember page.
* Verify that open teams to not appear in the person picker to change
the team owner
LINT
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
lib/
IMPLEMENTATION
Updated ValidTeamMember
open teams when the context team is closed.
lib/
lib/
Added step_title to the vocabulary. The value is the same that appears in
the UI now.
lib/
lib/
lib/
lib/
lib/
lib/
Updated VocabularyPicke
no direct tests of this widget. Moving the whole module would make the diff
hard to read so I create a test where the module should be moved.
lib/
lib/
lib/
lib/
lib/
lib/
Updated the TeamIndexView and team membership portlet to use the step_title
from the vocabulary.
lib/
lib/
lib/
lib/
lib/
Hi Curtis. Some incredibly minor comments, +1.
[1]
js = js_template % simplejson. dumps(args)
'Find& hellip; </a>)</ span>' \n%s\n< /script> ' widget_ id, js) \n%s\n< /script> ') % (css, self.show_ widget_ id, js)
# If the YUI widget or javascript is not supported in the browser,
# it will degrade to being this "Find..." link instead of the
@@ -154,8 +163,7 @@
css = ''
return ('<span class="%s">(<a id="%s" href="/people/">'
- '\n<script>
- ) % (css, self.show_
+ '\n<script>
It's not part of your change, but using simplejson.dumps() can be
hazardous for embedding javascript into <script> tags. See:
http:// code.google. com/p/simplejso n/issues/ detail? id=66
Instead the following should be used:
simplejson. dumps(args, cls=simplejson. encoder. JSONEncoderForH TML)
Or:
simplejson. encoder. JSONEncoderForH TML().encode( obj)
[2]
+ Y.lp.registry. team.setup_ add_member_ handler(
+ '${step_title}');
The lack of escaping and all that jazz makes me a little uneasy, but
it's not user-supplied so I'm not too worried.
[3]
+ def test_open_ team_cannot_ be_a_member_ or_a_closed_ team(self) :
s/or/of/
[4]
+ def test_open_ team_can_ be_a_member_ or_an_open_ team(self) :
s/or/of/
[5]
+ return 'Search for a restricted or moderated team or person'
This could be parsed as:
Search for a (restricted or moderated) (team or person)
Perhaps the following would be less ambiguous:
Search for a restricted team, a moderated team, or a person
?
[6]
+ Person. subscriptionpol icy != TeamSubscriptio nPolicy. OPEN)
Maybe it's worth taking a defensive approach here (to someone adding nPolicy member) instead:
another TeamSubscriptio
In(Person. subscriptionpol icy, ( riptionPolicy. RESTRICTED, riptionPolicy. MODERATED) )
TeamSubsc
TeamSubsc
The same clause appears twice.