Issue 13525044: Check ACL permissions when getting subscribers

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 13525044: Check ACL permissions when getting subscribers (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
10 years, 8 months ago by ana.balica

Modified:
10 years, 7 months ago

Reviewers:
thomas.j.waldmann

Visibility:
Public.

More Reviews

Description

Related to this issue - https://bitbucket.org/ana-balica/moin-2.0/issue/14/get_subscribers-avoids-the-protection

Patch Set 1 #

Total comments: 3

Patch Set 2 : Fix order and acl permissions in tests #

Created: 10 years, 8 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+13 lines, -4 lines)			Patch
	M	MoinMoin/util/_tests/test_subscriptions.py	View	1	2 chunks	+8 lines, -1 line	0 comments	Download
	M	MoinMoin/util/subscriptions.py	View	1	2 chunks	+5 lines, -3 lines	0 comments	Download

Messages

Total messages: 1

Expand All Messages | Collapse All Messages

Thomas.J.Waldmann

10 years, 8 months ago (2013-09-23 17:17:15 UTC) #1

https://codereview.appspot.com/13525044/diff/1/MoinMoin/util/_tests/test_subs...
File MoinMoin/util/_tests/test_subscriptions.py (right):

https://codereview.appspot.com/13525044/diff/1/MoinMoin/util/_tests/test_subs...
MoinMoin/util/_tests/test_subscriptions.py:71: ACL: u"-{0}:read,write
All:read,write".format(user1.name0)}
maybe rather use

"{0}: All:read,write"

meaning that that user isn't allowed to do anything.

https://codereview.appspot.com/13525044/diff/1/MoinMoin/util/subscriptions.py
File MoinMoin/util/subscriptions.py (right):

https://codereview.appspot.com/13525044/diff/1/MoinMoin/util/subscriptions.py...
MoinMoin/util/subscriptions.py:53: from MoinMoin.user import User
maybe don't do imports here without special reason.

https://codereview.appspot.com/13525044/diff/1/MoinMoin/util/subscriptions.py...
MoinMoin/util/subscriptions.py:58: if email:
looks a bit like wrong order.

"user.get(EMAIL)" and "if email" are cheap operations, so should be done first.

and then, if that is True, create the User object and call .may() (which is not
cheap).

Expand All Messages | Collapse All Messages