Activity log for bug #1013313

Date Who What changed Old value New value Message
2012-06-14 18:04:34 Jonathan Lange bug added bug
2012-06-14 18:04:59 Jonathan Lange description Although anyone with a commercial subscription may *create* a private PPA, only commercial administrators and admins may change the 'private' attribute of a PPA. In particular, the creator of a private PPA may not make that PPA public without (commercial) admin intervention. This is because the 'private' attribute of IArchive requires 'launchpad.Commercial' level permissions on the archive. I do not think it appropriate to grant PPA owners who are commercial subscribers full launchpad.Commercial permissions, as these include the ability to set authorized_size, build_debug_symbols, buildd_secret, enabled_restricted_families, external_dependencies and require_virtualized, as well as private. Three solutions occur to me: 1. Make setting 'private' require only 'launchpad.Edit', and check for commercial subscriptions in the property. 2. Create a new permission level meaning something like "I have paid for extra privileges", and have 'private' require that. 3. Use the existing, strange permission 'launchpad.Special'. 4. Move the current permissions granted by 'launchpad.Commercial' into a different permission level. Perhaps 'launchpad.Moderate'. 1 is essentially ignoring the Zope permission system. 2 has been deprecated in past conversations with the technical architect. 3 seems wrong. 4 is very high impact and rather risky. How to reproduce the problem: from launchpadlib.launchpad import Launchpad import os APP_NAME = 'create-commercial-ppa' CACHE_DIR = os.path.expanduser('~/.launchpadlib/cache') LP_INSTANCE = 'production' lp = Launchpad.login_with(APP_NAME, LP_INSTANCE, CACHE_DIR, version="devel") jml = lp.people['jml'] ppa = jml.getPPAByName(name='ca-tools') ppa.private = False ppa.lp_save() Produces the following output: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/lazr/restfulclient/resource.py", line 732, in lp_save URI(self.self_link), representation, headers) File "/usr/lib/python2.7/dist-packages/lazr/restfulclient/_browser.py", line 336, in patch 'PATCH', extra_headers=extra_headers) File "/usr/lib/python2.7/dist-packages/lazr/restfulclient/_browser.py", line 281, in _request raise error lazr.restfulclient.errors.Unauthorized: HTTP Error 401: Unauthorized Response headers: --- -content-encoding: gzip connection: close content-length: 60 content-type: text/plain date: Thu, 14 Jun 2012 17:53:07 GMT server: zope.server.http (HTTP) status: 401 strict-transport-security: max-age=2592000 vary: Accept,Accept-Encoding via: 1.1 api.launchpad.net x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-lazr-notifications: [] x-powered-by: Zope (www.zope.org), Python (www.python.org) x-xss-protection: 1; mode=block --- Response body: --- (<Archive at 0x13dcd110>, 'private', 'launchpad.Commercial') --- Although anyone with a commercial subscription may *create* a private PPA, only commercial administrators and admins may change the 'private' attribute of a PPA. In particular, the creator of a private PPA may not make that PPA public without (commercial) admin intervention. This is because the 'private' attribute of IArchive requires 'launchpad.Commercial' level permissions on the archive. I do not think it appropriate to grant PPA owners who are commercial subscribers full launchpad.Commercial permissions, as these include the ability to set authorized_size, build_debug_symbols, buildd_secret, enabled_restricted_families, external_dependencies and require_virtualized, as well as private. Some solutions occur to me:  1. Make setting 'private' require only 'launchpad.Edit', and check for commercial subscriptions in the property.  2. Create a new permission level meaning something like "I have paid for extra privileges", and have 'private' require that.  3. Use the existing, strange permission 'launchpad.Special'.  4. Move the current permissions granted by 'launchpad.Commercial' into a different permission level. Perhaps 'launchpad.Moderate'. 1 is essentially ignoring the Zope permission system. 2 has been deprecated in past conversations with the technical architect. 3 seems wrong. 4 is very high impact and rather risky. How to reproduce the problem:   from launchpadlib.launchpad import Launchpad   import os   APP_NAME = 'create-commercial-ppa'   CACHE_DIR = os.path.expanduser('~/.launchpadlib/cache')   LP_INSTANCE = 'production'   lp = Launchpad.login_with(APP_NAME, LP_INSTANCE, CACHE_DIR, version="devel")   jml = lp.people['jml']   ppa = jml.getPPAByName(name='ca-tools')   ppa.private = False   ppa.lp_save() Produces the following output:   Traceback (most recent call last):     File "<stdin>", line 1, in <module>     File "/usr/lib/python2.7/dist-packages/lazr/restfulclient/resource.py", line 732, in lp_save       URI(self.self_link), representation, headers)     File "/usr/lib/python2.7/dist-packages/lazr/restfulclient/_browser.py", line 336, in patch       'PATCH', extra_headers=extra_headers)     File "/usr/lib/python2.7/dist-packages/lazr/restfulclient/_browser.py", line 281, in _request       raise error   lazr.restfulclient.errors.Unauthorized: HTTP Error 401: Unauthorized   Response headers:   ---   -content-encoding: gzip   connection: close   content-length: 60   content-type: text/plain   date: Thu, 14 Jun 2012 17:53:07 GMT   server: zope.server.http (HTTP)   status: 401   strict-transport-security: max-age=2592000   vary: Accept,Accept-Encoding   via: 1.1 api.launchpad.net   x-content-type-options: nosniff   x-frame-options: SAMEORIGIN   x-lazr-notifications: []   x-powered-by: Zope (www.zope.org), Python (www.python.org)   x-xss-protection: 1; mode=block   ---   Response body:   ---   (<Archive at 0x13dcd110>, 'private', 'launchpad.Commercial')   ---
2012-06-14 20:34:53 Laura Czajkowski launchpad: status New Triaged
2012-06-14 20:34:55 Laura Czajkowski launchpad: importance Undecided High