Launchpad itself

Unable to view failed imports if there are private imports in the list

Bug #612287 reported by Jelmer Vernooij
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Triaged
Low
Unassigned

Bug Description

I'm unable to view the failed git imports at the moment, getting a
permission denied error:

https://code.launchpad.net/+code-imports?field.review_status=FAILING&field.review_status-empty-marker=1&field.rcs_type=GIT&field.rcs_type-empty-marker=1&submit=Submit

The code import listing will raise a 403 if one of the import branch is Proprietary. This listing 403's for me, but since the set is changing the batch might be different
https://code.launchpad.net/+code-imports/+index?field.rcs_type=BZR_SVN&field.rcs_type-empty-marker=1&field.review_status=&field.review_status-empty-marker=1&submit=Submit&batch=75&direction=backwards&memo=1800&start=1725

The branch comes from a public souce (http://dokan.googlecode.com/svn/trunk/) and it is owned by a public team (fiecom-committers) in a public project (fiecom). The project's branch sharing policy is Proprietary only. This may be a contradiction of rules because I don't think it should be possible to have a non-public imported branch -- Lp would need to support user-specific authentication to import the branch. I think this branch should belong to the unregistered dokan project.

Expression: <PathExpr standard:u'codeimport/branch/target/name'>
   - Names:
      {'args': (),
       'context': <lp.code.model.codeimport.CodeImportSet object at 0x9795b10>,
       'default': <object object at 0x2b55fd7d2390>,
       'loop': {},
       'nothing': None,
       'options': {},
       'repeat': {},
       'request': <lp.code.publisher.CodeBrowserRequest instance URL=https://code.launchpad.net/+code-imports/+index>,
       'template': <z3c.ptcompat.ViewPageTemplateFile object at 0x947a790>,
       'view': <zope.browserpage.metaconfigure.SimpleViewClass from /srv/launchpad.net/production/launchpad-rev-16361/lib/lp/code/browser/../templates/codeimport-list.pt object at 0x131bf050>,
       'views': <zope.app.pagetemplate.viewpagetemplatefile.ViewMapper object at 0x10e4a3d0>}
...
__traceback_info__: (<Branch u'~fiecom-committers/fiecom/dokan' (555406)>, 'target', ['name'])
Unauthorized: (<Branch u'~fiecom-committers/fiecom/dokan' (555406)>, 'target', 'launchpad.View')

See original description
Revision history for this message
Jelmer Vernooij (jelmer) wrote :

This no longer appears to be happening.

Revision history for this message
Tim Penhey (thumper) wrote :

Lets see if this happens again.

Changed in launchpad-code:
status: New → Incomplete
Revision history for this message
Jelmer Vernooij (jelmer) wrote :

This is still reproducible when there are private branches that would have to be shown.

Changed in launchpad:
status: Incomplete → Triaged
importance: Undecided → Low
Jelmer Vernooij (jelmer)
summary: - Unable to view failed Git imports
+ Unable to view failed imports if there are private imports in the list
Revision history for this message
Curtis Hovey (sinzui) wrote :

select ci.url, b.unique_name from codeimport ci join branch b on ci.branch = b.id and b.information_type > 2;

shows that there are 15 confidential imported branches. None of the branches are specific the the projects that claim them. For example git://github.com/etsy/statsd.git is claimed to belong to ubuntu-one servers, but the branch has no common ancestor with the project's branches. No community can import and work with etsy's loveley statsd because one project has effectively stolen public code.

tags: added: 403 branches code-import privacy
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.