Closed Bug 1160520 Opened 9 years ago Closed 9 years ago

Mozreview 'Try' button should be disabled unless users have L1 access

Categories

(MozReview Graveyard :: General, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dminor, Assigned: smacleod)

References

Details

Attachments

(6 files)

Once we can check LDAP group membership we should disable the 'Try' button in the UI unless the user has at least L1 group membership.
Assignee: nobody → smacleod
Status: NEW → ASSIGNED
mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r?gps

Mozilla's production ldap server has a bind-mozreview user for MozReview
to query ldap group membership. Create a similar user in the ldap
container so ldap integrations using the bind-mozreview user may be
tested.
Attachment #8624851 - Flags: review?(gps)
mozreview: add extension settings for ldap (Bug 1160520). r?gps

The MozReview extension needs to know what ldap server to use. Add
fields to its settings to configure the ldap url and the credentials
for communicating with the server. Configure these settings as part
of the test environment.

Also link the ldap and rbweb containers.
Attachment #8624852 - Flags: review?(gps)
mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r?gps

In order to query the ldap server from the MozReview extension we'll
need python-ldap. We install openldap-devel on the system as well as
it's needed for compiling python-ldap.
Attachment #8624853 - Flags: review?(gps)
mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r?dminor

Different mozilla ldap groups have different ways of representing group
membership. scm_* groups specifically rely on the ldap users mail
attribute being listed as a member of the group. Add a method to query
an scm_* group by checking if the users stored ldap mail (ldap_username)
is in the group.

Other groups will require different mechanisms for checking membership,
but MozReview only really cares about the scm_level_* groups at this
time.
Attachment #8624854 - Flags: review?(gps)
Attachment #8624854 - Flags: review?(dminor)
mozreview: Add webapi decorator to check scm groups (Bug 1160520). r?dminor r?mdoglio

Add a new webapi_scm_groups_required to make restricting webapi
operations to certain scm ldap groups easy.
Attachment #8624855 - Flags: review?(mdoglio)
Attachment #8624855 - Flags: review?(dminor)
mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r?modglio r?dminor

Prevent users who don't have scm_level_1 from hitting the
TryAutolandTriggerResource. Also hide the button for triggering a try
push if the user doesn't have scm_level_1.
Attachment #8624856 - Flags: review?(mdoglio)
Attachment #8624856 - Flags: review?(dminor)
Comment on attachment 8624854 [details]
MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor

https://reviewboard.mozilla.org/r/11751/#review10213

Ship It!
Attachment #8624854 - Flags: review?(dminor) → review+
Comment on attachment 8624855 [details]
MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio

https://reviewboard.mozilla.org/r/11753/#review10215

Ship It!
Attachment #8624855 - Flags: review?(dminor) → review+
Comment on attachment 8624856 [details]
MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio

https://reviewboard.mozilla.org/r/11755/#review10217

Ship It!
Attachment #8624856 - Flags: review?(dminor) → review+
Attachment #8624851 - Flags: review?(gps) → review+
Comment on attachment 8624851 [details]
MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps

https://reviewboard.mozilla.org/r/11745/#review10227

Ship It!
Attachment #8624852 - Flags: review?(gps) → review+
Comment on attachment 8624852 [details]
MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps

https://reviewboard.mozilla.org/r/11747/#review10229

::: pylib/mozreview/mozreview/forms.py:48
(Diff revision 1)
> +    ldap_password = forms.CharField(required=False,
> +                                    widget=forms.PasswordInput)

Is this going to suffer the same state-clearing fate as autoland_password? If so, I'd highly prefer you fix this while you are here.
Comment on attachment 8624853 [details]
MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps

https://reviewboard.mozilla.org/r/11749/#review10231

Ship It!
Attachment #8624853 - Flags: review?(gps) → review+
Attachment #8624854 - Flags: review?(gps)
Comment on attachment 8624854 [details]
MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor

https://reviewboard.mozilla.org/r/11751/#review10235

::: pylib/mozreview/mozreview/ldap/__init__.py:30
(Diff revision 1)
> +        c.simple_bind_s("uid=%s,ou=logins,dc=mozilla" % user, password)

I don't like having "ou=logins,dc=mozilla" hardcoded here. Could you refactor this series so the full distinguished name (DN) is used instead of just the uid/username fragment?
Comment on attachment 8624856 [details]
MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio

https://reviewboard.mozilla.org/r/11755/#review10319

Ship It!
Attachment #8624856 - Flags: review?(mdoglio) → review+
Attachment #8624855 - Flags: review?(mdoglio) → review+
Comment on attachment 8624855 [details]
MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio

https://reviewboard.mozilla.org/r/11753/#review10321

Ship It!
Comment on attachment 8624851 [details]
MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps

mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps

Mozilla's production ldap server has a bind-mozreview user for MozReview
to query ldap group membership. Create a similar user in the ldap
container so ldap integrations using the bind-mozreview user may be
tested.
Attachment #8624851 - Attachment description: MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r?gps → MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps
Attachment #8624851 - Flags: review+
Attachment #8624852 - Flags: review+ → review?(gps)
Comment on attachment 8624852 [details]
MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps

mozreview: add extension settings for ldap (Bug 1160520). r?gps

The MozReview extension needs to know what ldap server to use. Add
fields to its settings to configure the ldap url and the credentials
for communicating with the server. Configure these settings as part
of the test environment.

Also link the ldap and rbweb containers.
Comment on attachment 8624853 [details]
MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps

mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps

In order to query the ldap server from the MozReview extension we'll
need python-ldap. We install openldap-devel on the system as well as
it's needed for compiling python-ldap.
Attachment #8624853 - Attachment description: MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r?gps → MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps
Attachment #8624853 - Flags: review+
Comment on attachment 8624854 [details]
MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor

mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor

Different mozilla ldap groups have different ways of representing group
membership. scm_* groups specifically rely on the ldap users mail
attribute being listed as a member of the group. Add a method to query
an scm_* group by checking if the users stored ldap mail (ldap_username)
is in the group.

Other groups will require different mechanisms for checking membership,
but MozReview only really cares about the scm_level_* groups at this
time.
Attachment #8624854 - Attachment description: MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r?dminor → MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor
Attachment #8624854 - Flags: review+ → review?(gps)
Comment on attachment 8624855 [details]
MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio

mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio

Add a new webapi_scm_groups_required to make restricting webapi
operations to certain scm ldap groups easy.
Attachment #8624855 - Attachment description: MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r?dminor r?mdoglio → MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio
Attachment #8624855 - Flags: review+
Comment on attachment 8624856 [details]
MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio

mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio

Prevent users who don't have scm_level_1 from hitting the
TryAutolandTriggerResource. Also hide the button for triggering a try
push if the user doesn't have scm_level_1.
Attachment #8624856 - Attachment description: MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r?modglio r?dminor → MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio
Attachment #8624856 - Flags: review+
Comment on attachment 8624852 [details]
MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps

https://reviewboard.mozilla.org/r/11747/#review10323

Ship It!
Attachment #8624852 - Flags: review?(gps) → review+
Comment on attachment 8624854 [details]
MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor

https://reviewboard.mozilla.org/r/11751/#review10325

Ship It!
Attachment #8624854 - Flags: review?(gps) → review+
https://hg.mozilla.org/hgcustom/version-control-tools/pushloghtml?changeset=b99d75db6e83
https://hg.mozilla.org/hgcustom/version-control-tools/rev/b99d75db6e83

We might want to wait a little to deploy this so people will already have their ldap username populated from Bug 1160517
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: Developer Services → MozReview
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: